BRKRST 2093

#CLUS
Next-Gen SD-WAN
(Viptela)
Deployment, Monitoring, and
Troubleshooting
Ali Shaikh
Technical Solutions Architect
BRKRST-2093
#CLUS
Agenda
• Introduction
• Bringup
• Setup
• Deploy
• Monitor
• Conclusion
#CLUS BRKRST-2093 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
Webex Teams will be moderated cs.co/ciscolivebot#BRKRST-2093

by the speaker until June 16, 2019.
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Overview
SDWAN Components Overview
vManage
NMS
vSmart
WAN Edge
Controller
Cloud Router
SDWAN
Components
vBond
WAN Edge Orchestrator
Router
Management Plane Management Plane
vManage
Cisco vManage
 Policies and Templates
vBond  Troubleshooting and

Monitoring
vSmart Controllers
 Programmatic interfaces
MPLS 4G
INET
vEdge Routers
Cloud Data Centre Campus Branch SOHO
Orchestration Plane Orchestration Plane
vManage
Cisco vBond
 Orchestrates Connectivity
vBond  First point of authentication
vSmart Controllers  Facilitates NAT traversal
MPLS 4G
INET
vEdge Routers
Control Plane Control Plane
vManage
Cisco vSmart
 Handles overlay routing

 Facilitates encryption between
vBond
vEdges
vSmart Controllers
 Propagates policies for handling
MPLS 4G traffic
INET
vEdge Routers
SDWAN Components Overview Data Plane
Physical/Virtual
Data Plane
vManage
vEdge vEdge Cloud
 WAN Edge router
 Secure data plane with other

vBond
vEdge routers
vSmart Controllers
 Implements data plane policies
MPLS 4G
INET
vEdge Routers
Delivering a Cloud-Ready architecture
Cloud
Data Centre
Secure
vManage vSmart
SD-WAN Fabric
Private/Hosted/Managed
Cloud
Data Centre
MPLS 4G
INET
Secure
Control Plane
Small Office
Home Office
Edge Router Campus
Branch
Building the overlay fabric
OMP Update:
vSmart Reachability – Routes, TLOCs
OMP
Security – Encryption Keys
DTLS/TLS Tunnel
Policy – Data/Application-Aware Policies
IPSec Tunnel
OMP OMP
BFD Update Update
Policies
OMP OMP
Update Update
vEdge vEdge
Transport1
TLOCs TLOCs
VPN1 VPN2 Transport2 VPN1 VPN2

BGP, OSPF, BGP, OSPF,
Connected, Connected,
Static A B C D Static
Subnets Subnets
Bringup
Configure administrative settings
Add controller devices
Generate controller certificates
Add vEdge devices
Control vEdge Whitelist
Failure Scenarios
Connectivity Issues Certificate Issues
 DTLS connection failure  Device(s) not added
 TLOC disabled  Certificate revoked/invalidated
 Transient conditions  Certificate verification failures
Checking Control Connections
 Control Up: Total number of
devices with the required number
of operational control plane
connections to a vSmart
controller.
 Partial: Total number of devices

with some, but not all, operational
control plane connections to
vSmart controllers.
 Control Down: Total number of

devices with no control plane
connection to a vSmart controller.
Setup
Defining the objects
Building the topology
Defining the treatment of applications
Activating the policies
Failure Scenarios
Control Plane Issues Data Plane Issues
 Incorrect routing  Incorrect path taken
 Tunnels not established  SLA Violations
 Best path selection  Application specific requirements
Troubleshooting Routing
Troubleshooting Traffic
Visualizing Application Paths
Simulating Traffic Flows
Deploy
Building the template
Deploying the template
Adding device values
Validation of Configuration
Configuration Rollback
Zero Touch Provisioning
Control and Policy
Zero Touch Provisioning
Elements
Service
2 3
5
1 Full Registration and
Configuration
4
DHCP on Transport Side (WAN)
vEdge
Checking Device Bring-Up
- Indicates control plane connections are successful
- Indicates ZTP is disabled. Seen during SW upgrade only
- Indicates control plane connection failure
- Indicates that the reason for device bring-up failure is

Unknown
Failure Scenarios
Connectivity Loss Unsupported Behavior
 Accidental misconfiguration  Bad data
 Interfaces shutdown  Unsupported configuration
 Incorrect addressing  Conflicting information
Troubleshooting Configuration
Monitor
Checking System Status
Checking Interface Utilization
Checking Transport Quality
Checking Events
REST API
REST API
REST API
Summary
• Step 1: Bring up infrastructure and inventory management
• System – Dynamic orchestration of TLS connections to establish the control plane
• User – Be able to troubleshoot IP connectivity and SSL certificate messages
• Step 2: Centralized routing and application policies
• System – vSmart controllers handle routing updates and IPsec information
• User – Be able to read OMP tables and traffic simulation tools
• Step 3: Centralized device configurations through device templates
• System – vManage pushes configurations to devices directly
• User – Be able to read build templates and read template XML messages
• Step 4: APIs and programmability
• System – vManage provides a REST interface to control the overlay
• User – Be able to create custom automations and integrations
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing
on demand after the event at ciscolive.cisco.com.
Continue your education
Demos in the
Walk-in labs
Cisco campus
Meet the engineer

Related sessions
1:1 meetings
Thank you
#CLUS
#CLUS

BRKRST 2093

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKRST 2093

Uploaded by

Copyright:

Available Formats

#CLUS

Webex Teams will be moderated cs.co/ciscolivebot#BRKRST-2093

 Policies and Templates

vBond  Troubleshooting and

Cloud Data Centre Campus Branch SOHO

vBond  First point of authentication

vSmart Controllers  Facilitates NAT traversal

Cloud Data Centre Campus Branch SOHO

 Handles overlay routing

Cloud Data Centre Campus Branch SOHO

 WAN Edge router

 Secure data plane with other

Cloud Data Centre Campus Branch SOHO

VPN1 VPN2 Transport2 VPN1 VPN2

 DTLS connection failure  Device(s) not added

 TLOC disabled  Certificate revoked/invalidated

 Transient conditions  Certificate verification failures

 Partial: Total number of devices

 Control Down: Total number of

 Incorrect routing  Incorrect path taken

 Tunnels not established  SLA Violations

 Best path selection  Application specific requirements

DHCP on Transport Side (WAN)

- Indicates control plane connections are successful

- Indicates ZTP is disabled. Seen during SW upgrade only

- Indicates control plane connection failure

- Indicates that the reason for device bring-up failure is

 Accidental misconfiguration  Bad data

 Interfaces shutdown  Unsupported configuration

 Incorrect addressing  Conflicting information

Meet the engineer

You might also like