Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1345
Views
1
Helpful
0
Comments

Sastre for Migration

mmanusan
Cisco Employee
Cisco Employee

‎06-20-2023 02:29 PM - edited ‎07-31-2023 06:48 AM

 

Introduction

Sastre provides functions to assist with managing configuration elements and visualize information from Cisco SD-WAN deployments. We could run this tool on a PC, workstation, or even a server.

Some use cases include:

  • Transfer configuration from one vManage to another. Lab or proof-of-concept environment to production, on-prem to cloud environments as examples.
  • Backup, restore, and delete configuration items. Tags and regular expressions can be used to select all or a subset of items.
  • Visualize operational data across multiple devices. For instance, display the status of control connections from multiple devices in a single table.
  • Backup vManage, use the archive file on convert2sdwan which helps with converting vEdge templates to Cisco Edge Templates

Sastre is available in two flavors:

  • Sastre: This tool is available for everyone. It is open source under an MIT license available from Cisco DevNet Repository. Supports a limited set of tasks.
  • Sastre-Pro: This is Cisco licensed version, supporting the full feature set. Sastre-Pro is available for customers with CX BCS Subscription and is available for Cisco employees at Cisco eStore.

In this document, our focus is on Sastre and how we could use that for Migration from vEdge to Cisco Edge routers.

 

Installation

The steps below include the installation of Sastre on a MAC Laptop or Linux Server. Sastre requires Python 3.8 or a newer version. We could verify by executing the below command on the terminal:

% python3 -c "import sys;assert sys.version_info>(3,8)" && echo "ALL GOOD"

If that returns ‘ALL GOOD’, then we have the required version of Python on the system to install the Sastre or Sastre-Pro.  If not, then install the latest Python version from python.org.

We have 2 options to install Sastre

  • Using PIP
  • Using GitHub

 

PIP Install

Before  we begin pip installation, we need to set the environment and then do install Sastre using pip

Create a directory to store the virtual environment and runtime files:

mkdir sastre
cd sastre

 

Create a virtual environment:

python3 -m venv venv

 

Activate the environment:

source venv/bin/activate

 

Upgrade initial virtual environment packages:

python3 -m pip install --upgrade pip setuptools

 

Install Sastre:

python3 -m pip install --upgrade cisco-sdwan

 

Verify that Sastre is running

sdwan --version

 

GitHub Install

The steps below will provide details on how to install Sastre using the GitHub repository.

 

Clone from GitHub repository:

git clone https://github.com/CiscoDevNet/sastre

Move to the clone directory

cd sastre

 

Create a virtual environment:

Python3 -m venv venv

 

Activate the environment:

source venv/bin/activate

 

Upgrade initial virtual environment packages:

python3 -m pip install --upgrade pip setuptools

 

Install required Python Packages:

pip install -r requirements.txt

 

Verify that Sastre is running

python3 sdwan.py --version

 

Prerequisites

  • Either 'sdwan' or 'sastre' can be used as the main command.
  • The command line described above, and in all examples that follow, assumes Sastre was installed via PIP.
  • If Sastre was cloned from the git repository, then 'sdwan.py' or 'sastre.py' should be used instead. Please check the Installation section above for more details.

 

Sastre Usage

We have installed the Sastre tool either using pip install or from GitHub repository. The command line is structured as a set of base parameters, the task specification followed by task-specific parameters:

sdwan <base parameters> <task> <task-specific parameters>

Base parameters define global options such as verbosity level, vManage credentials, etc.

Task indicates the operation to be performed. The following tasks are currently available:

  • Backup: Save vManage configuration items to a local backup.
  • Restore: Restore configuration items from a local backup to vManage.
  • Delete: Delete configuration items on vManage.
  • Migrate: Migrate configuration items from a vManage release to another. Currently, only 18.4, 19.2 or 19.3 to 20.1 is supported. Minor revision numbers (e.g. 20.1.1) are not relevant for the template migration. Find the latest information on GitHub
  • Transform: Modify configuration items. Currently, copy and rename operations are supported.
  • Attach: Attach WAN Edges/vSmarts to templates. Allows further customization on top of the functionality available via "restore --attach".
  • Detach: Detach WAN Edges/vSmarts from templates. Allows further customization on top of the functionality available via "delete --detach".
  • Certificate (Sastre-Pro): Restore device certificate validity status from a backup or set to a desired value (i.e. valid, invalid or staging).
  • List (Sastre-Pro): List configuration items or device certificate information from vManage or a local backup.
  • Show-template (Sastre-Pro): Show details about device templates on vManage or from a local backup.
  • Report (Sastre-Pro): Generate a customizable report file containing the output of multiple commands. Also, provide the option to generate a diff between reports.
  • Show (Sastre-Pro): Run vManage real-time, state, or statistics commands; collecting data from one or more devices. Query vManage alarms and events.

