Deploy the ASAv on OpenStack

You can deploy the ASAv on OpenStack.

Overview

You can deploy the ASAv in an OpenStack environment. OpenStack is a set of software tools for building and managing cloud computing platforms for public and private clouds, and is tightly integrated with the KVM hypervisor.

Enabling OpenStack platform support for ASAv allows you to run ASAv on open source cloud platforms. OpenStack uses a KVM hypervisor to manage virtual resources. ASAv devices are already supported on KVM hypervisor. Therefore, there is no extra addition of kernel packages or drivers to enable OpenStack support.

Prerequisites for the ASAv and OpenStack

Guidelines and Limitations

Supported Features

The ASAv on OpenStack supports the following features:

  • Deployment of ASAv on the KVM hypervisor running on a compute node in your OpenStack environment.

  • OpenStack CLI

  • Heat template-based deployment

  • OpenStack Horizon dashboard

  • Routed mode (default)

  • Licensing – Only BYOL is supported

  • ASAv management using the CLI and ASDM

  • Drivers - VIRTIO, VPP, and SRIOV

  • IPv6 (version 9.19 and later)

Unsupported Features

The ASAv on OpenStack does not support the following:

  • Autoscale

  • OpenStack releases other than the OpenStack Stein and Queens releases

  • Operating systems other than the Ubuntu 18.04 version and Red Hat Enterprise Linux (RHEL) 7.6

System Requirements

The OpenStack environment must conform to the following supported hardware and software requirements.

Table 1. Hardware and Software Requirements

Category

Supported Versions

Notes

Server

UCS C240 M5

2 UCS servers are recommended, one each for os-controller and os-compute nodes.

Driver

VIRTIO, IXGBE, I40E

These are the supported drivers.

Operating System

Ubuntu Server 18.04

This is the recommended OS on UCS servers.

OpenStack Version

Stein release

Details of the various OpenStack releases are available at:

https://releases.openstack.org/

Table 2. Hardware and Software Requirements for Cisco VIM Managed OpenStack

Category

Supported Versions

Notes

Server Hardware

UCS C220-M5/UCS C240-M4

5 UCS servers are recommended, three each for os-controller and Two or more for os-compute nodes.

Drivers

VIRTIO, SRIOV, and VPP

These are the supported drivers.

Cisco VIM Version

Cisco VIM 3.4.4

Supported on:

  • Operating System - Red Hat Enterprise Linux 7.6

  • OpenStack version - OpenStack 13.0 (Queens Release)

See Cisco Virtualized Infrastructure Manager Documentation, 3.4.3 to 3.4.5 for more information.

Details of the various OpenStack releases are available at https://releases.openstack.org/.

Cisco VIM 4.2.1

Supported on:

  • Operating System - Red Hat Enterprise Linux 8.2

  • OpenStack version - OpenStack 16.1 (Train Release)

See Cisco Virtualized Infrastructure Manager Documentation, 4.2.1 for more information.

Details of the various OpenStack releases are available at https://releases.openstack.org/.

Figure 1. OpenStack Platform Topology

OpenStack platform topology shows the general OpenStack setup on two UCS servers.

Sample Network Topology

The following figure shows the recommended network topology for the ASAv in Routed Firewall Mode with 3 subnets configured in OpenStack for the ASAv (management, inside, and outside).

Figure 2. Sample ASAv on OpenStack Deployment

Deploy the ASAv

Cisco provides sample heat templates for deploying the ASAv. Steps for creating the OpenStack infrastructure resources are combined in a heat template (deploy_os_infra.yaml) file to create networks, subnets, and router interfaces. At a high-level, the ASAv deployment steps are categorized into the following sections.
  • Upload the ASAv qcow2 image to the OpenStack Glance service.

  • Create the network infrastructure.

    • Network

    • Subnet

    • Router interface

  • Create the ASAv instance.

    • Flavor

    • Security Groups

    • Floating IP

    • Instance

You can deploy the ASAv on OpenStack using the following steps.

Upload the ASAv Image to OpenStack

Copy the qcow2 image (asav-<version>.qcow2) to the OpenStack controller node, and then upload the image to the OpenStack Glance service.

