Cisco IP Solution Center MPLS VPN User Guide, 4.1
MPLS VPN Service Requests
Download this chapter
MPLS VPN Service RequestsMPLS VPN Service Requests
Download the complete book
ISC MPLS VPN User Guide, 4.1ISC MPLS VPN User Guide, 4.1 (PDF - 4 MB)
 Feedback

Table Of Contents

MPLS VPN Service Requests

Overview of Service Requests

Service Request Transition States

Service Enhancements

How ISC Accesses Network Devices

Creating Service Requests

MPLS VPN Topology Example

Creating a PE-CE Service Request

Static Routing Protocols

Creating a Multi-VRF Service Request

Multi-VRF Overview

Creating an Multi-VRFCE PE-CE Service Request

Creating a PE-Only Service Request

Adding a CLE Service Request

Deploying Service Requests

Monitoring Service Requests

Auditing Service Requests

Functional Audit

How to Perform a Functional Audit

Where to Find the Functional Audit

Why a Functional Audit Could Fail

Configuration Audit

How to Perform a Configuration Audit

Where to Find the Configuration Audit

Why a Configuration Audit Could Fail

Editing Configuration Files


MPLS VPN Service Requests

This chapter describes how to provision and audit service requests in IP Solution Center (ISC). This chapter contains the following major sections:

Overview of Service Requests

Creating Service Requests

Deploying Service Requests

Monitoring Service Requests

Auditing Service Requests

Editing Configuration Files

Overview of Service Requests

This section contains the following sections:

Service Request Transition States

Service Enhancements

How ISC Accesses Network Devices

MPLS VPN Topology Example

Service Request Transition States

The focus of ISC is the service provided for a customer on the link between a customer CE and a provider PE. The service request model is the centerpiece of service provisioning. With the service request model, the ISC can capture the specified VPN service provisioning request, analyze the validity of the request, and audit the provisioning results.

The service provider operators take all service request information from their customers. ISC can assist the operator in making entries because the product has customer information such as the VPN information, the list of the assigned PEs and CEs, and so forth.

ISC steps the operator through the process and simplifies the task of provisioning the CE and PE by automating most of the tasks required to set up an MPLS VPN.

Figure 6-1 shows a high-level diagram of the relationships and movement among ISC service request states. For a description of the service request transition sequences, see "Service Request Transition States."

Figure 6-1 Service Request States: Movement and Relationships

Table 6-1, "Summary of Cisco IP Solution Center Service Request States," describes each of the service request states and their transition sequences.

Table 6-1 Summary of Cisco IP Solution Center Service Request States 

Service Request Type
Description

Broken

(valid only for L2TPv3 and MPLS services)

The router is correctly configured but the service is unavailable (due to a broken cable or Layer 2 problem, for example).

An MPLS service request moves to Broken if the auditor finds the routing and forwarding tables for this service, but they do not match the service intent.

Closed

A service request moves to Closed if the service request should no longer be used during the provisioning or auditing process. A service request moves to the Closed state only upon successful audit of a decommission service request. ISC does not remove a service request from the database to allow for extended auditing. Only a specific administrator purge action results in service requests being removed.

Deployed

A service request moves to Deployed if the intention of the service request is found in the router configuration file. Deployed indicates that the configuration file has been downloaded to the router, and the intent of the request has been verified at the configuration level. That is, ISC downloaded the configlets to the routers and the service request passed the audit process.

Failed Audit

This state indicates that ISC downloaded the configlet to the router successfully, but the service request did not pass the audit. Therefore, the service did not move to the Deployed state. The Failed Audit state is initiated from the Pending state. After a service request is deployed successfully, it cannot re-enter the Failed Audit state (except if the service request is redeployed).

Failed Deploy

The cause for a Failed Deploy status is that DCS reports that either the upload of the initial configuration file from the routers failed or the download of the configuration update to the routers failed (due to lost connection, faulty password, and so on).

Functional

(valid only for L2TPv3 and MPLS services)

An MPLS service request moves to Functional when the auditor finds the VPN routing and forwarding tables (VRF) for this service and they match with the service intent. This state requires that both the configuration file audit and the routing audit are successful.

Invalid

Invalid indicates that the service request information is incorrect in some way. A service request moves to Invalid if the request was either internally inconsistent or not consistent with the rest of the existing network/router configurations (for example, no more interfaces were available on the router). The Provisioning Driver cannot generate configuration updates to service this request.

Lost

A service request moves to Lost when the Auditor cannot find a configuration-level verification of intent in the router configuration files. The service request was in the Deployed state, but now some or all router configuration information is missing. A service request can move to the Lost state only when the service request had been Deployed.

