Scalability Among Event Gateway Ports
Cisco Configuration Engine server can support up to 30,000 devices on Solaris and 20,000 devices on Linux server with the recommended hardware specification. Devices connect and communicate to Cisco Configuration Engine through Event Gateway.
Each Event Gateway process running on Cisco Configuration Engine listens to a server port. For better performance, we recommend that you distribute the devices evenly among Event Gateway ports. This chapter provides information about Event Gateway and Event Gateway port automatic assignment functions.
This chapter contains the following sections:
•Understanding Cisco Event Gateway
•Event Gateway Port Automatic Assignment
•Event Gateway Resource Monitor
•Event Gateway Scalability in Cisco Validated High Availability Architecture
•Event Gateway Troubleshooting
Understanding Cisco Event Gateway
Cisco Event Gateway enables network elements to publish and subscribe to events, which allows developers to write event-driven applications to communicate with Cisco network elements. The Event Gateway also acts as an interface to the Event Bus, enabling event-based communication. Each Event Gateway port can support up to a maximum of 500 devices. To support more than 500 devices, you must run multiple event gateway processes. You can configure a maximum of 60 event gateways on the Solaris platform and a maximum of 40 event gateways on the Linux platform.
Note Performance is not affected if you enter the maximum number of event gateways.
During the Cisco Configuration Engine setup, you can configure the number of concurrent gateway processes to start with either one or both of the following prompts, depending on how you set up the SSL (see Encryption Settings, page 2-7) communications:
Enter number of Event Gateways that will be started with crypto operation:X
Enter number of Event Gateways that will be started with plaintext operation:Y
Note The ports for Event Gateways with crypto operation are even numbers that start from 11014. The ports for Event Gateways with plaintext operation are odd numbers that start from 11013.
There will be X + 1 crypto event gateways started on the server in the above example, where X is the number you entered during setup. The additional one event gateway is reserved to perform port automatic assignment for devices which communicate to Cisco Configuration Engine through SSL. This additional event gateway is called as dispatcher event gateway. Similarly, Y + 1 plain-text event gateways will be started on the server in the above example for plain-text operation.
Note The Crypto dispatcher event gateway always listens to port 11012. The plain-text dispatcher event gateway always listens to port 11011. The port 11012 and 11011 are called the Cisco Configuration Engine well-known ports.
The dispatcher event gateway automatically reassigns an event gateway port to a network device as soon as the connection request is sent to port 11012 or 11011.
During Cisco Configuration Engine setup, you can enable the port automatic distribution feature if you choose to zero touch deploy your devices or if you already have the devices currently configured to use the Cisco Configuration Engine known ports. If you choose to enable the port automatic allocation during the setup, then you need to enter the correct cns event command in the later part of the Cisco Configuration Engine setup.
Enable Event Gateways port automatic allocation (y/n)? [y]
However, user also have the choice to turn off this feature. When the feature is turned off, the Dispatcher Event Gateways listening on port 11011 and 1102 are not started.
During the Cisco Configuration Engine setup, you can also configure the Cisco Configuration Engine to be the primary Cisco Configuration Engine or a backup Cisco Configuration Engine in a dual Cisco Configuration Engine deployment architecture. In this deployment architecture, network administrator configures a backup Cisco Configuration Engine. Upon the event gateway connection failure, the network element automatically fails over to the configured backup Cisco Configuration Engine. However, there is no load sharing of event gateway connections between the primary and backup Cisco Configuration Engine.
Note This is different from the Cisco's validated high availability deployment architecture, where multiple Cisco Configuration Engines, external LDAP and a load balancer are utilized in that architecture. There is load sharing of event gateway connections among all the participating Cisco Configuration Engines in that architecture.
Is this a primary CE (y/n)?
The CNS event command configures how the network element should connect to this particular Cisco Configuration Engine. The command entered in the above line should match with what is configured on the network element without the event gateway port number. For example, if cns event ce-host 11011 source Vlan1 keepalive 120 2 reconnect 10 is configured on the device, then the command cns event <ce-host> source Vlan1 keepalive 120 2 reconnect 10 should be entered, where <ce-host> is the IP address or hostname of the Cisco Configuration Engine server. Another example is if this is a backup Cisco Configuration Engine and the command cns event ce-host 11011 source Vlan1 backup is configured on the device, then the command cns event ce-host source Vlan1 backup should be entered in the above line.
Note When you enter the cns event command during the Cisco Configuration Engine setup, no port number should be given and the connect interface or the VLAN should be specified.
These commands are required for the network elements to establish connections with Cisco Configuration Engine server. The network devices cannot connect to Cisco Configuration Engine if you do not enter a correct command. The steps described above will enable the port auto-assignment feature. You can also change the configuration options on Cisco Configuration Engine to control how the port auto-assignment should work. These control options are stored in the resource.properties file located in $CISCO_CE_HOME/conf directory. The sample file and what each parameter means is demonstrated as below:
CNS_EVENT_CLI=cns event ce-host keepalive 120 2 reconnect 10
This line is configured during Cisco Configuration Engine setup when prompted Enter CNS event command. It is highly recommended to configured keepalive and reconnect as this is the only way for Cisco Configuration Engine server to detect whether a network element is still actively connected.
This line is configured during Cisco Configuration Engine setup when prompted Is this a primary Cisco Configuration Engine BACKUP_CE_ENABLED=0 means this is a primary Cisco Configuration Engine, BACKUP_CE_ENABLED=1 means this is a backup Cisco Configuration Engine.
PERSIST_IN_NVRAM=0 menas the config command specified in CNS_EVENT_CLI will be saved only in running config; PERSIST_IN_NVRAM=1 means the config command specified in CNS_EVENT_CLI will be saved in NVRAM. It is highly recommended to save the port information in the startup config. This is the default setting.
