Feedback
Table Of Contents
Adding and Managing VNEs, AVMs, Units, and the Gateway Server
Managing Units (and High Availability)
Adding a New Unit (and Setting Up High Availability)
Viewing and Editing Unit Properties
Viewing and Editing AVM Properties
Changing AVM Status (Start or Stop)
Understanding VNE Status and VNE States
Prerequisites for Adding VNEs to AVMs
Using Network Discovery to Add Bulk VNEs
Configuring and Performing Network Discovery
Importing Network Elements from a Seed File
Defining and Creating Individual VNEs
Viewing and Editing VNE Properties and Schemes
Changing VNE Status (Start, Stop, Maintenance)
Adding and Managing VNEs, AVMs, Units, and the Gateway Server
These topics describe how to add, delete, and maintain network elements in Cisco ANA. They also describe the various states and statuses that are displayed in the Cisco ANA GUI client.
•
Managing the Gateway, describes how to use the cmpctl command to manage and get information on the gateway server.
•
•
•
You must have Administrator privileges to use these functions, unless otherwise noted.
The following topics describe how to perform basic management tasks. Refer to these topics for administration information:
•
•
Managing the Gateway
As described in Cisco ANA Architecture, page 1-6, the gateway enforces access control and security for all connections and manages client sessions. It maintains a repository of system settings, topological data, and snapshots of active alarms and events. The gateway also maps network resources to the business context, which enables Cisco ANA to contain information that is not directly contained in the network (such as VPNs and subscribers) and display it to northbound applications.
These topics provide more information on how to manage the gateway server, and the roles required:
•
•
•
To connect to a gateway, download and install the client software on your client machine. Installing the gateway and client software is described in Cisco Active Network Abstraction 4.0.2 Installation and Setup Guide, along with other basic setup information.
Getting Information on Configured Gateway Servers Using the GUI Client
Before You Begin
Be sure to configure Network Time Protocol (NTP) on the gateway so that all network elements are synchronized to a common time base (UTC).
To get information about configured gateways:
Step 1
Step 2
The table below the workspace provides information about the units or AVMs installed on the gateway. These are described in Viewing and Editing Unit Properties, and Viewing and Editing AVM Properties.
The log for the gateway server process is stored in ANAHOME/Main/logs/11.log.
Managing the Gateway Server Using the cmpctl Command
You can use the cmpctl command to start and stop the gateway and all component processes (including AVMs you created), or just perform a general check of the system status. The cmpctl command is located in ANAHOME/Main (ANAHOME is the installation directory, normally /export/home/ana41). It takes the following arguments:
cmpctl [ options ] [ start | stop | status | restart ]
You must be logged in as anauser to use this command. The following is an example.
# cd /export/home/ana41/Main# ./cmpctl status.-= Welcome to anaserver, running Cisco ANA gateway =-.+ Checking for services integrity:- Checking if host's time server is up and running [OK]- Checking if blood test webserver daemon is up and running [OK]- Checking if secured connectivity daemon is up and running [OK]- Checking if license server is up and running [OK]+ Detected AVM99 is up, checking AVMs- Checking for AVM112's status [OK]- Checking for AVM113's status [OK]- Checking for AVM66's status [OK]- Checking for JBoss status [OK]- Checking for AVM11's status [OK]- Checking for AVM55's status [OK]- Checking for AVM100's status [OK]- Checking for AVM0's status [OK]Note Checking if host's time server is up and running is the only item that can safely have a status of DOWN. Everything else must display OK.
cmpctl could display any of the following status indictors:
If you would like to configure gateway high availability, contact ask-ana@cisco.com.
See these topics for more information on managing and administering the gateway server:
•
•
Roles Required to Stop or Start the Gateway
Table 2-1 lists the roles that are required to stop or start the gateway. For more information on roles, see Creating and Managing Users, Passwords, and Scopes, page 13-34.
Table 2-1 Roles Required to Stop or Start the Gateway
Stopping or starting the gateway using cmpctl
Administrator
Related Topics
•
Managing Units (and High Availability)
As described in Cisco ANA Architecture, page 1-6, the interconnected fabric of units comprises the lowest level of the Cisco ANA architecture. Each unit manages a group of network elements. Units host the autonomous VNEs. This creates a fabric of interconnected VNEs which can intercommunicate with other VNEs (regardless of which unit they are running on). Cisco ANA also provides a high ability mechanism to protect the system in case a unit malfunctions. If the unit is configured for high availability, Cisco ANA switches over to the redundant standby unit, with no loss of information accumulated to that point.
For more information on high availability, see Managing Protection Groups and High Availability, page 13-9.
To check the basic system health of a unit, see Cisco ANA System Health and Diagnostics, page 14-1.
See these topics for more information:
•
•
Roles Required to Manage Units
Table 2-2 lists the roles that are required to manage units. For more information on roles, see Creating and Managing Users, Passwords, and Scopes, page 13-34.
Related Topics
•
Adding a New Unit (and Setting Up High Availability)
After you install the Cisco ANA software on a unit, you can add it to the Cisco ANA fabric. Cisco ANA automatically registers the unit in the registry. The units are linked to the gateway in a star topology.
