|
Step 1
|
In the AWS site, get the Cisco Cloud Network Controller IP address.
|
|
Step 2
|
Open a browser window and, using the secure version of HTTP (https://), paste the IP address into the URL field, then press Return to access this Cisco Cloud Network Controller.
For example, https://192.168.0.0.
If you see a message asking you to Ignore Risk and Accept Certificate, accept the certificate to continue.
|
|
Step 3
|
Enter the following information in the login page for the Cisco Cloud Network Controller:
|
|
Step 4
|
Click Login at the bottom of the page.
|
Note
|
If you see an error message when you try to log in, such as REST Endpoint user authentication datastore is not initialized- Check Fabric Membership Status of this fabric node, wait for several minutes, then try again after a few minutes. You might also have to refresh the page in order to log in.
|
The Welcome to Cisco Cloud Network Controller setup wizard page appears.
|
|
Step 5
|
Click Begin Set Up.
The Let's Configure the Basics page appears, with these areas to be configured:
-
DNS Servers
-
Region Management
-
Advanced Settings
-
Licensing
|
|
Step 6
|
In the DNS Servers row, click Edit Configuration.
The DNS and NTP page appears.
|
|
Step 7
|
In the DNS and NTP page, add the DNS, if necessary, and NTP servers.
-
A DNS server is already configured by default. Add a DNS server if you want to use a specific DNS server.
-
An NTP server is not configured by default, however, so we recommend that you configure an NTP server. Skip to 7.d if you want to configure an NTP server and you do not want to configure a DNS server.
-
If you want to use a specific DNS server, under the DNS Servers area, click +Add DNS Provider.
-
Enter the IP address for the DNS servers and, if necessary, check the box next to Preferred DNS Provider.
-
Click the check mark next to the DNS server, and repeat for any additional DNS servers that you want to add.
-
Under the NTP Servers area, click +Add Providers.
-
Enter the IP address for the NTP servers and, if necessary, check the box next to Preferred NTP Provider.
-
Click the check mark next to the NTP server, and repeat for any additional NTP servers that you want to add.
|
|
Step 8
|
When you have finished adding the DNS and NTP servers, click Save and Continue.
The Let's Configure the Basics page appears again.
|
|
Step 9
|
In the Region Management row, click Begin.
The Region Management page appears.
|
|
Step 10
|
Determine if you want to use AWS Transit Gateway.
|
|
Step 11
|
In the Regions to Manage area, verify that the Cisco Cloud Network Controller home region is selected.
The region that you selected in Step 2 in Deploying the Cisco Cloud Network Controller in AWS is the home region and should be selected already in this page. This is the region where the Cisco Cloud Network Controller
is deployed (the region that will be managed by Cisco Cloud Network Controller), and will be indicated with the text Cloud Network Controller deployed in the Region column.
|
|
Step 12
|
Select additional regions if you want the Cisco Cloud Network Controller to manage additional regions, and to possibly deploy
CCRs to have inter-VPC communication and Hybrid-Cloud, Hybrid Multi-Cloud, or Multi-Cloud connectivity on those other regions.
The CCR can manage four regions, including the home region where Cisco Cloud Network Controller is deployed.
A Cisco Cloud Network Controller can manage multiple cloud regions as a single site. In a typical Cisco ACI configuration, a site represents anything that can be managed by an APIC cluster. If a Cisco Cloud Network Controller cluster
manages two regions, those two regions are considered a single site by Cisco ACI.
|
|
Step 13
|
To deploy cloud routers locally to a region, click to place a check mark in the Catalyst 8000Vs check box for that region.
|
|
Step 14
|
When you have selected all the appropriate regions, click Next at the bottom of the page.
The General Connectivity page appears.
|
|
Step 15
|
Enter the following information on the General Connectivity page.
-
If you enabled the AWS Transit Gateway Connect feature in Step 10, then the Hub Network fields will be available in this window. Go to 15.a.
-
If you did not enable the AWS Transit Gateway Connect feature in Step 10, skip to 15.f.
-
In the Hub Network area, click Add Hub Network.
The Add Hub Network window appears.
-
In the Name field, enter a name for the hub network.
