Today I'm going to write SD-WAN Overview & Advanced Deployment Lab Part ||
* check out SD-WAN Overview & Advanced Deployment Lab Part | through this link :
Cisco Viptela SD-WAN on your platform:-
The Cisco Viptela SD-WAN solution can deployed on a different platforms is called WAN Edge routers, which are available in different resources , Regardless of which deployment is chosen, all WAN Edge routers will be part of the SD-WAN overlay fabric and managed by vManage.
There are two types of platforms that can be deployed as part of Cisco viptela SD-WAN:
1. Hardware platforms
- vEdge 100 Router
- vEdge 100b Router
- vEdge 100m Router
- vEdge 100wm Router
- vEdge 1000 Router
- vEdge 2000 Router
- vEdge 5000 Router
Integrated Services Router ISR 4000 and Aggregation Services Router ASR 1000 Series which 's running IOS® XE SDWAN
Software.
● Cisco ASR 1000 Series Aggregation Services Routers
● Cisco 1000 Series ISRs
● Cisco 4000 Series ISRs
● Cisco 5400 ENCS
Existing routers must run 17.2.1 or a later release to interoperate with the Cisco IOS XE SD-WAN image. This is because of code changes introduced to support Bidirectional Forwarding Detection (BFD) tunnel building between a vEdge router and Cisco IOS XE based router.
NOTE : Check out this link : https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/sd-wan/white_paper-c11-741071.html
2. Virtual platforms
• Cloud Services Router (CSR) 1000v running IOS XE SD-WAN Software
• vEdge Cloud Router running Viptela OS
NOTE: Virtual platforms can also run on any hypervisor such as KVM or VMware ESXi.
Feature TEMPLATES & Devices TEMPLATES :-
Feature templates are the building blocks for a device’s configuration. Feature templates has three categories < BASIC INFORMATION , VPN ,OTHER TEMPLATES> once you choose the device model device you will see all the available feature .
features templates categories :
- BASIC INFORMATION templates : AAA , Archive ,BFD ,NTP , OMP , Security , System ..
- VPN templates : VPN , VPN Interface Bridge , VPN Interface Ethernet , Management , VPN Interface GRE , VPN Interface IPsec, VPN Interface NATPool, etc ....
- OTHER TEMPLATES: Banner , BGP , Bridge , DHCP Server , IGMP , Logging , Multicast , OSPF, etc...
DEVICES Templet :
Device templates contain a devices complete configuration. You can create device templates by collecting all the feature templates which 's you have done for specific device model, device templates allows customers to configure thousands of devices within few seconds.
NOTE : In case of configuration errors, the template configuration rolls back to its previous state.
LAB Configurations :
BFD Templet:
Configuration ----> Templates ----> features ----> Add Template ---->BFD
WAN Edge OMP
Configuration ----> Templates ----> features ----> Add Template ---->OMP
WAN Edge System
Configuration ----> Templates ----> features ----> Add Template ---->WAN Edge System
NTP
Configuration ----> Templates ----> features ----> Add Template ---->NTP
WAN Edge Security
Configuration ----> Templates ----> features ----> Add Template ---->WAN Edge Security
WAN Edge VPN 0
Configuration ----> Templates ----> features ----> Add Template ---->WAN Edge VPN
WAN Edge interface VPN 0
Configuration ----> Templates ----> features ----> Add Template ----> WAN Edge interface VPN 0 - MPLS.