In addition, administrators can enable or disable high availability for a unit. These settings enable the administrator to define to which protection group a unit is assigned, and whether it is enabled for high availability. For more information on high availability, see:
•
•
Before You Begin
•
•
To add a new unit:
Step 1
Step 2
Step 3
a.
b.
c.
–
–
–
Note
d.
Step 4
Step 5
If the new unit is installed and reachable it starts automatically. The active unit is registered with the gateway. Specifically, the command creates the configuration registry for the new unit in the registry.
Related Topics
•
•
•
•
Viewing and Editing Unit Properties
To view or edit a unit's properties:
Step 1
Step 2
Step 3
IP Address
The IP address of the unit.
Up Since
The date and time that the unit was started.
Used Memory
The maximum memory used by the unit. (Used memory is the sum of the memory used by all the AVMs that are up.)
Protection Group
The protection group to which the unit is assigned.
Status
The administration status of the unit (Up or Down, similar to the status for gateways, AVMs, and VNEs).
Physical Memory
The physical memory of the unit.
Allocated Memory
The amount of memory allocated to the unit. Allocated memory is the sum of all the memory settings for all the AVMs.
AVM HA
Indicates whether the AVM watchdog protocol is enabled. (See Managing the Watchdog Protocol on AVMs, page 13-20.)
The table below the workspace provides information about the AVMs installed on the gateway. These are described in Viewing and Editing AVM Properties.
Step 4
The AVM HA check box defines whether the watchdog protocol is enabled. This should be checked. (See Managing the Watchdog Protocol on AVMs, page 13-20.)
When you change (disable or enable) the Enable Unit Protection option (high availability), changes are effective after a delay of about 15 minutes.
Step 5
Related Topics
•
•
•
•
Removing a Unit
Before You Begin
Delete all the VNEs and unreserved AVMs before deleting a unit; see Deleting an AVM. The reserved AVMs cannot be deleted.
Use this procedure to remove a unit:
Step 1
Step 2
Step 3
Step 4
Related Topics
•
•
•
•
•
Managing AVMs
As described in Cisco ANA Architecture, page 1-6, AVMs are Java processes that provide the necessary distribution support platform for executing and monitoring multiple VNEs. AVMs and VNEs commonly reside on Cisco ANA units but some also reside on a Cisco ANA gateway. The following AVMs are always created on the gateway; some are also created on units. These cannot be edited or deleted.
Reviewers: Please confirm that these are all the AVMs that users need to know about. I heard that AVM 66 might not be in the GUI anymore. Also, please give an update on AMV 199 (whether it is in or out, what it is for, etc.) Nicola suggested adding Jboss to this list, but Jboss is not an AVM, correct? (We do have a process list in the install guide that lists Jboss.)
You can add AVMs to units or directly to a gateway. Each of these AVMs has its own log.
The Cisco ANA Watchdog Protocol monitors the AVM processes to make sure any AVMs that have stopped are restarted. For information on the Watchdog Protocol, see Configuring AVMs for High Availability, page 13-20.
To check the basic system health of AVMs, see Cisco ANA System Health and Diagnostics, page 14-1.
See these topics for more information:
•
•
Roles Required to Manage AVMs
Table 2-3 lists the roles that are required to manage AVMs. For more information on roles, see Creating and Managing Users, Passwords, and Scopes, page 13-34.
Related Topics
•
Understanding AVM Status
AVM status describes the administrative condition of the AVM process on the unit or gateway. AVM status is determined by a combination of the AVM's admin status and operational status:
•
•
Table 2-4 describes how the combination of AVM admin and operational status determines the overall AVM status.
When moving an AVM, its status has a bearing on whether the process is automatically reloaded. If its status is Up, it is reloaded; if its status is down, it is not reloaded. For more information about moving AVMs, see Moving an AVM. For more information about starting and stopping AVMs, see Changing AVM Status (Start or Stop).
Related Topics
•
•
•
•
•
Creating an AVM
Cisco ANA lets you define AVMs for Cisco ANA units. Every AVM in the Cisco ANA fabric is by default managed by the watchdog protocol. Cisco ANA enables the administrator to define AVMs for units, and enable or disable the watchdog protocol on the AVM.
Before You Begin
•
•
•
•
•
Note
Step 1
Step 2
Step 3
ID
The name of the AVM as defined in Cisco ANA, unique to the unit (for example, AVM 18).
AVMs 0-100 and AVM 199 are reserved and cannot be used. Do not enter a reserved number. If you do, a message is displayed in the New AVM dialog box, informing you that the number is reserved.
Key
A string that uniquely identifies an AVM in the system, across all units, thus enabling a transparent failover scenario in the system. If you do not enter a key, the default key, ID + time stamp, is used.
Allocated Memory
The maximum memory allocated to the AVM, in megabytes. For information on the amount of memory to allocate to an AVM, depending on network element types, see COOKBOOK.
Activate on Creation
Loads the AVM into the bootstrap of the unit. This changes the administrative status of the AVM to up and ensures that the AVM is loaded on subsequent restarts of the unit. By default this option is unchecked, and the newly created AVM has an administrative status of down.
