- Preface
- Product Overview
- Basic Router Configuration
- Configuring Ethernet CFM and Y.1731 Performance Monitoring on Layer 3 Interfaces
- Configuring Power Management
- Configuring Security Features
- Configuring Secure Storage
- Configuring Backup Data Lines and Remote Management
- Configuring Ethernet Switches
- Configuring Voice Functionality
- Configuring the Serial Interface
- Configuring Wireless Devices
- Configuring PPP over Ethernet with NAT
- Configuring PPP over ATM with NAT
- Environmental and Power Management
- Configuring a LAN with DHCP and VLANs
- Configuring a VPN Using Easy VPN and an IPSec Tunnel
- Configuring Cisco Multimode G.SHDSL EFM/ATM
- Configuring VDSL2 Bonding and Single-Wire Pair
- Configuring Cisco IOx
- Deployment Scenarios
- Troubleshooting Cisco 800 Series Routers
- Cisco IOS Software Basic Skills
- Concepts
- ROM Monitor
- Index
- Configuring Cisco IOx
- Configuration Examples
- Developer Mode with Ethernet
- Cellular IP Address Type
- Accessing the Web Interface of Local Manager
- Configuring NTP Server
- Configuring IOS NAT for Applications Installed using BRIDGE and NAT Networking Modes
- Configuring Guest Serial
- Upgrading Cisco IOx
- Troubleshooting
Configuring Cisco
IOx
Cisco IOx is an end-to-end application enablement platform that provides application hosting capabilities for different application types in a consistent and uniform manner across various Cisco network platforms. The IOx platform allows you to manage the whole life cycle of applications including development, distribution, deployment, hosting, monitoring, and management. This chapter explains how to configure Cisco IOx on Cisco 819 and 800M series routers.
This chapter contains the following sections:
- Configuring Cisco IOx
- Configuration Examples
- Developer Mode with Ethernet
- Cellular IP Address Type
- Accessing the Web Interface of Local Manager
- Configuring NTP Server
- Configuring IOS NAT for Applications Installed using BRIDGE and NAT Networking Modes
- Configuring Guest Serial
- Upgrading Cisco IOx
- Troubleshooting
Configuring Cisco IOx
Before you deploy applications on your device, you have to configure IOx. On Cisco 800 series routers, IOS image runs on Core 1 and IOx runs on Core 2. Configuring IOx involves enabling IOx framework on Core 2 of your device.
![]() Note | The prerequisite for configuring IOx on a device is that you should have an IOS image that supports IOx.The IOS image should be 15.5(1)T or later. |
Perform the following tasks to configure IOx:
Configuration Examples
The following example shows three different use cases:
Developer Mode with Ethernet
In this scenario:
-
The router is not used for actual routing. It is at the edge of the network.
-
This mode suits the users who just need the application to have access to the external network.
-
The application sits behind a NAT. So, a DHCP pool assigning a local IP address is configured on IOS.
Perform the following tasks to configure IOx:
Stationary with Ethernet
In this scenario:
-
The router is used for actual routing. It is at the middle of the network.
-
This mode suits users who need the application to have access to and is accessible from the external network.
-
The application does not sit behind a NAT.
-
The VirtualPortGroup borrows the external interface IP address. Now it can be reached from outside the router.
-
The application acquires its interface IP addresses from an external DHCP server by relaying the DHCP request through the VirtualPortGroup. It will also acquire an external IP address.
Perform the following tasks to configure IOx:
Mobile with Cellular
In this scenario:
-
Router is mobile with cellular connectivity (the only WAN link).
-
VirtualPortGroup and Application are behind NAT, overloading cellular interface IP address.
-
Application obtains the IP address from internal DHCP.
-
Application management model depends on the type of IP address subscribed from cellular service provider being public or private.
In this mode:
-
You configure cellular interface instead of GigabitEthernet interface as the WAN link.
-
You modify references to cellular interface (instead of GigabitEthernet) for default route, NAT address overload, and PAT.
