Creating a Cisco MVE in Autonomous Mode

This topic describes how to create and configure a Megaport Virtual Edge (MVE) with Cisco in autonomous mode for routing. Before you begin, you need user accounts with ordering permissions that provide access to the Megaport Portal. You also need a Cisco Smart account for licensing.

For information on setting up a Megaport account, see Creating an Account.

Tip

Cisco provides documentation in the Catalyst 8000V Edge Software Installation And Configuration Guide.

Basic steps

This section summarizes the configuration steps using CLI commands and the Megaport Portal. Detailed procedures follow this basic step summary.

The basic steps are:

Obtain a C8000V Smart License from Cisco.
Generate an SSH key pair for authentication.
Select autonomous mode in the Megaport Portal while creating the MVE.
Enter an SSH key for full access to the MVE.
Enter the MVE details.
Create the Cisco MVE in the Megaport Portal.
Activate the Cisco Smart License on the MVE using CLI commands.

Licensing

Before you create an MVE in the Megaport Portal, you need a valid C8000V Smart License from Cisco. Smart Licensing is a license manager on a Cisco IOS XE device. You can place the order for Smart Licensing in the Cisco Portal.

The next step is to generate an SSH key pair for authentication.

Generating an SSH key pair

You connect your MVE through a public/private SSH key pair to establish a secure connection. The public SSH key allows you to use SSH to access the MVE.

Megaport supports the 2048-bit RSA key type.

To generate an SSH key pair (Linux/Mac OSX)

Enter the SSH keygen command.

 ssh-keygen -f ~/.ssh/megaport-mve-instance-1-2048 -t rsa -b 2048

The key generator command creates an SSH key pair and adds two files to your ~/.ssh directory:

megaport-mve-instance-1-2048 - contains the private key.
megaport-mve-instance-1-2048.pub - contains the public key that is authorized to log in to the vendor account.

To generate an SSH key pair (Windows, using PuTTYgen)

Open PuTTYgen.
In the Key section, choose RSA 2048 bit and click Generate.
Move your mouse randomly in the small screen to generate the key pairs.
Enter a key comment to identify the key.
This is convenient when you use several SSH keys.
Enter a Key passphrase, and re-enter to confirm.
The passphrase is used to protect your key. You will be asked for it when you connect via SSH.
Click Save private key, choose a location, and click Save.
Click Save public key, choose a location, and click Save.

You’ll copy and paste the contents of the public key file in the Megaport Portal later to distribute the public key to the MVE. Your private key will match the public key to grant access. Only a single private key has access to the MVE for SSH access.

Creating an MVE in the Megaport Portal

Before you create an MVE, you need to determine the best location - one that supports MVE and one that is in the most compatible metro area. You can connect multiple locations to an individual MVE. For more information about location details, see Planning Your Deployment.

You can deploy multiple MVEs within the same metropolitan area for redundancy or capacity reasons. As part of the MVE creation process, you will also create a Megaport Internet connection.

To create an MVE

In the Megaport Portal, go to the Services page.
Click Create MVE.
Select the MVE location.

Select a location geographically close to your target branch and/or on-premises locations.

The country you choose must be a market in which you have already registered.

If you haven’t registered a billing market in the location where you will deploy the MVE, follow the procedure in Enabling Billing Markets.

You can use the Search field to find the Port name, Country, Metro City, or address of your destination Port. You can also filter by diversity zone..
Select a diversity zone.

You can select either Red or Blue, or select Auto and have Megaport select the zone for you. The selected or allocated diversity zone will be displayed on the location details through the rest of the provisioning, and on the summary page at the end.
For more information, see MVE Diversity.
Click Next.
Select Cisco C8000.
Specify the MVE details:
- Version – Select the software version. The MVE will be configured to be compatible with that version of Cisco SD-WAN.
- MVE Name – Enter a name for the MVE that is easily identifiable, particularly if you plan on provisioning more than one. This name appears in the Megaport Portal.
- Size – Select a size from the drop-down list. The list displays all sizes that match the CPU capacity at the selected location. The sizes support varying numbers of concurrent connections, and individual partner product metrics vary slightly. For more information, see Planning Your Deployment.
  
  Note
  
  If the MVE size you want is not in the list, then there is not enough capacity at the selected location. You can either select another location with enough capacity or contact your Account Manager to discuss requirements.
- Service Level Reference (optional) – Specify a unique identifying number for the MVE to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice. You can also edit this field for an existing service.
- Appliance Mode – Select Autonomous from the Appliance Mode drop-down list.
- SSH Key – Copy and paste the contents of your public SSH key here. You can find the public key in the megaport-mve-instance-1-2048.pub file generated earlier. Must be RSA 2048 bits. We support both RFC4716 and RFC4253/OpenSSH formats.
- Virtual Interfaces (vNICs) – Each MVE is configured with one vNIC named Data Plane by default. To change the name, type over the name text in the box.
  
  You can add a total of five vNICs to the MVE, including the two added by default. For more information, see Types of vNIC Connections.
  
  To add a vNIC:
  - Click + Add.
  - Enter a name for the vNIC.
  Note
  
  If you want to increase or decrease the number of vNICs on this MVE after it has been deployed, you will have to delete the entire MVE and recreate it. You can’t add or delete vNICs on a deployed MVE.
- Megaport Marketplace – By default, each service is private to your enterprise and consumes services from the Megaport network for your own internal company, team, and resources. When set to private, the service is not searchable in the Megaport Marketplace, however, others can still connect to you using a service key. Megaport Marketplace visibility is controlled on your Megaport Marketplace profile. For more information about how to make your service visible to the Megaport Marketplace, see Adding services to your profile.
- Minimum Term – Select No Minimum Term, 12 Months, 24 Months, or 36 Months. Longer terms result in a lower monthly rate. 12 Months is selected by default. Take note of the information on the screen to avoid early termination fees (ETF).
  
  Enable the Minimum Term Renewal option for services with a 12, 24, or 36-month term to automatically renew the contract at the same discounted price and term length at the end of the contract. If you don’t renew the contract, at the end of the term, the contract will automatically roll over to month-to-month contract for the following billing period, at the same price, without term discounts.
  
  For more information, see MVE Pricing and Contract Terms.
- Resource Tags – You can use resource tags to add your own reference metadata to a Megaport service.
  To add a tag:
  1. Click Add Tags.
  2. Click Add New Tag.
  3. Enter details into the fields:
    - Key - string maximum length 128. Valid values are a-z 0-9 _ : . / \ -
    - Value - string maximum length 256. Valid values are a-z A-Z 0-9 _ : . @ / + \ - (space)
  4. Click Save.
  If you already have resource tags for that service, you can manage them by clicking Manage Tags.
  
  Warning
  
  Never include sensitive information in a resource tag. Sensitive information includes commands that return existing tag definitions and information that will identify a person or company.
Click Next to view the Summary page.
The monthly rate is based on location and size.
Confirm the configuration and pricing then click Add MVE.
You are prompted to create a Megaport Internet connection. A Megaport Internet connection provides connectivity and allows MVE to register and communicate with Cisco SD-WAN.

To create the Megaport Internet connection

Click Create Megaport Internet to proceed (recommended), or click Not now to provision internet access at a later time.

Note

MVE requires connectivity to the internet onto the management plane virtual interface. You can either provision a Megaport Internet connection or configure a third-party internet connection using a private VXC. We strongly recommend that you create a Megaport Internet connection for the initial MVE startup and deployment to ensure that the MVE is provisioned and functioning correctly.
Select the target Port (the internet router).
The B-End of a Megaport Internet connection can be anywhere that Megaport Internet is available.
You can use the Search field to find the Port name, Country, Metro City, or address of your destination Port. You can also filter by diversity zone.
Click Next.
Specify the connection details:
- Connection Name – The name of your Megaport Internet connection to be shown in the Megaport Portal.
- Service Level Reference (optional) – Specify a unique identifying number for the Megaport Internet connection to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice.
  
  Tip
  
  Use the same Service Level Reference numbers for the Megaport Internet connection and MVE to help identify the matching pair in your invoice.
- Rate Limit – The speed of your connection in Mbps. The speed is adjustable from 20 Mbps to 10 Gbps in increments of 1 Mbps. You can change the speed as needed after you create the Megaport Internet connection. Monthly billing details appear based on location and rate limit.
- VXC State – Select Enabled or Shut Down to define the initial state of the connection. For more information, see Shutting Down a VXC for Failover Testing.
  
  Note
  
  If you select Shut Down, traffic will not flow through this service and it will behave as if it was down on the Megaport network. Billing for this service will remain active and you will still be charged for this connection.
- A-End vNIC - Specify a vNIC from the drop-down list. The list shows the vNICs that were created with the MVE.
- Preferred A-End VLAN (optional) – Specify an unused VLAN ID for this connection. This must be a unique VLAN ID on this MVE and can range from 2 to 4093. If you specify a VLAN ID that is already in use, the system displays the next available VLAN number. The VLAN ID must be unique to proceed with the order. If you don’t specify a value, Megaport will assign one.
  Alternatively, you can click Untag. This selection removes the VLAN tagging for this connection and it will be configured without a VLAN ID.
- Minimum Term – Select No Minimum Term, 12 Months, 24 Months, or 36 Months. Longer terms result in a lower monthly rate. 12 Months is selected by default. Take note of the information on the screen to avoid early termination fees (ETF).
  
  Enable the Minimum Term Renewal option for services with a 12, 24, or 36-month term to automatically renew the contract at the same discounted price and term length at the end of the contract. If you don’t renew the contract, at the end of the term, the contract will automatically roll over to month-to-month contract for the following billing period, at the same price, without term discounts.
  
  For more information, see Megaport Internet Pricing and Contract Terms and VXC, Megaport Internet, and IX Billing.
- Resource Tags – You can use resource tags to add your own reference metadata to a Megaport service.
  To add a tag:
  1. Click Add Tags.
  2. Click Add New Tag.
  3. Enter details into the fields:
    - Key - string maximum length 128. Valid values are a-z 0-9 _ : . / \ -
    - Value - string maximum length 256. Valid values are a-z A-Z 0-9 _ : . @ / + \ - (space)
  4. Click Save.
  If you already have resource tags for that service, you can manage them by clicking Manage Tags.
  
  Warning
  
  Never include sensitive information in a resource tag. Sensitive information includes commands that return existing tag definitions and information that will identify a person or company.
Click Next to proceed to the connection detail summary.
Click Add VXC to order the connection.
Click Order in the Configured Services area.
If you have a promotional code, click Add Promo Code, enter it, then click Add Code.
Click Order Now.

Ordering MVE provisions the appliance and assigns IP addresses from the Megaport SDN. The MVE provisioning takes only a few minutes to complete. The provisioning process spins up an MVE. At this point, the Cisco Catalyst 8000V MVE instance is booted.

Viewing the MVE in the Megaport Portal

After creating the MVE, you can view it in the Megaport Portal on the Services page. You can also view the public IP addresses assigned.

To view an MVE in the Megaport Portal

Go to the Services page.

MVE and Megaport Internet connection in the Megaport Portal

The Megaport Internet icon differs from a standard VXC icon in the Megaport Portal, as shown in the image.

For more information about the Services page, see Understanding the Services Page.

To view the public IP addresses assigned to the MVE

Click the gear icon next to the Megaport Internet connection.
Select the Details tab.
Locate the public IP address (IPv4 or IPv6).
These are the public IP addresses assigned to the MVE.

The next step is to activate Cisco Smart Licensing on the MVE.

Activating the Cisco Smart License

Before you begin, you need to obtain a registration token from Cisco. After applying the token to the CLI configuration on the MVE, you can then verify the license status and configure the MVE throughput speed using CLI commands.

To activate the Cisco Smart License

Obtain a token ID from Cisco using your Smart account.

Use SSH to access the MVE. The default username is mveadmin.

  ssh -i <path_to_private_key> mveadmin@<IP_OF_MVE_Instance>

Note

Some older versions might require the ssh-rsa key type to be specified as permitted. For example, using the command:

 ssh -oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa -i <path_to_private_key> mveadmin@<IP_OF_MVE_Instance>.

Submit a trust request to activate the license and register the MVE with Cisco.

  license smart trust idtoken OTgyODllZjktM2UzOC00ZTIzLThjODQtN2ZiZDc2ZDMzYjZmLTE2OTg0MjE0%0AODk5MDh8YURXSzBwdm0zTWtCU05mY3VRaUhTalFLbmJOTTQ2M0hIR2Y0U1E0%0ASUpmbz0%3D%0A local force

Verify that the trust token was installed.
```
  show license status
```
Wait for the instance to return a value for your smart and virtual accounts as well the date and time that the trust code was installed. This acknowledgement might take a couple of minutes.
Enter configuration mode.
Configure the throughput speed.
```
  platform hardware throughput level MB <value>
```
Where value is a speed in mbps (for example, 10000 for 10G, 5000 for 5G, 1000 for 1G).

Note

For speeds above 250 mbps, a Router US Export License for DNA (also known as an HSECK9) license must be available in your CSSM virtual account. After configuring the throughput level, the MVE instance retrieves the HSECK9 license automatically.
Verify the installed licenses.
```
  show license summary
```

Check the current throughput level.

  show platform hardware throughput level

Example:

  c8kv-auto-test-16#show license summary

  Account Information:  
  Smart Account: Megaport As of Nov 04 15:44:06 2022 UTC  
  Virtual Account: CSR Virtual Account

  License Usage:  
  License                 Entitlement Tag               Count Status
  -----------------------------------------------------------------------------
  Router US Export Lic... (DNA_HSEC)                        1 IN USE
  network-advantage_1G    (ESR_P_1G_A)                      1 IN USE
  dna-advantage_1G        (DNA_P_1G_A)                      1 IN USE

  c8kv-auto-test-16#show plat hardware throughput level

  The current throughput level is 2000000 kb/s

Save the configuration and reboot the MVE.
```
  wr mem  
  reload
```

Next steps

Once the MVE is provisioned with an Active status, the next step is to connect a VXC to a CSP, a local port, or a third-party network. You can optionally connect a physical Port to the MVE through a private VXC or connect to a service provider in the Megaport Marketplace.

For more information, see Creating a VXC.