Enable AVM Protection
By default this check box is checked, enabling the watchdog protocol on the AVM when high availability is enabled (you have a standby unit). For more information, see Configuring AVMs for High Availability, page 13-20.
Note
Step 4
Creating the new AVM results in Cisco ANA providing the registry information of the new AVM in the specified unit. The AVM can now host VNEs. For more information, see Defining and Creating Individual VNEs.
Related Topics
•
•
•
•
•
Viewing and Editing AVM Properties
To view and edit an AVM's properties:
Step 1
Step 2
Step 3
AVM Protection Enabled
If checked, the watchdog protocol is enabled on the AVM (available only when high availability is enabled). For more information, see Managing the Watchdog Protocol on AVMs, page 13-20.
Operational Status
The status of the relationship between the AVM and its child VNEs (see VNE Status (Operational and Admin Status)).
Up Since
When the AVM process was last started.
Key
A string that uniquely identifies an AVM in the system, across all units, thus enabling a transparent failover scenario in the system. The default key, ID + time stamp, is used.
ID
The name of the AVM as defined in Cisco ANA, unique to the unit.
Note
Admin Status
The status of the relationship between the AVM and its parent gateway/unit (see VNE Status (Operational and Admin Status)).
Max. Memory
The maximum memory, in megabytes, allocated to the AVM.
The table below the workspace provides information about the VNEs installed on the AVM. These are described in Viewing and Editing VNE Properties and Schemes.
Step 4
For more information on the other fields displayed in the AVM Properties dialog box, see Creating an AVM.
Step 5
Related Topics
•
•
•
•
Changing AVM Status (Start or Stop)
Note
To start or stop an AVM:
Step 1
Step 2
Step 3
The AVM is started or stopped, and the appropriate status is displayed in the workspace as follows:
•
•
Related Topics
•
•
•
•
Moving an AVM
You can move an entire AVM between units.
Note
Cisco ANA automatically checks the status of the AVM and VNE before it is moved. This information is maintained in the memory.
If the AVM is up, it is stopped, and then it is moved to the target unit. After the move is completed, the AVM is reloaded, maintaining the status it was in before the move. For example, if it was up before the move, it remains up; if it was down, it remains down.
To move an AVM:
Step 1
Step 2
Step 3
The Move To dialog box displays a tree-and-branch representation of the selected Cisco ANA server and its units, excluding the unit in which the AVM is currently located. The highest level of the tree displays the Cisco ANA server. The branches can be expanded and collapsed to display and hide information.
Step 4
Step 5
For information about moving VNEs, see Moving One or More VNEs.
Related Topics
•
•
•
•
•
Deleting an AVM
If an AVM that you want to delete is running, it is stopped before being removed. This procedure deletes the registry information of the AVM in the specified unit. If there are VNEs running in the AVM, then an error message is displayed, and you cannot delete the AVM.
For more information, see Deleting a VNE.
Note
Before You Begin
Remove all VNEs from the AVM, or the deletion fails. See Deleting a VNE.
Step 1
Step 2
Step 3
Step 4
Related Topics
•
•
•
•
•
Managing VNEs
Each Virtual Network Element (VNE) is assigned to manage a single network element instance and contains a replica of that element. The VNEs maintain a live model of each network element and of the entire network. As the VNE loads, Cisco ANA starts investigating the network element and automatically builds a live model of it, including its physical and logical inventory, its configuration, and its status. Cisco ANA also creates the registry information of the new VNE in the unit. The newly created VNE uses the default community strings and polling rates. The VNE inherits these properties from the configuration record that corresponds to the network element type.
Reviewers: Regarding the following paragraph --
(1)if using Network Discovery, how is the VNE type and scheme determined?
(2) Should I say they can only specify a type and scheme if adding individually (right-click AVM and choose New VNE)?The information collected by a VNE depends on the VNE type and scheme. You should choose a scheme based on the device family and on the technologies you want Cisco ANA to manage (see Choosing a Scheme when Adding Individual VNEs). The VNE uses whatever southbound management interfaces the network element implements (for example, SNMP or Telnet). Cisco ANA uses the CISCO-ENTITY-MIB, CISCO-STACK-MIB, and OLD-CISCO-CHASSIS-MIB to model Cisco devices.
Reviewers: Does the following note correctly represent the telnet disconnect functionality? I have repeated this note in several places.
Note
A VNE must be loaded into the bootstrap of the unit before it starts monitoring its underlying network element. This changes the administrative status of the VNE to Enabled, and ensures that the VNE is loaded on subsequent restarts of the unit. Loading the VNE also starts the VNE immediately. For more information about the status of VNEs, see Understanding VNE Status and VNE States.
Each VNE should be added to the system only once. You can add VNEs to Cisco ANA in two ways:
•
•
These procedures and all prerequisites are outlined in Table 2-8.
See these topics for more information:
•
•
•
•
•
Roles Required to Manage VNEs
Table 2-3 lists the roles that are required to manage VNEs. For more information on roles, see Creating and Managing Users, Passwords, and Scopes, page 13-34.