Before you begin

Download the ASAv qcow2 file from Cisco.com and put it on your Linux host:

http://www.cisco.com/go/asa-software


Note


A Cisco.com login and Cisco service contract are required.


Procedure


Step 1

Copy the qcow2 image file to the OpenStack controller node.

Step 2

Upload the ASAv image to the OpenStack Glance service.

root@ucs-os-controller:$ openstack image create <image_name> --public --disk-
format qcow2 --container-format bare --file ./<asav_qcow2_file>

Step 3

Verify if the ASAv image upload is successful.

root@ucs-os-controller:$ openstack image list

Example:

root@ucs-os-controller:$ openstack image list+--------------------------------------+-------------------+--------+
| ID                                   | Name              | Status |+--------------------------------------+-------------------+--------+
| 06dd7975-0b6e-45b8-810a-4ff98546a39d | asav-<version>-image | active |+--------------------------------------+-------------------+--------+
The uploaded image and its status is displayed.

What to do next

Create the network infrastructure using the deploy_os_infra.yaml template.

Create the Network Infrastructure for OpenStack and ASAv

Before you begin

Heat template files are required to create the network infrastructure and the required components for ASAv, such as flavor, networks, subnets, router interfaces, and security group rules:

  • deploy_os_infra.yaml

  • env.yaml

Templates for your ASAv version are available from the GitHub repository at:


Important


Note that Cisco-provided templates are provided as open source examples, and are not covered within the regular Cisco TAC support scope. Check GitHub regularly for updates and ReadMe instructions.


Procedure


Step 1

Deploy the infrastructure heat template file.

root@ucs-os-controller:$ openstack stack create <stack-name> -e <environment files name> -t <deployment file name>

Example:

root@ucs-os-controller:$ openstack stack create infra-stack -e env.yaml -t deploy_os_infra.yaml

Step 2

Verify if the infrastructure stack is created successfully.

root@ucs-os-controller:$ openstack stack list


What to do next

Create the ASAv instance on OpenStack.

Create the ASAv Instance on OpenStack

Use the sample ASAv heat template to deploy ASAv on OpenStack.

Before you begin

A heat template is required to deploy the ASAv on OpenStack:

  • deploy_asav.yaml

Templates for your ASAv version are available from the GitHub repository at:


Important


Note that Cisco-provided templates are provided as open source examples, and are not covered within the regular Cisco TAC support scope. Check GitHub regularly for updates and ReadMe instructions.


Procedure


Step 1

Deploy the ASAv heat template file (deploy_asav.yaml) to create the ASAv instance.

root@ucs-os-controller:$ openstack stack create asav-stack -e env.yaml-t deploy_asav.yaml

Example:

+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| id                  | 14624af1-e5fa-4096-bd86-c453bc2928ae |
| stack_name          | asav-stack                           |
| description         | ASAvtemplate                         |
| creation_time       | 2020-12-07T14:55:05Z                 |
| updated_time        | None                                 |
| stack_status        | CREATE_IN_PROGRESS                   |
| stack_status_reason | Stack CREATE started                 |
+---------------------+--------------------------------------+

Step 2

Verify that your ASAv stack is created successfully.

root@ucs-os-controller:$ openstack stack list

Example:

+--------------------------------------+-------------+----------------------------------+-----------------+----------------------+------+
| ID                                   | Stack Name  | Project                          | Stack Status    | Creation Time    | Updated Time |
+--------------------------------------+-------------+----------------------------------+-----------------+----------------------+--------------+
| 14624af1-e5fa-4096-bd86-c453bc2928ae | asav-stack  | 13206e49b48740fdafca83796c6f4ad5 | CREATE_COMPLETE | 2020-12-07T14:55:05Z | None         |
| 198336cb-1186-45ab-858f-15ccd3b909c8 | infra-stack | 13206e49b48740fdafca83796c6f4ad5 | CREATE_COMPLETE | 2020-12-03T10:46:50Z | None         |
+--------------------------------------+-------------+----------------------------------+-----------------+----------------------+--------------+