-
You assign VirtualPortGroup its own IP address.
-
You configure local DHCP pool for application.
Perform the following tasks to configure IOx:
Cellular IP Address Type
When users subscribe to cellular service, by default, the service provider assigns a private IP address. However, there is a way to choose a public address. Even though similar IOS configurations work in both the cases, below table explains the major differences between these two, and its impacts on your IOx application.
|
Public IP Address |
Private IP Address |
Routing | Routable in Internet space. | Being private to provider’s domain, the address need to be translated to a public one before it is routable in Internet space. |
Availability and cost | Check with your local providers for availability and any additional charge. | Common provision offered by most providers. |
Static vs Dynamic | Static. | Usually dynamic. This implies that the address will most likely change each time router re-attaches to the cellular network (for instance, after the router reloads or cellular interface resets). |
IOx Application Management | Same as Stationary Ethernet mode. | Since router is behind provider’s NAT, user will not be able to access router’s web server port. Therefore, applications can only be managed locally via router’s console port or LAN switch ports with IOS virtual-service CLIs. |
Accessing the Web Interface of Local Manager
After you configure IOx on your router, you can access the web interface to manage the IOx applications. The IP address of the Gigabit Ethernet interface of the router is used to generate the web URL. For example, if the IP address of the GE interface is 172.x.x.x, then the web URL of the Local Manager is https:// 172.x.x.x:8443.
Log in to the Local Manager using your Username and Password. The User name and the Password is authenticated against the Username and Password used for router login. You should have privilege 15 to access the Web interface. The following example shows how to enable privilege 15 on your router:
username username privilege 15 password 0 password
Log in to Local Manager to add devices (819 and 800M).
Configuring NTP Server
You configure the NTP server so that all the IOx components (Routers, Applications, Fog director, etc) are synched with the same NTP server. This ensures that the IOS and IOx are using the same date and time. Use the following configurations:
ntp update-calendar ntp server 10.64.58.50
Configuring IOS NAT for Applications Installed using BRIDGE and NAT Networking Modes
If you have installed an App using BRIDGE or NAT networking mode, you have to configure the corresponding NAT configurations on the IOS side.
The App acquires the IP address from the DHCP server configured on the IOS.
BRIDGE MODE:
-
Choose bridge mode during an App installation (in Local Manager or Fog Director).
-
Use device details page of FD or LM to:
You have to perform the following NAT configurations on the IOS side for the traffic coming to the App:
ip nat inside source static tcp 192.168.1.46 9000 interface gabitEthernet0 9000 ip nat inside source static udp 192.168.1.46 12000 interface gigabitEthernet0 12000
The sensor needs to send TCP / UDP traffic to the following IP:
- TCP port : <Router_Wan_IP>:9000
- UDP port: <Router_Wan_IP>:12000
This will be translated into:
- TCP port : 192.168.1.46:9000
- UDP port : 192.168.1.46:12000
NAT MODE:
You have to perform the following configurations if an App is installed in NAT mode:
-
Choose NAT mode during an App installation in FD or LM.
-
IOx provides an IP address from the DHCP server within the IOx.
-
CAF provides DHCP IP address in the range of 192.168.223.x .
-
CAF gives internal and external ports corresponding to ports asked by the App.
-
Use Device details page of FD or LM to:
In NAT mode, you have to configure the NAT rules against the IOx svcbr_0 IP address which is assigned when the IOx/GOS come up initially (192.168.1.6).
- TCP : < Router_Wan_ip >: 40000
- UDP: < Router_Wan_ip >: 42000
This will be translated into:
- 192.168.1.6:40000
- 192.168.1.6:42000
And then it is translated into the following App IP:
- 192.223.1.10:9000
- 192.223.1.10:12000
Perform the following NAT configuration on IOS side:
ip nat inside source static tcp 192.168.1.6 40000 interface gabitEthernet0 40000 ip nat inside source static udp 192.168.1.6 42000 interface gabitEthernet0 42000
Configuring Guest Serial
This feature allows the installed IOx applications to access the router’s serial interface. This configuration is optional because not all applications need this configuration.
