DEV Community

Masaki Okuda
Masaki Okuda

Posted on

[HandsOn]Launching and testing Cisco Catalyst 8000V for SD-WAN & Routing on AWS

#cisco #aws #network

Introduction

Thank you for always reading our articles!

I was personally curious as to whether it was possible to build a Cisco Catalyst 8000V for SD-WAN & Routing environment on AWS, so I did some research.

After trying out a few things on the Market Place(AWS), I found Cisco Catalyst 8000V for SD-WAN & Routing as something that looked like it could be built, so I would like to try that out.

from Japanese
There was also a license for the Free Plan of the Cisco Catalyst SD-WAN C8000v (virtual router), but it seems that users in Japan could not set it up due to a violation of the license terms.

Target audience

  • Those who have unavoidable circumstances and want to test Cisco Catalyst SD-WAN
  • A rare person who wants to try using a Cisco router on AWS
  • Looking for people with extensive networking experience

Goals

  • Deploying Cisco Catalyst 8000V in an AWS environment
  • Verify that you can run basic commands

The following is not covered:

  • Building the Manager, Controller, and Validator required for Cisco Catalyst SD-WAN
  • Configuring physical devices such as cEdge

Cisco Documents
https://www.cisco.com/c/ja_jp/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
https://www.cisco.com/c/ja_jp/td/docs/routers/C8000V/AWS/deploying-c8000v-on-amazon-web-services/overview.html

Hands On

  • Enter "Market Place" in the search box at the top of the AWS console screen

  • The screen will change, so click Detect Product on the left pane.
  • After clicking, enter Cisco Catalyst 8000V for SD-WAN & Routing in the center input box.
  • Search results will be displayed, so click on the search result

  • The Cisco Catalyst 8000V for SD-WAN & Routing Marketplace screen will be displayed, so click the View purchase options button.

Market Place URL:https://aws.amazon.com/marketplace/pp/prodview-rohvq2cjd4ccg

  • The screen will change, so click the Continue to Configuration button.
  • ※Clickable after a certain period of time

  • After clicking, the Config setting screen will be displayed.
  • Change the Region to Asia Pacific (Tokyo) and click the Continue to Launch button.

  • The screen will change, so change the drop-down menu under Choose Action to Launch through EC2.
  • After making the changes, click the Launch button.

  • Enter an appropriate instance name to transition to the EC2 setting screen.

  • Select the desired key pair and click the Launch Instance button.

  • After a certain period of time has passed, the message "Instance startup has started successfully" will be displayed.
  • Click the Show All Instances button

  • After a certain amount of time has passed, when the instance status shows 3/3 checks were successful, construction is complete.
  • Please connect to the instance using Teraterm.

Commands Check

Now that I've managed to build the C8000V, I'd like to try executing some commands.

Command Refenece:https://www.cisco.com/c/en/us/td/docs/routers/sd-routing/command/reference/sd-routing-cr-book/dapr-cr-book_chapter_01.html

show version 

ip-172-31-34-128#show version Cisco IOS XE Software, Version 17.15.02a Cisco IOS Software [IOSXE], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.15.2a, RELEASE SOFTWARE (fc7) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2025 by Cisco Systems, Inc. Compiled Thu 06-Mar-25 19:10 by mcpre Cisco IOS-XE software, Copyright (c) 2005-2025 by cisco Systems, Inc. All rights reserved. Certain components of Cisco IOS-XE software are licensed under the GNU General Public License ("GPL") Version 2.0. The software code licensed under GPL Version 2.0 is free software that comes with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such GPL code under the terms of GPL Version 2.0. For more details, see the documentation or "License Notice" file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software. ROM: IOS-XE ROMMON ip-172-31-34-128 uptime is 13 minutes Uptime for this control processor is 15 minutes System returned to ROM by reload System image file is "bootflash:packages.conf" Last reload reason: Unknown reason This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Technology Package License Information: Controller-managed The current throughput level is 20000 kbps Smart Licensing Status: Smart Licensing Using Policy cisco C8000V (VXE) processor (revision VXE) with 1892243K/3075K bytes of memory. Processor board ID 9NRP91KBRS6 Router operating mode: Autonomous (SD-Routing) 1 Gigabit Ethernet interface 32768K bytes of non-volatile configuration memory. 5000596K bytes of physical memory. 11526144K bytes of virtual hard disk at bootflash:. Configuration register is 0x2102 ip-172-31-34-128#
Enter fullscreen mode Exit fullscreen mode