-
In the BGP Autonomous System Number field, enter a zero for AWS to choose a number, or enter a value between 64512 and 65534, inclusive, for each hub network,
and then click the check mark next to the field.
To configure your own BGP autonomous number, enter a value between 64512 and 65534 for each hub network.
We recommend that you use different numbers for different instances of AWS Transit Gateway.
-
In the TGW Connect field, click the checkbox next to Enable if you want to use AWS Transit Gateway Connect.
-
In the CIDRs area, click Add CIDR.
This will be the AWS Transit Gateway Connect CIDR block, which will be used as the connect peer IP address (the GRE outer
peer IP address) on the Transit Gateway side.
-
In the Region field, select the appropriate region.
-
In the CIDR Block Range field, enter the CIDR block that will be used as the connect peer IP address on the Transit Gateway side.
-
Click the checkmark to accept these values for this CIDR block.
-
For every managed region that will be using the AWS Transit Gateway Connect feature, repeat these steps to add CIDR blocks
to be used for each of those managed regions.
-
To add a subnet pool for the CCRs, click Add Subnet Pool for Cloud Routers and enter the subnet in the text box.
The first subnet pool for the first two regions is automatically populated. If you selected more than two regions, you will
need to add a subnet for the cloud router to the list for the additional two regions. Addresses from this subnet pool will
be used for inter-region connectivity for any additional regions that are added that need to be managed by the Cisco Cloud
Network Controller after the first two regions. This must be a valid IPv4 subnet with mask /24.
|
Note
|
The /24 subnet provided during the Cisco Cloud Network Controller deployment would be sufficient for up to two cloud sites.
If you need to manage more than two cloud sites, you need to add more subnets.
|
-
In the IPSec Tunnel Subnet Pool area, click Add IPSec Tunnel Subnet Pools.
The Add IPSec Tunnel Subnet Pools window appears.
-
Enter the subnet pool to be used for IPsec tunnels, if necessary.
This subnet pool is used to create an IPsec tunnel between your cloud router and the router on the branch office or external
network. This subnet will be used to address the IPsec tunnel interfaces and loopbacks of the cloud routers used for external
connectivity.
You can add more subnets to be used for IPsec tunnels in this area, or delete entries in this area if subnets are not used
by any tunnels.
Click the check mark after you have entered in the appropriate subnet pools.
-
In the CCRs area, enter a value in the BGP Autonomous System Number for CCRs field.
The BGP ASN can be in the range of 1–65534.
|
Note
|
Do not use 64512 as the autonomous system number in this field.
|
-
In the Assign Public IP to CCR Interface field, determine if you want to assign public IP addresses to the Catalyst 8000V interfaces.
Private IP addresses are assigned to the Catalyst 8000V interfaces by default. The Assign Public IP to CCR Interface option determines whether public IP addresses will also be assigned to the Catalyst 8000V interfaces or not.
By default, the Enabled check box is checked. This means that public IP addresses can be assigned to the Catalyst 8000Vs.
-
If you want public IP addresses assigned to the Catalyst 8000Vs in addition to the private IP addresses, leave the check in the box next to
Enabled.
-
If you want only private IP addresses assigned to the Catalyst 8000Vs, remove the check in the box next to Enabled to disable this option.
Note that changing the Catalyst 8000V connectivity from private to public, or vice versa, may cause disruption in your network.
|
Note
|
Both the public and private IP addresses assigned to a Catalyst 8000V are displayed with the other details of the router in
the Cloud Resources area. If public IP addresses are not assigned to a Catalyst 8000V, only the private IP addresses are displayed.
|
-
In the Number of Routers Per Region field, choose the number of CCRs that will be used in each region.
See Understanding Limitations for Number of Sites, Regions and CCRs for more information on any limitations on the number of CCRs per region.
|
Note
|
If you change the value in this field to increase or decrease the number of CCRs that will be used in each region, wait long
enough for the operation to complete before changing the value in this field again to allow time for the registration in the
smart license server to synchronize properly.
-
If you are decreasing the number of CCRs, wait long enough for those CCRs to get deleted before changing the value in this
field again.
-
If you are increasing the number of CCRs, wait long enough for those CCRs to get deployed before changing the value in this
field again.
|
-
In the Username, enter the username for the CCR.
