CNM
This chapter covers some aspects related to the service cnm tool,
which allows you to configure the Cloud Net Manager (CNM) service in OSDx.
CNM is a service that offers the capability to manage network devices. It provides a centralized platform for controlling devices such as routers and access points.
It is worth noting that you have to set up an external CNM server, which uses a REST API, from where you will be able to manage the network devices. This server’s URL will be used to configure the CNM service on the router or access point, therefore it is important to check that the device has access to this URL.
Note
Before you start setting up this service, please verify that the CNM functionality is enabled in your license. For additional information, please refer to the licensing documentation.
Configuration
This is the syntax to set up service cnm:
set service cnm [ ... ]
To set up CNM on your device, you must configure, at least, the next parameters:
role <ROLE>, which can be specified to be eitherrouterorap.
url <URL>, which is the URL of the Cloud Network Manager you want to use.
After configuring the Router or Access Point from the OSDx CLI, you have to provision the device from the CNM web you specified.
To start a new provisioning, navigate to the following path in the CNM web interface: Devices -> be.Manager -> Provision -> New
or <URL>/web/bemanager/provision/new. You can also accomplish this by using the CNM Rest API.
If you have set up an
alternate-idusingservice cnm alternate-id <txt>, use it as the ID in the Device General Information.Another way to provision the device is to enter the Serial number in the Device General Information, along with the DVC, which is written on the label on the back of the device.
Finally, in the same form, select whether the device type is a router, an access point or an application host.
Important
Once the device has been set up and provisioned, running the service cnm show command
should display the current status of the CNM service.
If the service is running correctly, the state should indicate that the CNM service state is CONNECTED.
If there are any issues with the service, error messages will be displayed here.
Always ensure to check this after provisioning to confirm that the device has been set up correctly.
Additional configuration commands available include:
auth dont-verify-server, to skip SSL server authentication. This might be necessary in certain scenarios where the server’s SSL certificate is not available or cannot be verified.
dhcp, to enable the discovery of CNM configuration settings via DHCP, such as the CNM URL.
disable, to completely disable CNM management in the device.
local-address, to specify which of the device’s IP addresses the CNM service should use.
local-interface, to specify which of the device’s interfaces the CNM service should use.
local-vrf, to specify which of the device’s VRF domain names the CNM service should use.
mark, to choose a specific number to mark CNM traffic. This can be useful for traffic identification and management purposes.
monitor, to configure the monitoring of events. This can be useful for keeping track of significant events or changes in the network environment. The events that can be monitored are:advisor,alarm,bgp,interface,nhrpandoperation(for Network and Service Management, or NSM).
startup-delay, to set a delay time before starting CNM management.
vrf-mark, to choose a specific VRF to mark CNM traffic. This can be useful in network environments that use VRF for network segmentation and isolation, and you want to mark the traffic for a specific VRF.
See Configuration commands for further details.
Set up
The most basic set up that you can try is to add a single device to the CNM server.
In this case, we will use a router and a CNM server, with the URL <CNM_URL>.
First of all, configure the router to have access to the network and set the CNM parameters:
set interfaces ethernet eth0 address dhcp
set service cnm role router
set service cnm url <CNM_URL>
set service cnm alternate-id <ID>
Then, provision the router from the CNM server:
Go to
<CNM_URL>/web/bemanager/provisionand click on+ New.Select Only one device in Number of devices and click on Continue.
In the Device General Information page:
Enter a self-descriptive Device name, for example
MAIN-RS420.Select Router in Device Type.
In the ID field, enter the
<ID>you configured earlier in the router.
Click on Continue until you arrive to the Zero-touch mode page.
Select the Automatic activation mode and click on Done.
Finally, check that the connection between the router and the CNM server has been made successfully:
admin@osdx$ service cnm show
CNM Server URL: <CNM_URL>
CNM State Machine State: CONNECTED
Last successful connection: Wed Oct 25 09:17:09 2023
Stats (Total | Fail):
Load Configuration: 0 | 0
Purge Security: 0 | 0
Wait-Confirm messages: 0 | 0
Confirm Config: 0 | 0
CACert chain updates: 0 | 0
Errors:
Requests to CNM Server failed: 1
Authentication errors: 1
Registering errors: 0
Last error: http response code: 403 (23/10/2023 12:34:56)
If it isn’t connected, you might have to wait for the router to contact the server.
The service cnm poll-interval <u32> command can be used to configure the
time interval between the router’s connections to the CNM server. By default, this occurs every 30 seconds.
You can find here more detailed examples.
Monitoring
The following operational command can be used to retrieve the status of CNM: service cnm show.
Example:
admin@osdx$ service cnm show
CNM Server URL: <CNM_URL>
CNM State Machine State: Not connected. No SSL certificate available
Stats (Total | Fail):
Load Configuration: 0 | 0
Purge Security: 0 | 0
Wait-Confirm messages: 0 | 0
Confirm Config: 0 | 0
CACert chain updates: 0 | 0
Errors:
Requests to CNM Server failed: 0
Authentication errors: 0
Registering errors: 0
Moreover, you can use the service cnm monitor configuration command to set up monitors that will track system events.