Manual 8000v Deployment in AWS

This guide will walk you through the process of manually deploying Cisco 8000v routers into AWS using vManager's 20.15 cloud-init bootstrap process.

Prerequisites

• Access to vManage interface
• AWS account with appropriate permissions

Lab Environment Setup

Step 1: Access the Lab Environment

1. Navigate to your dCloud session and select Jumphost.

2. On the left panel, click Web RDP to launch the Windows instance in your browser.

   

3. If the browser is not already open, click the browser launch icon to access the AWS portal.

   

4. Click Send Request in the AWS account request box. The system will show a "Loading..." status while processing.

   

5. For optimal experience, access the AWS console through your local browser:

   • Right-click the URL and select "Copy"
   • Open your local browser (outside the RDP session) and paste the URL
   • Wait approximately 5 minutes for account provisioning
   • Click Go to Cloud when the button becomes available

   Note: Safely proceed to the next step while you wait for account provisioning

   

Step 2: Access vManage in Your Local Browser

1. Return to your dCloud session in your local browser and click Info at the top, then select AnyConnect Credentials.

   

2. Open AnyConnect VPN client and enter the provided VPN domain.

   

3. Enter the DemoUsername and DemoPassword provided in the dCloud portal.

   

4. After connecting to the VPN, open a new browser tab and navigate to: 198.18.133.10

5. Click Advanced, then Proceed...(unsafe) to bypass the certificate warning.

   

6. Log in to the vManage environment using:

7. DemoUsername: admin

8. DemoPassword: C1sco12345

   You now have access to both an AWS account and the vManage environment needed to complete this lab.

Configuration Steps

Step 1: Create Site Hierarchy

First, you need to organize your site hierarchies. We will just create a single site for this lab which will represent a hub location of 1 or more C8000vs in an AWS Transit VPC.

1. Log in to the vManage console

2. Navigate to Configuration > Network Hierarchy

   

3. Click on the ... besides Global Nodes and add site

   

4. Name of SITE_1000 and ID of 1000 , feel free to add a location as well.

   

Step 2: Create Configuration Group in vManage

Next, you will need to create a configuration group in vManage that includes system and transport profiles.

1. Navigate to Configuration > Configuration Groups

   

2. Click on "Configuration Groups" and then "Add Configuration Group"

   

3. Enter AWS-MANUAL-C8KV as the name and provide a description

   

4. Click "Create"

Step 3: Create System Profile

1. In the Configuration Group screen, click "Add System Profile"

   

2. Enter AWS-MANUAL-C8KV_AWS-CGW-BASE_AWS_system as the name

   

3. Create a new Global Profile, called Global_default. Keep all settings default, and click save.

   

   

4. Create a default profile for each of the services: Global-default, BFD-default, Logging-default, AAA-default, OMP-default, Basic-default. Keep all default settings except for AAA, which should allow user/pass as a variable

   

   

   

5. Click "Save"

Step 4: Create Transport Profile

1. In the Configuration Group screen, click "Add Transport Profile"

   

2. Enter a name for the Transport Profile: AWS-MANUAL-C8KV_AWS-CGW-BASE_AWS_transport

   

3. Add a Transport VPN labeled "Transport_VPN" with default settings

   

4. Add an Ethernet Interface:

   • Name: Default_WAN_Interface
   • Shutdown command: Off
   • Interface name: GigabitEthernet1

   

   

   

   

5. Add a tunnel interface:

   • Set color as a variable
   • Enable SSH and ICMP services

   

   

6. Add Encapsulation:

   • Select IPsec
   • Keep all other settings as default

   

   

7. Click "Save"

Step 5: Add Policy Profile

1. In the Configuration Group screen, click "Add Policy Profile"

   

2. Select the default policy

3. Click "Save"

Step 6: Associate Devices

1. In the Configuration Group screen, click "Associate Devices"

   

2. Select an unused license from the list

   

3. Click "Associate"

Step 7: Deploy Config to virtual chassis

1. In Configuration Group, click Deploy

   

2. Click Next until you see the system and transport profile variables

   

   

3. Fill in the following details:

   • System IP: 10.10.10.10
   • Site Id number: 1000
   • Hostname: router1000
   • Login/Password: admin / C1sco12345
   • WAN color: public-internet

   

4. Click "Next" and then "Deploy"

   

Step 8: Bootstrap the Device

1. Copy the Chassis number for the next step

   \

2. Navigate to Configuration > Devices > WAN Edges

   

3. Paste the Chassis number into the search, Click Actions > Geneerate Bootstrap Configuration

   

4. Select Cloud-Init > Turn off Root Cert > OK

   Important

   Need to turn off the root Cert in bootstrap because this makes the config file too large for AWS User Data to bootstrap

   

5. Once the configuration is ready, click "Download Configuration"

   