The following example shows how to connect the serial port s0 of a Cisco 819 router to guest:
interface serial0 physical-layer async vrf forwarding internal-score-vrf no ip address encapsulation raw-tcp end line 7 raw-socket tcp client 192.168.3.2 32000
In the raw-socket tcp client command, 192.168.3.2 is the IP address for host Linux, and 32000 is the serial TCP port.
On a Cisco 800M series routers, the interface name should be either serial0/0/0 or serial0/1/0 depending on the module slot.
The following example shows how to configure a module installed on slot 0 of a Cisco 800M series router:
interface Serial0/0/0 physical-layer async no ip address encapsulation raw-tcp ! line 3 raw-socket tcp client 192.168.3.2 32000
The following example shows how to configure a module installed on slot 1 of Cisco 800M series router:
interface Serial0/1/0 physical-layer async no ip address encapsulation raw-tcp end line 19 raw-socket tcp client 192.168.3.2 32001
![]() Note | The Async line associated with serial interface s0 on Cisco 819 is 7. The Async lines associated with serial interface s0/0/0 and s0/1/0 on Cisco 800M routers are 3 and 19 respectively. |
An Async line is set to 9600 baud, no parity, and 1 stop bits by default. All TTY terminal settings need to be configured under the Async line in IOS. The following example shows how to change the baud rate to 115Kbps:
line 7 raw-socket tcp client 192.168.3.2 32000 stopbits 1 speed 115200 819-42#show line 7 Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 7 TTY 115200/115200- - - - - 0 0 0/0 Se0 Line 7, Location: "", Type: ""
Upgrading Cisco IOx
You can upgrade IOx separately without changing the IOS. The following example shows how to upgrade IOx:
Router#configure terminal Router#iox host ip address 192.168.3.2 255.255.255.0 host ip default-gateway 192.168.3.1 host boot flash:p1021_c800.xxxxx.bin <<<<<<<<<< new image for IOX Router#write Router#reload
Troubleshooting
This section explains how to troubleshoot IOS and IOx.
Debugging IOS
Use the following commands to debug IOS:
Command |
Description |
Examples |
debug iox config level error | Debugs IOx configuration errors. |
Router#debug iox config level error *Oct 7 08:30:27.951 PDT: if_c800_iox_infra_cli_handler.c :: debug_iox_configuration_command_han dler() : 242 - Changed configuration debug level to 3 iox_819_2# iox_819_2# iox_819_2#conf t Enter configuration commands, one per line. End with CNTL/Z. iox_819_2(config)#iox iox_819_2(config-iox)#host ip add 192.168.100.2 255.255.255.0 iox_819_2(config-iox)# *Oct 7 08:30:44.043 PDT: if_c800_iox_trans_mgr.c :: iox_create_transaction() : 50 - Created transaction: tid=14, pid=155 *Oct 7 08:30:44.043 PDT: if_c800_iox_cli_handler.c :: cfg_iox_host_ip_address_cmd_handler () : 387 - host ip address entered address: 192.168.100.2 mask: 255.255.255.0 *Oct 7 08:30:44.043 PDT: if_c800_iox_cli_handler.c :: iox_validate_host_ip_address() : 309 - All checks passed .................... |
debug iox config level debug | Debugs IOx configuration. |
Router#debug iox config level debug iox_819_2#conf t Enter configuration commands, one per line. End with CNTL/Z. iox_819_2(config)#iox iox_819_2(config-iox)#host ip default-gateway 192.168.100.1 % configuration failure: host ip default-gateway iox_819_2(config-iox)# *Oct 7 08:35:10.231 PDT: SCORE_ERR: score_ipc_send_msg_socket 394 Send failed, socket down *Oct 7 08:35:10.231 PDT: if_c800_iox_cli_handler.c :: cfg_iox_host_default_gateway_cmd_ha ndler() : 645 - Sending host ip message unsuccessful |
debug iox config level warning | Debugs IOx configuration warnings. |
Router#debug iox config level warning iox_819_2#conf t Enter configuration commands, one per line. End with CNTL/Z. iox_819_2(config)#iox iox_819_2(config-iox)#host ip default-gateway 192.168.100.1 % configuration failure: host ip default-gateway iox_819_2(config-iox)# *Oct 7 08:37:06.067 PDT: SCORE_ERR: score_ipc_send_msg_socket 394 Send failed, socket down *Oct 7 08:37:06.067 PDT: if_c800_iox_cli_handler.c :: cfg_iox_host_default_gateway_cmd_ha ndler() : 645 - Sending host ip message unsuccessful |
debug iox host-agent level error | Use this command if you face any IOx configuration issue from the IOS side. This allows you to monitor messaging between IOS and IOX framework. Note that this is for debugging IOS config/messaging and does not alter the debugging levels of IOx platform in general. |
Router#debug iox host-agent level error Oct 23 22:37:40.598: if_c800_iox_trans_mgr.c :: iox_create_transaction() : 50 - Created transaction: tid=2, pid=103 *Oct 23 22:37:40.598: if_c800_iox_infra_cli_handler.c :: set_debug_level() : 151 - ***************[IOS-DUMP]********** ***** *Oct 23 22:37:40.598: if_c800_iox_infra_cli_handler.c :: set_debug_level() : 151 - 00 0F 00 06 00 00 00 02 07 01 00 08 01 03 *Oct 23 22:37:40.598: if_c800_iox_infra_cli_handler.c :: set_debug_level() : 151 - *********************************** ***** *Oct 23 22:37:40.598: if_c800_iox_ipc_utils.c :: iox_msg_send() : 137 - Pid: 103 Sending iox message to Score *Oct 23 22:37:40.598: if_c800_iox_cli_handler.c :: iox_cli_wait_for_response() : 207 - CLI is waiting for response - pid: 103 *Oct 23 22:37:40.810: if_c800_iox_ipc_main.c :: iox_recv_msg_from_ioxhad() : 35 - ***************[IOS-DUMP]********** ***** *Oct 23 22:37:40.810: if_c800_iox_ipc_main.c :: iox_recv_msg_from_ioxhad() : 35 - 00 10 00 03 00 00 00 02 00 01 00 *Oct 23 22:37:40.810: if_c800_iox_ipc_main.c :: iox_recv_msg_from_ioxhad() : 35 - *********************************** ***** |
debug iox host-agent level debug | Debugs IOx host agent. |
Router#debug iox host-agent level debug *Oct 7 08:43:04.727 PDT: if_c800_iox_infra_cli_handler.c :: set_debug_level() : 151 - ***************[IOS-DUMP]********** ***** *Oct 7 08:43:04.727 PDT: if_c800_iox_infra_cli_handler.c :: set_debug_level() : 151 - 00 0F 00 06 00 00 00 14 07 01 00 08 01 03 *Oct 7 08:43:04.727 PDT: if_c800_iox_infra_cli_handler.c :: set_debug_level() : 151 - *********************************** ***** |
debug iox host-agent level warning | Debugs IOx host agent warnings. |
Router#debug iox host-agent level warning |
reset iox | Resets the IOx framework. |
Router#reset iox *Oct 23 22:41:05.406: if_c800_iox_trans_mgr.c :: iox_create_transaction() : 50 - Created transaction: tid=4, pid=103 *Oct 23 22:41:05.406: if_c800_iox_infra_cli_handler.c :: exec_iox_infra_command_handler() : 298 - ***************[IOS-DUMP]********** ***** *Oct 23 22:41:05.406: if_c800_iox_infra_cli_handler.c :: exec_iox_infra_command_handler() : 298 - 00 11 00 03 00 00 00 04 07 01 01 *Oct 23 22:41:05.406: if_c800_iox_infra_cli_handler.c :: exec_iox_infra_command_handler() : 298 - *********************************** ***** *Oct 23 22:41:05.406: if_c800_iox_ipc_utils.c :: iox_msg_send() : 137 - Pid: 103 Sending iox message to Score % Couldn't process IOx Infrastructure response |
show raw-socket tcp sessions | Displays the status of the raw socket session. |
Router#show raw-socket tcp sessions ----------------------------------- --------------- TCP Sessions ----------------------------------- ------------------- interface tty socket mode local_ip_addr local_port dest_ip_addr dest_port up_time idle_time/timeout vrf_name Se0 7 0 client 10.10.10.1 34383 10.10.10.2 32000 00:00:10 00:00:10 /5 min internal-score-vrf |
