cisco sd wan€¦ · if using enterprise ca server, install the enterprise root ca chain. •...
TRANSCRIPT
![Page 1: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/1.jpg)
© 2019 NIL, Security Tag: PUBLIC 1nil.com © 2019 NIL, Security Tag: PUBLIC
![Page 2: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/2.jpg)
© 2019 NIL, Security Tag: PUBLIC 2
Aleš TravnikarSystems Engineer / Instructor
Cisco SD-WANOd besed k dejanjem
![Page 3: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/3.jpg)
© 2019 NIL, Security Tag: PUBLIC 3
• What do you need?
• Step 1 - Deploying Controllers
• Step 2 – Bringing Up Secure Control Plane
• Step 3 – Bringing Up Secure Data Plane
• Additional Tools
Agenda
![Page 4: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/4.jpg)
© 2019 NIL, Security Tag: PUBLIC 4
What do you need?
![Page 5: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/5.jpg)
© 2019 NIL, Security Tag: PUBLIC 5
Architecture
vManage
4GMPLS
INET
Data Center CoLo Campus BranchCloud
WAN Edge
• Facilitates fabric discovery
• Disseminates control plane information
• Implements and distributes policies
Control Plane
• Single pane of glass
• Centralized provisioning
• Policies and Templates
Management PlaneOrchestrator
• Orchestrates control and management plane
• First point of authentication
• Facilitates NAT traversal
vSmart Controllers
vBond
Data Plane
• Physical or Virtual
• Zero Touch Provisioning
![Page 6: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/6.jpg)
© 2019 NIL, Security Tag: PUBLIC 6
Step 1 – Deploying Controllers
vManage
vSmart vBond
Enterprise IT
PrivateCloud
Deploy
vManage
vSmart vBond
MSP Ops Team
MSPCloud
Deploy
Cisco Cloud Ops
vManage
vSmart vBond
CiscoCloud
Deploy
![Page 7: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/7.jpg)
© 2019 NIL, Security Tag: PUBLIC 7
On-Premises Deployment
ESXi, KVM
vManage
vSmart vBond
PrivateCloud
Deploy
![Page 8: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/8.jpg)
© 2019 NIL, Security Tag: PUBLIC 8
On-Premises Deployment - ESXi
1. Obtain documentation, software and verify system requirements.
2. Import OVA.
3. Perform installation and initial configuration:
4. If using Enterprise CA server, install the enterprise root CA chain.
• Connectivity (IP, GW, DNS)• System-IP• Site-ID
• Organization-Name• vBond address • NTP
Installation Overview
![Page 9: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/9.jpg)
© 2019 NIL, Security Tag: PUBLIC 9
Initial Configuration Settings
• System-IP – Unique identifier of a SD-WAN component
• 32-Bit dot decimal notation (an IPv4 Address)
• Logically a VPN 0 Loopback Interface, referred to as “system”
• Site-ID – Identifies logical location of individual node
• Configured on every WAN Edge
• When not unique, same location is assumed
• Organization-Name – SD-WAN overlay identifier
• Must match on all components
• Example: "Cisco Connect – 2019"
![Page 10: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/10.jpg)
© 2019 NIL, Security Tag: PUBLIC 10
Certificate Authority Options
vManage
vBondvSmart
Root
RootRoot
SignedSigned
Signed
EnterpriseEnterprise
EnterpriseEnterprise
Enterprise
Enterprise
vManage
vBondvSmart
Root
RootRoot
SignedSigned
Signed
• DigiCert certificates are the default option.
• Enterprise certificates can be used for On-Prem. deployment.
• Need to install root CA chain.
![Page 11: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/11.jpg)
© 2019 NIL, Security Tag: PUBLIC 11
Deploying vManage on VMware ESXi
![Page 12: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/12.jpg)
© 2019 NIL, Security Tag: PUBLIC 12
Verifying vManage System Requirements
• SSD required for normal vManage performance.
• Private lab setup for learning purposes will work with less resources.
• *vManage Cluster requires dedicated interface for message bus.
Devices vCPUs RAM OS Volume Database Volume
Bandwidth vNICs
1-250 16 32 GB 16 GB 500 GB,1500 IOPS
25 Mbps 2
251-1000 32 64 GB 16 GB 1 TB,3072 IOPS
100 Mbps 2
1001 or more 32 64 GB 16 GB 1 TB,3072 IOPS
150 Mbps 3*
![Page 13: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/13.jpg)
© 2019 NIL, Security Tag: PUBLIC 13
vManage Interface Properties
• By default, vManage OVA is configured with a single interface (eth0).
