BRKCRS 2112
BRKCRS 2112
BRKCRS 2112
Serviceability of SD-WAN
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
cs.co/ciscolivebot#BRKCRS-2112
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco SD-WAN learning Journey at Cisco Live
Monday Tuesday Wednesday Thursday Friday
BRKCRS-2110 BRKCRS-2111
Delivering Cisco Next Migration to Next-Gen
Generation SD-WAN SD-WAN
with Viptela
Deep Dive SP
Serviceability
orchestration
Architecture Migration
and solution and vQOE
TECCRS-20004 BRKRST-2557 BRKCRS-2112
Cisco SD-WAN SD-WAN and NFV Serviceability for
Technical Deep Dive BRKCRS-2113 BRKRST-2514 Orchestration for Next Generation
Managed Service SD-WAN
Cloud-Ready WAN for Next Gen SDWAN with
Providers
IAAS and SAAS with application
Cisco Next-Gen SD- acceleration/optimization
WAN
Agenda
vSmart
vEdge
Controller
Cloud Router
SDWAN
Components
vBond
vEdge
Orchestrator
Router
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
SDWAN Components overview
Orchestration Plane Orchestration Plane
vManage
Cisco vBond
APIs
3rd Party
vAnalytics Orchestrates Connectivity
Automation
INET
vEdge Routers
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
SDWAN Components overview
Management Plane Management Plane
vManage
Cisco vManage
APIs
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
SDWAN Components overview
Control Plane Control Plane
vManage
Cisco vSmart
APIs
3rd Party
vAnalytics
Automation Handles all the Overlay-network
routing
vBond
Facilitates the DP encryption
vSmart Controllers
between vEdges
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
SDWAN Components overview Data Plane
Physical/Virtual
Data Plane
vManage
vEdge vEdge Cloud
APIs
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Cisco SD-WAN Cloud-Delivered Architecture
Multitenant, Cloud-Operated and Cloud-Delivered
Cloud
GUI
vSmart Data Center
Secure
REST API vManage Controllers
SD-WAN Fabric
Analytics
Private/Hosted/Managed
Cloud
Data Center
MPLS 4G
INET
Secure
Control Plane
Small Office
Home Office
vEdge Router Campus
Branch
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Fabric Operation Walk-Through
OMP Update:
OMP
vSmart Reachability – IP Subnets, TLOCs
Security – Encryption Keys
DTLS/TLS Tunnel
Policy – Data/App-route Policies
IPSec Tunnel
OMP OMP
BFD Update Update
Policies
OMP OMP
Update Update
vEdge vEdge
Transport1
TLOCs TLOCs
Subnets Subnets
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Secure Segmentation
Security Zoning
Interface Compliance
Guest WiFi
VLAN Multi-Tenancy
Extranet
Per-VPN Topology
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Day 0
2 3
5
1 Full Registration and
Configuration
4
Assumption:
• DHCP on Transport Side (WAN)
• DNS to resolve ztp.viptela.com*
vEdge
* Factory default config Delivered as-a-Service
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Zero Touch Provisioning – vEdge Cloud
Control and Policy
vManage Elements
1
Cloud-Init
VM
Provisioning 3
5
Tool
2 Full Registration and
Configuration
4
Assumption:
• DHCP on Transport Side (WAN)
vEdge Cloud
* Factory default config
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Building basic overlay network
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Checking Control connections
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Checking Control connections for a single device
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Checking Data connections
Down: Non-operational
connections with other vEdge
routers in the network.
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Checking OMP Summary
OMP Summary of the vEdge router
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Checking OMP Summary
OMP Summary of the vEdge router
Field Explanation
admin-state Administrative state of the OMP session. It can be UP or DOWN.
omp-uptime How long the OMP session has been up and operational.
tlocs-installed Number of TLOCs installed that were learned over OMP sessions.
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Checking OMP Peers detail
OMP Peers of the vEdge router
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Checking OMP Peers detail
OMP Peers of the vEdge router
Field Explanation
Peer IP address of the connected Edge device.