6. Save the configuration file to your computer. We will use this when we launch the C8000v Instance in AWS EC2

Step 9: Create VPC and Subnets in AWS

1. Log in to the AWS console and navigate to the VPC dashboard

   

2. Click "Create VPC" and select "VPC and more"

   

   

3. Configure the following settings:

   • Name tag: C8KV-Manual-VPC
   • IPv4 CIDR block: 10.0.0.0/16
   • Number of Availability Zones: 2
   • Number of public subnets: 2
   • Number of private subnets: 2
   • NAT gateways: None
   • VPC endpoints: None

   

   

4. Click "Create VPC"

   

Step 10: Create Security Groups

1. In the VPC dashboard, navigate to "Security Groups"

   

   

2. Create a public security group:

   • Name: C8KV-Manual-SG-Public
   • Description: Security group for public interfaces
   • VPC: Select the VPC you created
   • Add inbound rules for SSH (port 22) and ICMP

   

   

   

   

3. Create a private security group:

   • Name: C8KV-Manual-SG-Private
   • Description: Security group for private interfaces
   • VPC: Select the VPC you created
   • Add inbound rules for all traffic from the VPC CIDR

   

   

   

   

Step 11: Create Network Interfaces

1. Navigate to EC2 > Network & Security > Elastic IPs

   

   

2. Click Allocate and give it a Name Tag of 8KV-Manual-Public-IP

   

   

3. Navigate to EC2 > Network & Security > Network Interfaces

   • Description: C8KV-Manual-Public-Interface
   • Subnet: Select public1 subnet
   • Security group: Select the public security group
   • Name Tag, also C8KV-Manual-Public-Interface

   

   

   

4. Select the newly created interface, click Actions > Associate address. Select the Elastic IP created earlier and associate with everything else default.

   

   

Step 12: Create Key Pair

1. Navigate to EC2 > Network & Security > Key Pairs

2. Click "Create key pair"

   

3. Enter a name and select the appropriate format

   

4. Click "Create key pair" and save the file

Step 13: Subscribe to 8000v Marketplace Listing

1. Navigate to AWS Marketplace

   

2. Search for "Cisco Catalyst 8000V" and select the BYOL option

   

3. Click "Continue to Subscribe" if you are not already subscribed and accept the terms and conditions

   

Step 14: Launch EC2 Instance

1. Navigate back to your Marketplace subscription page > Manage subscriptions

   

2. Click "Launch new instances" using 17.15 as the image and the region we created the VPC

   

   

3. Configure the following settings:

   • Name: C8KV-Manual
   • AMI: Verify the Cisco 8000v AMI (version 17.15)
   • Instance type: t3.medium
   • Key pair: Select the key pair you created

   

   

   • Network settings:
     • VPC: Select your VPC
     • Subnet: Select public1 subnet
     • Auto-assign public IP: Disable

   

   • 1st Interface (Public, Gigabitethernet1):
     • Since we are using multiple interfaces, click select existing security group but leave it blank (each interface will have it's own SG)
     • Under Advanced network configuration > Network interface , select the public interface created earlier
     • It already has the public1 subnet and SG assigned, leave everything else default

   

   • 2nd Interface (Private, Gigabitethernet2):
     • Click Add network interface
     • New Interface
     • Select Private1 subnet
     • Select Private Security Group

   

   

   

   

   

4. Click "Advanced details" and expand the "User data" section

   

   

5. Upload the configuration file content from vManage

   

6. Click "Launch instance"

   

Step 15: Monitor Boot Process

1. Once the instance is running, select it and click "Connect"

   

   

2. Choose "EC2 Serial Console" and click "Connect"

   

3. If EC2 serial is not accessible, you can enable it in your account by:

   • Clicking Manage Access (or in EC2 page go to Account attributes > EC2 console preferences)
   • EC2 Serial Console > Manage
   • Allow > Update

   

   

   

4. Monitor the boot process and wait for the router to initialize

   

   

Step 16: Verify Connection

1. Once the router has booted, verify the connection with:

   enable
   show sdwan control connections
   

   

   

2. In vManage, navigate to Monitor > Devices to verify the router is connected and operational

   

   

Notes

Troubleshooting

If the router fails to connect to vManage, check the following:

1. Check the transport profile that the tunnel is configured properly, assoicated with Gigabitethernet1, etc
2. Verify the configuration file was properly uploaded as user data and includes the vBond info and initial config
3. Check that the Elastic IP is properly associated with the public interface
4. Verify network connectivity using ping and traceroute commands

High Availability

For production environments, consider deploying multiple 8000v routers across different availability zones for high availability.

References

• Cisco Catalyst 8000V Edge Software on AWS Documentation
• AWS EC2 Documentation
• Cisco SD-WAN Documentation