Related Topics
•
Understanding VNE Status and VNE States
VNE status describes the administrative condition of the VNE process on the AVM. VNE state describes the condition of the VNE as it tries to model and monitor the real network element it represents. (These states are also different from the network element management states (Managed, Maintenance, Unmanaged, Unsupported). For information on management states, see Understanding Network Element Management States, page 3-8.)
These topics provide detailed information about VNE status and VNE states:
•
•
VNE Status (Operational and Admin Status)
VNE status describes the administrative condition of the VNE process on the unit or gateway. VNE status is determined by a combination of the VNE's admin status and operational status:
•
•
Table 2-6 describes how the combination of VNE admin and operational status determines the overall VNE status.
The admin and operational statuses are displayed in the VNEs table when you select an AVM.
When moving a VNE, its status has a bearing on whether the process is automatically reloaded. If its status is Up, it is reloaded; if its status is down, it is not reloaded. For more information about moving VNEs, see Moving One or More VNEs. For more information about starting and stopping VNEs, see Changing VNE Status (Start, Stop, Maintenance).
You can also place a VNE in Maintenance mode. The VNE status remains Up, but the Maintenance mode (displayed in the UI) changes to true. This allows you to perform maintenance operations without affecting the overall functionality of the active network. Maintenance mode is described in more detail in VNE States (Investigation and Communication States). For information on what a VNE can do when it is in Maintenance mode, see Understanding Network Element Management States, page 3-8.
VNE States (Investigation and Communication States)
A VNE's state describes the relationship between the VNE and the real network element it represents, and the VNE's ability to model and inventory the network element. There are two types of VNE states: the investigation and communication states. These important indicators are displayed both as icons (in the device browser and topology maps), and in text format (in the VNE properties area).
•
•
Table 2-7 describes the VNE investigation states and the possible communication states for each.
Table 2-7 VNE Investigation States
Unknown
The VNE has not been created. (This investigation state is not displayed in the UI.)
N/A
Initializing
The VNE is discovering basic information about the network element (vendor, network element type, hardware and software versions, scheme). This is a transitional state.
Reachable
Modeling in progress
The VNE is discovering the network element and building the model. This is a transitional state.
If a reachable network element becomes unreachable, or vice versa, the investigation state does not change. The VNE investigation state remains in Modeling in progress.
Reachable or Unreachable
Normal
The VNE is managing the network element. All investigation commands have successfully completed.
If a reachable network element becomes unreachable, the VNE investigation state changes to Sync in progress. When the network element becomes reachable, the VNE investigation state remains at Sync in progress until modeling is complete.
Reachable
Preparing for maintenance
The VNE is changing to Maintenance mode (specifically, its status is changing) and no longer polls the network element. This is a transitional state.
Reachable
Maintenance
The VNE is capable of sending alarms and maintains existing links, but does not poll the network element. (See Understanding Network Element Management States, page 3-8 for information on the Maintenance management state.)
Reachable
Sync in progress
The VNE is synchronizing its model with the network element. (For example, the network element was unreachable but becomes reachable, or a user changes the management state from Maintenance to Managed.) This is a transitional state.
If a reachable network element becomes unreachable, or vice versa, the investigation state does not change. The VNE investigation state remains in Sync in progress.
Reachable or Unreachable
Shutting down
The VNE is changing to Down status and is not managing the network element. (For example, a user has selected Stop in the UI.) This is a transitional state.
Reachable
Incomplete
The VNE investigation encountered an issue. For example, a command expired, threw an exception, or has not yet run; or a module is unsupported. However, the VNE can still be managed.
If a reachable network element becomes unreachable, the VNE investigation state changes to Sync in progress. When the network element becomes reachable, the VNE investigation state remains at Sync in progress until modeling is complete.
Reachable
Unsupported
The entire network element is not supported.
Reachable
Figure 2-1 illustrates the normal flow of VNE investigation states when a network element is added to Cisco ANA.
Figure 2-1 VNE Investigation State Sequence when NE is Successfully Added to Cisco ANA
A network element can also be changed to the Maintenance state, either manually or automatically. You may want to do this manually if you need to perform a maintenance activity, such as a software upgrade, so that Cisco ANA will ignore alarms during the activity. Cisco ANA automatically changes a network element to the Maintenance state when the network element's CPU usage reaches a certain configured level. This behavior prevents the VNE from using too much of the network element's resources. When the network element is ready to be changed back to Normal state, Cisco ANA synchronizes the VNE network model with the element, as shown in Figure 2-2.
Figure 2-2 State Sequence when Attempting to Change VNE from Maintenance to Normal
Related Topics
•
•
•
•
Prerequisites for Adding VNEs to AVMs
Table 2-8 lists the tasks you must perform before adding VNEs, to ensure that Cisco ANA can fully manage your network elements.
Device Configuration Tasks to Perform Before Adding VNEs
For Cisco ANA to manage a network element, the element must have the proper configuration settings. For example, you might want to configured a device to forward traps to its identified unit (and to the standby unit, if the unit is configured for failover). If a unit goes down, when the standby unit comes up, AVM 100 on the standby unit broadcasts to the VNEs, and the VNEs register to it to start receiving traps from the new AVM 100.
The settings you must apply depend on the network element device family, and are shown in Table 2-9.