show raw-socket tcp statistic | Displays the statistics of the raw sockets. |
Router# show raw-socket tcp statistic ----------------------------------- ---------- Network-Serial Statistics ----------------------------------- ------------------- Interface tty sessions network_in_bytes network_out_bytes network_to_tty_frames tty_to_network_frames vrf_name Se0 7 1 6 6 1 1 internal-score-vrf -------------------------------- CEF Connections Statistics ----------------------- tty_id network_in_frames network_in_bytes network_out_frames network_out_bytes 0 0 0 0 0 0 0 0 0 0 |
show virtual-service detail | Displays application specific information. |
Router# show virtual-service detail name APP Virtual service APP detail State : Activated Package information Name : APP Path : flash:/iox/tmp/APP.ova Application Name : KVM1_Application Installed version : 2.0 Description : KVM1 Linux Test Distro Signing Key type : Unsigned Method : SHA-1 Licensing Name : kvm1_license Version : 3.3 Activated profile name: Resource reservation Disk : 16 MB Memory : 256 MB CPU : 55% system CPU VCPUs : 1 (sockets:1 cores:1 threads:1) Attached devices Type Name Alias ----------------------------------- ---------- NIC dp_1_0 net1 Serial/shell serial0 Disk shared_moun Network interfaces MAC address Attached to interface ----------------------------------- ------------------- 52:54:11:11:00:FE VirtualPortGroup0 Resource admission (without profile) : passed Disk space : 16MB Memory : 256MB CPU : 55% system CPU VCPUs : 1 (sockets:1 cores:1 threads:1) |
show virtual-service global | Displays virtual service global information. |
Router# show virtual-service global Virtual Service Global State and Virtualization Limits: Infrastructure version : 1.7 Total virtual service installed : 1 Total virtual service activated : 1 Maximum VCPUs per virtual service : 1 Machine types supported : KVM Machine types disabled : LXC Resource virtualization limits: Name Quota Committed Available ----------------------------------- --------------------------- system CPU (%) 80 55 25 memory (MB) 256 256 0 flash (MB) 1024 11 625 |
show virtual-service list | Lists the applications. |
Router# show virtual-service list Virtual Service List: Name Status Package Name ----------------------------------- ----------------------------------- -------- APP Activated APP.ova |
show virtual-service profile | Displays information about the appliance profile. |
Router# show virtual-service profile |
show virtual-service utilization | Displays information about the utilization of appliances. |
Router# show virtual-service utilization name APP Virtual-Service Utilization: CPU Utilization: Requested Application Utilization: 55 % Actual Application Utilization: 1 % (30 second average) CPU State: R : Running Memory Utilization: Memory Allocation: 262144 Kb Memory Used: 262144 Kb Network Utilization: Name: dp_1_0, Alias: net1 RX Packets: 16 TX Packets: 24 RX Bytes: 2416 TX Bytes: 6624 RX Errors: 0 TX Errors: 0 Storage Utilization: Name: shared_mount, Alias: Capacity(1K blocks): 16384 Used(1K blocks): 20 Available(1K blocks): 16364 Usage: 1 % |
virtual-service connect name appname console | Connects to the console of the VM environment that the IOx application is running. |
Router# virtual-service connect name sensorbot console |
Enabling Log Settings of CAF
You can use the CAF log settings to debug the App life cycle issues. By default, the log settings are set to INFO. Use Fog Director or Local Manager to set the CAF settings to debug.
