implementing and configuring cisco sdwan (icsdwan-ct) · 2018-10-22 · implementing and...
TRANSCRIPT
Course Duration
5 day
Course Price
$4,795.00
Methods of Delivery
Instructor Led
Virtual ILT
On-Site
Implementing and Configuring Cisco SDWAN (ICSDWAN-CT)
This course discusses the Cisco’s SDWAN solution using Viptela. In this class, students will configure
and manage the SD-WAN Fabric. Student will learn how the Fabric enables an Enterprise to extend its
network footprint to all infrastructure elements using a single platform. Student will deploy and manage
and Fabric infrastructure using the vManage, vSmart, vBond, and the vEdge Devices. Student will also
learn how to migrate an existing IWAN Deployment to a Viptela Fabric.
Objectives • SDWAN Overview • Cisco SDWAN Hardware • Deploying the Overlay • Configuring vManage • Deploying using Templates • Creating Policies • Monitoring vManage • vAnalytics • Troubleshooting Tools for VManage Outline
Module 1: SDWAN Overview Describe what a Software-Defined Wide Area Network (SD-WAN) is Describe the secure extensible network Describe the function of the virtual IP fabric created in the SD-WAN solution What is SDWAN Cisco Cloud vs On-premises vs private cloud management Cisco IWAN vs Viptela SDWAN IWAN Migration to SDWAN SDWAN Integration with Cisco Cisco SDWAN Licensing
o DNA Essentials o DNS Advantage o C1 Advantage
6210 Central Ave, Portage, IN. 46368 Phone: 219.764.3800 Fax: 219.764.3805 Web: http://www.ctclc.com
Module 2: Cisco SDWAN Edge Devices vEdge Appliances
o vEdge 100 o vEdge 1000 o vEdge 2000 o vEdge 5000
vEdge Cloud o ESXI o KVM o AWS o Microsoft Azure
Cisco IOS-XE Platforms o Cisco ISR 1100 Series Routers o Cisco ISR 4300 Series Routers o Cisco ISR 4400 Series Routers o Cisco ASR 10XX Routers
Cisco CSR 1000V Router Cisco 54xx Enterprise Network Compute System (ENCS)
Module 3: Cisco SDWAN Certificates and Whitelists On-Prem vs Cloud Certificate deployment Controller Certificates Hardware Device Certificates Software Device Certificates Certificates
o Export Device Data in CSV Format o Check the vEdge Router Certificate Status o Validate a vEdge Router o Stage a vEdge Router o Invalidate a vEdge Router o Send the Controller Serial Numbers to vBond Orchestrator o Install Signed Certificate o View the CSR o View the Certificate o Generate the CSR o Reset the RSA Key Pair o Invalidate a Device o View Log of Certificate Activities
Device Whitelists Controller Whitelists Module 4: Deploying Cisco SDWAN Controllers On-Prem vs Cloud deployment vManage NMS
o Deploy the vManage NMS o Configure the vManage NMS o Configure the vManage NMS Cluster o Configure Multitenant vManage NMS
o Configure Certificate Settings o Generate vManage NMS Certificate
vBond Orchestrator o Deploy vBond VM Instance o Configure the vBond Orchestrator o Add the vBond Orchestrator to the Overlay Network o NAT Traversal o Start the Enterprise ZTP Server
Deploy the vSmart Controller o Deploying vSmart Controller on ESXi o Deploying vSmart Controller on KVM o Configure the vSmart Controller o Add the vSmart Controller to the Overlay Network
Controller High Availability Cluster Management
o Change the IP Address of the Current vManage NMS o Add a vManage NMS o Configure the Statistics Database o View Statistics Database Space Usage
Module 5: Cisco SDWAN Fabric and Overview Virtual Fabric Overview Overlay Management Protocol Transport Locators (TLOCs)
o TLOC Extension o TLOC Colors
Multicast TCP Optimization Opening Firewall Ports Software Installation and Upgrade
o Software Version Compatibility o Add New Software Images to the Repository o Software Upgrades Best Practices o Activate a New Software Image o Redundant Software Images
vContainer Host o Create vContainer Host o Configure the vContainer Host
vEdge Routers o Deploy vEdge Cloud router o Deploy a vEdge 100 VM on Azure o Deploy vEdge Cloud VM on ESXi o Deploy vEdge Cloud VM on KVM o Deploying vEdge 100 Routers o Deploying vEdge 1000 Routers o Deploying vEdge 2000 Routers o Device configuration using CLI o Install Signed Certificates on vEdge Cloud Routers
Migrating IOS-XE Devices to Cisco SD-WAN
Zero Touch Provisioning o Using ZTP on Non-Wireless Routers o Using ZTP on Wireless Routers
Deploy AWS Gateway using the AWS Wizard
Module 6: Cisco SD-WAN Security Solution Security Firewall Ports Control Plane Security
o DTLS o TLS
Data Plane Security o IPSEC o GRE
Traffic Segmentation o VPN o Policies
Service Chaining o Firewalls o IDS
Cloud Security o Umbrella o Z-Scaler
Zone Based Firewall
Module 7: Quality of Service
Application Visibility and Recognition
Differentiated Services - Quality of Service
Critical Applications SLA
Path MTU Discovery
TCP Performance Optimization