LoadBalance_Algorithm=0 means the round robin algorithm is enabled and this is enabled by default; LoadBalance_Algorithm=1 means the least connection algorithm is enabled.
Note The load sharing is between event gateways on the same Cisco Configuration Engine. A Cisco Configuration Engine level High Availability (HA) architecture is also available. If an event gateway is down, Cisco Configuration Engine automatically restarts it.
Time to wait for device to subscribe to the config load event in second. For slow network, this wait time might need to be increased. For example: 1.2, 1.5, 2, and so on.
Display number of devices per line in port debugging page http://ce-host/cns/ResourceInit?name=port. After an event gateway configuration parameter is changed in resource.properties, Cisco Configuration Engine server need to be restarted by using the command $CISCO_CE_HOME/bin/setup -r.
When Cisco Configuration Engine is used to manage devices belong to different VLANs, only devices from one VLAN (configured during Cisco Configuration Engine setup) can use the event gateway port automatic allocation feature. After the devices in one VLAN are deployed, the deployment engineer can reconfigure the Cisco Configuration Engine and start to deploy the devices in the next VLAN.
Event Gateway Port Automatic Assignment
Each event gateway can support up to a maximum of 500 devices. During Zero Touch Deployment, this means the deployment engineer needs to update the bootstrap configuration file for every 500 devices. The event gateway port automatic assignment freed the deployment engineer from this manual process. When the Cisco Configuration Engine server is configured as the previous section, all the 30,000 devices can be deployed using the same bootstrap configuration file. The following is the sample bootstrap configuration file. The bolded lines are the required commands to support the port automatic assignment.
cns trusted-server all-agents ce-host
cns id hardware-serial event
cns config initial ce-host status http://ce-host/cns/PostStatus
cns event ce-host keepalive 120 1 reconnect 10
cns config partial ce-host
When a network element connects to Cisco Configuration Engine through dispatcher event gateway, Cisco Configuration Engine automatically assigns a port to the network element. The network element will save that information and connect to the designated Cisco Configuration Engine port. The Cisco Configuration Engine can manage a device after the device connects to a none Cisco Configuration Engine well-known port (ports other than 11011 and 11012).
Note The deployment engineer can also choose not to use the port automatic assignment feature. In this case, cns event ce-host <port number> command should be used in the bootstrap configuration file and the port number should be updated for every 500 devices.
Event Gateway Resource Monitor
The Cisco Configuration Engine has a resource health monitoring utility which periodically monitors the status of event gateways and Tibco event bus. If any of the monitored process is dead, resource monitor restarts that process automatically, and logs a message in /var/log/CNSCE/resource_monitor/ resource_monitor.log.
The health monitor is installed during Cisco Configuration Engine setup.
•To check the status of the resource monitor, use /etc/init.d/ResourceMonitor status command.
•To start the resource monitor, use /etc/init.d/ResourceMonitor start command.
•To stop the resource monitor, use /etc/init.d/ResourceMonitor stop command.
Event Gateway Scalability in Cisco Validated High Availability Architecture
The Cisco Configuration Engine can be deployed in the following Cisco validated HA architecture where multiple Cisco Configuration Engines, shared external LDAP server and an ACE load balancer is utilized. If a customer deploys this architecture, then the port automatic assignment feature shouldn't be used as the port auto-assignment overwrites the load sharing (among all the participating Cisco Configuration Engines) capability offered by the load balancer
Figure 6-1 High Availability Architecture.
To disable the port auto-assignment, simply do not use the port 11011 or 11012 for plain-text or crypto on network element during event agent configuration. For plain text, all devices can use the port 11013. For crypto, all devices can use the port 11014. The load balancer manages all the connections to event gateways on all the participating Cisco Configuration Engine servers.
Event Gateway Troubleshooting
Q. I setup my Cisco Configuration Engine correctly, but the device is shown as RED or could not be auto-discovered. Why my device is not connecting to Cisco Configuration Engine?
A. Make sure cns trusted-server all-agents ce-host and cns config partial ce-host commands are configured on the device. Where ce-host is the IP address or the hostname of the Cisco Configuration Engine.
Q. I setup my Cisco Configuration Engine correctly and I could also see the new port is assigned to the device by using the $CISCO_CE_HOME/tools/cns-listen cisco.> debugging tool. But I could not see the device and it is in RED. The device shows up in the device discovery GUI. Seems that the connect event is never received by Cisco Configuration Engine.
A. Make sure cns trusted-server all-agents ce-host and cns config partial ce-host commands are configured on the device. Where ce-host is the ip address or the hostname of Cisco Configuration Engine. If this is a slow network, increase the WAIT_AFTER_CONFIG timer in CISCO_CE_HOME/conf / resource.properties and try the operation again. Increasing the wait timer will impact the overall performance. So make sure to find a shortest wait time that works in your network environment. The default wait time is one second.
Q. Can I configure my device to point to the same Cisco Configuration Engine but different ports as the primary and backup Cisco Configuration Engine?
A. No. A given Cisco Configuration Engine can only either be the primary or the backup Cisco Configuration Engine, but cannot be both.
Q. After I used the port auto-assignment, I could not get the status of my config initial?
A. Command cns config initial ce-host reports the config initial status through Event Gateway (by default). If you are using port auto-assignment function, you should post the status through HTTP. For example, cns config initial ce-host status http://ce-host/cns/PostStatus should be configured on the device.
Q. When I push a configuration job to a device, another device got the same config?
A. The device Id needs to be unique within Cisco Configuration Engine's namespace. Make sure the two devices do not have the same config Id, event Id, and image Id.