Application Specific Debugging
An Administrator of IOX can access the App console using Local Manager. To access the App console, log onto Local Manager, go to Apps > Manage > App-info and type the following SSH command:
ssh -p {SSH_PORT} -i net_bridge.pem appconsole@10.78.106.163
Replace SSH_PORT with the port number that the Admin has configured on the IOS NAT rule. For instance, if 192.168.1.6 is the IP address assigned to the GOS, and NAT rule is configured on IOS to allow SSH through 2222, the final App console access command will be:
ssh -p 2222 -i net_bridge.pem appconsole@10.78.106.163
Commonly Faced Issues
Issue: A device added to Fog Director is not showing up. The Last Heard column in Fog Director shows 'connection timed out or no route to host'.
Solution: This issue happens because the router's WAN IP is not reachable from Fog Director. Correct the reachability issue and make sure that all the necessary configurations are done properly.
Issue: WAN IP of the router is reachable but Fog Director does not show the device.
Solution: To troubleshoot this issue, do the following:
-
Check whether the necessary NAT rule is enabled for port 8443. The following example shows the NAT rule:
ip nat inside source list NAT_ACL interface gigabitEthernet0 overload ip nat inside source static tcp 192.168.1.6 8443 interface gigabitEthernet0 8443
-
Check whether the GIG5 interface is up.
-
Check whether the GOS/IOx is up and running and it has acquired an IP address from the DHCP server.
-
Check whether the NAT translation has happened for 8443 from WAN ip to the GOS SVCbr_0 IP address:
829-163#show ip nat translations Pro Inside global Inside local Outside local Outside global tcp 10.78.106.163:2222 192.168.1.6:22 --- --- tcp 10.78.106.163:8443 192.168.1.6:8443 10.232.26.200:57639 10.232.26.200:57639
Serial Data Traffic Issues
Use the following commands to troubleshoot the serial data traffic issues:
Command |
Description |
Examples |
||
show interface serial | Displays the serial interface configuration and statistics. |
Router# show interface serial erial0 is up, line protocol is up Hardware is Serial in async mode MTU 1500 bytes, BW 9 Kbit/sec, DLY 100000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation RAW-TCP, loopback not set Keepalive not set DTR is pulsed for 5 seconds on reset Last input never, output never, output hang never Last clearing of "show interface" counters 5d21h Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/10 (size/max) 30 second input rate 0 bits/sec, 0 packets/sec 30 second output rate 0 bits/sec, 0 packets/sec 391 packets input, 3247 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored, 0 abort 395 packets output, 3160 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up |
||
debug raw-socket tcp packet
debug raw-socket driver packet |
Monitors the serial data flow between IOS and host Linux.
|
Router# debug raw-socket tcp packet *Oct 23 18:52:25.912: [From Network]<-- received 8 bytes on socket 0 from 192.168.3.2 port 32000 *Oct 23 18:52:25.912: 010300000002C40B *Oct 23 18:52:25.912: [To Serial]<-- sending 8 bytes from socket 0 to interface 7 *Oct 23 18:52:25.912: rawsocket_async_output[tty 7]: Received 8 byte from socket... *Oct 23 18:52:25.912: [Socket --> Async] 01 03 00 00 00 02 C4 0B *Oct 23 18:52:25.948: [Async --> Socket] tty(7) Received 9 byte from serial... *Oct 23 18:52:25.948: [Async --> Socket] 01 03 04 89 2F 80 4F C1 92 *Oct 23 18:52:25.948: [From Serial]--> received 9 bytes from interface 7 tty 7 *Oct 23 18:52:25.948: 010304892F804FC192 *Oct 23 18:52:25.948: [To Network]--> dispatched 9 bytes on socket 0 to ip 192.168.3.2 port 32000 |
Check whether the serial devices are connected and the serial port on your devices share the same baud rate.