-
In the Password field, enter the password for the CCR.
-
In the Pricing Type field, select one of the two types of licensing models:
|
Note
|
There are two PAYG options for consuming licenses in the AWS marketplace: Catalyst 8000V Cisco DNA Essentials and Catalyst 8000V Cisco DNA Advantage. Cisco Cloud Network Controller will make use of Catalyst 8000V Cisco DNA Advantage.
|
For the BYOL Pricing Type, the steps are as follows:
-
In the Throughput of the routers field, choose the throughput of the CCR.
The Cisco Catalyst 8000V supports tier-based (T0/T1/T2/T3) throughput options. The following table lists what AWS EC2 instance
is used for different router throughput settings for the Cisco Catalyst 8000V:
|
CCR Throughput
|
AWS EC2 Instance
|
|
T0 (up to 15M throughput)
|
c5.xlarge
|
|
T1 (up to 100M throughput)
|
c5.xlarge
|
|
T2 (up to 1G throughput)
|
c5.xlarge
|
|
T3 (up to 10G throughput)
|
c5.9xlarge
|
Tier2 (T2) is the default throughput supported by Cisco Cloud Network Controller.
Changing the value in this field changes the size of the CCR instance that is deployed. Choosing a higher value for the throughput
results in a larger VM being deployed.
|
Note
|
If you wish to change this value at some point in the future, you must delete the CCR, then repeat the processes in this chapter
again and select the new value that you would like in the same Throughput of the routers field.
|
In addition, the licensing of the CCR is based on this setting. You will need the equivalent or higher license in your Smart
account for it to be compliant. See Requirements for the AWS Public Cloud for more information.
|
Note
|
Cloud routers should be undeployed from all regions before changing the router throughput or login credentials.
|
-
Enter the necessary information in the TCP MSS field, if applicable.
The TCP MSS option is available to configure the TCP maximum segment size (MSS). This value will be applied all cloud router interfaces,
including VPN tunnels towards the cloud and external tunnels towards the on-premises site or other cloud sites. For VPN tunnels
towards the cloud, if the cloud provider's MSS value is less than the value that you enter in this field, then the lower value
is used; otherwise, the value that you enter in this field is used.
The MSS value affects only TCP traffic, and has no impact on other types of traffic, such as ping traffic.
-
In the License Token field, enter the license token for the CCR.
This is the Product Instance Registration token from your Cisco Smart Software Licensing account. To get this license token,
go to http://software.cisco.com, then navigate to to find the Product Instance Registration token.
|
Note
|
If the public IP addresses are disabled to the CCRs in 15.j, the only supported option is AWS Direct Connect or Azure Express Route to Cisco Smart Software Manager (CSSM) when registering smart licensing for CCRs with private IP addresses (available by navigating to ). You must provide reachability to the CSSM through AWS Direct Connect or Azure Express Route in this case. When the public
IP addresses are disabled, public internet cannot be used because private IP addresses are being used. The connectivity should
therefore use Private Connection, which is AWS Direct Connect or Azure Express Route.
|
For the PAYG Pricing Type, the steps are as follows:
-
In the VM Type field, select one of the AWS EC2 Instances as per your requirement.
Cisco Cloud Network Controller will support a range of AWS EC2 instances for cloud networking needs powered by Cisco’s Catalyst
8000V virtual router. The table below shows the cloud instance type supported by Cisco Cloud Network Controller on AWS.
|
AWS EC2 Instance
|
CCR Throughput
|
vCPUs
|
Memory
|
|
c5.xlarge
|
up to 5 Gigabit throughput
|
4
|
8 GiB
|
|
c5.2xlarge
|
up to 10 Gigabit throughput
|
8
|
16 GiB
|
|
c5.4xlarge
|
up to 10 Gigabit throughput
|
16
|
32 GiB
|
|
c5.9xlarge
|
up to 10 Gigabit throughput
|
36
|
72 GiB
|
|
c5n.xlarge
|
up to 25 Gigabit throughput
|
4
|
10.5 GiB
|
|
c5n.2xlarge
|
up to 25Gigabit throughput
|
8
|
21 GiB
|
|
c5n.4xlarge
|
up to 25 Gigabit throughput |
16
|
42 GiB
|
|
c5n.9xlarge
|
up to 50 Gigabit throughput
|
36
|
96 GiB
|
Changing the value in this field changes the other factors of the CCR as listed in the table above. Choosing a higher value
for the VM size results in higher throughput.
