Step 1: Create authgroups for switches and CSP devices
The following example shows how to create authgroups for your CSP devices and switches. Replace the variables values such
as passwords and IP addresses with values specific to your environment.
-
Create a file called AUTHGROUP.cli with the following content.
devices {
authgroups {
group SWITCH_AUTHGROUP {
default-map {
remote-name admin;
remote-password password123;
}
}
group CSP_AUTHGROUP {
default-map {
remote-name admin;
remote-password password123;
remote-secondary-password password567;
}
}
}
}
-
Log in to NCS CLI and load merge the file you created in the previous step as shown below.
ncs_cli -u admin
configure
load merge AUTHGROUP.cli
commit
Step 2: Create resource pools
In this step, you will create the following respurce pools.
-
IP address pool: SAE core function pack assigns IP addresses to virtual links between VNFs from this pool.
-
VLAN Pool: The VLAN range that is allocated for service chains.
-
Management IP Pool:The subnet or range of IP addresses.
The following example shows how to create resource pools. Ensure that you replace the values for IP_DATA_POOL, IP_MGMT_POOL
with values specific to your environment.
-
Create a file called RESOURCE_POOL.cli with the following content.
resource-pools {
id-pool VLAN_POOL {
range {
start 101;
end 1000;
}
}
id-pool default-as-pool {
range {
start 4200000000;
end 4294967294;
}
}
ip-address-pool IP_DATA_POOL {
subnet X.X.X.X;
}
ip-address-pool IP_MGMT_POOL {
subnet X.X.X.X;
}
}
-
Log in to NCS CLI and load merge the file you created in the previous step as shown below.
ncs_cli -u admin
configure
load merge RESOURCE_POOL.cli
commit
Step 3: Create SAE catalog
The following example shows how to create your SAE catalog. Replace the name for CSP type with the corresponding name in your
environment.
-
Create a file called CATALOG.cli with the following content.
sae-catalog SAE_CATALOG {
csp CSP2100_SH {
}
}
-
Log in to NCS CLI and load merge the file you created in the previous step as shown below.
ncs_cli -u admin
configure
load merge CATALOG.cli
commit
Step 4: Create SAE provider
The following example shows how to create an SAE provider and tenant for your site. You can replace the provider and tenant
names with suitable names for your environment.
-
Create a file called PROVIDER.cli with the following content.
sae-provider SAE_PROVIDER {
sae-provider-catalog SAE_CATALOG;
sae-tenant SAE_TENANT;
}
-
Log in to NCS CLI and load merge the file you created in the previous step as shown below.
ncs_cli -u admin
configure
load merge PROVIDER.cli
commit
Step 5: Create SAE site
The following example shows how to create an SAE site and tenant for your site. Replace all variable values like site name,
server name, etc. with values specific to your environment.
-
Create a file called SITE.cli with the following content.
sae-site SANJOSE {
sae-provider SAE_PROVIDER;
sae-tenant SAE_TENANT;
vnf-mgmt-resources {
vnf-mgmt-netmask X.X.X.X;
vnf-mgmt-vlan X;
vnf-mgmt-gateway X.X.X.X;
}
var NTP_SERVER {
val ntp.esl.cisco.com;
}
var DOMAIN_NAME {
val cisco.com;
}
var NAME_SERVER1 {
val X.X.X.X;
}
var NAME_SERVER2 {
val X.X.X.X;
}
var PROXY_SERVER {
val X.X.X.X;
}
var PORT {
val 80;
}
var LICENSE_TOKEN {
val FIX_ME;
}
resource-pools {
as-pool default-as-pool;
mgmt-ip-pool IP_MGMT_POOL;
internal-ip-pool IP_DATA_POOL;
}
infrastructure {
switching {
type n9k-switch-pair;
bgp-asn 100;
}
compute-clusters Cluster1 {
vlan-pool VLAN_POOL;
}
}
}
-
Log in to NCS CLI and load merge the file you created in the previous step as shown below.
ncs_cli -u admin
configure
load merge SITE.cli
commit
Step 6: Create Inventory Discovery File
Create a file called discovery.cfg in your home directory with the following content.
{
"site" : "SANJOSE",
"cluster" : "CLUSTER1",
"cspType" : "CSP2100_SH",
"switch_seed_address": "X.X.X.X",
"rest_username" : "admin",
"rest_password" : "Cisco123#",
"csp_authgroup" : "CSP_AUTHGROUP",
"n9k_authgroup" : "SWITCH_AUTHGROUP"
}
Ensure that your inventory discovery file includes the following information specific to your environment.
-
cspType
is the category defined in the Create Catalog step above.
-
csp_authgroup
and n9k_authgroup
represent the authgroups you created in Step 1 of Create Site.
-
rest_username
and rest_password
represent the rest API credentials of Nexus 9000 switches.
Step 7: Run the inventory discovery file to populate site infrastructure
The following example shows how to populate your site infrastructure by running the inventory discovery file you created in
the previous step.
ncs_cli -u admin
admin@ncs>request discovery_action discover configFile /home/sae/discovery.cfg
Step 8: Add authgroups for VNFs used in your service chain
The following example shows how to create authgroups for the VNFs being used in the example service chain—CSR and ASA.
-
Create a file called VNF_AUTHGROUPS.cli with the following content.
devices authgroups {
group CSR_AUTHGROUP {
default-map {
remote-name admin;
remote-password password111;
remote-secondary-password password222;
}
}
group asa_authgroup {
default-map {
remote-name admin;
remote-password password333;
remote-secondary-password password444;
}
}
group ESC_AUTHGROUP {
default-map {
remote-name admin;
remote-password password555;
}
}
}
-
Log in to NCS CLI and load merge the file you created in the previous step as shown below.
ncs_cli -u admin
configure
load merge VNF_AUTHGROUPS.cli
commit
Step 9: Bring up ESC and Create VNF Site Manager
Create only one VNF manager per SAE site.
ncs_cli -u admin
configure
––-Bring up ESC---
set devices device ESC-0 authgroup ESC_AUTHGROUP address X.X.X.X port 830 state admin-state unlocked
set devices device ESC-0 device-type netconf ned-id netconf
set devices device ESC-0 trace pretty
commit
–--Fetch SSH key and sync from ESC---
request devices fetch-ssh-host-keys
commit
–--Sync from ESC0---
request devices sync-from device
commit
devices global-settings connect-timeout 3600 read-timeout 3600 write-timeout 3600
devices global-settings trace raw
commit
Step 10: Verify the list of devices onboarded on NSO device tree
show devices list
NAME ADDRESS DESCRIPTION NED ID ADMIN STATE
-------------------------------------------------------
CSP-1 X.X.X.X - netconf unlocked
CSP-2 X.X.X.X - netconf unlocked
ESC-0 X.X.X.x - netconf unlocked
N9K-1 X.X.X.X - cisco-nx unlocked
N9K-2 X.X.X.X - cisco-nx unlocked