cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

933
Views
0
Helpful
7
Replies

Vmanage Active/Standby in standalone mode .

Hi Friends , 

I want to setup my vmanage in active standby mode . Both my Vmanage are in different geo locations . 

i did following steps till now :- 

Added root certificate in both vmanages ( both location vmanages )  . 

added Vsmart and vbond in Primary vmanage and completed certificate process from primary Vmanage . 

 

My Doubts :- 

Do i need to add vsmart and vbond in standby vmanage as well and do certificate from there as well . 

Do i need to do Cluster of both vmanages , as in document it says Device page should have both vmanages Display . (

On the standby vManage(s), navigate to Configuration ► Devices ► Controllers. Verify that the page displays all vManage(s)
for active and standby systems ). 

 

If any one tried this type of setup ( vmanages in east/west cost ) , helpfull if they share steps they followed from beginning to end . 

 

I checked documents provided by cisc

7 REPLIES 7
Kanan Huseynli
Participant

Hi,

 

normally (prior to Disaster Recovery), you should configure your network like you have 1 vmanage, active vmanage/ vbond(s) / vsmarts(s) and your overlay is ready.

The 2nd vmanage should have been configured with respective initial configuration (system ip, site id, vbond, dns , VPN512/VPN0 etc) with certificate and its VPN0 interface should be disabled (shutdown) to avoid any issue or misconfig. You don't need anything to do till DR happens. You must have vmanage backup that you did via CLI and "request nms configuration-db backup path [path] command.

 

When your active fails and you need to do recovery (DR), then you should follow below steps:

connect to standby vmanage's CLI and do recovery using "request nms configuration-db restore path [path]".

connect to standby vmanage's GUI and verify that all controllers (previous active) are seen in device list.

you should add standby vmanage to overlay by editing each vbond, entering its IP address and username&password. Doing this, vbond(s) aware of additional new - vmanage.

disconnect previous active vmanage to avoid any issue when it comes up. Do it by shutdown its VPN0 interface or disable interface from hypervisor's VM configuration.

send controller cerfiticatio to vbonds via "configuration->certificates->controllers->send to vbond"

send authorized vedge list to controllers via "configuration-certificates-vedge list-send to controllers".

 

Above general steps you should follow and based on them let me answer your questions:

 

1) Do i need to add vsmart and vbond in standby vmanage as well and do certificate from there as well ?

A: no, it is enough standby to have certificate. Controllers will be known to vmanage, when you do recovery using CLI command. vBonds will know new vmanage, when you edit each ot them (re-authorize) in vmanage GUI.

 

2) Do i need to do Cluster of both vmanages , as in document it says Device page should have both vmanages Display ...?

A: Clustering is totally different thing where you should have 3 vmanages, all will be active, you should follow special guidelines and requirements for clustering. Active/Standby (cold standby) is simple recovery method when vmanage fails in network. What guide says (device page should have both vmanages) happens when you do recovery with CLI command. After command is executed new active (old standby) displays all controllers known by old active vmanage (all vsmarts,all vbonds, old active vmanage itself). Additionally, new active should itself too. Hence, you have 2 vmanages in device list.

Note: I normally, remove old vmanage (previous active) after recovery. Just purge its certificated and make invalid, send to controllers.

 

HTH,

Hi Kanan , 

Thanks for your Valuable Reply . 

As i understand i just need to make standby Vmanage Vm ready and to Vmanage Certificate thats all , i dont need to add vbond and vsmart untill i perform DR . 

 

once i plan to perform DR i need to take backup and restore this in Standby Vmanage via cli , once i do this i will be able to see all controllers in standby Vmanage . 

i don't need to do any controllers certificate again for this. 

 

 

Kanan Huseynli
Participant

Hi again,

 

As i understand i just need to make standby Vmanage Vm ready and to Vmanage Certificate thats all , i dont need to add vbond and vsmart untill i perform DR

 

-Exactly!

 

once i plan to perform DR i need to take backup and restore this in Standby Vmanage via cli , once i do this i will be able to see all controllers in standby Vmanage .

 

-Just do regular backup after each major change. Because if active is not available somehow, you may not do DB backup when failure happens. You should have DB backup before failure, when active works normal.

 

HTH,

hi @Kanan Huseynli 

I tried solution you guided and successfully able to do disaster recovery of Vmanage , i observerd after DR vmanage is up and DC is down and i invalidated DC vmanage still in Vedge when i do show control valid vmanage-id it shows old vmanage id but all control plane up.

Hi,

 

what do you mean "DC is down" ?

 

are you using different system-ip for different vmanages? Normally, after DR you should disable interface on previous active vmanage (shutdown port or disconnect port in hypervisor)

 

regards,

Hi @Kanan Huseynli 

i did below setup 

DC Vmanage :- System-ip 1.1.1.1 , Site-id = 1 . ORG-name =same on both vmanage

 

DR Vmanage :- System-ip 2.2.2.1 site-id = 2 .

 

once i upload Backup from DC to Dr i disabled tunnel interface in DC vmanage and then enabled Tunnel interfce in DR . 

 

then from GUI i invalidated DC vmanage . 

 

 

Kanan Huseynli
Participant

Hi,

 

Looks like normal.

then how do you see connection with old vmanage? It should be down,because you shutdown DC vmanage interface.

By the way, please don't forget to rate if initial answer satisfies you.

 

HTH,