Deploy Cisco Catalyst 8000V on AWS

This chapter describes the steps involved in deploying a Cisco Catalyst 8000V instance on AWS. To deploy a Cisco Catalyst 8000V instance, you need an Amazon Machine Image (AMI), which is an AWS supported and maintained image. The AMI provides the information required to launch your instance.

After you log in to the AWS Marketplace, select the template or the marketplace offer of your choice. Further, follow the procedures mentioned in this chapter to create an AMI with an encrypted Elastic Block Storage (EBS).


Note

If you are using a BYOL AMI, see Licensing.

Supported Instance Types for AWS

The AMI supports different instance types that determine the size of the instance and the required amount of memory. The following are the supported instance types for Cisco Catalyst 8000V:

Release Number

Supported Instance Types

Cisco IOS XE 17.13.1a

  • t3.medium

  • c5.9xlarge, c5.2xlarge, c5.xlarge, c5.large

  • c5n.18xlarge, c5n.4xlarge

  • c6in.8xlarge, c6in.2xlarge, c6in.xlarge, c6in.large

Cisco IOS XE 17.12.2,

Cisco IOS XE 17.12.1

  • t3.medium

  • c5.9xlarge, c5.2xlarge, c5.xlarge, c5.large

  • c5n.18xlarge, c5n.9xlarge, c5n.4xlarge, c5n.2xlarge, c5n.xlarge, c5n.large

Cisco IOS XE 17.11.1a

  • t3.medium

  • c5.9xlarge, c5.2xlarge, c5.xlarge, c5.large

  • c5n.18xlarge, c5n.9xlarge, c5n.4xlarge, c5n.2xlarge, c5n.xlarge, c5n.large

Cisco IOS XE 17.10.1a

  • t3.medium

  • c5.9xlarge, c5.2xlarge, c5.xlarge, c5.large

  • c5n.18xlarge, c5n.9xlarge, c5n.4xlarge, c5n.2xlarge, c5n.xlarge, c5n.large

Cisco IOS XE 17.9.4a

Cisco IOS XE 17.9.4

Cisco IOS XE 17.9.3a

Cisco IOS XE 17.9.2a

Cisco IOS XE 17.9.1a

  • t3.medium

  • c5.9xlarge, c5.4xlarge, c5.2xlarge, c5.xlarge, c5.large

  • c5n.18xlarge, c5n.9xlarge, c5n.4xlarge, c5n.2xlarge, c5n.xlarge, c5n.large

Cisco IOS XE 17.8.1a

  • t3.medium

  • c5.9xlarge, c5.4xlarge, c5.2xlarge, c5.xlarge, c5.large

  • c5n.9xlarge, c5n.4xlarge, c5n.2xlarge, c5n.xlarge, c5n.large

Cisco IOS XE 17.7.2

Cisco IOS XE 17.7.1a

  • t3.medium

  • c5.9xlarge, c5.4xlarge, c5.2xlarge, c5.xlarge, c5.large

  • c5n.9xlarge, c5n.4xlarge, c5n.2xlarge, c5n.xlarge, c5n.large

Cisco IOS XE 17.6.6a

Cisco IOS XE 17.6.6

Cisco IOS XE 17.6.5a

Cisco IOS XE 17.6.5

Cisco IOS XE 17.6.4

Cisco IOS XE 17.6.3a

Cisco IOS XE 17.6.2

Cisco IOS XE 17.6.1a

  • t3.medium

  • c5.9xlarge, c5.4xlarge, c5.2xlarge, c5.xlarge, c5.large

  • c5n.9xlarge, c5n.4xlarge, c5n.2xlarge, c5n.xlarge, c5n.large

Cisco IOS XE 17.5.1a

  • t3.medium, t2.medium

  • c4.8xlarge, c4.4xlarge, c4.2xlarge, c4.xlarge, c4.large

  • c5.9xlarge, c5.4xlarge, c5.2xlarge, c5.xlarge, c5.large

  • c5n.9xlarge, c5n.4xlarge, c5n.2xlarge, c5n.xlarge, c5n.large

Cisco IOS XE 17.4.2

Cisco IOS XE 17.4.1b

Cisco IOS XE 17.4.1a

  • t3.medium, t2.medium

  • c4.8xlarge, c4.4xlarge, c4.2xlarge, c4.xlarge, c4.large

  • c5.9xlarge, c5.4xlarge, c5.2xlarge, c5.xlarge, c5.large

  • c5n.9xlarge, c5n.4xlarge, c5n.2xlarge, c5n.xlarge, c5n.large

For more information about the instance types, see Amazon EC2 Instance Types.

Notes and Guidelines

  • To optimize the performance while using instance types that support PMD multi-queue, see Support for PMD Multi-Queue.