show running-config 

ip-172-31-34-128#show running-config Building configuration... Current configuration : 6572 bytes ! ! Last configuration change at 14:13:07 UTC Mon Mar 31 2025 by ec2-user ! version 17.15 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption platform qfp utilization monitor load 80 platform sslvpn use-pd platform console virtual ! hostname ip-172-31-34-128 ! boot-start-marker boot-end-marker ! ! vrf definition GS rd 100:100 ! address-family ipv4 exit-address-family ! logging persistent size 1000000 filesize 8192 immediate aaa new-model ! ! aaa authentication login default local aaa authorization exec default local none ! ! aaa session-id common ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! login on-success log ! ! subscriber templating ipv6 unicast-routing ! ! ! crypto pki trustpoint TP-self-signed-3782309302 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3782309302 revocation-check none rsakeypair TP-self-signed-3782309302 hash sha512 ! crypto pki trustpoint SLA-TrustPoint enrollment pkcs12 revocation-check crl hash sha512 ! ! crypto pki certificate chain TP-self-signed-3782309302 certificate self-signed 01 30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030 31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33373832 33303933 3032301E 170D3235 30333331 31343035 34375A17 0D333530 33333131 34303534 375A3031 312F302D 06035504 030C2649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37383233 30393330 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 0100A2BD 2092EB3F 3A9C1C18 F3F04F95 847A5122 82DD97E0 55AC1145 AC91A238 620E6EF8 7994251E F609513A 83229BD3 205F856F 9A229B82 637893F6 7AA314BD D3679CA9 9C0769CF 7DB9FA9E C53D1C59 0EB7B6BE 2C392CEB B7742317 71537E61 75616E30 BC71A24D 67055E3E 69161F5D 285605B6 B21DFB4A 66373B21 A37F6E7E 8C69F1E0 AADD7E8D E5BEA8D3 E9B35588 463C9E4C 48D3C5A3 686AA4F9 C9BEF1A0 562C1EBA 8558F171 F951FEC5 44B18757 C97D86C1 244AE841 DADC83C8 72EA00FA 88B2627D B63D606F 3F11DD47 02F3659C F083873E 7D527288 107C4CD4 F0882E23 A4BADA2D 9519B11A D959CFC4 3C8678A5 D1F7FD46 AC68C88E 097B57DF 952D7F78 2B1F0203 010001A3 53305130 1D060355 1D0E0416 041478EA D363CC8B 89E1CA02 889FD43B EB77A28F 7302301F 0603551D 23041830 16801478 EAD363CC 8B89E1CA 02889FD4 3BEB77A2 8F730230 0F060355 1D130101 FF040530 030101FF 300D0609 2A864886 F70D0101 0D050003 82010100 77AB683C BF306342 7404BD3A 7F54A538 B94BC65C 6491D762 37152441 D4E81FCE 5E25057E E1CDA101 E2C22105 4EB1B56E 9C7B54DC D35D3F60 0C3EFE05 8493EE48 FD45C1F7 ECBBCC6E 0990BE72 6377A712 A80CEE5A 2AEC5738 45D37228 D8C63C7C C256B62B E338558D D942B9A2 15F5DA08 A2FEBEB6 5D097800 AFF524CB 482C4DF9 2CF00BD2 6404A05D E9FCEA15 04350893 91AF7797 D729D3C5 E217711F DB298708 A39658A0 CE12A603 48C9D292 58053BAB 4A0EBC58 874793F4 7E202ABD 28096BE6 43956BC5 CA691329 2BDEA9F6 CD0C2B0A E56BFC15 BEC863EC D7F6D522 F6E5DD03 70BCBB54 AEE7C2F5 1D7A7313 0DAE6D79 6DC7D626 4B60001B 9273BE1E 3AA1B4E1 quit crypto pki certificate chain SLA-TrustPoint certificate ca 01 30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934 3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520 1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE 4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC 7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188 68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7 C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191 C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44 DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201 06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85 4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500 03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905 604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8 467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C 7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B 5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678 80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB 418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0 D697DF7F 28 quit ! ! license udi pid C8000V sn 9NRP91KBRS6 memory free low-watermark processor 189210 diagnostic bootup level minimal ! ! ! ! username ec2-user privilege 15 ! redundancy ! ! ! ! ! ! ! ! ! ! interface VirtualPortGroup0 vrf forwarding GS ip address 192.168.35.101 255.255.255.0 ip nat inside ! interface GigabitEthernet1 ip address dhcp ip nat outside negotiation auto ipv6 address dhcp ipv6 enable ipv6 nd autoconfig default-route ! iox ip forward-protocol nd ip tcp window-size 8192 ! ip http server ip http secure-server ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.31.32.1 ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 172.31.32.1 global ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload ip ssh bulk-mode 131072 ip ssh rsa keypair-name ssh-key ip ssh pubkey-chain username ec2-user key-hash ssh-rsa 20F55DF574092980C9981FCF4472EB7C ip ssh server algorithm publickey ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 ssh-rsa x509v3-ecdsa-sha2-nistp256 x509v3-ecdsa-sha2-nistp384 x509v3-ecdsa-sha2-nistp521 ip scp server enable ! ip access-list standard GS_NAT_ACL 10 permit 192.168.35.0 0.0.0.255 ! ! ! ! ! control-plane ! ! line con 0 stopbits 1 line aux 0 line vty 0 4 transport input ssh line vty 5 20 transport input ssh ! ! ! ! ! ! ! ! app-hosting appid guestshell app-vnic gateway1 virtualportgroup 0 guest-interface 0 guest-ipaddress 192.168.35.102 netmask 255.255.255.0 app-default-gateway 192.168.35.101 guest-interface 0 name-server0 8.8.8.8 netconf-yang feature candidate-datastore sd-routing end
Enter fullscreen mode Exit fullscreen mode

show vlan brief 

ip-172-31-34-128#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
Enter fullscreen mode Exit fullscreen mode

I was unable to execute commands related to show sd-router,
so I suspect that registration with vManage may be required.

Benefits of this article

  • You can touch the Cisco Catalyst C8000V without purchasing a license from Cisco
     ☞☞It lowers the hurdle for verification in personal environments

  • Expand the scope of network design using AWS
     ☞☞Flexible operation is possible because Cisco routers can be built in a WS environment.

However, since this is not the currently released 17.16.X, you will need to take into account the differences with the actual environment.
(Personally, I think it would be better to create a CDK template since it would be nice to be able to test Cisco Catalyst SD-WAN-related items.)

Thank you for reading the article to the end.

Top comments (2)

Collapse
 
kathy_george_918aa1c5d273 profile image
Kathy George

Happy to share I passed the Cisco 700-750 Security Operations Analyst exam with CERTIONARY! This boosts my skills in cybersecurity, threat analysis, and incident response. Excited to apply this knowledge to improve security operations.

Collapse
 
masakiokuda profile image
Masaki Okuda

Good Job👍