Note
Table 2-9 Prerequisite Device Configuration Tasks
Cisco IOS and
Cisco Cat OSCisco IOS XR
Additional Requirements for Cisco IOS XR:
•
•
•
Redback
None
UTStarcom
None
1 To check the current settings on the Redback network element, use the show snmp communities command.
Device Information to Gather Before Adding VNEs
Before adding a VNE, make sure you have the device information that is listed in Table 2-10. You should also be prepared to enter information about private or public keys, if you plan to use them; see Public Key and Private Key File Formats.
Note
Public Key and Private Key File Formats
There are several file formats for public and private RSA and DSA keys. The same key can be written differently according to which format is used.
This application officially supports the OpenSSH format. For more details, see http://www.openssh.com/manual.html.
Make sure that the keys you provide as input parameters are in this format. If they are not, you will need to convert them to the Open SSH format before applying them.
For example, when working with Cisco IOS software, the public key is retrieved using show crypto key mypubkey .... This format is not compatible with the OpenSSH format, and is not supported. There are several ways to convert the format to the supported version.
The easiest solution is to use public key scan, offered by the (free) OpenSSH application to retrieve the public key in the supported format. For more details, see http://www.openssh.com/manual.html.
Another option is to convert the files to the required format either manually or using a script.
The following are examples of valid file formats.
RSA- private key-----BEGIN RSA PRIVATE KEY-----MIICWwIBAAKBgQDvdpW8ItfbSp/hTbWZJqCPmjRyh9S+EpTJ0Aq3fnGpFPTR+........TiOfhiuX5+M1cTaE/if8sScj6jE9A0MpShBrnDU/0A==-----END RSA PRIVATE KEY-----DSA private key-----BEGIN DSA PRIVATE KEY-----MIIBuwIBAAKBgQDNGO+l2XW+W+YtVnWSYbKXr6qkrH9nOl+.........7wO4+FR9afoRjDusrQrL-----END DSA PRIVATE KEY-----DSA public keyssh-dss AAAAB3.........HfuNYu+ DdGY7njEYrN++iWs= aslehr@aslehr-wxp01RSA - public keyssh-rsa AAAAB3...lot more...qc8Hc= aslehr@aslehr-wxp01Choosing a Scheme when Adding Individual VNEs
When you create the VNE, you are prompted to choose a scheme. The VNE scheme determines what network element information is collected by a VNE and populated in its model. You should choose a scheme based on the device family, and on the technologies you want Cisco ANA to manage.
Table 2-11 lists the scheme you should use, depending on the device family.
Table 2-11 VNE Schemes
Foundation
Used for all Cisco devices and other vendor devices.
•
•
•
MPLS
Supports all the technologies available in Foundation scheme; in addition, it supports technologies related to MPLS and Carrier Ethernet. The MPLS scheme, however, does not support other vendor devices.
Cisco IOS, depending on the technologies you want Cisco ANA to manage (see Table 2-12).
Cisco IOS-XR. For example, Cisco XR 12000 series and Cisco CRS-1.
Technology support for each scheme is listed in Table 2-12. Choosing the correct scheme is important if your devices are running the Cisco IOS operating system, because those network elements can use either scheme. If you need support for technologies related to MPLS and Carrier Ethernet, you should use the MPLS scheme. See Table 2-12 for more information.
Reviewers: Please review this list carefully and let me know which schemes support each new technology. And how about these? They are from MTD. Sonet, SDH, PPP, HDLC, Metro Ethernet.
Related Topics
•
Using Network Discovery to Add Bulk VNEs
The network discovery process creates a list of elements that are present in your network. From the output of that process, you create a seed file, which specifies the elements you want Cisco ANA to manage. Finally, you import the network elements into Cisco ANA, which discovers each element and creates a VNE for it. The result is a living model of all the network elements you want to manage.
If you want to import a small number of network elements, use the procedure that is described in Defining and Creating Individual VNEs.
These are the basic steps of the network discovery and bulkVNE import process.
1.
a.
b.
2.
a.
b.
To use these functions, you must have sufficient privileges. See Roles Required to Manage VNEs.
Understanding the Network Discovery User Interface
The Network Discovery user interface is where you configure the criteria you want Cisco ANA to use to create the seed file, as described in Configuring and Performing Network Discovery.
Figure 2-3 Network Discovery User Interface
Related Topics
•
•
•
Configuring and Performing Network Discovery
To perform network discovery, you must first configure the settings that will guide the network discovery process. Once that is done, you can start the network discovery process from the GUI, to create the list of elements in your network.
To perform network discovery, follow the procedures in these sections:
•
•
Creating the Network Discovery Configuration File
Cisco ANA discovers the elements in your network based on parameters that you provide, such as discovery method, seed devices, hop counts, and filters. Cisco ANA uses the loopback address to discover a network element. (If you do not want Cisco ANA to use the loopback address, you can disable this setting; see Step 10 of the following procedure.) For your reference, a sample discovery configuration file is stored in ANAHOME/Third_Party.
Use this procedure to create or edit a discovery configuration file.
Before You Begin
Make sure you have performed all prerequisites:
•
•
At a minimum, SNMP should be running on all devices and the devices should be reachable; otherwise, network discovery may fail or be incomplete.