Pending

A service request moves to Pending when the Provisioning Driver determines that the request looks consistent and was able to generate the required configuration updates for this request. Pending indicates that the service request has generated the configuration updates and the configuration updates are successfully downloaded to the routers.

The Auditor regards pending service requests as new requests and begins the audit. If the service has been freshly provisioned and not yet audited, it is not an error (pending audit). However, if an audit is performed and the service is still pending, it is in an error state.

Requested

If the service is newly entered and not yet deployed, it is not an error. However, if a Deploy is done and it remains Requested, the service is in an error state.

Wait Deploy

This service request state pertains only when downloading configlets to a Cisco CNS-CE server, such as a Cisco CNS IE2100 appliance. Wait Deploy indicates that the configlet has been generated, but it has not been downloaded to the Cisco CNS-CE server because the device is not currently online. The configlet is staged in the repository until such time as the Cisco CNS-CE server notifies ISC that it is up. Configlets in the Wait Deploy state are then downloaded to the Cisco CNS-CE server.


Service Enhancements

With this release of MPLS VPN Management, a number of enhancements to the service function are available:

A service is no longer limited to a single PE-CE link at a time. Under ISC, a service can be comprised of multiple PE-CE links per service request.

Multicast MPLS VPNs

A multicast address is a single address that represents a group of machines. Unlike a broadcast address, however, the machines using a multicast address have all expressed a desire to receive the messages sent to the address. A message sent to the broadcast address is received by all IP-speaking machines, whether they care what it contains or not. For example, some routing protocols use multicast addresses as the destination for their periodic routing messages. This allows machines that have no interest in routing updates to ignore them.

To implement multicast routing, ISC employs the concept of a multicast domain (MD), which is a set of VRFs associated with interfaces that can send multicast traffic to each other. A VRF contains VPN routing and forwarding information for unicast. To support multicast routing, a VRF also contains multicast routing and forwarding information; this is called a Multicast VRF.

Site of Origin support

Although a route target provides the mechanisms to identify which VRFs should receive routes, a route target does not provide a facility that can prevent routing loops. These routing loops can occur if routes learned from a site are advertised back to that site. To prevent this, the Site of Origin (SOO) feature identifies which site originated the route, and therefore, which site should not receive the route from any other PE routers.

Layer 2 access into MPLS VPNs

Provisioning PE-Only service requests

How ISC Accesses Network Devices

When ISC attempts to access a router, it uses the following algorithm:

1. Checks to see if a terminal server is associated with the device, and if this is the case, ISC uses the terminal server to access the device.

2. If there is no terminal server, ISC looks for the management interface on the device.

3. If there is no management interface, ISC tries to access the device using the fully-qualified domain name (hostname plus domain name).

If any step in the VPN Solutions Center device-access algorithm fails, the entire device access operation fails—there is no retry or rollover operation in place. For example, if there is a terminal server and ISC encounters an error in attempting to access the target device through the terminal server, the access operation fails at that point. With the failure of the terminal server access method, ISC does not attempt to find the management interface to access the target device.

Creating Service Requests

A service request is an instance of service contract between a customer edge router (CE) and a provider edge router (PE). The service request user interface asks you to enter several parameters, including the specific interfaces on the CE and PE routers, routing protocol information, and IP addressing information.

You can also integrate an ISC template with a service request, and associate one or more templates to the CE and the PE.

To create a service request, a Service Policy must already be defined, as described in "MPLS VPN Service Requests."

This section has the following sections:

MPLS VPN Topology Example

Creating a PE-CE Service Request

Creating a Multi-VRF Service Request

Creating a PE-Only Service Request

MPLS VPN Topology Example

Figure 6-2 shows the topology for the network used to define the service requests in this section.

PE-CE Example

In the PE-CE example, the service provider needs to create an MPLS service for a CE (mlce1) in their customer site Acme_NY (in New York).

Multi-VRF Example

In the Multi-VRF example, the service provider needs to create an MPLS service between a CE (mlce4) in their customer site Widgets_NY (in New York) and a Multi-VRFCE (mlce3) located in their customer site Widgets_NY (in New York).

The goal is to create a single service request that defines a link between the customer site in New York and the PE (mlpe2).

PE-Only Example

In the PE-Only example, the service provider needs to create an MPLS service for a PE (mlpe2.)

Figure 6-2 Example Network Topology

Creating a PE-CE Service Request

To create a PE-CE service request, follow these steps:

Step 1 Start up and log in to ISC.

a. From the Welcome to ISC window, choose Service Inventory.

b. From the Service Inventory window, choose Inventory and Connection Manager.

c. From the Inventory and Connection Manager window, choose Service Requests.

The Service Requests dialog box appears (see Figure 6-3).

Figure 6-3 Initial Service Requests Dialog Box

Step 2 To start the process to create a new service, click Create.

A drop-down list is displayed, showing the types of service requests you can create.

Step 3 Choose MPLS VPN.

The Select MPLS Policy dialog box appears (see Figure 6-4).

This dialog box displays the list of all the MPLS service policies that have been defined in ISC.

Figure 6-4 Selecting the MPLS Policy for This Service

Step 4 Choose the policy of choice, then click OK.

The MPLS Service Request Editor appears (see Figure 6-5).

Figure 6-5 MPLS Service Request Editor

Step 5 Click Add Link.

The MPLS Service Request Editor now displays a set of fields, as shown in Figure 6-6. Notice that the Select CE field is enabled. Specifying the CE for the link is the first task required to define the link for this service.

Figure 6-6 Initial Fields Displayed to Define PE-CE Link

Step 6 CE: Click Select CE.

The Select CPE Device dialog box is displayed (see Figure 6-7).

Figure 6-7 Selecting the CE for the MPLS Link

a. From the Show CPEs with drop-down list, you can display CEs by Customer Name, by Site, or by Device Name.

b. You can use the Find button to either search for a specific CE, or to refresh the display.

c. You can set the Rows per page to 5, 10, 20, 30, 40, or All.

d. This dialog box displays the first page of the list of currently defined CE devices. The number of pages of information is displayed in the lower right corner of the dialog box.

To go to the another page of CE devices, click the number of the page you want to go to.

Step 7 In the Select column, choose the name of the CE for the MPLS link, then click Select.

You return to the Service Request Editor window, where the name of the selected CE is now displayed in the CE column.

Step 8 CE Interface: Choose the CE interface from the drop-down list (see Figure 6-8).

Figure 6-8 CE and CE Interface Fields Defined

Note that in the PE column, the Select PE option is now enabled.

Step 9 PE: Click Select PE.

The Select PE Device dialog box is displayed (see Figure 6-9).

Figure 6-9 Selecting the PE for the MPLS Link

a. From the Show PEs with drop-down list, you can display PEs by Customer Name, by Site, or by Device Name.

b. You can use the Find button to either search for a specific PE, or to refresh the display.

c. You can set the Rows per page to 5, 10, 20, 30, 40, or All.

d. This dialog box displays the first page of the list of currently defined PE devices. The number of pages of information is displayed in the lower right corner of the dialog box.

To go to the another page of PE devices, click the number of the page you want to go to.

Step 10 In the Select column, choose the name of the PE for the MPLS link, then click Select.

You return to the Service Request Editor window, where the name of the selected PE is now displayed in the PE column.

Step 11 PE Interface: Choose the PE interface from the drop-down list (see Figure 6-10).

Figure 6-10 PE and PE Interface Fields Defined

Note that the Link Attribute Add option is now enabled.

Step 12 In the Link Attribute column, click Add.

The MPLS Link Attribute Editor appears, showing the fields for the interface parameters (see Figure 6-11).

Figure 6-11 Specifying the MPLS Link Interface Attributes

The field values displayed in this dialog box reflect the values specified in the service policy associated with this service. For details on each of the PE and CE interface fields, see Specifying PE and CE Interface Parameters.

Note The VLAN ID is shared between the PE and CE, so there is one VLAN ID for both.

Step 13 Edit any interface values that must be modified for this particular link, then click Next.

The MPLS Link Attribute Editor for the IP Address Scheme appears (see Figure 6-12).

Figure 6-12 Specifying the MPLS Link IP Address Attributes

The field values displayed in this dialog box reflect the values specified in the service policy associated with this service. For details on the IP address scheme fields, see Specifying IP Address Scheme.

Step 14 Edit any IP address scheme values that must be modified for this particular link, then click Next.

The MPLS Link Attribute Editor for Routing Information appears (see Figure 6-13).

Figure 6-13 Specifying the MPLS Link Routing Protocol Attributes

The field values displayed in this dialog box reflect the values specified in the service policy associated with this service. For details on the routing information for the PE and CE, see Specifying Routing Protocol for a Service.

Because the service policy used for this service specified the routing protocol as editable, you can change the routing protocol for this service request as needed.

Note For the Static routing protocol, there are two additional attributes that you can add via the Link Attribute Editor. See Static Routing Protocols.

Step 15 Edit any routing protocol values that must be modified for this particular link, then click Next.

The MPLS Link Attribute Editor for the VRF and VPN attributes appears (see Figure 6-14).

Figure 6-14 Specifying the MPLS Link VRF and VPN Attributes

The field values displayed in this dialog box reflect the values specified in the service policy associated with this service. For details on the VRF and VPN information, see Defining the Service Policy VRF and VPN Information.

