Friday 21 May 2021

Cisco SD-WAN



Table of Contents

Chapter 1: Setting Up On-Prem Controllers 1

    Introduction 1

    Configuring IOS-XE Certification Server 2

    Enabling HTTP Server and NTP 2

    Certificate Server Configuration 2

    vManage Configuration 4

    System Information 6

    VPN Configuration 6

    Certification enrollment 8

    vBond Initial Configuration 15

    System Information 17

    VPN Configuration 18

    Certification enrollment 19

    vSmart Initial Configuration 25

    System Information 26

    VPN Configuration 26

    Certification enrollment 27

    Control Connection Verification 33


Chapter 2: Manual vEdge Provision 35

    Introduction 35

    vEdge Configuration 36

    System Information 36

    Underlay Network: VPN 0 36

    Certification enrollment 38

    Onboarding Process 44

    Control Connection Verification 45


Chapter 3: Overlay Management Protocol 59

    Introduction 59

    Service VPN Configuration 60

    TLOC Routes 60

    Tunnel Verification 69

    OMP Routes 70

    IP Reachability  Verification 75

    Data Plane 75

    Summary 78


Chapter 4: Consideration When Using MPLS Transport 79

    Introduction 79

    Building a Label Switch Path 80

    Segment Routing Global Block (SRGB) 80

    IGP Prefix Segment (Prefix-SID) 81

    MP-BGP: Advertising Customer Routes 85

    Summary 91

    MPLS device configurations 92


Chapter 5: Policies – Topology: Hub and Spoke 97

  Introduction 97

  vSmart - from CLI mode to vManaged mode 102

  Create CLI Template 103

  Attach CLI Template to vSmart 104

  Policy Configuration 107

  Step-1: Create Site-List 110

  Step-2: Create Control Policy 111

  Step-3: Apply Control Policy 117

  Step-4: Activate Centralized Policy 119

  Policy Verification 121

  Spoke-to-Spoke traffic 126

  Summary 130


Chapter 6: Feature and CLI templates 131

Introduction 131

Feature Templates 131

System and NTP Templates 133

VPN Template 134

VPN Interface 136

Device Templates 139

System and NTP 140

VPN Template 141

Attach Device Template to vEdge 144

Verification 150

Detach Device Template from vEdge 151

CLI Templates with Variables 152

Attach to vEdge 154

Verification 158

Summary 158


Chapter 7: TLOC Extension 159

Introduction 159

Configuring TLOCs by using CLI 160

Template Based TLOC Extension 162

Benefits of TLOC Extension 165


Chapter 8: BGP Routing in LAN 167

Introduction 167

BGP Configuration Using CLI 168

Feature Template Based BGP Configuration 168

Verification 171

Route Optimization 172

Centralize Policy for OMP Route Filtering 177

 

Chapter 9: Traffic Engineering 189

Introduction 189

Centralized Policy – Precedence 189

TLOC List Configuration 193

TLOC Control Policy Configuration 195

Applying Control Policy 199

Verification Control Policy Configuration 203

Feature Template – Precedence & Prefix 208

Route Control Policy Configuration 208

Feature Template – Precedence 214

Summary 215


Chapter 10: Application-Aware Routing 217

Introduction 217

Tunnel Health Monitoring 218

BFD Settings 218

Tunnel Switch-Over Process 220

Path Quality Monitoring 226

SLA-Class & Traffic Policy 226

Centralized Policy 230


Chapter 11: Direct Cloud Access 237

Introduction 237

Data Policy 238

Building Blocks 238

Configuration Data Prefix List 239

Configuration Data Policy 240

Applying the Data Policy to Centralized 244

Data Policy Verification 249

Zone-Based Firewall 252

Building Blocks 252

Configuration Zone Lists 253

Create Data Policy 254

Apply FW Policy to Device Template 260


Appendix A: Device Configurations 267




Posted by at

4 comments:

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)