• Adding additional interface remaps eth0 to vNIC 2.
Control Interface
Management Interface
vNIC 2 vNIC 1
ESXi, KVM, AWS, MS Azure
VPN512VPN0
vNIC Interface Default VPN DHCP enabled
State
2 eth0 0 Yes Enabled
1 eth1 Not set No Disabled
![Page 14: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/14.jpg)
© 2019 NIL, Security Tag: PUBLIC 14
Deploying vManage OVA on VMware ESXi
• Primary disk for OS consumes 19 GB.
![Page 15: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/15.jpg)
© 2019 NIL, Security Tag: PUBLIC 15
Deploying vManage OVA on VMware ESXi (Cont.)
Singe Interface present by default.
Do not power on VM before adding additional disk for a DB installation.
![Page 16: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/16.jpg)
© 2019 NIL, Security Tag: PUBLIC 16
Adding Additional Resources to the vManage VM
Additional Hard Disk will host vManagedatabase.
![Page 17: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/17.jpg)
© 2019 NIL, Security Tag: PUBLIC 17
Specifying Capacity and Specifying Device Type
For Lab environment, a 100 GB disk size will be sufficient. For PoC/PoV or production environments, follow official requirements.
SCSI interface is not supported, make sure you select the IDE type.
![Page 18: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/18.jpg)
© 2019 NIL, Security Tag: PUBLIC 18
Adding Additional Interface to vManage VM
Add additional interface for convenient OOB management.
![Page 19: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/19.jpg)
© 2019 NIL, Security Tag: PUBLIC 19
Performing vManage Database Installation
• Default credentials: admin / admin
![Page 20: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/20.jpg)
© 2019 NIL, Security Tag: PUBLIC 20
Configuring vManage Interface Settings
OOB management interface
Transport interface
![Page 21: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/21.jpg)
© 2019 NIL, Security Tag: PUBLIC 21
vmanage(config)# systemvmanage(config-system)# system-ip 10.255.255.21vmanage(config-system)# site-id 1vmanage(config-system)# organization-name "Cisco Connect - 2019" vmanage(config-system)# vbond 10.0.0.22vmanage(config-system)# ntp server 203.0.113.1vmanage(config-system)# commitCommit complete.
Configuring vManage System Parameters
• Organizational-Name is case sensitive, always use quotes.
• vBond server can be specified as a domain name.
• System-IP must be unique on every component in the SD-WAN fabric.
![Page 22: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/22.jpg)
© 2019 NIL, Security Tag: PUBLIC 22
Finalize vManage Initial System Configuration
![Page 23: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/23.jpg)
© 2019 NIL, Security Tag: PUBLIC 23
Installing Enterprise Root Certificate
Paste CA certificate in PEM format.
![Page 24: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/24.jpg)
© 2019 NIL, Security Tag: PUBLIC 24
Deploying vBond on VMware ESXi
![Page 25: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/25.jpg)
© 2019 NIL, Security Tag: PUBLIC 25
Verifying vBond System Requirements
• Only SSD-based volumes are officially supported.
• vBond is installed using vEdgeCloud OVA.
• OVA is preconfigured with four vCPUs.
Devices vCPUs RAM OS Volume
Bandwidth vNICs
1-50 2 4 GB 8 GB 1 Mbps 2
51-250 2 4 GB 8 GB 2 Mbps 2
251-1000 2 4 GB 8 GB 5 Mbps 2
1001+ 4 8 GB 8 GB 10 Mbps 2
![Page 26: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/26.jpg)
© 2019 NIL, Security Tag: PUBLIC 26
Configuring vBond System Parameters
• Keyword local in the vbond command defines the vBond role.
vedge(config)# systemvedge(config-system)# host-name vBondvedge(config-system)# system-ip 10.255.255.22vedge(config-system)# site-id 1vedge(config-system)# organization-name "Cisco Connect - 2019" vedge(config-system)# vbond 10.0.0.22 localvedge(config-system)# commitCommit complete.
![Page 27: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/27.jpg)
© 2019 NIL, Security Tag: PUBLIC 27
vBond Interface Properties
• OVA is preconfigured with four vNICs, only two interfaces are supported.