Step 16 If multicast is enabled, choose the PIM (Protocol Independent Multicast) Mode:

SPARSE_MODE

SPARCE_DENSE_MODE

Tip Multicast routing architecture allows the addition of IP multicast routing on existing IP networks. PIM is an independent unicast routing protocol. It can be operated in two modes: dense and sparse.

Step 17 Edit any VRF and VPN values that must be modified for this particular link, then click Finish.

You return to the MPLS Service Request Editor. You can define multiple links in this service request.

Step 18 To save your work on this first link in the service request, click Save.

You return to the Service Requests dialog box, where the information for the link you just defined is now displayed (see Figure 6-15).

Figure 6-15 Service Request for an MPLS Link Completed

As you can see, the service request is in the Requested state. When all the links for this service have been defined, you must deploy the service, as described in Deploying Service Requests.

IP Multicast VPN Service Request Configlets

Step 1 To view the PE and CE configlets for a service request that has been successfully deployed, from the Service Request window, choose the service request you want to see, then click Details.

The Service Request Details window appears for the associated job number.

Step 2 From Service Request Details window, click Configlets.

The Service Request Configlets window appears (see Figure 6-16).

Figure 6-16 Service Request Configlets

Step 3 Choose the IP address for the desired configlet, then click View Configlet.

Examples of PE and CE configlets are shown below:

PE Configlet 

--------------------------------------------------

Configlet #1, Job ID 8 (Created: 2006-05-31 17:39:01)

!

ip vrf V2:Hameed_MVPN

rd 100:1011

route-target import 100:12

route-target import 100:13

route-target export 100:12

maximum routes 10000 80

mdt default 239.232.1.1

mdt data 239.232.2.0 0.0.0.255 threshold 50

mdt mtu 1500

!

interface Ethernet1/1.99

description Ethernet1/1.99 dot1q vlan id=99. By VPNSC: Job Id# = 8

encapsulation dot1Q 99

ip vrf forwarding V2:Hameed_MVPN

ip address 10.99.0.1 255.255.255.252

ip pim sparse-mode

no shutdown

!

ip multicast vrf V2:Hameed_MVPN route-limit 100000

!

ip multicast-routing vrf V2:Hameed_MVPN

!

ip pim vrf V2:Hameed_MVPN autorp listener

!

ip pim vrf V2:Hameed_MVPN ssm range ssmList

!

ip pim vrf V2:Hameed_MVPN rp-address 10.99.1.2 rp12List

!

ip pim vrf V2:Hameed_MVPN rp-address 10.99.1.5 override

!

ip pim vrf V2:Hameed_MVPN rp-address 10.99.1.1 rp11List override

!

router ospf 21 vrf V2:Hameed_MVPN

redistribute bgp 100 subnets

network 10.99.0.0 0.0.0.3 area 21

!

router bgp 100

address-family ipv4 vrf V2:Hameed_MVPN

redistribute ospf 21 vrf V2:Hameed_MVPN match internal external 1 external 2

exit-address-family

--------------------------------------------------

CE Configlet 

--------------------------------------------------

Configlet #1, Job ID 8 (Created: 2006-05-31 17:39:01)





!

interface Ethernet0/0.99

description Ethernet0/0.99 dot1q vlan id=99. By VPNSC: Job Id# = 8

encapsulation dot1Q 99

ip vrf forwarding V2:Hameed_MVPN

ip address 10.99.0.2 255.255.255.252

ip pim sparse-mode

no shutdown

!

router ospf 21

network 10.99.0.0 0.0.0.3 area 21


--------------------------------------------------

Static Routing Protocols

For the static routing protocol, in addition to the attributes that you can specify in the service policy, here are two additional attributes that you can add via the Link Attribute Editor.

Advertised Routes for CE: allows you to add a list of ip addresses, static routes to put on the PE, that describes all the address apace in the CE's site.

Routes to Reach other Sites: allows you to add a list of ip addresses, static routes to put on the CE, that describes all the address apace throughout the VPN.

Step 1 When you perform Step 14 on page 4-10 for static routing protocols, the MPLS Link Attribute Editor for Routing Information appears (Figure 6-17).

Figure 6-17 Static Routing Protocol

You can edit Advertised Routes for CE: and Routes to Reach other Sites: for this service request.

Step 2 To edit Advertised Routes for CE:, click EDIT. The Advertised Routes window appears as shown in Figure 6-18.

Figure 6-18 Advertised Routes Window

Step 3 Click Add to add IP addresses. The Advertised Routes window appears again as shown in Figure 6-19.

Figure 6-19 Add IP Address

Step 4 Enter an IP address and a metric. Click Add to add another IP address or click OK.

