Cisco Cisco Packet Data Gateway (PDG)
Introduction to VPC-VSM
Feature Set ▀
VPC-VSM System Administration Guide, StarOS Release 19 ▄
21
Feature Set
Interfaces and Addressing
The VM is represented as a virtual card with a single CPU subsystem. This makes many CLI commands, logs, and
functions work similarly to StarOS running on ASR 5x00 platforms.
functions work similarly to StarOS running on ASR 5x00 platforms.
Applications written for StarOS see VPC-VSM as just another platform with a one-slot virtual chassis supporting a
single virtual card.
single virtual card.
StarOS concepts of contexts, services, pools, interfaces, cards, and ports exist on VPC-VSM just as on existing
platforms.
platforms.
When the VM boots, the vNICs configured in the VM profile are detected and an equivalent number of ‘Virtual
Ethernet’ type ports appear in the StarOS CLI.
Ethernet’ type ports appear in the StarOS CLI.
VPC-VSM assigns the vNIC interfaces in the order offered by the hypervisor.
First interface offered by the hypervisor: 1/10 for service traffic.
Second interface offered by the hypervisor: 1/11 for service traffic.
Third interface offered by the hypervisor: 1/1 for management.
It is critical to confirm that the interfaces listed in the supported hypervisors line up with the KVM BR group in
the order in which you want them to match the VPC-VSM interfaces.
You cannot be guaranteed that the order of the vNICs as listed in the hypervisor CLI/GUI is the same as how the
hypervisor offers them to VPC-VSM. On initial setup you must use the show hardware CLI command to walk
through the MAC addresses shown on the hypervisor's vNIC configuration and match them up with the MAC
addresses learned by VPC-VSM. This will confirm that the VPC-VSM interfaces are connected to the intended
BR group/Vswitch.
through the MAC addresses shown on the hypervisor's vNIC configuration and match them up with the MAC
addresses learned by VPC-VSM. This will confirm that the VPC-VSM interfaces are connected to the intended
BR group/Vswitch.
Encryption
VPC-VSM performs encryption and tunneling of packets using the VSM crypto hardware. This hardware facilitates call
models that make heavy use of encryption for bearer packets or have significant PKI (Public Key Infrastructure) key
generation rates.
models that make heavy use of encryption for bearer packets or have significant PKI (Public Key Infrastructure) key
generation rates.
For additional information, see the IPSec Reference.
Security
Security of external traffic including tunneling, encryption, Access Control Lists (ACLs), context separation, and user
authentication function as on existing StarOS platforms. User ports and interfaces are protected through StarOS CLI
configuration.
authentication function as on existing StarOS platforms. User ports and interfaces are protected through StarOS CLI
configuration.