-
Enter the necessary information in the TCP MSS field, if applicable.
The TCP MSS option is available to configure the TCP maximum segment size (MSS). This value will be applied all cloud router interfaces,
including VPN tunnels towards the cloud and external tunnels towards the on-premises site or other cloud sites. For VPN tunnels
towards the cloud, if the cloud provider's MSS value is less than the value that you enter in this field, then the lower value
is used; otherwise, the value that you enter in this field is used.
The MSS value affects only TCP traffic, and has no impact on other types of traffic, such as ping traffic.
|
Note
|
User need not provide the License token on selecting PAYG.
|
|
Note
|
All the features supported in BYOL will be supported by PAYG.
|
|
|
Step 16
|
Click Save and Continue.
The Let's Configure the Basics page appears again.
|
|
Step 17
|
In the Advanced Settings row, click Edit Configuration.
The Advanced Settings page appears.
|
|
Step 18
|
Make the necessary configurations in the Advanced Settings page.
-
Contract Based Routing: The Contract Based Routing setting reflects the current internal VRF route leak policy, which is a global policy under the infra tenant where a Boolean
flag is used to indicate whether contracts can drive routes in the absence of route maps:
-
Off (no check is in the yes box): The default setting. Indicates that routes are not leaked based on contracts, and are leaked based on route maps instead.
-
On (a check is in the yes box): Indicates that routes are leaked based on contracts in the absence of route maps. When enabled, contracts drive routing
when route maps are not configured. When route maps exist, route maps always drives routing.
-
Cloud Network Controller Access Privilege: Set to Routing & Security by default.
If you want to change the access policy, click the scroll-down menu in the Cisco Cloud Network Controller Access Privilege field and choose one of the access policies to apply at the VPC (cloud context profile) level.
-
Routing & Security: The default access policy. If you do not assign an access policy to the Cisco Cloud Network Controller, then the Cisco Cloud
Network Controller has the Routing & Security access policy applied to it by default.
Assigning a Routing & Security access policy to a Cisco Cloud Network Controller means that it has full permissions, where
it is able to control routing and security.
-
Routing Only: Assigning a routing-only access policy to a Cisco Cloud Network Controller means that it can control only the routing policy
and the network connectivity.
|
|
Step 19
|
Click Save and Continue.
You are returned to the Let's Configure the Basics page.
|
|
Step 20
|
Depending on the registration mode selected in AWS, the Licensing row, shows the Registration Mode as PAYG or Smart Licensing.
|
|
Step 21
|
If the registration mode is shown as Smart Licensing, click Register and continue to step 22. If the registration mode is shown as PAYG, go directly to step 24.
|
|
Step 22
|
Enter the necessary information in the Smart Licensing page.
Cisco Smart Licensing is a unified license management system that manages software licenses across Cisco products. To register
your Cisco Cloud Network Controller with Cisco Smart Software Licensing, do the following
-
Ensure that this product has access to the internet or a Smart Software Manager satellite installed on your network.
-
Log in to Smart Account:
-
Navigate to the Virtual Account containing the licenses to be used by this Product Instance.
-
Generate a Product Instance Registration Token (this identifies your Smart Account) and copy or save it.
To learn more about Smart Software Licensing, visit https://www.cisco.com/go/smartlicensing.
|
|
Step 23
|
Click Register at the bottom of the page if you entered the necessary licensing information on this page, or click Continue in Evaluation Mode if you want to continue in evaluation mode instead.
The Summary page appears.
|
|
Step 24
|
Verify the information on the Summary page, then click Close.
At this point, you are finished with the internal network connectivity configuration for your Cisco Cloud Network Controller.
If this is the first time that you are deploying your Cisco Cloud Network Controller, this process might take quite a bit
of time, possibly 30 minutes or so before the process is successfully completed.
|
Feedback