A few weeks ago I got my hands on a Cisco UCS C220 M4 server – which I’ve set up in a lab to install and test Cisco’s Network Function Virtualization Infrastructure Software (NFVIS). I really wanted to get this running on an Enterprise Network Compute System (ENCS) box, but you can’t always get everything what you want :). The UCS machine is also on the list of supported platforms, so we’ll use that – but everything here should apply similarly to the ENCS platform.
What is NFVIS?
NFVIS is an operating system developed by Cisco which is intended to be deployed at branch office locations – and allow for quick deployment of network services in lightweight VMs. For example, we might want to reduce cost and hardware footprint by deploying a single ENCS machine, then deploy our typical branch services on top of that (DNS, Firewalls, SDWAN, etc). Under the hood, NFVIS is built on top of CentOS and KVM.
In the image below, we have an ENCS unit that is running ISRv, FTDv, and a vEdge Cloud. NFVIS has the ability to build out traffic flows for service chaining. In this particular setup, we could have all branch traffic receive a default route up to our ISRv. The ISRv forwards traffic to a Firepower VM (FTDv) which performs some traffic inspection before passing everything up to the vEdge Cloud.
We’ll be coming back to this diagram later to see how we can build out this flow of services. For now, let’s dive into how we can get NFVIS up and running.
Installing NFVIS
Lucky for us – the installation of NFVIS is fairly straightforward!
1. Create a bootable USB – or mount the installation ISO via CIMC
2. Upon boot, select “Install Cisco NFV Infrastructure Software”:
3. Wait. A while. Install time can vary depending on your hardware.
4. Once completed, log into the CLI: Default login = admin/Admin123#
5. You’ll be prompted to change the default admin password immediately:
Install completed! Now let’s look at some of our base configuration..
Initial Configuration
By default the NFVIS install will have a LAN and WAN bridge (lan-br and wan-br, respectively). The LAN config will be set up with a static IP of 192.168.1.1/24, and the WAN will be set for DHCP. We can check the current network settings by running the show system settings command:
In this case, my WAN interface is able to get an IP via DHCP. We’re likely going to want to change this to a static IP address – which we can do from the CLI or web interface. Let’s start by trying this from the CLI:
- config t
- system settings wan ip address <ip addr> <netmask>
- system settings default-gw <gateway addr>
- system settings hostname <hostname>
- Changes can then be applied using the commit command
We can verify these settings by repeating the show system settings command we used earlier.
Let’s go ahead and log into the web interface to see what the network configuration looks like there:
1. If we know our WAN or LAN IP from earlier, we can just pop that in our web browser.
2. Go ahead and log in using the new admin credentials we just created:
3. We’ll be taken to the primary NFVIS dashboard, which will currently show no active VMs deployed:
4. In the left-hand menu, expand Host then click on Settings:
Here we can see that we already configured our IP Addressing/hostname – but we could use the Edit button at the bottom to change any of these values. For example – I’m going to go ahead and select Static for both the Management (LAN) and WAN IP addresses.
Another quick tip – if we need to modify which physical network adapters are tied to an internal network bridge, we can find that under VM Life Cycle > Networking:
That’s all for this time. In the next post, we’ll take a look at how to package VM images and deploy our service chain.