Is this SDN (Software defined Networking)? I think so!
I really love to provision new Cisco CSR1000v lab-routers without the need to do everything manually in the graphical user interface.
It’s possible to provision production-routers, too, of course: Just add your license-information to leave the 100Kbps-limit behind (which is no handicap for normal lab-usage).
The Common OVF Tool (COT) (Documentation) enables me to do this by injecting an initial startup-configuration into the cisco-provided OVA-file before deploying it to an ESXi-host.
Interactive Cisco CLI-Commands possible
And, even better, the Cisco CSR1000V allows interactive CLI-commands within the injected configuration:
- building new bootflash-directories,
- creating a SSH-key.
Injecting the bootstrap-config
$ cot --version Common OVF Tool (COT), version 2.0.3 Copyright (C) 2013-2017 the COT project developers.
$ cot inject-config csr1000v-universalk9.03.16.06b.S.155-3.S6b-ext.ova -c ios-napalm.startup.cfg -o csr1000v-universalk9.03.16.06b.S.155-3.S6b-ext.napalm.ova
This is an example-config setting parameters needed for napalm:
Centralized access to device-configuration and other state-information using NAPALM
Automated RMON Alarm/Event-configuration for class-based QoS-Monitoring using NAPALM
! hostname NAPALM-1 ip domain-name lab.local ! no ip domain-lookup ! crypto key generate rsa modulus 2048 ! username rmond privilege 15 secret rmondpass ! platform console serial ! vrf definition MGMT address-family ipv4 ! int gig 1 descr mgmt0 vrf forwarding MGMT ip address dhcp no shut ! ip scp server enable ! ip access-list standard ACL_SNMP permit host 192.168.2.89 ! snmp-server community READ ro ACL_SNMP snmp-server location allones.de ! file prompt quiet ! do mkdir bootflash:/ARCHIVE archive path bootflash:/ARCHIVE/bak ! line vty 0 4 login local transport input ssh ! end
Deploy the CSR1000V-Router
One command to deploy the router
- at an ESXi-Host/vSphere-Datacenter
- using a defined Datastore
- creating an serial-port (not really needed since SSH is running immedeately)
- place the three NICs of this router at the desired vSwitch-Portgroups
Those vSwitch-Portgroups have been created using vSphere-CLI.
$ cot --verbose deploy csr1000v-universalk9.03.16.06b.S.155-3.S6b-ext.napalm.ova esxi
SSH-Access to the router
NAPALM-1# show ssh Connection Version Mode Encryption Hmac State Username 0 2.0 IN aes256-ctr hmac-sha1 Session started rmond 0 2.0 OUT aes256-ctr hmac-sha1 Session started rmond %No SSHv1 server connections running. NAPALM-1#who Line User Host(s) Idle Location * 1 vty 0 rmond idle 00:00:00 192.168.2.312 NAPALM-1#cd bootflash:ARCHIVE NAPALM-1#pwd bootflash:/ARCHIVE/ NAPALM-1#show crypto key mypubkey all Key name: NAPALM-1.lab.local Key type: RSA KEYS Storage Device: private-config Usage: General Purpose Key Key is not exportable. Redundancy enabled. Key Data: 30820222 300D0609 2A864886 F70D0101 01050003 82020F00 3082020A 02820201 ... 70F5FE1C 01BE930D B3C84841 AC46EE0D 451DC530 55F28B9C 82796E8F 1B5F5163 57020301 0001 NAPALM-1#show ip int brief Interface IP-Address OK? Method Status Protocol GigabitEthernet1 192.168.2.135 YES DHCP up up GigabitEthernet2 unassigned YES unset administratively down down GigabitEthernet3 unassigned YES unset administratively down down NAPALM-1#show ip route vrf MGMT Routing Table: MGMT Gateway of last resort is 192.168.2.1 to network 0.0.0.0 S* 0.0.0.0/0 [254/0] via 192.168.2.1 192.168.2.0/24 is variably subnetted, 3 subnets, 2 masks C 192.168.2.0/24 is directly connected, GigabitEthernet1 S 192.168.2.1/32 [254/0] via 192.168.2.1, GigabitEthernet1 L 192.168.2.315/32 is directly connected, GigabitEthernet1