cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

979
Views
35
Helpful
25
Replies
Highlighted

Re: Ask Me Anything - Getting to know Cisco SD-WAN

I am trying to get IPS up on my SD-WAN deployment, and I need to create a Signature list to apply on my Security Policy. All routers already have the IPS engine running.

 

Please help me understand what needs to go in the "IPS Signatures" field. Is there a best practice?

 

Thank you.

Beginner

Re: Ask Me Anything - Getting to know Cisco SD-WAN

im using Cisco csr 1000v ios-xe 3.15 downloaded from cisco web site,and i want to use it to implement Cisco Intelligent wan lab for study project ,the image worked well in VmWare but i want to know if the router will ask for license latter.
Highlighted
Cisco Employee

Re: Ask Me Anything - Getting to know Cisco SD-WAN

Hello!

IOS XE SD-WAN is supported in the following platforms, unfortunately it is not supported in CSR virtual routers, please refer to the following link:

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/hardware-and-software-installation.html#c_Software_Installation_and_Upgrade_for_Cisco_IOS_XE_Routers_12017.xml

It is worth to mention that once you setup your SD-WAN image in your IOS-XE Router, it won't be using the traditional Cisco Licensing but the Smart Licensing. More information about Smart License can be found below:

https://www.cisco.com/c/en/us/products/software/smart-accounts/software-licensing.html

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/smart-licensing/qsg/b_Smart_Licensing_QuickStart/b_Smart_Licensing_QuickStart_chapter_00.html

Thanks for your question!
Highlighted

Re: Ask Me Anything - Getting to know Cisco SD-WAN


@juaflor2 wrote:
Hello!

IOS XE SD-WAN is supported in the following platforms, unfortunately it is not supported in CSR virtual routers, please refer to the following link:

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/hardware-and-software-installation.html#c_Software_Installation_and_Upgrade_for_Cisco_IOS_XE_Routers_12017.xml

It is worth to mention that once you setup your SD-WAN image in your IOS-XE Router, it won't be using the traditional Cisco Licensing but the Smart Licensing. More information about Smart License can be found below:

https://www.cisco.com/c/en/us/products/software/smart-accounts/software-licensing.html

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/smart-licensing/qsg/b_Smart_Licensing_QuickStart/b_Smart_Licensing_QuickStart_chapter_00.html

Thanks for your question!

Sorry, what do you mean CSR doesn't support IOS-XE SD-WAN?

 

Here I see it's listed as supported :

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/release/notes/xe-16-11/sd-wan-rel-notes-19-1.html#id_102931

 

 

Highlighted
Beginner

Re: Ask Me Anything - Getting to know Cisco SD-WAN

Hi,

 

I have a question regarding vEdge routers in Viptela SD-WAN.

 

From my understanding vEdge router simply forwards traffic according to the information from vSmart, so all the route calculation happens in the Control Plane with vSmart controllers.

 

Are vEdge routers essentially like CEF? Does it also have to calculate some paths, since they can run OSPF and BGP or do they truly just forward traffic?

 

Could you please elaborate on how this vEdge router acts as a DATA PLANE? I don't quite understand why was data plane and control plane separated if vEdge has to calculate ospf and bgp routes.

 

Thank you! :)

 

Highlighted

Re: Ask Me Anything - Getting to know Cisco SD-WAN

Hello, 

 

  vEdge have to do route calculation if you activate OSPF or BGP on LAN side towards your equimpements. vEdge will behave as a normal router and will execute the configuration sent from the controller.  

 

  When we say control and Dataplane separated, this does not mean that vEdge don't run any calculation. 

 

  However, all the configuration, athentication, IPSEC key renewal management are managed by the control part.  

 

Thanks

Highlighted

Re: Ask Me Anything - Getting to know Cisco SD-WAN

Adding up here to complement.

 

The routers can have a local configuration (CLI mode) or a global policy (vManage mode + centralized policy).

 

When we refer them as acting in the data plane is meant to highlight a couple of points:

 

  1. As with any SDN-related solution, control, data and management planes are decoupled. Quite different than with common networking where all the planes are held by the same router/device
  2. Their tasks are mostly about performing traffic forwarding decisions - as any other router would - with either a centralized or localized policy (E.g. QoS, Application Aware Routing, ACLs) without holding the complete load for the control plane decisions. Those control plane related matters are mostly handled by vSmart.

As mentioned earlier, this does not mean they do not perform any calculation, they simply offload most of the heavy-lifting tasks to vSmart.

 

Hope it helps! :)

Highlighted
Beginner

Re: Ask Me Anything - Getting to know Cisco SD-WAN

Hi

is it possible to use Port-channel on ISK4K for SDWAN vpn 0 connections?

For example i am trying to configure int Port-Channel1.301 and Tunnel1301 (or 301), but when commit -

Router(config-subif)# commit check
Failed: 'interface': VRF get failed for Port-channel1.301

 

 

 

configuration example :

interface GigabitEthernet0/0/2
 no ip address
 negotiation auto
 channel-group 1 mode active
!
interface GigabitEthernet0/0/3
 no ip address
 negotiation auto
 channel-group 1 mode active
!
interface Port-channel1
 no ip address
 no negotiation auto
!
interface Port-channel1.301
 encapsulation dot1Q 301
 ip address X.X.X.X 255.255.255.240
!
interface Tunnel301
ip unnumbered Port-channel1.301
tunnel source Port-channel1.301
tunnel mode sdwan
!
sdwan
!
interface Port-channel1.301
tunnel-interface
encapsulation ipsec
color public-internet
!

Highlighted

Re: Ask Me Anything - Getting to know Cisco SD-WAN

Hi,

Im wondering if the following problem is possible to solve:

 

R1 has red and blue tunnels

R2 has red only

R3 has blue only

A common service vpn on all 3 (vpn 600)

Omp set to redistribute connected

 

R1 learns vpn 600 subnets from R2 and R3 via omp

R2 only learns vpn 600 subnet from R1 via omp

R3 only learns vnp 600 subnet from R1 via omp

 

Can I configure it so R3 learns routes to R2 vpn 600 subnet via R1 and vice vera?

 

Thanks

Highlighted
Beginner

Re: Ask Me Anything - Getting to know Cisco SD-WAN

Is it possible to perform conditional route advertisement from viptela ? something like i have two color(example Internet+MPLS on vEdge devices. i want to advertise default route in ospf in service vpn only if internet is up and as soon as it went down it should stop advertising default route ?

 

In VRRP we have option to track prefix-list, here i know we can track prefix list learn via OMP, do we have any way to track NAT route by this prefix list ? example : ip route 8.8.8.8/32 vpn 0.

Regards,
Surjeet Singh
Highlighted

Re: Ask Me Anything - Getting to know Cisco SD-WAN

Helllo @AndyRibbens7838 

 

Can I configure it so R3 learns routes to R2 vpn 600 subnet via R1 and vice vera?

Absolutely, R1 would have to learn both routes, and you need a set of control policy statements matching those routes and setting the next hop as R1.

 

You would be building a hub and spoke type of topology for this specific VPN (note that the topologies are VPN-wise).

 

For your reference: please, give a look to this resource: https://www.ciscolive.com/global/on-demand-library.html?search=sd-wan%20policy#/session/154022953569300162tA

 

Hope that helps!

CreatePlease to create content