Control Interface
Management Interface
vNIC 2 vNIC 1
ESXi, KVM, AWS, MS Azure
VPN512VPN0
vNIC Interface DefaultVPN
DHCP enabled
State
1 eth0 512 Yes Enabled
2 ge0/0 0 Yes Enabled
3 ge0/1 No Disabled
4 ge0/2 No Disabled
![Page 28: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/28.jpg)
© 2019 NIL, Security Tag: PUBLIC 28
Configuring vBond Interface Settings
• The VPN0 interface is preconfigured for WAN.
• The tunnel-interface configuration settings lock down the interface and also prevent incoming NETCONF connections.
• When vBond is integrated with vManage, vManage establishes the NETCONF connection.
• Recommendation: disable the tunnel-interface configuration while performing controller integration.
• Alternative: temporarily allow the netconf service.
![Page 29: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/29.jpg)
© 2019 NIL, Security Tag: PUBLIC 29
Configuring vBond Interface Settings (Cont.)
OOB management interface
Transport interface
![Page 30: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/30.jpg)
© 2019 NIL, Security Tag: PUBLIC 30
Installing Local Root CA Chain
• Transfer the root certificate chain and perform import:
![Page 31: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/31.jpg)
© 2019 NIL, Security Tag: PUBLIC 31
Deploying vSmart on VMware ESXi
![Page 32: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/32.jpg)
© 2019 NIL, Security Tag: PUBLIC 32
Verifying vSmart System Requirements
• Only SSD-based volumes are officially supported
Devices vCPUs RAM OS Volume
Bandwidth vNICs
1-50 2 4 GB 16 GB 2 Mbps 2
51-250 4 6 GB 16 GB 5 Mbps 2
251-1000 4 16 GB 16 GB 7 Mbps 2
1001+ 8 16 GB 16 GB 10 Mbps 2
![Page 33: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/33.jpg)
© 2019 NIL, Security Tag: PUBLIC 33
vSmart Interface Settings
Control Interface
Management Interface
vNIC 2 vNIC 1
ESXi, KVM, AWS, MS Azure
VPN512VPN0
vNIC Interface Default VPN DHCP enabled
State
2 Eth0 0 Yes Enabled
1 Eth1 Not set No Disabled
• By default, vSmart OVA is configured with a single interface.
• Adding an additional interface remaps eth0 to vNIC 2.
![Page 34: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/34.jpg)
© 2019 NIL, Security Tag: PUBLIC 34
Configuring vSmart Interface Settings
34
OOB management interface
Transport interface
![Page 35: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/35.jpg)
© 2019 NIL, Security Tag: PUBLIC 35
Configuring vSmart System Settings
vsmart(config)# systemvsmart(config-system)# system-ip 10.255.255.23vsmart(config-system)# site-id 1vsmart(config-system)# organization-name "Cisco Connect - 2019" vsmart(config-system)# vbond 10.0.0.22vsmart(config-system)# ntp server 203.0.113.1vsmart(config-system)# commitCommit complete.
![Page 36: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/36.jpg)
© 2019 NIL, Security Tag: PUBLIC 36
Installing Local Root CA Chain
• Transfer the root certificate chain and perform import:
![Page 37: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/37.jpg)
© 2019 NIL, Security Tag: PUBLIC 37
Step 2 – Bringing Up Secure Control Plane
![Page 38: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/38.jpg)
© 2019 NIL, Security Tag: PUBLIC 38
Integrating Controllers
1. Add vBond and vSmart controllers into the vManage.
2. Generate CSRs.
3. Sign CSRs and upload certificates.
4. Configure tunnel interfaces and establish control connections.
5. Install the license file.
![Page 39: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/39.jpg)
© 2019 NIL, Security Tag: PUBLIC 39
Adding Controllers to vManage
• vSmart is added using the same procedure.
Specify controller‘s IP address that is reachable from vManage VPN0 interface via NETCONF protocol (TCP 830).
![Page 40: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/40.jpg)
© 2019 NIL, Security Tag: PUBLIC 40
Generating the CSR
![Page 41: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/41.jpg)
© 2019 NIL, Security Tag: PUBLIC 41
Viewing and Transferring the CSR
![Page 42: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/42.jpg)
© 2019 NIL, Security Tag: PUBLIC 42
Installing Signed Certificate
![Page 43: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/43.jpg)
© 2019 NIL, Security Tag: PUBLIC 43
Configuring Interfaces for Control Connections
• Enable the tunnel-interface configuration on the VPN 0 interface on all controllers.
• On vBond, also specify the tunnel-interface encapsulation type.
