- Configuring Cisco Networking Services
- CNS Configuration Agent
- CNS Image Agent
- CNS Event Agent
- Cisco Networking Services Config Retrieve Enhancement with Retry and Interval
- Cisco Networking Services Enhanced Results Message
- Cisco Networking Services Flow-Through Provisioning
- CNS Frame-Relay Zero Touch
- Cisco Networking Services Security Enhancement
- Command Scheduler (Kron)
- DHCP Zero Touch
- Network Configuration Protocol
- NETCONF over SSHv2
- NETCONF Access for Configurations over BEEP
Contents
- Cisco Networking Services Flow-Through Provisioning
- Finding Feature Information
- Information About Cisco Networking Services Flow-Through Provisioning
- Cisco Networking Services Flow-Through Provisioning
- Cisco Networking Services Flow-Through Provisioning Configurations
- Unique IDs
- Management Point
- Point-to-Point Event Bus
- Benefits of Cisco Networking Services Flow-Through Provisioning
- Cisco Networking Services Event Agent Parameters
- How to Configure Cisco Networking Services Flow-Through Provisioning
- Configuring the Cisco Networking Services Event and EXEC Agents
- Configuration Examples for Cisco Networking Services Flow-Through Provisioning
- Example: Cisco Networking Services Flow-Through Provisioning
- Additional References
- Feature Information for Cisco Networking Services Flow-Through Provisioning
Cisco Networking Services Flow-Through Provisioning
The Cisco Networking Services Flow-Through Provisioning feature provides the infrastructure for automated configuration of large numbers of network devices. Based on Cisco Networking Services event and configuration agents, it eliminates the need for an onsite technician to initialize the device. The result is an automated workflow from initial subscriber-order entry through Cisco manufacturing and shipping to final device provisioning and subscriber billing. This focuses on a root problem of service providers and other similar business models; use of human labor in activating service.
- Finding Feature Information
- Information About Cisco Networking Services Flow-Through Provisioning
- How to Configure Cisco Networking Services Flow-Through Provisioning
- Configuration Examples for Cisco Networking Services Flow-Through Provisioning
- Additional References
- Feature Information for Cisco Networking Services Flow-Through Provisioning
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Information About Cisco Networking Services Flow-Through Provisioning
Cisco Networking Services Flow-Through Provisioning
The Cisco Networking Services Flow-Through Provisioning feature provides the infrastructure for automated configuration of large numbers of network devices. Based on Cisco Networking Services event and configuration agents, it eliminates the need for an onsite technician to initialize the device. The result is an automated workflow from initial subscriber-order entry through Cisco manufacturing and shipping to final device provisioning and subscriber billing. This functionality focuses on a root problem of today’s service-provider and other similar business models: use of human labor in activating service.
To achieve such automation, Cisco Networking Services flow-through provisioning relies on standardized configuration templates that you create. However, the use of such templates requires a known fixed hardware configuration, uniform for all subscribers. There is no way to achieve this without manually pre-staging each linecard or module within each chassis. While the inventory within a chassis is known at time of manufacture, controlling which linecards or modules are in which slots thereafter is labor-intensive and error-prone.
To overcome these difficulties, Cisco Networking Services flow-through provisioning defines a new set of Cisco commands—the cns commands. When a remote device is first powered on, these commands do the following:
- To each device interface in turn, applies a preset temporary bootstrap configuration that tries to contact the Cisco Networking Services configuration engine. A successful connection determines the connecting interface.
- Connects, by way of software called a Cisco Networking Services agent, to a Cisco Networking Services configuration engine housed in a Cisco IE2100 device.
- Passes to the Cisco Networking Services configuration engine a device-unique ID, along with a human-readable description of the device’s linecard or module inventory by product number and location, in XML format.
In turn, the configuration engine does the following:
- Locates in a Lightweight Directory Access Protocol (LDAP) directory, based on the device IDs, a predefined configuration template for the main chassis and subconfiguration template for each linecard or module.
- Substitutes actual slot numbers from the chassis inventory for the template’s slot-number parameters, thus resolving the templates into subscriber-specific configurations that match the true linecard or module slot configuration.
- Downloads this initial configuration to the target device. The Cisco Networking Services agent directly applies the configuration to the device.
The figure below shows the Cisco Networking Services flow-through provisioning architecture.
- Cisco Networking Services Flow-Through Provisioning Configurations
- Unique IDs
- Management Point
- Point-to-Point Event Bus
- Benefits of Cisco Networking Services Flow-Through Provisioning
Cisco Networking Services Flow-Through Provisioning Configurations
Cisco Networking Services flow-through provisioning involves three different types of configuration on the remote device:
Bootstrap configuration
You specify the preset bootstrap configuration on which this solution depends as part of your order from Cisco using Cisco Configuration Express, an existing service integrated with the Cisco.com order-entry tool. You specify a general-subscriber nonspecific bootstrap configuration that provides connectivity to the Cisco Networking Services configuration engine. Cisco then applies this configuration to all the devices of that order in a totally automated manufacturing step. This configuration runs automatically on power-on.
