|
|
The Cisco VPN Solutions Center Equipment Module supports the provisioning of interfaces between Provider Edge (PE) routers and Customer Edge (CE) routers so that customers having a common VPN have IP connectivity across the Service Provider network and no visibility to customer networks in other VPNs.
This Equipment Module allows CPC Services to integrate the Cisco VPN Solutions Center with various access networks. The Cisco VPN Solutions Center is a network manager for Cisco's MPLS-based VPNs. The Cisco VPN Solutions Center manages the PE and CE routers to which it connects but does not manage the core network over which the PEs communicate or the networks behind the CEs. This Equipment Module is insulated from the network hardware by the Cisco VPN Solutions Center.
The Cisco VPN Solutions Center Equipment Module requires Cisco IOS in the PE and CE routers. This Equipment Module will work with any Cisco routers provided they meet the IOS requirements found in Table 11-1 below.
This Equipment Module uses the Cisco VPN Solutions Center software through the CORBA interface. The software requirements are highlighted below:
| Vendor | Product | Version | Notes |
|---|---|---|---|
Cisco
| Cisco VPN Solutions Center: MPLS Solution | 1.0.1 | CPC requires this version of Cisco VPN Solution Center. |
Cisco | Cisco VPN Solutions Center Patch | vpn 1.0.2 - patch1 | This patch is required to fix a problem associated with modifying CERC memberships. |
Cisco | Cisco Internet Operating System (IOS) | 12.0(5)T or later T train release | See the Cisco Provisioning Center 2.0 Release Notes for additional information |
Cisco | Cisco Internet Operating System (IOS) | 11.1 | The Cisco VPN Solutions Center requires this IOS version (or greater) in the CE routers. |
Cisco | Cisco IP Manager | 1.0.10c | The Cisco VPN Solutions Center must be compatible with this release. |
 |
Note In order to configure the Cisco VPN Solutions Center Equipment Module you must have installed it during the CPC Server and Client installation procedures. For more information about installing CPC, refer to the chapter titled "Initial Installation". |
To configure the Cisco VPN Solutions Center to allow CPC to communicate with it, you must complete the following steps:
Step 2 Configuring Name Resolution.
Step 3 Initial System Upload.
Step 4 Re-Upload (if configuration information has changed.)
This Equipment Module works with the IP-VPN Service Application to create IP-VPN services. Existing Fabric and Service elements are uploaded using this EM. Creating, modifying, and deleting Fabric and Service elements should be done through the IP-VPN Service Application. For more information on IP-VPN services refer to the chapter titled "Provisioning IP-VPN Services".
You must install the Cisco scripts to deliver some of the required patches to the Cisco VPN Solutions Center CORBA servers. These scripts will fix problems with accessing and modifying templates via the Cisco VPN Solutions Center API with modifying the management type of a CE router.
The Equipment Module delivers a CORBA server (name SRVCTemplate) to the Cisco VPN Solutions Center that gives the Equipment Module access to the Cisco scripts. To do this, you must complete the following:
To install the Cisco patches and the CORBA server, complete the following steps:
|
Note Make sure that you are in the csh (not the ksh) environment. |
Step 2 Copy the ciscoUtil.tar file into the orbixadm home directory by executing
cp $ACT_SERVER/mng/template/ciscoUtil.tar
where $ACT_SERVER is the network path for the CPC Server host directory.
Step 3 The ciscoUtil.tar file contains three files:
tar xvf ciscoUtil.tar
Step 4 Login as root and run the "installcv" script. Running this script will extract the SRVCTemplate.tar file, install the Cisco patches, and the SRVCTemplate CORBA server.
Step 5 Exit the root user to return to your previous user login (orbixadm)
Step 6 Give CPC invoke and launch rights for the SRVCTemplate CORBA server by executing the orbix commands:
chmodit i+all SRVCTemplate chmodit l+all SRVCTemplate
You must give CPC permissions to the Cisco VPN Solutions Center CORBA Servers. To give CPC permissions, complete the following steps:
Step 2 Change the vpn directory by entering:
cd $HOME_DIR/vpn
where $HOME_DIR is the vpnadm home directory.
Step 3 Source the environment script setenv.csh (or setenv.sh if you are working in the ksh environment) i.e.
source setenv.csh
Step 4 Give CPC invoke rights for the Cisco VPN Solutions Center servers by executing the orbix commands:
chmodit i+all CVPIMServer chmodit i+all VpnInvServer
Step 5 Exit from the machine running the Cisco VPN Solutions Center Server.