  • To determine the maximum number of network interfaces supported per instance, see Private IP Addresses Per Network Interface Per Instance Type.

  • The c5n.large, c5n.xlarge, c5n.2xlarge, and c5n.9xlarge instance types are replaced with c6in.large, c6in.xlarge, c6in.2xlarge, and c6in.8xlarge respectively from the 17.13.1a release. However, when you upgrade from an earlier release to Cisco IOS XE 17.13.1a, you will continue to see the c5n instance types. You can manually upgrade the instance types to the corresponding c6in replacement.

Prerequisites for Deploying Cisco Catalyst 8000V on AWS

Before you launch Cisco Catalyst 8000V on AWS, you must:

  • Have an AWS account.

  • Have an SSH client such as Putty on Windows or Terminal on Macintosh, or have access to an EC2 instance console, to access the Cisco Catalyst 8000V console.

  • Determine the instance type for your Cisco Catalyst 8000V AMI.

  • Create an Amazon VPC if you're planning to launch the AMI using 1-Click Launch.

Deploy the Cisco Catalyst 8000V Instance

To deploy the Cisco Catalyst 8000V AMI, perform the steps as described in the following sections:

Select the Cisco Catalyst 8000V Marketplace Offer

Procedure

Step 1

Log in to Amazon Web Services Marketplace.

Step 2

Click Discover Products.

Step 3

In the search bar, search for Cisco Catalyst 8000V. The system displays the following offers:

  • Cisco Catalyst 8000V - Advantage PAYG

  • Cisco Catalyst 8000V - Essentials PAYG

  • Cisco Catalyst 8000V - BYOL

Step 4

Select the Cisco Catalyst 8000V AMI that you are planning to deploy.

The marketplace displays product information such as supported instance types, pricing, and support details.

Launch the Instance Through the Website

Before you begin

If you're launching the AMI using 1-Click Launch, you must first create a Virtual Private Cloud (VPC). To know how to do this, see the AWS documentation on VPC.

Procedure

Step 1

After you select the Cisco Catalyst 8000V offer from the AWS Marketplace, click Continue to Subscribe after you accept the Terms and Conditions.

Step 2

From the Configure Software window, choose the Software Version and your Region for your Cisco Catalyst 8000V instance.

For information on zones and regions in Amazon EC2, see: Regions and Availability Zones.

Step 3

From the Fulfillment Option field, choose Amazon Machine Image.

Step 4

Click Continue to Launch.

Step 5

In the Launch This Software window, choose Launch from Website.

Step 6

Choose the EC2 Instance Type from the drop-down list.

Step 7

Configure the VPC, Subnet, Security Group and Key Pair settings for your instance.

For more information about these settings in AWS, see Parameters for Instance Configuration.

Step 8

Click Launch.

To view the newly launched instance, click Launch and navigate to https://console.aws.amazon.com/ec2/. Ensure that Status Check displays the 2/2 checks passed message before you try to connect to the instance using SSH.

Launch the Instance Through the EC2 Console

Perform this procedure after you login to the AWS Marketplace and Subscribe to Cisco Catalyst 8000V. This procedure describes how to launch an instance through the EC2 Console.