Task-specific parameters are provided after the task argument, customizing the task behavior. For instance, whether to execute a restore task in dry-run mode or the destination directory for a backup task.

Delete and Restore tasks have dryrun option.

Using the Dryrun option does not send the API call to do the action but it simulates the task so you can double-check with the verbose option the actions before sending the API to modify vManage configuration.

NOTE: The focus of this document is the Sastre tool usage for migration only.

 

Backup vManage config

The below command will help take a backup of Device Templates, Feature Templates, Local Policy, and Centralized Policy from the vManage all at once or we could backup specific information we want from the vManage

sdwan --verbose backup <tag>

one or more tags for selecting items to be backed up. Multiple tags should be separated by space. Available tags: all, policy_customapp, policy_definition, policy_list, policy_security, policy_vedge, policy_voice, policy_vsmart, template_device, template_feature. The special tag "all" selects all items, including WAN edge certificates and device configurations.

Example to backup everything from vManage: “sdwan –verbose backup all”

Provide the information at the prompt for vManage IP, username, and password. Once the backup is done, the backup file will be saved under the data directory.

  • Sample output for complete Sastre backup from lab vManage:
MMANUSAN-M-G7G2:sastre mmanusan$ sdwan  --port 8443 --verbose backup all
vManage address: 198.18.133.200
vManage user: admin
vManage password:
INFO: Backup task: vManage URL: "https://198.18.133.200:8443" -> Local workdir: "backup_198.18.133.200_20230613"
INFO: Saved vManage server information
INFO: Saved WAN edge certificates
INFO: Saved device template index
INFO: Done device template Factory_Default_ISR_4331_V01
INFO: Done device template Default_SDBranch_C8000V_Template_V01
<snap>
INFO: Done community list OMP2BGP
INFO: Task completed successfully
MMANUSAN-M-G7G2:sastre mmanusan$ 
MMANUSAN-M-G7G2:sastre mmanusan$  cd data
MMANUSAN-M-G7G2:data mmanusan$ ls -lrt
total 0
drwxr-xr-x  10 mmanusan  staff  320 Jun 13 14:57 backup_198.18.133.200_20230613
MMANUSAN-M-G7G2:data mmanusan$
  • Sample output for Policy_definition Sastre backup from lab vManage:
MMANUSAN-M-G7G2:sastre mmanusan$ sdwan  --port 8443 --verbose backup policy_definition
vManage address: 198.18.133.200
vManage user: admin
vManage password:
INFO: Backup task: vManage URL: "https://198.18.133.200:8443" -> Local workdir: "backup_198.18.133.200_20230613"
INFO: Previous backup under "backup_198.18.133.200_20230613" was saved as "backup_198.18.133.200_20230613_1"
INFO: Saved vManage server information
INFO: Saved rewrite-rule policy definition index
INFO: Done rewrite-rule policy definition REWRITE-POLICY
INFO: Saved QOS-map policy definition index
INFO: Done QOS-map policy definition WAN-QOS
INFO: Done QOS-map policy definition G_184_QoS-Map_V02
INFO: Saved ACL policy definition index
INFO: Done ACL policy definition QOS-ACL
INFO: Done ACL policy definition G_QoS_ACL_IPv4_v03
INFO: Saved edge-route policy definition index
INFO: Done edge-route policy definition BGP_FROM_DC
INFO: Done edge-route policy definition BGP_TO_DC
INFO: Saved control policy definition index
INFO: Done control policy definition HS-to-vEdge-spokes
INFO: Done control policy definition HS-to-vEdge-Hubs
INFO: Done control policy definition HS-to-cEdge-spokes
INFO: Done control policy definition HS-to-cEdge-Hubs
INFO: Task completed successfully
MMANUSAN-M-G7G2:sastre mmanusan$
  • Sample output of Device template backup from lab vManage:
MMANUSAN-M-G7G2:sastre mmanusan$ sdwan  --port 8443 --verbose backup template_device
vManage address: 198.18.133.200
vManage user: admin
vManage password:
INFO: Backup task: vManage URL: "https://198.18.133.200:8443" -> Local workdir: "backup_198.18.133.200_20230613"
INFO: Previous backup under "backup_198.18.133.200_20230613" was saved as "backup_198.18.133.200_20230613_2"
INFO: Saved vManage server information
INFO: Saved device template index
INFO: Done device template Factory_Default_ISR_4331_V01
INFO: Done device template Default_SDBranch_C8000V_Template_V01
<snap>
INFO: Done device template Branch_single_vEdge_v2_vedge-CSR-1000v_3157
INFO: Task completed successfully
MMANUSAN-M-G7G2:sastre mmanusan$