Initial configuration
The Cisco Networking Services configuration engine downloads an initial configuration, once only, to replace the temporary bootstrap configuration. You can either save or not save it in the device’s nonvolatile NVRAM memory:
- If you save the configuration, the bootstrap configuration is overwritten.
- If you do not save the configuration, the download procedure repeats each time that the device powers off and then back on. Repeating the download procedure enables the device to update to the current Cisco configuration without intervention.
Incremental (partial) configuration
On subsequent reboot, incremental or partial configurations are performed to update the configuration without the network having to shut down. Such configurations can be delivered either in a push operation that you initiate or a pull operation on request from the device.
Unique IDs
Key to Cisco Networking Services Flow-through provisioning is the capability to associate, with each device, a simple, manageable, and unique ID that is compatible with your systems for order entry, billing, provisioning, and shipping and can also link your order-entry system to the Cisco order-fulfillment system. Such an ID must have the following characteristics:
- Be available from manufacturing as part of order fulfillment.
- Be recordable on the shipping carton and chassis.
- Be available to the device’s Cisco software.
- Be modifiable after the device is first powered up.
- Be representative of both a specific chassis and a specific entry point into your network.
To define such an ID, Cisco Networking Services flow-through provisioning equips the Cisco Networking Services agent with a new set of commands—the cns commands—with which you specify how configurations should be done and, in particular, how the system defines unique IDs. You enable the Cisco software to auto-discover the unique ID according to directions that you specify and information that you provide, such as chassis serial number, MAC address, IP address, and several other possibilities. The cns commands are part of the bootstrap configuration of the manufactured device, specified to Cisco Configuration Express at time of order.
Within this scope, Cisco Configuration Express and the cns commands also allow you to define custom asset tags to your own specifications, which are serialized during manufacture and automatically substituted into the unit’s bootstrap configuration.
Cisco appends tags to the carton for all the various types of IDs supported by the cns commands, so that these values can be bar-code read at shipping time and fed back into your systems. Alternatively, these IDs are also available through a direct XML-software interface between your system and the Cisco order-status engine, eliminating the need for bar-code reading. The Cisco Networking Services agent also provides a feedback mechanism whereby the remote device can receive XML events or commands to modify the device’s ID, in turn causing that same device to broadcast an event indicating the old/new IDs.
Management Point
On most networks, a small percentage of individual remote devices get configured locally. This can potentially be a serious problem, not only causing loss of synchronization across your network but also opening your system to the possibility that an automatic reconfiguration might conflict with an existing configuration and cause a device to become unusable or even to lose contact with the network.
To address this problem, you can designate a management point in your network, typically on the Cisco IE2100 Cisco Networking Services configuration engine, and configure it to keep track of the configurations on all remote devices.
To enable this solution, configure the Cisco Networking Services agent to publish an event on the Cisco Networking Services event bus whenever any change occurs to the running configuration. This event indicates exactly what has changed (old/new), eliminating the need for the management point to perform a highly unscalable set of operations such as telnetting into the device, applying a script, reading back the entire running configuration, and determining the difference between old and new configurations. Additionally, you can arrange for Simple Network Management Protocol (SNMP) notification traps of configuration changes occurring through the SNMP MIB set.
Point-to-Point Event Bus
Today’s business environment requires that you be able to ensure your customers a level of service not less than what they are actually paying for. Toward this end, you activate service-assurance applications that broadcast small poll/queries to the entire network while expecting large responses from a typically small subset of devices according to the criteria of the query.
For these queries to be scalable, it is necessary for the replying device to bypass the normal broadcast properties of the event bus and instead reply on a direct point-to-point channel. While all devices need the benefit of the broadcasted poll so that they can all be aware of the query to which they may need to reply, the devices do not have to be aware of each others’ replies. Massive copying and retransmission of device query replies, as part of the unnecessary reply broadcast, is a serious scalability restriction.
To address this scalability problem, the Cisco Networking Services event bus has a point-to-point connection feature that communicates directly back to the poller station.
Benefits of Cisco Networking Services Flow-Through Provisioning
Automated Configuration
Cisco Networking Services flow-through provisioning simplifies installation by moving configuration requirements to the Cisco Networking Services configuration engine and allowing the Cisco configuration to update automatically. The registrar uses popular industry standards and technologies such as XML, Active Directory Services Interface (ADSI)/Active Directory, HTTP/Web Server, ATM Switch Processor (ASP), and Publish-Subscribe Event Bus. The Cisco Networking Services configuration agent enables the Cisco Networking Services configuration engine to configure remote devices in a plug-and-play manner.
