Showing results for 
Search instead for 
Did you mean: 

APIC-EM/IWAN App in existing network?

Apologies if this has been addressed already and I have just not found the answer.

I can't seem to wrap my head around using the APIC_EM in conjunction with the IWAN App to deploy IWAN in an existing WAN.  All of the sites in question already have been deployed (Legacy), with site specific Vlan's, etc from each location.  These Sites run BGP across MPLS.

I have two questions:

  1. When I begin the Hub site deployment in APIC-EM, I get as far as assigning my IP pools.  I am afraid to continue past this point (as these pools can't be changed once saved from what I understand).  I only want APIC-EM to deploy DMVPN to the Hub and existing branch routers, and NOT change or modify any existing configuration on the routers, like IP addresses, sub interfaces, etc.  All I want it to do is deploy the tunnel's.  This is probably easy, and I am overthinking it...So basically my deployment will be brownfield using the IBLOCK deployment model.  All I need APIC-EM to do is deploy DMVPN first, then I'll address QoS and PfRv3 later.
  2. In our current deployment, we have two MPLS ASR's (CE devices), and two Internet ASR's (CE).  Each ASR has a circuit to a different provider.  These ASR's are currently in the same datacenter location.  We only purchased two ASR's for the Hub border routers, one for MPLS and one for the Internet that will sit behind the actual CE routers.  I need to deploy IWAN to utilize all 4 of these paths out of the hub routers via DMVPN.  I also can't seem to find this as an actual deployment model.  Would I end up with two different tunnel interfaces on the MPLS side and two on the internet side?  Then from the branch, have 4 different tunnels depending on the path that is needed?

I am on the latest release of APIC-EM (installed last week).  I have the Hub routers discovered, and the Hub MC on the CSR 1000v.

I appreciate any guidance, and sorry for the long questions...

Thanks in advnace - Hoop.

EDIT:  Attached LND for Review


I have actually answered all of these questions by trial and error.

I have been searching for an answer to the same questions.  Could you please assist me with what you discovered?

If you have specific questions in the areas mentioned in the original question above, feel free to reveal more. However, here's the generic answer:

In existing network (brownfield scenarios) we do support iWAN provisioning through App for both hub sites and remote branches. We run a set of validations on devices that are intended to be a part of hub/branch site to make sure there're no conflicts between what's already existing on the devices and what will be pushed through iWAN App. In addition to detecting and flagging conflicting config, we also run a few housekeeping checks to make sure the devices have correct IOS version and licensing, NTP clock sync etc. for the provisioning to go through.

Again, if you want to ask about specific scenarios, it'd be of help to describe them in a separate discussion. We'd be glad to help.

Recognize Your Peers
Content for Community-Ad