The domain attribute of the routers refers to a DNS domain name. A hostname/domain name combination must be unique across the Cisco VPN Network.
The Cisco VPN Solutions Center provides the router name and domain name to the Cisco IP Manager. The Cisco IP Manager uses name resolution to find the IP addresses of the PE and CE routers. You must configure your Cisco IP Manager host so that it is able to resolve the IP address of a router for its host name and domain name.
It is possible to configure name resolution for your Cisco IP Manager by editing the hosts file found in the /etc directory using a text editor.
To provision services, the CPC database must have detailed knowledge of the managed subnetworks. Using a procedure called upload, objects are created within the CPC database that represent objects of the managed network in the Cisco VPN Solutions Center. Objects are uploaded from the Cisco VPN Solutions Center, not the actual equipment.
CPC supports the following types of upload:
|
Note Physical ports and logical ports will be uploaded only if SRVCs exist on them. Also, physical ports and logical ports created via the IP VPN Service Application will be lost during upload if no SRVCs exist on them. |
Only SRVCs that represent the creation of a VPN service or the modification of an existing VPN service are uploaded. SRVCs will only be uploaded if they are in the following states.
These are the only valid states for uploading because the deployment of these SRVCs modifies the PE and CE routers. The FailedDeploy, Lost, and Broken states are failure states indicating that the new routers or the new routing tables do not match with the Cisco VPN Solutions Center definition of the VPN service.
SRVCs in the Requested and Invalid states are not uploaded because the deployment of these SRVCs has not modified the routers.
|
Note The upload function will not run if other Transactions are open at the time of upload. All transactions must be in the applied or abandoned states for upload to proceed. Active transactions create pending versions of objects and running an upload could invalidate these. For more information on transaction handling, refer to the chapter titled "GUI Navigation". |
A network object must be created in order to perform Upload. One network object must be created for each Cisco VPN Solutions Center installation. For more information on creating network objects, see the chapter titled "Provisioning IP-VPN Services."
You can upload all the Fabric and Service elements for a network object if there are existing elements in the Cisco VPN Solutions Center. Fabric elements for Cisco VPN Network include physical ports, logical ports, Provider Administrative Domains, Regions, PEs, Customers, Sites, CEs, CoSs, CoSClasses, AddressPools, VPNs, and CERCs in the network. Physical Ports and logical ports are uploaded if they are being used by and SRVC. Service elements are the objects used to deploy new VPN services (e.g., SRVC).
Complete the following steps to upload the Fabric and Service elements.
Step 2 Double-click the Cisco VPN VPNNetwork folder to open it. You can select objects in the Cisco VPN VPNNetwork list or you can filter your request for specific criteria. For more information, refer to the section "Filtering" in the chapter titled "GUI Navigation."
Step 3 Click the Cisco network object you want to upload to highlight it.
Step 4 Select load both from the Element menu.
Step 5 When the upload is complete, an upload request window displays indicating whether the upload succeeded or failed. If there were errors during the upload they will appear in this window.
You must upload the Fabric elements for the network objects. Complete the following steps to upload the physical ports, logical ports, Provider Administrative Domains, Regions, PEs, Customers, Sites, CEs, CoSs, CoSClasses, AddressPools, VPNs, and CERCs in the network.
Step 2 Double-click the Cisco VPN VPNNetwork folder to open it. You can select objects in the Cisco VPN VPNNetwork list or you can filter your request for specific criteria. For more information, refer to the section "Filtering" in the chapter titled "GUI Navigation."
Step 3 Click the Cisco network object you want to upload and highlight it.
Step 4 Select load fabric from the Element menu.
Step 5 When the upload is complete, an upload request window displays indicating whether the upload succeeded or failed. If there were errors during the upload they will appear in this window
A user may choose to upload Services from a customer object after modifying a SRVC from the Cisco VPN Solutions Center GUI (e.g., changing the routing protocol). Services can be uploaded from those customers that are affected by the modifications. This will upload SRVCs, CERC Memberships, Routes, and Redistributed Protocols from the customer object.
Step 2 Double-click the Cisco VPN VPNNetwork folder to open it. You can select objects in the Cisco VPN VPNNetwork list or you can filter your request for specific criteria. For more information, refer to the section "Filtering" in the chapter titled "GUI Navigation."
Step 3 Click the Cisco network object (where the customer is located) to open it.
Step 4 Double-click the Cisco VPN customer folder to open it.
