Cisco ASR Smart Licensing
Cisco ASR Smart Licensing
Smart Licensing on the ASR Platform
This document describes Smart Licensing Software configuration, operation, and troubleshooting on Cisco IOS XR Version 5.2.0 and later. Smart Licensing was developed in order to address licensing requirements management for various features and applications that run on Cisco platforms and Operating Systems (OSs).
The Smart Licensing application runs not only on ASR9000 (ASR9K) for Cisco IOS XR, but also on various platforms that run the Cisco IOS and Cisco IOS-XE OSs. This simple application greatly reduces the effort needed to manage diverse Cisco devices, systems, and platforms and brings much needed simplicity to license management, entitlements, and operational costs.
The method used by the Smart Licensing application is a dynamic ‘pull’ method; the ASR9K device initiates the call and pulls the information from the Cisco backend servers. Cisco backend servers WILL NOT initiate any call or connection to any device, but always respond when the connection requests come from the devices that would like to register and receive entitlement.
The initial setup is secure and easy with very little manual intervention from the operator of the device(s) and can be automated for the larger environments with a regular Tool Command Language (TcL) or Python Expect script. The reporting facilities provided by Cisco backend servers, accessible via a regular browser, will help the customers with bookkeeping of their inventory of devices, features deployed both licensed and out of compliance (OOC) and dynamically move their resources around without the need to reprovision or call for support.
Smart Licensing uses standard HTTP Secure (HTTPS) as the transport mechanism in order to reach the Cisco backend servers. Technically speaking, there is only one line of configuration that is needed in order to enable the Smart Licensing feature on the ASR9K device:
RP/0/RSP0/CPU0:SAMDD(admin-config)#license smart enable
The device defaults to HTTPS transport and upon a successful registration request, immediately queries the backend servers for entitlement. It returns either Authorized, which means the device has the license for the feature, or OOC, which means the entitlement either is not present, missing, or expired.
Note: The license compliance state WILL NOT affect the functionality of the device in any way. The Current Smart Licensing application is based on an honor system and notifies the administrator via syslog or console logs as to the compliance or OOC state. There is no functionality impediment in any way due to licensing or lack thereof. However, Cisco encourages the compliance which gives much more visibility to the customers with regards to their inventory of devices, license consumption, features used per device and in aggregate/sum total, and so on.
Note: HTTP support to the backend servers is being deprecated in CY2019, however HTTP to a satellite server will still work.
Smart Licensing can coexist with Traditional Licensing, but only one of them can be active at any given time. You can switch between them easily with the addition or deletion of the configuration from the administration plane. The ASR9K system does NOT require any reload or restart for this ‘switch’ to take place. Traditional Licensing will be replaced completely with Smart Licensing in future releases.
If an ASR9K device does not use a feature that requires licensing, then automatically the system is in the Authorized State and no further action needs to be taken. Only upon ‘configuration’ of a feature that requires a license will the system try to acquire the license dynamically from the Cisco backend servers.
Traditional Versus Smart Licensing Operations
Here are some differences between the licensing models. Note that only one of them is active at any given time.
This diagram shows the comparison between the two licensing schemes.
Smart Licensing steps are very easy and intuitive. When you purchase the gear/device, you can order the licenses you need at the same time or order them later. Upon fulfillment of the purchase and provisioning of the licenses by Cisco:
- Cisco provides you a username, password, and Uniform Resource Locator (URL) to access license information via a web browser 24×7.
- This account manages licenses, generates reports, groups devices, makes pools of licenses and any other organizational need that facilitates the operational needs of the customer/organization.
- The account allows the customer to generate an idtoken, which uniquely identifies the customer device and the licensing entitlement purchased. The token can be valid from one day to one year. The idtoken can be revoked, deleted, and recreated by the customer at any time. It is a self-help model.
- The Customer uses the idtoken generated in the Cisco provided account in order to register one device or a thousand devices, as there is no limit on how many devices can use the same token. More tips on efficient use of this feature are provided in this document.
- Device registration is persistent and survives across reloads and upgrades of the system. The ASR9K device can be forced to reregister with the old idtoken or a newer one if one wishes, in case of any loss.
- No intervention is needed after registration, the ASR9K system periodically polls the account it has registered with for compliance. If the system is OOC a syslog is generated to warn the user.
Here is a quick tour of the web interface where the registration process begins:
Virtual Account aka License Pool is used to logically house and organize licenses per need of an organization. It is a container of licenses, registered devices for the features that require a license. You can create one pool per site, per department, and so on.
Licenses can be easily transferred from one pool to another.
Idtoken is a key generated by this account, which is used to register the ASR9K devices. It can be valid from one day to one year. The only use for the token is to register the device and after that it is not needed. The token is a stream of text that can be copied into a TcL or Python script in order to automate remote device registration.
For example, you can create a token for one day and send it to a remote site to be used by remote hands for device registration. It expires in one day and remote hands cannot use it in order to register any other device. Even if it is used to register devices that do not belong to your company, you will easily see the device in the Product Instance Tab and can take actions in order to revoke the license.
Report dynamically generates various forms of inventory and can be exported into an Excel format for offline use, bookkeeping, or analysis.
The License Tab displays the licenses requested by various ASR9K devices, which shows the count and state of each license. The Transfer link item can be used when you click on it directly and easily transfers licenses to and from any pool in the account.
This example takes a look at how to upgrade from Traditional Licensing to Smart Licensing. Note that in some cases Smart Licensing might be the default.
In order to check Traditional Licensing, a few commands can be run from the admin plane. Here are a few which have different outputs when compared to Smart Licensing.
Note: Traditional licensing is the default licensing mode in Cisco IOS XR releases 5.3.0 and earlier
A subset of Traditional Licensing commands can also be run from exec plane, but it is a good idea to run them from the admin plane, which has the full list.
Smart Licensing has not been enabled yet, but this is what the system displays.
Even though no configuration is applied, the default built-in profile of call_home uses HTTPS, which points to the Cisco backend servers via the systems management ports. See more on call_home later in this document.
For a bare minimum configuration, you only need steps 1 and 4. The rest of the steps are for information, verification, and reporting.
1- In admin mode, enter these commands:
2- In exec mode configure more knobs, such as email address, or use this default profile which is generated automatically when the admin configuration is committed.
3- In admin mode, check the Smart Licensing version:
4- In admin mode, enter this command:
5- Query for the status of the operation:
6- On this system there are few features configured that require licenses and this output indicates the status of ‘Out of compliance’:
7- Look at the commands you used in Traditional Licensing, which have different output.
Either the Smart Licensing OR the Traditional Licensing CLI is available at any given time, not both.
The pool name is used to organize/categorize devices. You can use one pool per region/geography, or department or functional area, or financial groupings, and so on. Each company can decide how they would like to pigeonhole licenses. Also note that it is very easy to use your normal browser in order to view, change, or move licenses between pools, add or change the license counts, and do so easily without any help from Cisco, independently, around the clock.
8- From here on, the system checks every day for compliance automatically. If there is a failure, the system tries every 20 minutes for four hours and after that once a day for 30 days. Syslog messages are printed, which indicate the connectivity, reachability, communication, and so on reasons for failures. Debugging is discussed more later in this document.
9- In order to deregister the device, enter these commands:
10- In order to find out what licenses are available on a given chassis, enter this command: