Ultra Gateway Platform System Administration Guide, Release 6.9
Total Page:16
File Type:pdf, Size:1020Kb
Ultra Gateway Platform System Administration Guide, Release 6.9 First Published: 2019-08-29 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version. Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com go trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R) © 2019 Cisco Systems, Inc. All rights reserved. CONTENTS PREFACE About this Guide xxix Conventions Used xxix Related Documentation xxxi Contacting Customer Support xxxi CHAPTER 1 Ultra Services Platform (USP) Introduction 1 USP Introduction 1 USP Architecture 2 USP VNF Architecture 3 Ultra Element Manager (UEM) 3 Life Cycle Manager 6 Service Configuration Manager 7 Service Level Agreement Manager 7 Control Function 10 Service Function 11 Network Function 12 Application Function 13 USP VNF Types 14 Ultra Gateway Platform 15 Ultra Service Framework 15 Ultra Automation Services 16 AutoIT 17 AutoDeploy 19 AutoVNF 21 Ultra Web Services 24 USP VNF Component Redundancy and Availability 25 Ultra Gateway Platform System Administration Guide, Release 6.9 iii Contents Platform Requirements 25 UEM Redundancy 25 CF Redundancy 26 SF Redundancy 26 NF Redundancy 27 AF Redundancy 27 Ultra Service Component (USC) Redundancy 27 ICSR Support 27 CHAPTER 2 Introduction to UGP 29 Product Description 29 Hypervisor Requirements 29 Underlying Infrastructure for the System 29 DI Network 31 Network Requirements 32 Jumbo Frames 33 Record Storage 34 Orchestration Network 34 Service Network 34 Packet Flows 34 Packets Received on SF Demux VM 34 Packets Received on SF Session VM 35 DPDK Internal Forwarder 36 Bandwidth Requirements 37 Feature Set 38 Interfaces and Addressing 38 Encryption 39 Security 39 Orchestration 39 Provisioning 40 Boot Sequence 40 CF Boot Sequence 40 SF Boot Sequence 41 Capacity, CEPS and Throughput 41 Ultra Gateway Platform System Administration Guide, Release 6.9 iv Contents Diagnostics and Monitoring 41 Cisco Prime Analytics 41 StarOS UGP Build Components 42 Software Installation and Network Deployment 42 CHAPTER 3 System Operation and Configuration 43 Terminology 43 Contexts 43 Logical Interfaces 43 Management Interface 44 Bindings 44 Services 44 AAA Servers 45 Subscribers 45 How the System Selects Contexts 46 Context Selection for Context-level Administrative User Sessions 46 Context Selection for Subscriber Sessions 49 Understanding Configuration Files 49 IP Address Notation 50 IPv4 Dotted-Decimal Notation 50 IPv6 Colon-Separated-Hexadecimal Notation 51 CIDR Notation 51 Alphanumeric Strings 52 Character Set 52 Quoted Strings 53 CHAPTER 4 Getting Started 55 Initial StarOS Configuration 55 Using the StarOS CLI for Initial Configuration 55 Configuring System Administrative Users 57 Limiting the Number of Concurrent CLI Sessions 57 Automatic Logout of CLI Sessions 58 Configuring the System for Remote Access 58 Configuring SSH Options 60 Ultra Gateway Platform System Administration Guide, Release 6.9 v Contents SSH Host Keys 61 Setting SSH Key Size 61 Configuring SSH Key Generation Wait Time 62 Specifying SSH Encryption Ciphers 62 MAC Algorithm Configuration 63 Generating SSH Keys 65 Setting SSH Key Pair 65 Authorized SSH User Access 66 Authorizing SSH User Access 66 SSH User Login Restrictions 67 Creating an Allowed Users List 67 SSH User Login Authentication 68 Secure Session Logout 68 Changing Default sshd Secure Session Logout Parameters 69 SSH Client Login to External Servers 69 Setting SSH Client Ciphers 69 Setting Preferred Authentication Methods 70 Generating SSH Client Key Pair 71 Pushing an SSH Client Public Key to an External Server 72 Enabling NETCONF 72 Configuring the Management Interface with a Second IP Address 72 VM Hardware Verification 73 CHAPTER 5 System Settings 75 Verifying and Saving Your Interface and Port Configuration 75 Configuring System Timing 76 Setting the System Clock and Time Zone 76 Verifying and Saving Your Clock and Time Zone Configuration 76 Configuring Network Time Protocol Support 77 Configuring NTP Servers with Local Sources 78 Using a Load Balancer 78 Verifying the NTP Configuration 78 Configuring Software RSS 80 DI-Network RSS Encryption 80 Ultra Gateway Platform System Administration Guide, Release 6.9 vi Contents Feature Summary and Revision History 80 Feature Changes 81 Command Changes 81 Configuring SF Boot Configuration Pause 81 Enabling CLI Timestamping 82 Configuring CLI Confirmation Prompts 82 Enabling Automatic Confirmation 82 Requiring Confirmation for autoconfirm and configure Commands 83 Requiring Confirmation for Specific Exec Mode Commands 83 Configuring System Administrative Users 84 User Name Character Restrictions 85 Configuring Context-level Administrative Users 85 Configuring Context-level Security Administrators 85 Configuring Context-level Administrators 86 Configuring Context-level Operators 86 Configuring Context-level Inspectors 87 Segregating System and LI Configurations 87 Verifying Context-level Administrative User Configuration 88 Configuring Local-User Administrative Users 89 Verifying Local-User Configuration 89 Updating Local-User Database 89 Updating and Downgrading the local-user Database 90 Restricting User Access to a Specified Root Directory 91 Configuring an SFTP root Directory 91 Associating an SFTP root Directory with a Local User 91 Associating an SFTP root Directory with an Administrator 91 Associating an SFTP root Directory with a Config Administrator 92 Configuring TACACS+ for System Administrative Users 92 Operation 92 User Account Requirements 93 TACACS+ User Account Requirements 93 StarOS User Account Requirements 94 Configuring TACACS+ AAA Services 94 Configuring TACACS+ for Non-local VPN Authentication 95 Ultra Gateway Platform System Administration Guide, Release 6.9 vii Contents Verifying the TACACS+ Configuration 95 IPv6 Address Support for TACACS+ Server 96 Separating Authentication Methods 96 Disable TACACS+ Authentication for Console 96 Disable AAA-based Authentication for Console 97 Disable TACACS+ Authentication at the Context Level 97 Limit local-user Login on Console/vty Lines 97 Limit Console Access for AAA-based Users 98 Verify Configuration Changes 98 Configuring a Chassis Key 99 Overview 99 Configuring a New Chassis Key Value 99 CLI Commands 99 Quick Setup Wizard 100 Enabling Automatic Reset of FSC Fabric 100 CHAPTER 6 Config Mode Lock Mechanisms 103 Overview of Config Mode Locking 103 Requesting an Exclusive-Lock 104 Effect of Config Lock on URL Scripts 105 Saving a Configuration File 106 Reload and Shutdown Commands 106 show administrators Command 107 CHAPTER 7 Management Settings 109 SNMP MIB Browser 109 SNMP Support 111 Configuring SNMP and Alarm Server Parameters 112 Verifying SNMP Parameters 113 Controlling SNMP Trap Generation 114 CHAPTER 8 Verifying and Saving Your Configuration 115 Verifying the Configuration 115 Feature Configuration 115 Ultra Gateway Platform System Administration Guide,