Procedure

Step 1

After you select the Cisco Catalyst 8000V offer from the AWS Marketplace, click Continue to Subscribe after you accept the Terms and Conditions.

Step 2

From the Configure Software window, choose the Software Version and your Region for your Cisco Catalyst 8000V instance.

For information on zones and regions in Amazon EC2, see: Regions and Availability Zones.

Step 3

From the Fulfillment Option field, choose Amazon Machine Image.

Step 4

Click Continue to Launch, and choose Launch with E2 Console.

Step 5

In the Launch an Instance window, in the Name field, enter the name for your instance.

Step 6

In the Application and OS Images area, the AMI is autofilled based on your subscription and your choice of the software version.

Step 7

From the Instance Type field, choose a supported instance type from the drop-down list. For more information on which instance type is supported for each IOS XE release, see Supported Instance Types for AWS.

Step 8

Configure the Key Pair settings for your instance. Choose an existing key pair or create a new key by uploading your own public key. To create a new key pair, click Create Key Pair, enter the key pair name, and click Create. After the key pair is created, ensure that you have downloaded the private key from Amazon before continuing.

Note that you can access a newly created private key only once. After you download the key pair, click Close.

Note

 

AWS security policies require that the private key permission level be set to 400. To set this value for the .pem file, open a UNIX shell terminal screen and run the chmod 400pem-file-name command.

From Cisco IOS XE 17.10.1a, Cisco Catalyst 8000V supports the ED25519 SSH key. This is in addition to the existing SSH-RSA keys. We recommend that you use the ED25519 SSH key for faster generation and verification of the keys, and for better collision resilience and security.

Step 9

Configure the Network settings for your instance. Choose the VPC subnet in which you want to deploy the Cisco Catalyst 8000V instance from the drop-down list. This setting determines the availability zone of your instance.

Note

 

By default, one insterface is configured. You can create an additional interfaces from the Instance Details area under Network Interfaces. The maximum number of interfaces that are supported depends on your instance type.

Step 10

Configure the Security Group settings. You can create a new security group or choose an existing security group. Cisco Catalyst 8000V requires SSH for console access. Cisco Catalyst 8000V also requires that the Security Group, at a minimum, does not block TCP/22. These settings are used to manage the Cisco Catalyst 8000V instance.

Step 11

Choose the metadata version from the Metadata Version drop-down list. Choose either V1 and V2 (token optional) or V2 (token required). In both these scenarios, the instance uses session-oriented requests by creating tokens. The tokens are used to fetch all the required metadata for your instances.

For Cisco IOS XE 17.4.x and 17.5.x releases, only version 1 or V1 is applicable. From Cisco IOS XE 17.6.1, metadata versions V1 and V2 are supported.

Step 12

Configure the Storage settings for your instance. Retain the default hard drive setting. Note that you cannot change the size of virtual hard drives.

Step 13

Provide the Day Zero configuration data or the bootstrap properties in the custom data format using the User Data field. For the supported custom data format, see Day 0 Configuration.

Step 14

Click Review and Launch.

Step 15

Review the Cisco Catalyst 8000V instance information, and click Launch Instance.

After the instance is launched, a success message appears on top of the Instances page. You can also view the newly launched instance in the Instances list. Click the newly launched instance to access the instance.

Associate the Public IP Address with the Cisco Catalyst 8000V Instance

To access the management console using an SSH connection, you must first associate an interface in the Cisco Catalyst 8000V instance with the public IP address created with the VPC. Perform the following steps to associate the public IP address with your Cisco Catalyst 8000V instance.

Procedure

Step 1

Choose Services > EC2 > Instances, and select the Cisco Catalyst 8000V instance.

Step 2

In the Network interfaces window that is displayed, click eth0.

A dialog box displays detailed information about the eth0 interface. Note the interface’s private IP address.

Step 3

Click Interface ID Value.

Step 4

Click Actions, and choose Associate Address from the drop-down list.

Step 5

Choose an available public IP address from the Elastic IP address drop-down list.