![Page 44: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/44.jpg)
© 2019 NIL, Security Tag: PUBLIC 44
Verifying Control Connections
![Page 45: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/45.jpg)
© 2019 NIL, Security Tag: PUBLIC 45
Troubleshooting Control Connections
• # show control connections-history
![Page 46: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/46.jpg)
© 2019 NIL, Security Tag: PUBLIC 46
Step 3 – Bringing Up Secure Data Plane
![Page 47: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/47.jpg)
© 2019 NIL, Security Tag: PUBLIC 47
Plug and Play Connect (PnP) Portal
https://software.cisco.com
Smart Account is required
Smart Account
Virtual Account
![Page 48: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/48.jpg)
© 2019 NIL, Security Tag: PUBLIC 48
PnP – Adding Controller Profile
![Page 49: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/49.jpg)
© 2019 NIL, Security Tag: PUBLIC 49
PnP - Adding Controller Profile Settings
![Page 50: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/50.jpg)
© 2019 NIL, Security Tag: PUBLIC 50
PnP - Adding WAN Edge Devices
![Page 51: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/51.jpg)
© 2019 NIL, Security Tag: PUBLIC 51
PnP - Providing Device Details
![Page 52: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/52.jpg)
© 2019 NIL, Security Tag: PUBLIC 52
PnP – Downloading vManage License File
![Page 53: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/53.jpg)
© 2019 NIL, Security Tag: PUBLIC 53
Importing WAN Edge List
• If devices are not validated when importing the license file, you need to manually enable each device under Configuration > Licensing.
53
![Page 54: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/54.jpg)
© 2019 NIL, Security Tag: PUBLIC 54
Deploying vEdge Cloud Routers
![Page 55: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/55.jpg)
© 2019 NIL, Security Tag: PUBLIC 55
Overview of Installation Steps:vEdge Cloud
1. Obtain software and verify system requirements.
2. Deploy OVA Template.
3. Perform initial configuration (connectivity, system-ip, site-id, org-name, vbond address).
4. If using enterprise CA, install local root CA chain.
5. Activate vEdgeCloud by enrolling it into vManage.
![Page 56: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/56.jpg)
© 2019 NIL, Security Tag: PUBLIC 56
Deploying vEdgeCloud on VMware ESXi
vNIC Interface DefaultVPN
DHCP enabled
State
1 eth0 512 Yes Enabled
2 ge0/0 0 Yes Enabled
3 ge0/1 No Disabled
4 ge0/2 No Disabled
• Up to 8 vNICs are supported.
![Page 57: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/57.jpg)
© 2019 NIL, Security Tag: PUBLIC 57
Generating Chassis UUID and OTP Token
• Generate bootstrap configuration to extract the UUID number and OTP token for the vEdgeCloud activation.
![Page 58: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/58.jpg)
© 2019 NIL, Security Tag: PUBLIC 58
Activating vEdgeCloud
![Page 59: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/59.jpg)
© 2019 NIL, Security Tag: PUBLIC 59
Activating vEdgeCloud (Cont.)
• Verification
![Page 60: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/60.jpg)
© 2019 NIL, Security Tag: PUBLIC 60
Additional Lab Tools
![Page 61: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/61.jpg)
© 2019 NIL, Security Tag: PUBLIC 61
Useful Link and Traffic Manipulators
• WANem – WAN Emulator
• Transparent bridge with easy to use GUI.
• Can introduce delay, loss, corruption, reordering, limited bandwidth.
• Ideal tool for virtual environment, when testing Application Aware Routing policies.
• wanem.sourceforge.net, releases with GNU GPL license.
• TRex – Realistic Traffic Generator
• Generates realistic traffic with stateful flow support.
• trex-tgn.cisco.com, developed by Cisco, released under Apache 2.0 license.
![Page 62: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/62.jpg)
© 2019 NIL, Security Tag: PUBLIC 62
Next Steps
•Documentation:
https://sdwan-docs.cisco.com
• SD-WAN Guides (CVDs):
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/CVD-SD-WAN-Design-2018OCT.pdf
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/CVD-SD-WAN-Deployment-2018OCT.pdf
![Page 63: Cisco SD WAN€¦ · If using Enterprise CA server, install the enterprise root CA chain. • Connectivity (IP, GW, DNS) • System-IP • Site-ID • Organization-Name • vBond](https://reader033.vdocuments.us/reader033/viewer/2022042415/5f30184070aa1724aa462d32/html5/thumbnails/63.jpg)
© 2019 NIL, Security Tag: PUBLIC 63nil.com
ENABLING IT FOR BUSINESS