Step 1
Step 2
Step 3
a.
b.
c.
Step 4
a.
b.
c.
Table 2-13 Discovery Methods Used by Network Discovery
Neighbor
Uses the Cisco Discovery Protocol (CDP) to learn about the device type and SNMP agent address of network elements that are neighbors to the elements being queried.
CDP must be enabled.
Cluster
Processes the command switches in a DSBU cluster. The Cluster method queries the ciscoClusterMIB for all members of the cluster, then adds the members to the list.
CISCO-CLUSTER-MIB must be enabled.
Credential
Queries devices based on the supplied SNMP and enable credentials, and verifies the credentials for discovered devices.
Must have at least one dependent method from this table.
PingSweep
Pings all devices in a given IP address range. You can also limit the sweep using subnets.
Device must be reachable.
If dependent, must have the same seed IP address and hop counts as its parent method.
PingWithHop
Pings all IP addresses in the seed device ipTable, along with the next-hop router of those IP addresses, and adds the members to the list.
Device must be reachable.
RouterPeer
Queries the OSPF, BGP, or HSRP MIB.
Reviewers: Is HSRP correct? Someone said this was removed in 3.6.2.
OSPF MIB must be enabled.
RoutingTable
Queries and analyzes the routing table of the seed routers to find all subnets and next-hop routers in the network. Cisco ANA traverses the routers to find their directly connected subnets, known networks, and next-hop routers as clues. Eventually Cisco ANA finds a router for every known subnet.
IP MIB must be enabled.
ARP
Queries and analyzes the seed routers' ARP table.
IP MIB must be enabled.
Must have RoutingTable as a dependent method.
1 If you specify a hop count of 0, or do not specify a hop count at all, the entire network will be discovered if the devices are reachable with the given SNMP credentials.
d.
Note
e.
f.
Step 5
Note
To configure dependent methods (so that the output from the dependent method is used as the input to the selected discovery method):
a.
b.
c.
d.
Note
The ARP method must have RoutingTable as a dependent method.
The dependent method PingSweep must have the same seed IP address and hop counts as its parent method.e.
f.
Step 6
Step 7
a.
b.
Step 8
Note
Step 9
Step 10
PreferredMgmtIPMethod="None"Step 11
Running Network Discovery to Create a List of Network Elements
Once you have set your discovery settings as described in Configuring and Performing Network Discovery, you can perform (or schedule) the network discovery using the following procedure. You can then tailor the resulting list of network elements to create the seed file to add network elements to Cisco ANA.
The network discovery process creates a list of network elements in the network in ANAHOME/Main/sfresources/deviceOut.xml (where ANAHOME is normally /export/home/ana41). This file is used to populate the Bulk VNE Import page, as described in Importing Network Elements from a Seed File.
Step 1
Step 2
Step 3
•
•
The length of the Network Discovery process depends on the discovery methods used and the number of devices found. When the discovery process is done, the Job Management browser displays it as having a Completed state. See Browsing and Controlling Jobs, page 13-3 for more information.
Related Topics
•
•
•
•
•
Importing Network Elements from a Seed File
Once the network discovery process has found the elements in the network according to your discovery criteria, you can list the elements on the Bulk VNE Import page. From this list, you can specify which elements you want to add to Cisco ANA, and save the modified list. This modified list is your seed file. Finally, you import the network elements listed in the seed file (by clicking Import Devices). After the network elements are imported, you must start the VNEs.
When the network elements are imported and VNEs are created, Cisco ANA traverses the network to fully discover the network elements and uses this information to create the model of the network. Cisco ANA uses internal algorithms (from the Cisco ANA cookbook) to allocate the VNEs among AVMs, based on the i and bandwidth required by the various network elements. (By default, Cisco ANA uses the cookbook located in ANAHOME/Main/sfresources/cookbooksample.xml. For information on adding single VNEs and allocating them to AVMs, see Defining and Creating Individual VNEs.)
Cisco ANA does not automatically start the VNEs because, in large-scale deployments, this could negatively impact system performance. If you want to change Cisco ANA's default behavior so that VNEs are started after being added, contact ask-ana@cisco.com for instructions.
When you create your seed file, it is saved in the ANAHOME/Main/sfresources directory. By default, the file is named SeedOutput-date-hhmmss.xml.
Before You Begin
•
•
Use this procedure to
Step 1
Step 2
Step 3
a.
Note
b.
Step 4
Step 5
Step 6
Step 7
a.
b.
c.
–
–
d.
To check the results of the VNE import, view the log file at ANAHOME/Main/logs/SeedFile.log (where ANAHOME is the installation directory, normally /export/home/ana40).
Reviewers: (1) Since there is no log file, if user does not have console open, how can they check results to see if it was successful (apart from checking job)?
Related Topics
•
•
•
•
•
Defining and Creating Individual VNEs
Note
This topic explains how to add individual VNEs to Cisco ANA. You can define and manage SNMP, Telnet/SHH, ICMP, and polling information for the appropriate VNEs in the New VNE dialog box. If desired, you can create VNEs that perform reachability testing, through ICMP only. Do this by creating the VNE, choosing ICMP for the VNE type, and defining the details in the ICMP area.
