Creating a Cisco MVE in Autonomous Mode
This topic describes how to create and configure a Megaport Virtual Edge (MVE) with Cisco in autonomous mode for routing. Before you begin, you need user accounts with ordering permissions that provide access to the Megaport Portal. You also need a Cisco Smart account for licensing.
For details on setting up a Megaport account, see Creating an Account.
Cisco provides documentation in the Catalyst 8000V Edge Software Installation And Configuration Guide.
This section provides an overview of the configuration steps using CLI commands and the Megaport ONE Portal. Detailed procedures follow this basic step summary.
The basic steps are:
- Obtain a C8000V Smart License from Cisco.
- Generate an SSH key pair for authentication.
- Select autonomous mode in the Megaport Portal while creating the MVE.
- Enter an SSH key for full access to the MVE.
- Enter the MVE details.
- Order the Cisco MVE in the Megaport Portal.
- Activate the Cisco Smart License on the MVE using CLI commands.
Before you create an MVE in the Megaport Portal, you need a valid C8000V Smart License from Cisco. Smart Licensing is a license manager on a Cisco IOS XE device. You can place the order for Smart Licensing in the Cisco Portal.
The next step is to generate an SSH key pair for authentication.
Generating an SSH key pair
MVE and Cisco connect through a public/private SSH key pair to establish secure connections. The public SSH key allows you to use SSH to access the MVE.
Megaport supports the 2048-bit RSA key type.
To generate an SSH key pair (Linux/Mac OSX)
- Enter the SSH keygen command.
ssh-keygen -f ~/.ssh/megaport-mve-instance-1-2048 -t rsa -b 2048
The key generator command creates an SSH key pair and adds two files to your ~/.ssh directory:
- megaport-mve-instance-1-2048 - contains the private key.
- megaport-mve-instance-1-2048.pub - contains the public key that is authorized to log in to the Cisco account.
To generate an SSH key pair (Windows, using PuTTYgen)
- Open PuTTYgen.
- In the Key section, choose RSA 2048 bit and click Generate.
- Move your mouse randomly in the small screen to generate the key pairs.
- Enter a key comment to identify the key.
This is convenient when you use several SSH keys.
- Enter a Key passphrase, and re-enter to confirm.
The passphrase is used to protect your key. You will be asked for it when you connect via SSH.
- Click Save private key, choose a location, and click Save.
- Click Save public key, choose a location, and click Save.
You’ll copy and paste the contents of the public key file in the Megaport Portal later to distribute the public key to the MVE. Your private key will match the public key to grant access. Only a single private key has access to the MVE for SSH access.
Creating an MVE in the Megaport Portal
Before you create an MVE, you need to determine the best location - one that supports MVE and one that is in the most compatible metro area. You can connect multiple locations to an individual MVE. For location details, see Planning your Cisco MVE Deployment.
You can deploy multiple MVEs within the same metropolitan area for redundancy or capacity reasons.
To create an MVE
- In the Megaport ONE Portal, choose Networking > Services.
Click Create and select MVE.
Select the MVE location.
Select a location geographically close to your target branch and/or on-premises locations.
The country you choose must be a market in which you have already registered.
If you haven’t registered a billing market in the location where you will deploy the MVE, follow the procedure in Enabling Billing Markets.
To search for your local market in the list, enter a country in the Country Filter or a metro region detail in the Search filter.
Specify the MVE details.
MVE Name – Enter a name for the MVE that is easily identifiable, particularly if you plan on provisioning more than one. This name appears in the Megaport Portal.
Vendor – Select Cisco and the software version.
The MVE will be configured to be compatible with this software version from Cisco.
Size – Select a size from the drop-down list. The list displays all sizes that match the CPU capacity at the selected location. The sizes support varying numbers of concurrent connections, and individual partner product metrics vary slightly. For details, see Planning your Cisco MVE Deployment.
Appliance Mode – Select Autonomous from the Appliance Mode drop-down list.
SSH Key – Copy and paste the contents of your public SSH key here. You can find the public key in the megaport-mve-instance-1-2048.pub file generated earlier. Must be RSA 2048 bits. We support both RFC4716 and RFC4253/OpenSSH formats.