Step 5 To edit Routes to Reach Other Sites:, click EDIT. The Routes to reach other sites window appears as shown in Figure 6-20.

Figure 6-20 Routes to reach other sites Window

Step 6 Click Add to add IP addresses. The Routes to reach other sites window appears again as shown in Figure 6-21.

Figure 6-21 Add an IP Address

Step 7 Enter an IP address and a metric. Click Add to add another IP address or click OK.

Creating a Multi-VRF Service Request

This chapter contains graphics for the following sections:

Multi-VRF Overview

Creating an MVRF Service Request

Multi-VRF Overview

MPLS-VPNs provide security and privacy as traffic travels through the provider network. The CE router has no mechanism to guarantee private networks across the traditional LAN network. Traditionally to provide privacy, either a switch needed to be deployed and each client be placed in a separate VLAN or a separate CE router is needed per each client's organization or IP address grouping attaching to a PE.

These solutions are costly to the customer as additional equipment is needed and requires more network management and provisioning of each client site.

Multi-VRF is a new feature, introduced in Cisco IOS release 12.2(4)T, that addresses these issues. Multi-VRF extends limited PE functionality to a CE router in an MPLS-VPN model. A CE router now has the ability to maintain separate VRF tables in order to extend the privacy and security of an MPLS-VPN down to a branch office rather than just at the PE router node.

CE routers use VRF interfaces to form a VLAN-like configuration on the customer side. Each VRF on the CE router is mapped to a VRF on the PE router. With Multi-VRF, the CE router can only configure VRF interfaces and support VRF routing tables. Multi-VRF extends some of the PE functionality to the CE router—there is no label exchange, there is no LDP adjacency, there is no labeled packet flow between PE and CE. The only PE-like functionality that is supported is the ability to have multiple VRFs on the CE router so that different routing decisions can be made. The packets are sent toward the PE as IP packets.

Creating an Multi-VRFCE PE-CE Service Request

To create a MVRFCE PE-CE Service Request, follow these steps:

Step 1 Log into ISC.

Step 2 Go to Service Inventory > Inventory and Connection Manager > Service Requests.

The Service Requests window appears, as shown in Figure 6-22.

Figure 6-22 Service Requests

Step 3 From the Create drop-down list, choose MPLS VPN.

The Select MPLS Policy window appears, as shown in Figure 6-23.

Figure 6-23 Select MPLS Policy

Step 4 Choose the MPLS Policy.

Step 5 Click OK.

The MPLS Service Request Editor window appears, as shown in Figure 6-24.

Figure 6-24 MPLS Service Request Editor

Step 6 Click Add Link.

The MPLS Service Request Editor window appears, as shown in Figure 6-25.

Figure 6-25 MPLS Service Request Editor - Select CE

Step 7 Click Select CE.

The Select CPE Device - CE window appears, as shown in Figure 6-26.

Figure 6-26 Select CPE Device - CE

Step 8 Choose the CPE Device and then click Select.

The MPLS Service Request Editor window appears, as shown in Figure 6-27.

Figure 6-27 MPLS Service Request Editor - CE Interface

Step 9 Choose the CE Interface from the drop-down box.

Step 10 Click Select MVRFCE.

The Select CPE Device - MVRFCE window appears, as shown in Figure 6-28.

Figure 6-28 Select CPE Device - MVRFCE

Step 11 Choose the MVRFCE and then click Select.

The MPLS Service Request Editor window appears, as shown in Figure 6-29.

Figure 6-29 MPLS Service Request Editor - MVRFCE CE Facing Interface

Step 12 Choose the MVRFCE CE Facing Interface from the drop-down box.

Step 13 Choose the MVRFCE PE Facing Interface from the drop-down box.

The MPLS Service Request Editor window appears, as shown in Figure 6-30.

Figure 6-30 MPLS Service Request Editor - Choose MVRFCE PE Facing Interface

Step 14 Click Select PE.

The Select PE Device window appears, as shown in Figure 6-31.

Figure 6-31 Choose PE Device

Step 15 Choose the PE and then click Select.

The MPLS Link Attribute Editor window appears, as shown in Figure 6-32.

Figure 6-32 MPLS Link Attribute Editor - Interface

Step 16 Choose the PE Interface from the drop-down box.

Step 17 Click Add in the Link Attribute cell.

The MPLS Link Attribute Editor - Interface window appears, as shown in Figure 6-32.

Figure 6-33 MPLS Link Attribute Editor - Interface

Step 18 Enter the VLAN ID for the PE. (510)

Step 19 Click Next.

The MPLS Link Attribute Editor - Interface window appears, as shown in Figure 6-34.