Note
To add VNEs in bulk based on the devices in your current network, use the procedure described in Using Network Discovery to Add Bulk VNEs.
Before You Begin
Make sure you have performed all prerequisite activities:
•
•
•
If you do not perform these prerequisite activities, the VNEs may not be correctly discovered and managed.
Step 1
Reviewers: If user has multiple user-defined AVMs, how do they know which AVM they should add the VNE to? For autodiscovery/import, ANA takes care of this. Can we give any guidance to user?
Step 2
Step 3
Name
The name of the VNE, which will be used as a unique key in Cisco ANA. It is also used for commands that manipulate the VNE.
IP Address
The IP address of the network element.
Type
Defines the protocol Cisco ANA will use to model the element, and the extent to which you want the element to be modeled. (If you are using network discovery, the network discovery process will automatically recognizes the type. For more information on network discovery, see Using Network Discovery to Add Bulk VNEs.)
Auto Detect
Use this type if SNMP is enabled on the element. Cisco ANA will use SNMP to gather all available inventory information.
Generic SNMP
Use this type if SNMP is enabled on the element, and either Cisco ANA does not support the element, or Cisco ANA does support the element but you only want basic information to be modeled. Cisco ANA will use SNMP to gather the most basic inventory information that is normally provided by all network elements.
ICMP
Use this type if ICMP is enabled on the element, and either Cisco ANA does not support the element, or Cisco ANA does support the element but you only want basic information to be modeled. Cisco ANA will use ICMP to gather the most basic inventory information that is normally provided by all network elements, and will perform reachability testing only.
Scheme
Defines the VNE modeling components investigated during the discovery process and then populated in the VNE model. This enables the administrator to define different behavior for some network elements; for example, some network elements poll only with SNMP, and other network elements poll with Telnet. Soft properties and activation scripts are also attached to a specific scheme. By default, the VNE inherits the VNE scheme from the default scheme. Where more than one scheme exists in the network, the VNE loads the selected scheme.
For Cisco IOS devices, you can use the Foundation or MPLS scheme, depending on the technologies you want to manage. For information on supported technologies, schemes, and device types, see Cisco Active Network Abstraction VNE Reference.
Note
Foundation
•
•
•
MPLS
•
•
MPLSIOSXR
•
Context
Specifies the default context for devices that support multiple contexts . (Context is the term that some vendors use to signify a virtual router). The key name ensures that the proper community settings are not overwritten, so that Cisco ANA can discover and investigate the devices.
local
•
default
•
Are we supporting context for Juniper devices in 4.1?
generic
•
Status
Sets the initial disposition of the VNE. Normally you should set it to Start. You may not want to do this if you want to verify the VNE configuration, or if you know the VNE is very complex and might need extra processing to complete the loading procedure.
Stop
Do not load the VNE (default).
Start
Load the VNE and start collecting data.
Maintenance
Start the VNE but change it to the Maintenance investigation state.
ANA Unit
The IP address of the unit that hosts the VNE's AVM. This information is prepopulated.
AVM
The AVM on the unit that hosts the VNE. This information is prepopulated.
Step 4
Note
Note
Step 5
Enable
Check this check box to enable the communication protocol so Cisco ANA will investigate the network element. Checking this check box activates the Login Sequence area. You can enable or disable the communication protocol at any time.
Protocol
Choose one protocol from the drop-down list (the default is Telnet):
•
•
•
Note
Port
This field is prepopulated, depending on your protocol choice:
•
•
You can also edit the port number displayed.
Prompt and Run
The network element's expected prompt, and the string Cisco ANA should send to the network element (when the expected prompt is detected). Entering a string in the Prompt field activates the Run field. After making your entries in the Prompt and Run fields, click Add to add them to the login sequence. Click Remove to remove any lines.
Telnet
Enter the Telnet information. The sequence (the order of the commands) must end with a line that includes only the prompt field. (You can also change these credentials in runtime.)
•
Prompt
Run
Username:
user name
Password:
password
#
xml
XML>
(leave blank)
•
Prompt
Run
Password:
password
devicename>
enable
Password:
password
devicename#
enable
SSH V1 and V2
Enter the SSH information. This sequence is usually shorter than the corresponding Telnet login sequence, because the username or password may already be sent during the process of establishing the SSH session. Cisco recommends that you first use any SSH client application (such as UNIX SSH or OpenSSH) to determine the device SSH login sequence, and then enter that information.
Hide the Run value while typing
Check this check box if you do not want the Run string displayed as clear text while you enter it in the field.
Confirm
This field is activated if you checked the Hide the Run value while typing check box. Re-enter the Run string.
Add and Remove
Use these buttons to add or remove the prompt and run strings.
Username
Enter the device name.
Password
Enter the device password.
Cipher
Choose the data encryption algorithm. By default, all methods are used.
•
•
•
Username
Enter the SSHv2 username.
Client Authentication
Choose the client-driven authentication method from the drop-down list.
Password
Use a password to authenticate the client. Enter the password in the Password field.
public-key
Optionally, use public key authentication, which uses a key pair system in which the client application is configured with the secret private key, and the device is configured with the public nonsecret key (of this pair).