WAN Edge interface VPN 0
Configuration ----> Templates ----> features ----> Add Template ----> WAN Edge interface VPN 0 - Biz-Internet
WAN Edge VPN 512
Configuration ----> Templates ----> features ----> Add Template ---->WAN Edge VPN 512
WAN Edge VPN 512
Configuration ----> Templates ----> features ----> Add Template ---->WAN Edge VPN 512
WAN Edge interface VPN 512
Configuration ----> Templates ----> features ----> Add Template ---->WAN Edge interface VPN 512
Banner
Configuration ----> Templates ----> features ----> Add Template ----> Banner
WAN Edge VPN Services 1
Configuration ----> Templates ----> features ----> Add Template ----> VPN1
WAN Edge interface VPN Services 1
Configuration ----> Templates ----> features ----> Add Template ---->WAN Edge interface VPN1
WAN Edge VPN DC-Services 1
Configuration ----> Templates ----> features ----> Add Template ----> DC-VPN1
WAN Edge interface VPN DC-Services 1
Configuration ----> Templates ----> features ----> Add Template ----> DC-interface VPN1
DCS-VPN0
Configuration ----> Templates ----> features ----> Add Template ---->VPN
DCS- interface VPN0
Configuration ----> Templates ----> features ----> Add Template ---->wan edge interface
We are going to make Device Templet for the V-smart to move from CLI mode to Vmanage mode so we can push the route & policy to all overlay devices
VSmart template
Configuration ----> Templates ----> features ----> Add Template ---->system
NTP template
Configuration ----> Templates ----> features ----> Add Template ----> NTP
Banner template
Configuration ----> Templates ----> features ----> Add Template ----> Banner
Security template
Configuration ----> Templates ----> features ----> Add Template ----> security
VPN 0 template
Configuration ----> Templates ----> features ----> Add Template ----> vpn
Interface VPN 0 template
Configuration ----> Templates ----> features ----> Add Template ----> Vpn interface
Build the Device Templates for vEdges and V-samrt
Vsmart Device template
Configuration ----> Templates ----> Device ----> vsmart ----> template name
CLI
viptela-system:system
device-model vsmart
host-name v-Smart
system-ip 10.10.10.102
domain-id 1
site-id 100
admin-tech-on-failure
sp-organization-name "Cisco-ARCH"
organization-name "Cisco-ARCH"
clock timezone America/Los_Angeles
vbond 200.200.200.103 port 12346
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
user admin
password $6$siwKBQ==$wT2lUa9BSreDPI6gB8sl4E6PAJoVXgMbgv/whJ8F1C6sWdRazdxorYYTLrL6syiG6qnLABTnrE96HJiKF6QRq1
!
!
logging
disk
enable
!
!
ntp
server 200.200.200.100
version 4
prefer
exit
!
!
omp
no shutdown
graceful-restart
!
banner
login "Welcome To SD-Wan Fabric"
motd "Welcome to SD-Wan Fabric Please if you are not authorized to use the system , log out imedietaly"
!
vpn 0
name VPN-0
interface eth0
ip address 200.200.200.102/24
tunnel-interface
allow-service all
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
allow-service ntp
allow-service stun
!
no shutdown
!
ip route 0.0.0.0/0 200.200.200.100
!
vpn 512
interface eth1
description vSmart-interface-VPN512
ip address 20.20.20.102/24
no shutdown
!
ip route 0.0.0.0/0 20.20.20.100
!
!
!DC vEdges :
CLI
viptela-system:system
device-model vedge-cloud
host-name vedge-DCS
system-ip 10.10.10.211
domain-id 1
site-id 1
admin-tech-on-failure
no route-consistency-check
sp-organization-name "Cisco-ARCH"
organization-name "Cisco-ARCH"
clock timezone America/Los_Angeles
console-baud-rate 9600
vbond 200.200.200.103 port 12346
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
user admin
password $6$siwKBQ==$wT2lUa9BSreDPI6gB8sl4E6PAJoVXgMbgv/whJ8F1C6sWdRazdxorYYTLrL6syiG6qnLABTnrE96HJiKF6QRq1
!
!
logging
disk
enable
!
!
ntp
server 200.200.200.100
version 4
prefer
exit
!
!
bfd app-route multiplier 6
bfd app-route poll-interval 600000
omp
no shutdown
graceful-restart
advertise connected
advertise static
!
security
ipsec
authentication-type sha1-hmac ah-sha1-hmac
!
!
banner
login "Welcome To SD-Wan Fabric"
motd "Welcome to SD-Wan Fabric Please if you are not authorized to use the system , log out imedietaly"
!
vpn 0
name DCS-VPN0
router
ospf
timers spf 200 1000 10000
redistribute static
redistribute connected
area 0
interface ge0/2
exit
exit
!
!
interface ge0/2
description DCS-Interface-VPN0
ip address 211.211.211.2/24
tunnel-interface
encapsulation ipsec
allow-service all
allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
allow-service ntp
allow-service ospf
allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 211.211.211.1
!
vpn 1
name DCS-VPN1
router
ospf
timers spf 200 1000 10000
redistribute static
redistribute connected
redistribute omp
area 0
interface ge0/3
exit
exit
!
!
interface ge0/3
description DCS-Interface-VPN1
ip address 80.80.80.1/24
no shutdown
!
ip route 0.0.0.0/0 80.80.80.2
omp
advertise bgp
advertise ospf external
advertise connected
advertise static
!
!
vpn 512
interface eth1
ip dhcp-client
no shutdown
!
ip route 0.0.0.0/0 20.20.20.100
!
!
!
Stay tuned for part ||| , Press Star if it's helpful for your knowledge !
***** I hope that has been informative for you and thank you *****
Mohamed Alhenawy
CCIE#60453
NEW POST !!!!
Stay Tune for all the series , Coming Sooon
