Deploying Cisco Catalyst 8000V by Using Terraform

You can deploy a Cisco Catalyst 8000V router in Google Cloud Platform (GCP) in two ways: by using a VM instance, or by using Terraform. This chapter specifies the procedures to deploy an instance by using Terraform.

Terraform is an Infrastructure as code (IaC) tool that lets you provision and manage cloud infrastructure in GCP. To learn how to deploy Cisco Catalyst 8000V by using Terraform, perform the tasks in this chapter.

Guidelines for Deploying Cisco Catalyst 8000V

Restrictions

Before you deploy a Cisco Catalyst 8000V instance, see these guidelines and recommendations.

  • You can choose the gVNIC option only if you're using an N4 instance. If you've deployed Cisco Catalyst 8000V in GCP by using N1 or N2 instance series, you cannot resize your existing VMs to N4 instance series due to the variation in disks.

Guidelines

  • A maximum transmission unit (MTU) is the size, in bytes, of the largest possible IP packet, including IP headers, layer 4 protocol headers, and layer 4 data, that can fit inside an Ethernet frame.

    When using gvNIC-based instances, the MTU of the GCP VPC will be inherited by the guest VM, that is, Cisco Catalyst 8000V. If the GCP VPC MTU is set below 1500 bytes, Cisco Catalyst 8000V uses this MTU value. If the GCP VPC MTU is set above 1500 bytes, Cisco Catalyst 8000V uses an MTU ranging from 1500 bytes up to the configured MTU of the VPC.

    For Cisco Catalyst 8000V deployments in SD-WAN mode that utilize bootstrap configuration from vManage, it is important that the configured MTU matches the GCP VPC MTU, especially when the VPC MTU is less than 1500 bytes. Any mismatch in MTU values could lead to deployment failures.

    To configure the MTU settings, see Maximum transmission unit.

Create an SSH Key

The first task in the deployment procedure is to create an SSH key. SSH keys act as a method of authentication to access your Cisco Catalyst 8000V instance. When you create an SSH key, a public key and a private key are created in the .ssh directory.

RSA is the default key type until Cisco IOS XE 17.9.x. From Cisco IOS XE 17.10.1a, support for ED25519 key type is added.

To create an SSH key, perform the following steps. Enter the commands in a terminal server.

Procedure

Step 1

Run the ssh-keygen -t rsa -f ~/.ssh/keyfile [ -C username] command. Here,

~/.ssh/keyfile is the directory path and filename of the key, for example, /users/joe/.ssh/mykey.

-C username is the username that is added as a comment. This variable is optional.

Two key files, a private key and a public key, are created in the .ssh directory, for example, mykey and mykey.pub.

For more information on creating an SSH key, see Creating a new SSH key. See also Managing SSH keys in Metadata.

Example:

ssh-keygen -t rsa -f /users/joe/.ssh/mykey -C joe

Step 2

Run the cat ~/.ssh/[keyfile_pub] command. Here, keyfile_pub specifies the public key, for example, mykey.pub.

Example:

cat /users/joe/.ssh/mykey.pub

The system displays the contents of the public key. You will need this public key to create a VM instance.

Create a VPC Network

A Virtual Private Cloud (VPC) network is a virtual version of a physical network that is implemented in the cloud service provider. Create a VPC network to provide connectivity to your VM instance.

Before you begin

Learn about VPC networks. For information about VPC networks, see Virtual Private Cloud (VPC) Network Overview and Using VPC Networks.

Procedure

Step 1

In the navigation pane of the Google Cloud Platform console, choose VPC network > VPC Networks.

Step 2

Choose Create VPC Network.

Step 3

In the Name field, specify a name for the network.

Step 4

In the Description field, provide a description for the network.

Step 5

Choose Subnets > Add Subnet.

Step 6

In the New Subnet dialog box, enter a Name for the subnet, for example, c8kvnet1.

Step 7

Choose the appropriate option from the Region drop-down list.

Step 8

Enter an IP address range, for example, enter 10.10.1.0/24 for the subnet address.

Step 9

Click Done to create the subnet.

To create multiple subnets for the VPC network, repeat step 5 to step 9.

Step 10

Click Create to create the VPC Network.

Deploy the Cisco Catalyst 8000V Instance

This section specifies the overall deployment process for creating a Cisco Catalyst 8000V instance by using Terraform in GCP. See each of these sections to learn about each process in detail.

Configure the Template Settings

Procedure

Step 1

Go to the Google Marketplace and search for Cisco Catalyst 8000V. Select the Cisco Catalyst 8000V template.