Step 6

If you're reassigning a public IP address that is currently in use and is mapped to another elastic network interface (ENI), click Allow Reassociation.

Step 7

Validate that the selected private IP address matches the one that you noted in step 3.

Step 8

Click Associate Address.

This action associates the public IP address (Amazon elastic IP) with the private IP address of the network interface. You can now use this interface to access the management console.

Connect to the Instance using SSH

The Cisco Catalyst 8000V instance on AWS requires SSH for console access. To access the Cisco Catalyst 8000V AMI, perform the following steps:

Procedure

Step 1

After you launch the Cisco Catalyst 8000V instance and the status is displayed as Running, select the instance from the Instances window.

Step 2

Run the ssh -i pem-file-name ec2-user @[public-ipaddress | DNS-name ] UNIX shell command to connect to the Cisco Catalyst 8000V console using SSH:

  • Use the default user name for your AMI, ec2-user, to access the instance for the first time.

  • Use the private key stored in the .pem file to authenticate the access to the instance.

Step 3

Start the Cisco Catalyst 8000V instance.

For information on downloading and activating the license for the BYOL AMI, see Licensing.

Create SSH Key Pairs

When you deploy a Cisco Catalyst 8000V instance in AWS, you can provide an SSH key as the method of authentication to access your instance. In this case, you must create key pairs.

To create a key pair, you can use the Amazon EC2 to create an RSA or an ED25519 key pair. Alternatively, you can use a third-party tool to create a key pair and then import the public key to the Amazon EC2 instance.

After you create and configure the key pair, the new VM starts and the system displays a status passes 2/2 check message. You can access the new VM's console using the .pem key and use the private key to authenticate the access to the new VM console.

Create an AMI with Encrypted Elastic Block Storage

Amazon Elastic Block Storage (EBS) encryption is an encryption solution for the EBS resources associated with your EC2 instances. Amazon EBS encryption uses AWS KMS keys to ensure data security. To create a Cisco Catalyst 8000V AMI with encrypted Amazon EBS, perform the following steps.

Procedure

Step 1

Choose Services > EC2 > Instances to view the list of instances.

Step 2

Select the instance that you want to use as the base for creating the new AMI with encrypted Amazon EBS. Ensure that the status of the base instance is Stopped.

Step 3

Take a snapshot of this instance by following steps a to f :

  1. Click on the root device, for example, /dev/xvda/.

    The system displays the Block Device dialog box.

  2. Click EBS ID.

    The volume for this snapshot is displayed under ELASTIC BLOCK STORE > Volumes.

  3. Choose Actions > Create Snapshot.

    The system displays the Create Snapshot dialog box.

  4. Click Create.

  5. In the Create Image field on the EBS window, enter a name for the snapshot.

  6. From the Virtualization type drop-down list, choose the Hardware-assisted virtualization option.

    The system displays the Snapshot Creation Started message in the Create Snapshot dialog box. After the snapshot creation is complete, under ELASTIC BLOCK STORE > Snapshots, the new snapshot is listed with the status Completed.

Step 4

Choose EC2 > IMAGES > AMIs to create a private AMI.

The name of the snapshot instance that you created earlier appears in the list of AMIs.

Step 5

Choose the snapshot instance you created earlier, and choose Actions > Copy AMI.

The Copy AMI dialog box is displayed with the Destination Region, Name, Description, Encryption, Master Key, and Key Details fields.

Step 6

From the Destination region drop-down list, choose the destination, for example, US East.

Step 7

Enter a Name, for example, encrypted-C8000V-1.

Step 8

Specify a Description.

Step 9

Check the Encrypt target EBS snapshots check box.

Step 10

From the Master Key drop-down list, choose the default value.

Step 11

Click Copy AMI.

The new AMI, with the encrypted Amazon EBS, is created after several minutes.

Step 12

To verify the status of the new AMI, navigate to EC2 > IMAGES > AMIs. You will see that the new AMI is listed.