Site ID Identifier of the administrative site where the connect Edge device is
located.
R/I/S Number of routes received, installed, and sent over the OMP session.
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Checking Device bring-up
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Troubleshooting Control connections
Possible causes for control connection failure
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
DTLS connection failure
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
TLOC disabled
Probable causes
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Transient Conditions
Following are some Transient conditions where the control connections flap.
System-IP change on the vEdge
Tear-down msg. to vBond [control connection to vBond is transient]
This can be verified using the “show control connections” output as shown below
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Transient Conditions
Following are some Transient conditions where the control connections flap.
System-IP change on the vEdge
Tear-down msg. to vBond [control connection to vBond is transient]
This can be verified using the “show control connections” output as shown below Disconnect vBond after register
reply
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Transient Conditions
Following are some Transient conditions where the control connections flap.
System-IP change on the vEdge
Tear-down msg. to vBond [control connection to vBond is transient]
This can be verified using the “show control connections” output as shown below
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Transient Conditions
Following are some Transient conditions where the control connections flap.
System-IP change on the vEdge
Tear-down msg. to vBond [control connection to vBond is transient]
This can be verified using the “show control connections” output as shown below
System-IP Changed
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Transient Conditions
Following are some Transient conditions where the control connections flap.
System-IP change on the vEdge
Tear-down msg. to vBond [control connection to vBond is transient]
This can be verified using the “show control connections” output as shown below
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Serial Number(s) NOT present
If the serial number is not present on the controllers for a given vEdge, the control Challenge response rejected by peer
connections
will fail
Verify this by “send to controllers” option from vManage and / or ‘show controllers [ valid-
vsmarts | valid-vedges ]’.
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Serial Number(s) NOT present….Contd
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Certificate revoked/Invalidated
The certificate will be revoked in case of controllers or vEdge serial number is invalidated
vSmart Certificate
revoked
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Certificate installation failed
Certification verification failure is when certificate cannot be verified with the root cert installed.
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Organization-name Mismatch
For a given a overlay, the Org. Name has to match across all the controllers and vEdges so that
control connections can come up.
If not, you will see “Certificate Org. name mismatch” as seen below in the “show control
connections” output.
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Day ”N”
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Checking System Status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Checking System status….contd
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Checking the Circuit-Utilization
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Checking the Circuit-Utilization
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Checking Transport Quality
WAN > TLOC status
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Checking Transport Quality
WAN > TLOC status
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Checking Tunnel Quality
WAN > Tunnel status
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Checking DPI stats
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Checking DPI stats
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Checking DPI stats
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Checking DPI stats
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Checking DPI stats
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Checking App flows
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Checking Events
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Service-side to Service-side Troubleshooting
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Service-side to Service-side Troubleshooting
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Service-side to Service-side Troubleshooting
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Service-side to Service-side Troubleshooting
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
App route visualization
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Simulate Flows
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Simulate Flows
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Debug Logs
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
System Maintenance
Configuration roll-back
Configuration roll-back using vManage
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Software Upgrade
Software Upgrade
Upgrade software version of the vEdge router
NOTE: If the software upgrade is NOT successful and the device loses its connectivity after upgrade, it
will automatically roll-back to the previous Software version
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Device Reboot
Device Reboot
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Generic Alarms/Notifications
System Alarm - Types
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Checking Alarms
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Tech-Support
Collecting Show Admin Tech Generate Show-admin Tech
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Demo
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
cs.co/ciscolivebot#BRKCRS-2112
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Please complete your Online Complete Your Online
Session Evaluations after each
session
Session Evaluation
• Complete 4 Session Evaluations
& the Overall Conference
Evaluation (available from
Thursday) to receive your Cisco
Live T-shirt
• All surveys can be completed via
the Cisco Live Mobile App or the
Communication Stations
Don’t forget: Cisco Live sessions will be available
for viewing on-demand after the event at
www.ciscolive.com/global/on-demand-library/.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions
BRKCRS-2112 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Thank you