Step 2

Click Launch On Compute Engine.

Step 3

In the New Cisco Catalyst 8000V Deployment window, in the Deployment name field, provide the depolyment name. By default, this field displays the name in the cisco-<deployment number> format.

Step 4

From the Deployment Service Account field, click one of the following radio buttons:

  • Existing Account: Choose this option if you already have a service account. If you choose this option, the system displays the Select A Service Account drop-down field. Choose your service account from this drop-down list.
  • New Account: Choose this option if you want to create a service account. For more information on creating service accounts, see Service Accounts.

Step 5

In the Instance Name field, specify the name of the Cisco Catalyst 8000V instance in text format. You must follow the GCP naming pattern for successful deployment. The name of the instance must be a combination of regex '(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?)'">).

Step 6

In the Username field, specify the username to be used to access the Cisco Catalyst 8000V instance.

Step 7

In the Instance SSH Key field, specify the public key to be used for SSHing into the instance. To know how to create an ssh-key, see SSH-Key.

Step 8

In the Image Version field, choose the version of the Cisco Catalyst 8000V, for example, 17.16.

What to do next

Configure the machine size and bootdisk settings.

Configure the Machine and Disk Properties

This section tells you how to configure the machine and disk properties while deploying a Cisco Catalyst 8000V instance in GCP by using Terraform.

Before you begin

Ensure you've configured the VM template settings.

Procedure

Step 1

In the New Cisco Catalyst 8000V Deployment window, from the Zone drop-down list, choose the Zone where your Cisco Catalyst 8000V is deployed.

Step 2

From the Machine Type field, choose the size of the Cisco Catalyst 8000V that you want to deploy. For more information on Cisco Catalyst 8000V sizes, see MachineTypes.

Step 3

From the Bootdisk area, configure the following settings:

  1. Bootdisk type: Choose the bootdisk type for your deployment. By default, the SSD Persistent disk is selected. Cisco recommends that you use the default Boot disk type.

  2. Boot disk size in GB: Choose the bootdisk size for your depolyment. The default value is 10 GB. Cisco recommends that you use the default Boot disk size.

Step 4

To enhance the performance, disable Hyper-Threading on your GCP instance. To disable Hyper-Threading, configure the vCPU to core ratio when you create your instance. For an existing instance, edit the Machine Configuration to disable Hyper-Threading. Choose Machine configuration > Advanced Configurations and configure the vCPUs to core ratio field to 1 vCPU per core.

What to do next

Configure the network settings and the interfaces for your deployment.

Configure the Network Settings and Interfaces

This task instructs you on how to configure the network settings and add interfaces when you deploy a Cisco Catalyst 8000V instance in GCP by using Terraform.

Procedure

Step 1

In the New Cisco Catalyst 8000V Deployment window, navigate to the Networking area.

Step 2

Under Network Interfaces, choose the network in the region where you want to deploy the Cisco Catalyst 8000V instance from the Network field.

You must create the network before you create the Cisco Catalyst 8000V instance. Ensure that at least one subnet is associated to that network. For more information about networks, see Virtual Private Cloud Network Overview.

Step 3

From the Subnetwork field, choose the subnet that is associated with the selected Network (VPC). This subnet acts as the first Network Interface (nic0) of the Cisco Catalyst 8000V instance.

Step 4

To set gVNIC as the network interface, expand the Advanced Options > Networking section. From the Network Interface Card drop-down list, choose gVNIC.

Note

 

You can choose the gVNIC option only if you're using an N4 instance. If you've deployed Cisco Catalyst 8000V in GCP by using N1 or N2 instance series, you cannot resize your existing VMs to N4 instance series due to the variation in disks.

Step 5

From the External IP field, choose one of these options to configure the public IP address that you must use to SSH into the Cisco Catalyst 8000V instance.

  • Static: Choose this option if you want to set a static address as this external IP address.
  • Ephemeral: Choose this option if you want to use this public IP address when you start an SSH session from a terminal server.
  • None: Choose this option to not configure any external IP address.

For more information about IP addresses, see IP Addresses.

Step 6

To add an additional interface, click the Add Additional Interface option. Configure the Network, Subnetwork, and External IP fields to add the additional interface.

Note

 

You can configure a maximum of 8 interfaces only, for this deployment.

What to do next

Configure the firewall settings.

Configure the Firewall Settings

Refer to this section if you want to configure the firewall settings for your network when you deploy Cisco Catalyst 8000V in GCP.

Procedure

Step 1

In the New Cisco Catalyst 8000V Deployment window, navigate to the Firewall area.