•
•
Server Authentication
Choose a server authentication method from the drop-down list.
none
No server authentication. (This method does not do any authentication and is not recommended, because it poses a security risk for "man-in-the-middle" attacks.)
pre-
configuredUse the server public key or fingerprint that was configured in the application event before the first connection was attempted. This is the default and is the recommended method. Selecting this method activates the Finger Print or Public Key field.
Select one of the following (and be sure to read the information in the Host Key Algorithm section):
•
•
save-first-
authUse the public key that was used for the first connection attempt with the server. This method assumes the first connection was legitimate. (A security risk exists if the connection was compromised.)
After the first connection, the server authentication method is changed to preconfigured, and the public key data is inserted as the preconfigured data.
Key Exchange1
Choose a key exchange algorithm. The default is none.
•
•
MAC1
Choose a MAC algorithm for key generation. The default is none.
•
•
•
Cipher1
Choose a cipher:
•
•
•
Choose a host key algorithm (up to 2048-bit keys are officially supported). See Public Key and Private Key File Formats for valid file formats.
•
•
1 You can select multiple algorithms by pressing Ctrl while choosing a method. If more than one is selected, the application will try to use all of the algorithms until one is accepted by the server. There is no priority in the way the algorithms are tried. Also, encryption algorithms may have multiple known versions (for example, 3DES has 3des-cbc, 3des-ecb, 3des-cfb, 3des-ofb, 3des-ctr).
2 There are several file formats for public and private RSA and DSA keys. Cisco ANA officially supports the OpenSSH format (see http://www.openssh.com/manual.html).
Step 6
Step 7
Note
Step 8
The VNE is loaded into the bootstrap of its unit, and Cisco ANA starts investigating the network element. Cisco ANA builds a live model of the network element, including its physical and logical inventory, its configuration, and its status. Cisco ANA also creates the registry information of the new VNE in the unit. After a few minutes, verify that the Admin Status is Enabled and the Operational Status is Up.
Related Topics
•
•
•
•
•
Viewing and Editing VNE Properties and Schemes
After a VNE is added, you can view and edit its properties , such as the status and Telnet settings. Use this procedure to view and edit a VNE's properties.
Note
Step 1
Step 2
The various fields displayed in the table are described in detail in Defining and Creating Individual VNEs; however, the following is a summary of what is provided in the table:
Key
A string that uniquely identifies a VNE in the system, across all units and AVMs.
Admin Status
The status of the relationship between the VNE and its parent AVM (see VNE Status (Operational and Admin Status)).
Operational Status
The status of the relationship between the VNE and the real network element it is managing (see VNE Status (Operational and Admin Status)).
IP Address
The IP address of the network element.
Maintenance
Whether the network element is in the Maintenance network element management state.
Up Since
When the VNE was last started.
SNMP
Whether the VNE is using SNMP for investigation and reachability.
Telnet
Whether the VNE is using Telnet for investigation and reachability.
Element Class
The VNE type, defined when the VNE was added.
Element Type
The network element family to which the network element belongs.
Polling Group
The polling group to which the parent AVM/unit belongs.
Step 3
•
•
•
•
•
For more details about the fields displayed in the VNE Properties dialog box, see Defining and Creating Individual VNEs.
Step 4
Step 5
Related Topics
•
•
•
•
Changing VNE Status (Start, Stop, Maintenance)
VNE status represents the existing condition of the VNE process, including whether the VNE is communicating with the real device it represents. You can start or stop a VNE, or change it to the Maintenance investigation state.
When you restart a VNE, Cisco ANA builds the VNE model using stored persistency information, and then starts receiving information from the network element. This saves time by enabling quick loading. For information on VNE persistency, see Appendix F, "VNE Persistency Mechanism."
To change the VNE's status:
Step 1
Step 2
Step 3
Step 4
•
•
•
For information about VNE data that is persisted (saved on the unit), see VNE Persistency Mechanism, page F-1.
Related Topics
•
•
•
•
Moving One or More VNEs
You can move single and multiple VNEs between AVMs. The VNEs that are moved are unloaded from the old unit, and after they are reloaded on the new unit, their original status is maintained.
To move a single VNE or multiple VNEs:
Step 1
Step 2
Step 3
The Move To dialog box displays a tree-and-branch representation of the selected Cisco ANA server, its units, and AVMs, excluding the AVM in which the VNE is currently located. The highest level of the tree displays the Cisco ANA server. The branches can be expanded and collapsed to display and hide information.
Step 4
Step 5
Related Topics
•
•
•
•
•
Deleting a VNE
You can delete a VNE from an AVM (and its unit). When you delete a VNE, Cisco ANA stops the VNE and deletes all VNE references from the system and golden source, which includes the registry information of the VNE in the specified unit. A VNE that has been removed no longer appears in any future system reports. If the VNE has any static links, you must remove them before removing the VNE (dynamic links are automatically removed).
Since all VNE information is deleted, adding the VNE again requires you to enter all the VNE information.
Before You Begin
If the VNE you plan to delete has any static links, remove them. Dynamic links are automatically removed.
Step 1
Step 2
Step 3
Step 4
Step 5
Related Topics
•
•
•
•
•