Figure 6-34 MPLS Link Attribute Editor - Interface

Step 20 Enter the VLAN ID for the MVRFCE. (530)

Click Next.

The MPLS Link Attribute Editor - IP Address Scheme window appears, as shown in Figure 6-35.

Figure 6-35 MPLS Link Attribute Editor - IP Address Scheme

Step 21 Keep the defaults and click Next.

The MPLS Link Attribute Editor - IP Address Scheme window appears, as shown in Figure 6-36.

Figure 6-36 MPLS Link Attribute Editor - IP Address Scheme

Step 22 Keep the defaults and click Next.

The MPLS Link Attribute Editor - Routing Information window reappears, as shown in Figure 6-37.

Figure 6-37 MPLS Link Attribute Editor - PE Routing Information

Step 23 Keep the defaults and click Next.

The MPLS Link Attribute Editor - Routing Information window reappears, as shown in Figure 6-38.

Figure 6-38 MPLS Link Attribute Editor - MVRFCE Routing Information

Step 24 Keep the defaults and click Next.

The MPLS Link Attribute Editor - VRF and VPN window appears (not shown).

Step 25 Click Add to choose a VPN.

The Choose VPN window appears, as shown in Figure 6-39.

Figure 6-39 Choose VPN

Step 26 Choose a VPN.

Step 27 Click Join as Hub or Join as Spoke to join the CERC.

Step 28 Click Done.

The MPLS Link Attribute Editor - VRF and VPN window reappears, as shown in Figure 6-40.

Figure 6-40 MPLS Service Request Editor

Step 29 Click Finish.

The MPLS Service Request Editor window appears, as shown in Figure 6-41.

Figure 6-41 MPLS Service Request Editor

Step 30 Enter the Service Request description and then click Save. (mpls-mvrfce-pe-ce)

The MPLS Service Requests window appears, as shown in Figure 6-42.

Figure 6-42 Service Request

The MPLS VPN MVRFCE PE-CE Service Request is in the Requested state and ready to deploy.

Creating a PE-Only Service Request

To create a PE-Only (No CE) service request, follow these steps:

Step 1 Start up and log in to ISC.

a. From the Welcome to ISC window, choose Service Inventory.

b. From the Service Inventory window, choose Inventory and Connection Manager.

c. From the Inventory and Connection Manager window, choose Service Requests.

The Service Requests dialog box appears (see Figure 6-43).

Figure 6-43 Initial Service Requests Dialog Box

Step 2 To start the process to create a new service, click Create.

A drop-down list is displayed, showing the types of service requests you can create.

Step 3 Choose MPLS VPN.

The Select MPLS Policy dialog box appears (see Figure 6-44).

This dialog box displays the list of all the MPLS service policies that have been defined in ISC.

Figure 6-44 Selecting the PE-Only Policy for this Service

Step 4 Choose the policy that has CE not present, then click OK.

The MPLS Service Request Editor appears (see Figure 6-45).

Figure 6-45 MPLS Service Request Editor

Step 5 Click Add Link.

The MPLS Service Request Editor now displays a set of fields, as shown in Figure 6-46. Notice that the Select PE field is enabled. Specifying the PE for the link is the first task required to define the link for this service, unless a CLE switch link is needed. If a CLE switch is needed go to "Adding a CLE Service Request" section.

Figure 6-46 Initial Fields Displayed to Define PE-Only Link

Step 6 PE: Click Select PE.

The Select PE Device dialog box is displayed (see Figure 6-47).

Figure 6-47 Selecting the PE for the PE-Only Link

a. From the Show PEs with drop-down list, you can display PEs by Provider Name, by Region, or by Device Name.

b. You can use the Find button to either search for a specific PE, or to refresh the display.

c. You can set the Rows per page to 5, 10, 20, 30, 40, or All.

d. This dialog box displays the first page of the list of currently defined PE devices. The number of pages of information is displayed in the lower right corner of the dialog box.

To go to the another page of PE devices, click the number of the page you want to go to.

Step 7 In the Select column, choose the name of the PE for the MPLS link, then click Select.

You return to the Service Request Editor window, where the name of the selected PE is now displayed in the PE column.

PE Interface: Choose the PE interface from the drop-down list (see Figure 6-48).

Figure 6-48 PE and PE Interface Fields Defined

Note that the Link Attribute Add option is now enabled.

Step 8 In the Link Attribute column, click Add.

The MPLS Link Attribute Editor is displayed, showing the fields for the interface parameters (see Figure 6-49).

Figure 6-49 Specifying the PE-Only Link Interface Attributes

The field values displayed in this dialog box reflect the values specified in the service policy associated with this service. For details on the PE interface fields, see Specifying PE and CE Interface Parameters.