 

Restore vManage config

This option will help with migration, where you want to update the converted config (vEdge to Cisco Edge) config using convert2sdwan.cisco.com or move the templates from lab overlay to prod overlay or want to restore the config from backup to the vManage itself, this option is very helpful.  The command helps restore the templates to vManage.

sdwan --verbose restore all --workdir <folder name>
  • Sample output of Sastre restore all from lab vManage (this file is the Sastre archive after converting the vEdge template to the cEdge template using the convert2sdwan tool):
MMANUSAN-M-G7G2:sastre mmanusan$ sdwan --verbose --port 8443 restore all --workdir sastre-archive_3157
vManage address: 198.18.133.200
vManage user: admin
vManage password:
INFO: Restore task: Local workdir: "sastre-archive_3157" -> vManage URL: "https://198.18.133.200:8443"
INFO: Loading existing items from target vManage
INFO: Identifying items to be pushed
INFO: Inspecting template_device items
<snap>
INFO: Done: Create device template Branch_single_vEdge_v2_vedge-CSR-1000v_3157
INFO: Task completed successfully
MMANUSAN-M-G7G2:sastre mmanusan$
  • Sample output of Sastre restore specific config template to lab vManage
MMANUSAN-M-G7G2:sastre mmanusan$ sdwan --verbose restore template_device --workdir sastre-archive_3157 --regex "Branch_single_vEdge_v2"
vManage address: 198.18.133.200:8443
vManage user: admin
vManage password: 
INFO: Restore task: Local workdir: "sastre-archive_3157" -> vManage URL: "https://198.18.133.200:8443"
INFO: Loading existing items from target vManage
INFO: Identifying items to be pushed
INFO: Inspecting template_device items
INFO: Inspecting template_feature items
INFO: Inspecting policy_vsmart items
INFO: Inspecting policy_vedge items
INFO: Inspecting policy_security items
INFO: Inspecting policy_voice items
INFO: Inspecting parent_policy_definition items
INFO: Inspecting policy_definition items
INFO: Inspecting policy_list items
INFO: Inspecting policy_customapp items
INFO: Pushing items to vManage
INFO: Done: Create device template Branch_single
  • Sample output of restoring specific Policy to lab vManage. Restore task creates Dependencies, this means that it creates all features templates or policies lists that the template or policy needs but does not exist on the current vManage configuration.
MMANUSAN-M-G7G2: sastre mmanusan$ sdwan --verbose restore policy_vsmart --workdir backup_10.88.244.47_20230703 --regex "hubandsopkes"

INFO: Restore task: Local workdir: "backup_10.88.244.47_20230703" -> vManage URL: "https://10.88.244.30:5376"
INFO: Loading existing items from target vManage
INFO: Identifying items to be pushed
INFO: Inspecting policy_vsmart items
INFO: Inspecting policy_vedge items
INFO: Inspecting policy_security items
INFO: Inspecting policy_voice items
INFO: Inspecting parent_policy_definition items
INFO: Inspecting policy_definition items
INFO: Inspecting policy_list items
INFO: Inspecting policy_customapp items
INFO: Pushing items to vManage
INFO: Create site list SiteList_70 (dependency)
INFO: Create site list spokes (dependency)
INFO: Create VPN list Prod01 (dependency)
INFO: Create Hub-and-spoke policy definition hubandsopkes (dependency)
INFO: Create VSMART policy hubandsopkes
INFO: Task completed successfully

Workflow with Migration

  1. Take backup from vManage using the backup option
  2. Use the backup file on convert2sdwan.cisco.com for the “Sastre Archive” workflow
  3. Select the required templates that we want to migrate from vEdge to Cisco Edge
  4. Once the conversion is completed from the tool, we could download the Sastre archive copy and upload them to vManage using the restore option
Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents