Configure High Availability on Cisco Catalyst 8000V Running on Amazon Web Services

Table 1. Cloud Specific Configuration of Redundancy Parameters

Parameter

Switch

Description

Node Index

-i

Index that is used to uniquely identify this node. Valid values: 1–1023.

Region Name

-rg

Name of the region that contains the route table.

For example, us-west-2.

Route Table Name

-t

Name of the route table to be updated. The name of the route table must begin with the substring rtb-.

For example, rtb-001333c29ef2aec5f

Route

-r

If a route is unspecified, then the redundancy node is considered to apply to all routes in the routing table. The Cisco Catalyst 8000V instance cannot change routes which are of type local or gateway.

Next Hop Interface

-n

Name of the interface to which packets should be forwarded in order to reach the destination route. The name of the interface must begin with the substring eni-.

For example, eni-07160c7e740ac8ef4.

Mode

-m

Indicates whether this router is the primary or secondary router for servicing this route. Valid values are primary or secondary. This is an optional parameter. The default value is secondary.

Create a Redundancy Node

SUMMARY STEPS

  1. Run the following script to create a redundancy node and add it to the database.

DETAILED STEPS

Command or Action Purpose

Run the following script to create a redundancy node and add it to the database.

Example:

create_node { switch  value } […[{ switch  value }]

A valid redundancy node must have the following parameters configured:

  • Node Index

  • Region Name

  • Route Table Name

  • Next Hop Interface Name

For example, 
create_node.py -i 2 -t rtb-001333c29ef2aec5e -rg us-west-2 -n eni-07160c7e740ac8ef3 -r 2600:1f14:49b:9b03::/64

If successful, the script returns a value of zero.

Set Redundancy Node Parameters

Procedure

To change the value of parameters in an existing redundancy node, run the following script: set_params -i node_index { switch value } […[{ switch value }].

Example:

set_params.py -i 10 -r 15.0.0.0/16 -m primary

The index parameter (-i) is mandatory. This command sets the values of the specified parameters. If the specified parameter is already defined for the redundancy node, the value of the parameter is updated.

If this configuration is successful, the script returns a value of zero.

Clear Redundancy Node Parameters

Procedure

If you want to clear the value of specified parameters for an existing redundancy node, run the following script: clear_params -i node_index {switch … switch].

Example:

clear_params -i 10 -r -n

In this example, the clear_params script clears both the route and next hop address parameters.

Specify only the switch parameter when you clear an associated value. Do not provide the existing values for the parameters to be cleared.

If the clearing is successful, the script returns a value of zero.

Authenticate the Cisco Catalyst 8000V Router

If you want the Cisco Catalyst 8000V router to update a routing table in the AWS network, you must first authenticate the router. In AWS, you must create a policy that permits the Cisco Catalyst 8000V router to access the route table. For example: 

{
"Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogStream",
                "cloudwatch:",
                "s3:",
                "ec2:AssociateRouteTable",
                "ec2:CreateRoute",
                "ec2:CreateRouteTable",
                "ec2:DeleteRoute",
                "ec2:DeleteRouteTable",
                "ec2:DescribeRouteTables",
                "ec2:DescribeVpcs",
                "ec2:ReplaceRoute",
                "ec2:DescribeRegions",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DisassociateRouteTable",
                "ec2:ReplaceRouteTableAssociation",
                "logs:CreateLogGroup",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}

An IAM role is then created using this policy and applied to the EC2 resource.

After the Cisco Catalyst 8000V EC2 instances are created, the IAM role created above needs to be attached to each router.


Note

See the AWS documentation for instructions on how to create policies, IAM roles, and how to associate a role to an EC2 instance.

Disable Source/Destination Address Checking

By default, network interfaces created in AWS have source and destination address checking enabled. The interface verifies all the traffic that passes through matches the source or destination address of the interface, otherwise it is dropped. For the Cisco Catalyst 8000V to perform routing, this setting must be disabled on each Cisco Catalyst 8000V interface.


Note

See the AWS documentation for instructions on how to disable source/destination address checking on a network interface

Route Table Entry Types

The route tables in AWS cloud support different target types. These route targets include multiple types of gateways and connections. The Cisco Catalyst 8000V router is only capable of updating routes with a network interface target. Routes with other target types are ignored for the purposes of high availability.

If you configure a redundancy node without a specific route destination, the Cisco Catalyst 8000V attempts to update all the routes within a route table with a target type of network interface. All the other routes are ignored.

Configure Security Group

If you have a security group in use by the eth0 interface of the EC2 instance of the Cisco Catalyst 8000V, you must allow the BFD protocol to pass through the interface. Configure an inbound and outbound security rule that allows ports 4789 and 4790 to be passed.


Note

See the AWS documentation for instructions on configuring security groups and attaching them to subnets and network interfaces.