Step 9 Edit any interface values that must be modified for this particular link, then click Next.

The MPLS Link Attribute Editor for the IP Address Scheme appears (see Figure 6-50).

Figure 6-50 Specifying the PE-Only Link IP Address Attributes

The field values displayed in this dialog box reflect the values specified in the service policy associated with this service. For details on the IP address scheme fields, see Specifying IP Address Scheme.

Step 10 Edit any IP address scheme values that must be modified for this particular link, then click Next.

The MPLS Link Attribute Editor for Routing Information appears (see Figure 6-51).

Figure 6-51 Specifying the PE-Only Routing Protocol Attributes

The field values displayed in this dialog box reflect the values specified in the service policy associated with this service. For details on the routing information for the PE, see Specifying Routing Protocol for a Service.

Because the service policy used for this service specified the routing protocol as editable, you can change the routing protocol for this service request as needed.

Step 11 If you check Site of Origin, the screen updates to include the required step of selecting a value:

a. Click Select.

The Site for SOO Value window appears.

b. From the available list shown, check the check box associated with a site and its SOO value, then click Select.

Step 12 Edit any routing protocol values that must be modified for this particular link, then click Next.

The MPLS Link Attribute Editor for the VRF and VPN attributes appears (see Figure 6-52).

Figure 6-52 Specifying the PE-Only Link VRF and VPN Attributes

The field values displayed in this dialog box reflect the values specified in the service policy associated with this service. For details on the VRF and VPN information, see Defining the Service Policy VRF and VPN Information.

Step 13 Edit any VRF and VPN values that must be modified for this particular link, then click Finish.

You return to the MPLS Service Request Editor. You can define multiple links in this service request.

Step 14 To save your work on this first link in the service request, click Save.

You return to the Service Requests dialog box, where the information for the link you just defined is now displayed (see Figure 6-53).

Figure 6-53 Service Request for an PE-Only Link Completed

You can add additional links to this service request by choosing Add Link and specifying the attributes of the next link in the service. As you can see, the service request is in the Requested state. When all the links for this service have been defined, you must deploy the service, as described in Deploying Service Requests.

Adding a CLE Service Request

To add a CLE link:

Step 1 Follow Step 1 through Step 5 of "Creating a PE-Only Service Request" section.

Step 2 Click Select CLE.

The Select PE Device dialog box is displayed (see Figure 6-54).

Figure 6-54 Selecting the CLE for the PE-Only Link

a. From the Show PEs with drop-down list, you can display PEs by Provider Name, by Region, or by Device Name.

b. You can use the Find button to either search for a specific PE, or to refresh the display.

c. You can set the Rows per page to 5, 10, 20, 30, 40, or All.

d. This dialog box displays the first page of the list of currently defined PE devices. The number of pages of information is displayed in the lower right corner of the dialog box.

To go to the another page of PE devices, click the number of the page you want to go to.

Step 3 In the Select column, choose the name of the CLE for the MPLS link, then click Select.

You return to the Service Request Editor window, where the name of the selected CLE is now displayed in the CLE column.

Step 4 CLE Interface: Choose the CLE interface from the drop-down list.

Step 5 Continue following Step 8 through Step 13 of "Creating a PE-Only Service Request" section.

Deploying Service Requests

When you have queued one or more service requests, you can then deploy them. This procedure automatically audits the new service requests. This audit passes the service request into an operational state.

ISC sets up a scheduled task that deploys service requests to the appropriate routers. This involves computing the configlets for each service request, downloading the configlets to the routers, and running audit reports to determine whether the service was successfully deployed.

You can choose to deploy the service requests immediately or schedule their deployment.

Step 1 Start up and log in to ISC.

a. From the Welcome to ISC window, choose Service Inventory.

b. From the Service Inventory window, choose Inventory and Connection Manager.

c. From the Inventory and Connection Manager window, choose Service Requests.

The Service Requests dialog box appears (see Figure 6-55).

Figure 6-55 Selecting a Service Requests to Deploy

Step 2 Check the check box next to the Job ID for the service request you want to deploy.

Step 3 Click the Deploy drop-down list.

You have two deployment options, as shown in Figure 6-56:

Deploy: Use Deploy when the service request state is Requested or Invalid.

Force Deploy: Use Force Deploy when the service request state is Deployed or Failed Audit.

Figure 6-56 Deployment Options

Step 4 Choose Deploy.

The Deploy Service Requests dialog box appears, which allows you to schedule when you want to deploy the selected service request (see Figure 6-57).

Figure 6-57 Scheduling a Service Request for Deployment

Step 5 Complete the fields in this dialog box to schedule the service requested as needed.

Step 6 When satisfied with the schedule settings, click Save.