Step 5 Select load services from the Element menu.
Step 6 When the upload is complete, an upload request window displays indicating whether the upload succeeded or failed. If there were errors during the upload they will appear in this window
Step 2 Double-click the Upload Request folder to open it.
Step 3 Double-click the specific upload request folder to open it.
Step 4 Double-click the Upload Request Log folder to open it.
Step 5 Click AuditLog to highlight it and click the Log Viewer button on the toolbar.
If there are any changes in the Cisco VPN Solutions Center, you must re-upload in order to keep the CPC database current with the Cisco VPN Solutions Center database. You should re-upload after any of the following:
To re-upload you only need to upload the Fabric and Service elements from the network object or from a specific customer object. For more information, refer to the section titled "Fabric Upload."
Custom templates can be created and used during SRVC creation. Templates are configlet files that contain a set of IOS commands that are appended to the major interface or to the end of the generated by Cisco VPN Solutions Center when an SRVC is created. You can define four templates for each SRVC:
Each template files contains two sections. The APPLY section is mandatory at the beginning of each template file and the REMOVE section is optional. The APPLY section contains a set of IOS commands that will be used during SRVC creation. The REMOVE section contains a set of IOS commands that will be applied when the SRVC is deleted or when the template is changed.
Figure 11-1 illustrates the layout of a template for an SRVC. All template files must be saved in the $CCP_DATA/CV/templates<network name> directory on the CPC server. When SRVCss are created or modified within CPC, the server will search this directory for the template files that are specified in the GUI. You can specify your template file names to reflect the type of template they are because the actual content of the template file does not reveal this information. During an SRVC creation/modification, may enter this file name in the GUI (Templates will only be delivered to the Cisco VPN Solutions Center when the SRVC is newly created, or on a modification, the template names are changed in the SRVC. Changing the contents of a template without changing the SRVC will have no effect.)
The templates stored in the $CCP_DATA/CV/templates/<network name> directory are one of two types: they are either uploaded template files or translated prototemplates.
Templates created via the Cisco VPN Solutions Center GUI are uploaded with their related SRVCs. These templates files are created and stored in the $CCP_DATA/CV/templates/<network name> directory on the CPC server. These files are named as follows:
These templates have an APPLY section and do not have a REMOVE section.
Translated prototemplate files are also found in the $CCP_DATA/CV/templates/<network name> directory on the CPC server. These files are named as follows:
<template name>.<cvelemid>
Where <cvelemid> is the object identification number of the SRVC in NPA. This number is used to associate the translated template file with the SRVC.
When a template file is specified, in the SRVC, the search proceeds in the following manner:
The search will stop at the first instance of the specified file.
Prototemplates can also be defined in order to configure CE interface and PE interface templates as well as the CE and PE templates. Unlike templates, prototemplates are translated by the Cisco VPN Solutions Center EM and can include calls to SRVC attributes as well as other object attributes. The EM will translate the prototemplate and copy the file to the template directory under the filename <filename.nb>. The .nb extension represents the numeric portion of the SRVC object Id. Template prototemplates are kept in the $CCP_DATA/CV/prototemplates directory on the CPC server.
For example, instead of specifying the VPI/VCI values for a PVC, the template could call:
pvc [getValue raa_vpi]\[getValue raa_vci]
The getValue command is executed in the context of SRVC. If you require values for other object attributes, you must use dotted notation. The characters $ [ " \ must be preceded by a backslash (\).
During a rollforward creation/modification operation, the APPLY section of each template file is sent down to the Cisco VPN Solutions Center Equipment Module.
During a rollback modification/delete operation, the REMOVE section of each template file is sent down to the Cisco VPN Solutions Center EM. The REMOVE section should attempt to remove the damages made in the rollforward.
During a rollforward operation, if there was no previous version of the template file, the APPLY section of the current template file is appended to the configlet generated by the Cisco VPN Solutions Center. If a previous version of the template file exists, the REMOVE section of the previous template file is appended first, followed by the APPLY section of the new template file.
During a rollback operation, the REMOVE section of the current template file is appended first, followed by the APPLY section of the previous template file. This restores the router to the configuration that existed prior to the SRVC modification. If there is no existing version of the template file, the REMOVE section of the current template file is appended.
The Cisco VPN Solutions Center does not permit template removal from the routers.
Unused templates may be removed from the template file directory when Transactions are applied. Two scenarios are possible:
Posted: Thu Aug 3 16:39:42 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.