Unique IP Addresses and Hostname
Cisco Networking Services flow-through provisioning uses DNS reverse lookup to retrieve the hostname by passing the IP address, then assigns the IP address and optionally the hostname to the remote device. Both IP address and hostname are thus guaranteed to be unique.
Reduced Technical Personnel Requirements
Cisco Networking Services flow-through provisioning permits remote devices to be installed by a person with limited or no technical experience. Because configuration occurs automatically on connection to the network, a network engineer or technician is not required for installation.
Rapid Deployment
Because a person with limited or no technical experience can install a remote device immediately without any knowledge or use of Cisco software, the device can be sent directly to its final premises and be brought up without technician deployment.
Direct Shipping
Devices can be shipped directly to the remote end-user site, eliminating warehousing and manual handling. Configuration occurs automatically on connection to the network.
Remote Updates
Cisco Networking Services flow-through provisioning automatically handles configuration updates, service additions, and deletions. The Cisco Networking Services configuration engine performs a push operation to send the information to the remote device.
Security
Event traffic to and from the remote device is opaque to unauthorized listeners or intruders to your network. Cisco Networking Services agents leverage the latest security features in Cisco software.
Cisco Networking Services Event Agent Parameters
The Cisco Networking Services event agent command—cns event—has several parameters that can be configured. The failover-time keyword is useful if you have a backup Cisco Networking Services event gateway configured. If the Cisco Networking Services event agent is trying to connect to the gateway and it discovers that the route to the backup gateway is available before the route to the primary gateway, the seconds argument specifies how long the Cisco Networking Services event agent will continue to search for a route to the primary gateway before attempting to link to the backup gateway.
Unless you are using a bandwidth-constrained link, you should set a keepalive timeout and retry count. Doing so allows the management network to recover gracefully should a Cisco IE2100 configuration engine ever fail. Without the keepalive data, such a failure requires manual intervention on every device. The seconds value multiplied by the retry-count value determines the length of idle time before the Cisco Networking Services event agent will disconnect and attempt to reconnect to the gateway. We recommend a minimum retry-count value of 2.
If the optional source keyword is used, the source IP address might be a secondary IP address of a specific interface to allow a management network to run on top of a production network.
Note | Although other Cisco Networking Services agents may be configured, no other Cisco Networking Services agents are operational until the cns event command is entered because the Cisco Networking Services event agent provides a transport connection to the Cisco Networking Services event bus for all other Cisco Networking Services agents. |
How to Configure Cisco Networking Services Flow-Through Provisioning
Configuring the Cisco Networking Services Event and EXEC Agents
1.
enable
2.
configure
terminal
3.
cns
config
partial
{host-name |
ip-address} [encrypt] [port-number] [source
interface
name] [inventory]
4.
logging
cns-events
[severity-level]
5.
cns exec [encrypt] [port-number] [source {ip-address |
interface-type-number}]
6.
cns
event
{hostname
|
ip-address} [encrypt] [port-number] [backup] [failover-time
seconds] [keepalive
seconds
retry-count] [source
ip-address |
interface-name][clock-timeout
time] [reconnect-time
time]
7.
exit
DETAILED STEPS
Troubleshooting Tips
- Use the show cns event connections command to check that the Cisco Networking Services event agent is connected to the Cisco Networking Services event gateway.
- Use the show cns event subject command to check that the image agent subject names are registered. Subject names for the Cisco Networking Services image agent begin with cisco.mgmt.cns.image.
Configuration Examples for Cisco Networking Services Flow-Through Provisioning
Example: Cisco Networking Services Flow-Through Provisioning
Example: Cisco Configuration Express File Using T1 over HDLC Protocol
The following example shows use of the Cisco Configuration Express file to configure the remote device before delivery to its final premises. In the example, 172.28.129.22 is the IP address of the Cisco Networking Services configuration engine.