You return to the Service Requests dialog box. Check the Status display in the lower left corner of the window. If the service request has been deployed successfully, the Status display appears as shown in Figure 6-58.

Figure 6-58 Status for Successful Deployment

Step 7 To update the State from Requested to Deployed, enable the Auto Refresh check box.

You can view logs to check on the task status and whether or not it completed successfully. To view logs, choose Monitoring > Task Manager > Logs (for Log details, refer to Cisco IP Solution Center Infrastructure Reference on Cisco.com).

Monitoring Service Requests

Once you have created and deployed a service request, you can monitor its status.

Step 1 Click the Monitoring tab.

Step 2 From the Monitoring window, choose Task Manager.

The Task Manager dialog box is displayed (see Figure 6-59).

Figure 6-59 Viewing Information on Running Tasks

Step 3 Check the check box for the task (that is, service request) that you're interested in.

Step 4 To see details about the service request's deployment, click Details.

The Service Request Details window appears (see Figure 6-60).

Figure 6-60 Service Request Details Displayed

Auditing Service Requests

This section describes auditing in MPLS VPN. It contains the following sections:

Functional Audit

Configuration Audit

Functional Audit

A functional audit verifies that the links in a service request or VPN are working correctly. The audit checks the routes to remote CEs in the VRF route tables on the PE devices. The user can optionally ping the connected CE from the PE to verify that the link is functional.

How to Perform a Functional Audit

ISC automatically provides a functional audit whenever a service request is deployed or force-redeployed.

You can also create a task to do a functional audit for one or more service requests. To create a task to do a functional audit, follow these steps:

Step 1 Go to Monitoring > Tasks > Audit > MPLS Functional Audit

Step 2 Choose one or more service requests in Deployed, Functional, or Broken states as the targets for the task.

a. You can choose a VPN to audit. If you choose a VPN to audit, all the links that form the VPN are audited.

b. You can choose either SR(s) or VPN(s) in one task, but you cannot choose both in the same task.

c. After the audit, a schedule page appears.

d. You can choose a schedule.

e. In the summary page, you can un-check the Perform Ping to verify PE/CE link check box if you do not want to invoke ping in that particular task.

f. For links without CEs (CE not present case), ping is not performed, whether the check box is selected or not.

Where to Find the Functional Audit

To find the Functional Audit, follow these steps:

Step 1 Choose a service request, and click on Details.

On the service request details page, the Audit button has two choices:

Config

Functional

Step 2 Click on Functional to display the Functional audit report.

Why a Functional Audit Could Fail

A Functional Audit could fail for the following reasons:

BGP peering is incorrect

MPLS setup in the core is faulty

Remote links are down

A Ping could fail for the following reasons:

Physical circuit is not setup correctly

CE is down

Configuration Audit

A configuration audit verifies if all the commands for a service (service intent) are present on the network elements that participate in the service.

How to Perform a Configuration Audit

ISC automatically does a config audit whenever a service request is deployed or force-redeployed. You can also create a task to do a configuration audit for one or more service requests.

To create a task to do a configuration audit, follow these steps:

Step 1 Go to Monitoring > Tasks > Audit> Config Audit.

Step 2 Choose one or more service requests.

Step 3 Create a schedule for the config-audit task.

Where to Find the Configuration Audit

After selecting the service request, click on Details.

On the details page, the Audit button has two choices:

Config

Functional

Click on Config to display the Configuration audit report.

Why a Configuration Audit Could Fail

A configuration audit can fail if some of the commands are removed after provisioning from the network elements. This could happen if the commands are manually removed or they are removed as part of provisioning some other service.

Editing Configuration Files

To view or edit an existing router configuration file:

Caution Exercise caution when editing a configuration file, particularly if you then choose to make the edited file the running configuration file.

Step 1 Click the Service Inventory tab, then go to Inventory and Connection Manager.

The Inventory and Connection Manager window is displayed.

Step 2 Click Devices.

The Devices dialog box appears (see Figure 6-61).

Figure 6-61 List of Devices Recognized by ISC

Step 3 Click the check box next to the device name to choose the configuration file versions you want to view.

Step 4 Click Config.

The Device Configurations dialog box appears (see Figure 6-62).

Figure 6-62 List of Configurations for the Selected Device

The Device Configurations dialog box displays the list of the current versions of the configuration files for the selected device. The configurations are listed by date and time. The configuration file listed first is the latest version.

Step 5 Choose the version of the configuration file you want to view, then click Edit.

The contents of the selected configuration file are displayed (see Figure 6-63).

Figure 6-63 Selected Configuration Displayed

You can view or edit the displayed device configuration file.

Step 6 If necessary, edit the configuration file.

Step 7 When finished editing the file, click Save.