Service Level Reference (optional) – Specify a unique identifying number for the MVE to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice. You can also edit this field for an existing service.
The transit VXC associated with the MVE is automatically updated with the MVE service level reference number.
Minimum Term – Select No Minimum Term to pay-as-you-go, or select a term of 12, 24, or 36 months. Longer terms result in a lower monthly rate. By default, a 12-month term is selected.
For details on contract terms, see MVE Pricing and Contract Terms.
The monthly price is based on location and size.
Click Deploy MVE.
Review the new configuration and pricing and click Confirm.
To add more MVEs in other locations, choose Networking > Services, click Create, and select MVE.
Ordering MVE provisions the instance and assigns IP addresses from the Megaport software-defined network (SDN). The MVE provisioning takes only a few minutes to complete. The provisioning process spins up an MVE. At this point, the Cisco Catalyst 8000V MVE instance is booted.
Viewing the MVE public IP address assignment in the Megaport Portal
After creating the MVE, you can view it in the Megaport Portal.
To view an MVE in the Megaport Portal
- In the Megaport ONE Portal, choose Networking > Services.
As part of the MVE provisioning, Megaport creates a transit Virtual Cross Connect (VXC) to provide internet connectivity and to allow MVE to register and communicate with Cisco. The transit VXC is a fixed size, based on the size of the MVE. You cannot modify or delete the transit VXC.
To view the public IP addresses assigned to the MVE
Click the transit VXC to Megaport Internet.
Locate the public IP address (IPv4 or IPv6). These are the public IP addresses assigned to the MVE.
The next step is to activate Cisco Smart Licensing on the MVE.
Activating the Cisco Smart License
Before you begin, you need to obtain a registration token from Cisco. After applying the token to the CLI configuration on the MVE, you can then verify the license status and configure the MVE throughput speed using CLI commands.
To activate the Cisco Smart License
Obtain a token ID from Cisco using your Smart account.
Use SSH to access the MVE. The default username is
ssh -i <path_to_private_key> mveadmin@<IP_OF_MVE_Instance>
Submit a trust request to activate the license and register the MVE with Cisco.
license smart trust idtoken OTgyODllZjktM2UzOC00ZTIzLThjODQtN2ZiZDc2ZDMzYjZmLTE2OTg0MjE0%0AODk5MDh8YURXSzBwdm0zTWtCU05mY3VRaUhTalFLbmJOTTQ2M0hIR2Y0U1E0%0ASUpmbz0%3D%0A local force
Verify that the trust token was installed.
show license status
Wait for the instance to return a value for your smart and virtual accounts as well the date and time that the trust code was installed. This acknowledgement might take a couple of minutes.
Enter configuration mode.
Configure the throughput speed.
platform hardware throughput level MB <value>
Where value is a speed in mbps (for example, 10000 for 10G, 5000 for 5G, 1000 for 1G).
For speeds above 250 mbps, a Router US Export License for DNA (also known as an HSECK9) license must be available in your CSSM virtual account. After configuring the throughput level, the MVE instance retrieves the HSECK9 license automatically.
Verify the installed licenses.
show license summary
Check the current throughput level.
show platform hardware throughput level
c8kv-auto-test-16#show license summary Account Information: Smart Account: Megaport As of Nov 04 15:44:06 2022 UTC Virtual Account: CSR Virtual Account License Usage: License Entitlement Tag Count Status ----------------------------------------------------------------------------- Router US Export Lic... (DNA_HSEC) 1 IN USE network-advantage_1G (ESR_P_1G_A) 1 IN USE dna-advantage_1G (DNA_P_1G_A) 1 IN USE c8kv-auto-test-16#show plat hardware throughput level The current throughput level is 2000000 kb/s
Save the configuration and reboot the MVE.
wr mem reload
Now that you’ve deployed an MVE, the next step is to connect a VXC to a CSP, a local port, or a third-party network. You can optionally connect a physical Port to the MVE through a private VXC or connect to a service provider in the Megaport Marketplace.