Step 2

Configure the firewall rule associated to the network by configuring these settings:

  1. Allow TCP port 22 traffic from the internet: Choose this option to create a firewall rule that allows incoming SSH connections on TCP port 22. After you choose this option, you can set the Source IP ranges for TCP port 22 traffic.

  2. Allow HTTP traffic from the internet: Choose this option to create a firewall rule that allows incoming traffic on TCP port 80.

  3. Allow TCP port 21 traffic from the internet: Choose this option to create a firewall rule that alows incoming traffic on TCP port 21.

  4. IP Forwarding: Choose this option to enable IP forwarding for your VM instance.

You can also create additional Firewall rules for your deployment. For more information on firewall rules, see Firewalls in VPC Networking and Firewalls.

What to do next

Add the startup script by copying and pasting the script or by adding the URL to your configuration file.

Add the Startup Script

Refer to this section to learn how to add startup script or a startup configuraiton for Cisco Catalyst 8000V deployed in GCP.

Procedure

Step 1

On the New Cisco Catalyst 8000V Deployment window, navigate to the Advanced area.

Step 2

Add your startup configuration by configuring one of these two fields:

  • Startup-script: Copy and paste the startup configuration information in this field. Note that the configuration information should not exceed 10000 characters when you choose this option.
  • Custom Data File URL: Paste the URL to the custom data file in this field. This URL must be publicly accessible. For longer configuration files, use this option to add your startup script.

Step 3

Click Deploy to deploy the Cisco Catalyst 8000V instance by using GCP Terraform.

After the deployment is complete, a publicly accessible storage bucket, containing all the information about the Terraform, is created. It is recommded that you make the storage bucket private.

Access the Cisco Catalyst 8000V CLI

SSH keys act as the authentication method to access your Cisco Catalyst 8000V instance. Apart from the RSA key type, Cisco Catalyst 8000V also supports the ED25519 key type from Cisco IOS XE 17.10.1a. To set up an SSH using the CLI, perform these steps.

Before you begin

  • Perfrom the Day 0 configuration as mentioned in the Day Zero Configuration chapter.

  • Ensure that the Cisco Catalyst 8000V VM instance is up. This is required for you to access the Cisco Catalyst 8000V VM instance using an SSH session.


Note

In the VM Instances window, the SSH tab is not enabled for a Cisco Catalyst 8000V VM. You must set up an SSH using the following commands.

Procedure

Step 1

ssh -i ~/.ssh/[keyfile] username@ instance-external-IP .

Logs into the Cisco Catalyst 8000V instance using an SSH session. Here, ~/.ssh/keyfile represents the path and filename of the public key. After logging in, you can enter the Cisco IOS XE commands using the CLI.

Example:

ssh -i /users/joe/.ssh/mykey.pub joe@10.0.0.2

Step 2

interface interface-name

Enters interface configuration mode.

Example:

Router(config)# interface GigabitEthernet1

It is recommended that you perform the following steps to increase the interface's speed for each interface.

Step 3

ip address dhcp

Acquires an IP address on an interface from DHCP.

Example:

Router(config-if)# ip address dhcp

Step 4

speed <interface speed>

Sets the speed of the interface.

Example:

Router(config-if)# speed 10000

Step 5

no negotiation auto

Disables auto negotiation.

Example:

Router(config-if)# no negotiation auto

Step 6

exit

Exits the interface configuration mode.

Example:

Router(config-if)# exit

(Optional) Repeat steps 2 to 6 to increase the speed of the second interface of the Cisco Catalyst 8000V instance.

Verify Interface Mapping

When you boot the Cisco Catalyst 8000V instance for the first time, the router interfaces are mapped to the logical vNIC interfaces that were added when the VM was created.

After you boot the Cisco Catalyst 8000V instance, you can verify the mapping between the logical interface on the router with the vNIC and the vNIC MAC address by performing this task.

Procedure

Run the show platform software vnic-if interface-mapping command.

Displays the logical interface that the Cisco Catalyst 8000V instance uses to map to the interface on the hypervisor. 

C8000v-router# show platform software vnic-if interface-mapping
-------------------------------------------------------------
Interface Name        Driver Name         Mac Addr
-------------------------------------------------------------
GigabitEthernet4       net_gve            4201.0a5a.aa02
GigabitEthernet3       net_gve            4201.0a5a.820c
GigabitEthernet2       net_gve            4201.0a5a.170c
GigabitEthernet1       net_gve            4201.0a5a.f307
-------------------------------------------------------------

Note the net_gve value under Driver Name. This indicates that gVNIC interface is being used by the instance.