Bidirectional Forwarding Detection (BFD) o BFD Hello Timer and Multiplier o BFD Measurements
vEdge Router Queuing o Marking o Remarking o Shaping o Policing
Module 8: Configuring vManage Using the vManage Interface Using the vManage Dashboard
o Device Pane o Reboot Pane o Certificates Pane o Control Status Pane o Site Health View Pane
o Transport Interface Distribution o vEdge Inventory Pane o vEdge Health Pane o Transport Health Pane o Top Applications Pane o Application-Aware Routing Pane o Web Server Certificate Expiration Date Notification o Maintenance Window Alert Notification
Administration o Setting
Configure Organization Name Configure vBond DNS Name or IP Address Configure Certificate Authorization Settings Configure vEdge Cloud Certificate Authorization Settings Generate Web Server Certificate View Web Server Certificate Expiration Date Enforce Software Version on vEdge Routers Create a Custom Banner Collect Device Statistics Enable CloudExpress Service Enable vAnalytics Platform Enable vManage Client Session Timeout Enable Data Stream Collection Set the Tenancy Mode Set Interval to Collect Device Statistics Configure a Maintenance Window
o Manage Users Add a User Delete a User Edit User Details Change User Password Add a User Group Delete a User Group Edit User Group Privileges View vManage Service Details View Devices Connected to a vManage NMS Edit a vManage NMS Remove a vManage NMS from the Cluster View Available Cluster Services
o Tenant Management Add a Tenant View All Tenants View a Single Tenant Edit a Tenant Remove a Tenant
Configuration o Devices
Change Configuration Modes Upload vEdge Authorized Serial Number File Generate Bootstrap Configuration for a vEdge Cloud Router Export Device Data in CSV Format
View a Device's Running Configuration View a Device's Configuration Delete a vEdge Router Copy a vEdge Router's Configuration Decommission a vEdge Cloud Router View Log of Template Activities Add a vBond Orchestrator Add a vSmart Controller Edit Controller Details Delete a Controller Change Variable Values for a Device
Module 9: SD-WAN Templates
Templates o Describe what vManage templates are used for o List the parameter types that are used in vManage templates o Explain the use of the Template Variable Spreadsheet o Summarize the configuration elements of a device o Create a Device Template
Create a Device Template from Feature Templates Create a Device Template from the CLI
o Describe what the system feature template is used for o Explain how to configure logging using the logging feature template o Describe how OMP can be configured using the OMP feature template o Describe the function of the Security feature template o Explain how the BFD feature can be configured using the BFD feature template o List the other feature templates that can be configured o Edit a Template o View a Template o Delete a Template o View Device Templates Attached to a Feature Template o View Devices Attached to a Device Template o Perform Parallel Template Operations o Attach Devices to a Device Template o Copy a Template o Edit a CLI Device Template o Export a Variables Spreadsheet in CSV Format for a Template o Change the Device Rollback Time and View Configuration Differences o Configuration Rollback
Wide Area Application Server (WAAS) o WAAS Integration with SDWAN o Service Chaining with WAAS o Application Optimization o TCP Optimization o Data Redundancy Elimination (DRE) o LZ Compression o Akamai Connect
Maintenance o Device Reboot o Software Upgrade
Configure Cisco Umbrella
Configure Zscaler Quality of Service (QoS)
Module 10: SD-WAN Policies
Policies o Policy Construction
Lists Policy Definition Policy Application
o Configure Centralized Policy o Configure Localized Policy o View a Policy o Copy a Policy o Edit a Policy o Edit or Create a Policy Component o Delete a Policy o Activate a Policy on vSmart Controllers
Smart policies (Control, Data, AppRoute, cflowd) o Control Policy
Service Chaining Traffic Engineering Extranet VPNs Service path affinity Arbitrary VPN Topologies Fabric Policies
o Application Aware Routing Policy Application SLA
Latency Loss Jitter
Path Determination o Data Policy to manipulate different traffic types
Shaping Policies QoS Policies Service Chaining Traffic Engineering Extranet VPNs Service path affinity NAT Policies
o cFlowd Policy Cflowd-template for configuring flow cache behavior and flow export Data-policy for selection of traffic subject to flow data collection
o Multi-VPN and multi-topology policy o Hub Mesh Policies
Create a VPN Membership Policy Create an Application SLA Policy
Module 11: SD-WAN Cloud
OnRamp SAAS o View Application Performance o View Details about an Application
o Manage OnRamp Applications o Manage OnRamp Client Sites o Manage OnRamp Gateways o Manage OnRamp DIA Sites