cns config initial 172.28.129.22 no-persist !cns configure and event agents cns event 172.28.129.22 controller t1 0 !T1 configuration framing esf linecode b8zs channel-group 0 timeslots 1-24 speed 64 exit cns id s0:0 ipaddress interface s0:0 !Assigns IP address to s0:0 ip address slarp retry 2 exit ip route 10.0.0.0 0.0.0.0 s0:0 !IP static route end
Example: T1 Configuration Template
The following example shows use of the T1 configuration template to build the configuration for use on T1:
hostname ${LDAP://this:attrName=IOShostname} enable password ${LDAP://this:attrName=IOSpassword} controller T1 0 clock source ${LDAP://this:attrName=IOST1-clocksource} linecode ${LDAP://this:attrName=IOST1-line} framing ${LDAP://this:attrName=IOST1-framing} channel-group ${LDAP://this:attrName=IOST1-channel-group} timeslots ${LDAP://this:attrName=IOST1-timeslots} speed ${LDAP://this:attrName=IOST1-speed}
Example: Voice Configuration Template
The following example shows use of the voice configuration template to build the configuration for using voice:
voice-port 1/1 codec ${LDAP://this:attrName=IOSvoice-port1} exit dial-peer voice 1 pots application ${LDAP://this:attrName=IOSdial-peer1} port 1/1
Example: Remote Device
The following example shows a remote device configuration:
Router# show running-config Current configuration: 1659 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname tira-24V ! ! network-clock base-rate 64k ip subnet-zero ip cef ! ip audit notify log ip audit po max-events 100 ! class-map match-any voice match access-group 100 ! ! policy-map qos class voice priority percent 70 voice service voip h323 ! no voice confirmation-tone voice-card 0 ! ! controller T1 0 framing sf linecode ami ! controller T1 1 mode cas framing esf linecode b8zs ds0-group 0 timeslots 1 type e&m-immediate-start ds0-group 1 timeslots 2 type e&m-immediate-start ! ! interface Ethernet0 ip address 10.1.1.2 255.255.0.0 ! interface Serial0 bandwidth 1536 ip address 10.11.11.1 255.255.255.0 no ip mroute-cache load-interval 30 clockrate 148000 ! ip classless ip route 223.255.254.254 255.255.255.0 10.3.0.1 ! no ip http server ip pim bidir-enable ! access-list 100 permit udp any range 16384 32767 any access-list 100 permit tcp any any eq 1720 call rsvp-sync ! voice-port 1:0 timeouts wait-release 3 ! voice-port 1:1 timeouts wait-release 3 ! ! mgcp profile default ! dial-peer cor custom ! dial-peer voice 1000 pots destination-pattern 1000 port 1:0 forward-digits 0 ! dial-peer voice 1001 pots destination-pattern 1001 no digit-strip port 1:1 forward-digits 0 ! dial-peer voice 2000 voip destination-pattern 2000 session target ipv4:10.11.11.2 codec g711ulaw ! dial-peer voice 2001 voip destination-pattern 2001 session target ipv4:10.11.11.2 signal-type ext-signal codec g711ulaw ! ! line con 0 line aux 0 line 2 3 line vty 0 4
Example: Using a Serial Interface
The following example shows configuration of a serial interface to connect to and download a configuration from a Cisco IE2100 Cisco Networking Services configuration engine. The IE2100 IP address is 10.1.1.1. The gateway IP address to reach the 10.1.1.0 network is 10.11.11.1. The Cisco Networking Services default ID is the hostname, so that the cns id command is not needed. However, the hostname command is key to retrieving the configuration file on the Cisco Networking Services configuration engine.
This configuration auto-tries every serial interface on the remote router, applies the config-cli commands to that interface, and tries to ping the address specified in the cns config initial command. When it succeeds, it performs a normal initial configuration.
! Initial basic configuration (serial interface) PPP cns connect serial retry-interval 1 retries 1 config-cli ip address negotiated config-cli encapsulation ppp config-cli ip directed-broadcast config-cli no keepalive config-cli no shutdown exit hostname 26ML ip route 10.1.1.1 255.255.255.0 10.11.11.1 cns config initial 10.1.1.1 no-persist cns inventory config ! Initial basic configuration (serial interface) HDLC cns config connect serial retry-interval 1 retries 1 config-cli ip address slarp retry 1 config-cli no shutdown exit hostname tira-36V ip route 10.1.1.1 255.255.255.0 10.11.11.1 cns config initial 10.1.1.1 no-persist cns inventory config Incremental configuration (serial interface) cns config partial 10.1.1.1 cns event 10.1.1.1
Additional References
Related Documents
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
Cisco Networking Services commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples |
|
Cisco Networking Services Configuration Engine |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for Cisco Networking Services Flow-Through Provisioning
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
||
---|---|---|---|---|
Cisco Networking Services Flow-Through Provisioning |
12.2(8)T |
The Cisco Networking Services Flow-Through Provisioning feature provides the infrastructure for automated configuration of large numbers of network devices. Based on Cisco Networking Services event and configuration agents, it eliminates the need for an onsite technician to initialize the device. The result is an automated workflow from initial subscriber-order entry through Cisco manufacturing and shipping to final device provisioning and subscriber billing. This focuses on a root problem of service providers and other similar business models; use of human labor in activating service.
|