Cloud OnRamp IAAS o Create a Cloud Instance o Display Host VPCs o Map Host VPCs to a Gateway VPC o Unmap Host VPCs o Display Gateway VPCs o Add a Gateway VPC o Delete a Gateway VPC
Module 12: Monitoring vManage Network
o View List of Devices o Export Device Data in CSV Format o View Information about a Device o View Device Status Summary o View DPI Flows o View Cflowd Flows o View Interfaces o View TCP Optimization Information o View TLOC Loss, Latency, and Jitter Information o View Tunnel Connections o View Wi-Fi Configuration
View Client Details View Client Usage
o View Control Connections o View System Status o View Events o View ACL Logs o Troubleshoot a Device
Check Device Connectivity Check Device Bringup Ping a Device Run a Traceroute View Control Connections in Real Time
o Check Traffic Health View Tunnel Health Check Application-Aware Routing Traffic Simulate Flows Check Device Syslog Files
o View Real-Time Data ACL Log
o Set ACL Log Filters Alarms
o Set Alarm Filters o Export Alarm Data in CSV Format o View Alarm Details
o Alarms Generated on vManage NMS Audit Log
o Set Audit Log Filters o Export Audit Log Data in CSV Format o View Audit Log Details o View Changes to a Configuration Template
Events o Set Event Filters o Export Event Data in CSV Format o View Device Details
Geography o Set Map Filters
View Device Information
View Link Information
Configure Geographic Coordinates for a Device
Module 13: vAnalytics Applications
o Display Bandwidth Utilization o Display vQoE Values o Display Deviations from Baseline Utilization
Network Availability o Display Downtime by Site o Display Downtime by Time
Network Health o Display Latency, Loss, and Jitter on Circuits o Display Application Performance by Carrier
vAnalytics Dashboard o Network Availability Pane o Applications Pane
Least Performing Applications Applications Consuming Most Bandwidth Anomalous Application Families
o WAN Performance Pane Carrier Performance Tunnel Performance
Module 14: Troubleshooting Tools for vManage Using vManage to Troubleshoot the environment Operational Commands
o Admin Tech Command o Interface Reset Command
Rediscover Network o Rediscover the Network o Synchronize Device Data
CLI Command to troubleshoot the environment. SSH Terminal
o Establish an SSH Session to a Device
Labs
Lab 1: Deploy the vManage NMS
Create vManage VM Instance on ESXi
Configure Certificate Settings
Create a vManage Cluster
Lab 2: Deploy the vBond Orchestrator
Create vBond VM Instance on ESXi
Configure the vBond Orchestrator
Add the vBond Orchestrator to the Overlay Network
Start the Enterprise ZTP Server
Lab 3: Deploy the vSmart Controller
Create vSmart Controller VM Instance on ESXi
Configure the vSmart Controller
Add the vSmart Controller to the Overlay Network
Lab 4: Deploy the vEdge Routers
Create vEdge Cloud VM Instance on ESXi
Install Signed Certificates on vEdge Cloud Routers
Send vEdge Serial Numbers to the Controller Devices
Configure the vEdge Routers
Prepare vEdge Routers for ZTP
Lab 5: vManage Configuration
Explore the Interface
Add Controllers to the Whitelist
Add vEdge whitelist
BFD Tuning
Create and Update Users
Manage the Fabric
Lab 6: Creating Device Templates
Create CLI Policy Template
Create Feature Policy Template
o System Feature Template
o BFD Feature Template
o OMP Feature Template
o VPN Feature Template
o MPLS-TLOC Feature Template
o Internet-TLOC Feature Template
o OSPF Feature Template
o VPN 10 Hub and Spoke Feature Template
o VPN 20 Full Mesh Feature Template
o VPN 40 Guest Feature Template
Attach Devices to Template
Configuration Rollback
TLOC Extension Lab
Lab 7: Create Policies
List types of policies that can be implemented in the SD-WAN solution
Describe how policies can be implemented that affect the control plane
Describe what affect policies can have on data traffic forwarding
Identify the various components of the vSmart policy architecture
Describe how different policies are enabled in different devices
Detail how policies are processed and applied
Control Policy Lab
o Configure a Vpn-membership-policy
o Configure Site-list Selection Policies
o Configure a Service Chaining Policy
o Configure an Extranet VPN Policy
o Configure a Service path affinity Policy
o Configure Fabric Policies
o Configure Security Zones
Data Policy Lab
o Configure Shaping Policies
o Configure QoS Policies
o Configure a Service Chaining
o Configure a Extranet VPN Policy
o Configure Service path affinity Policy
o Configure a NAT Policies for DIA
o Configure a OSPF BGP Routing Policy
Application Aware Routing Policy Lab
o SLA Classes
o Path Selection using Application Policies
Create a cFlowd
Lab 8: Application Visibility
Lab 9: Monitoring the Solution
Lab 10: API Integration
Lab 11: Troubleshooting