Cisco SD-WAN 004 - Onboarding vEdges to the Controllers

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
how's it going everybody in this video we're going to continue our sd-wan series by actually bringing up the v edges yay so this process is actually kind of involved there's a lot of little steps that you have to go through in order for this to work so we're going to walk through them step by step uh the first couple i'm suspecting the first couple will go a little slower than the last few so there's five i have to do i'm gonna do all five and i'll do them in order get them all up and running so you guys can see what that looks like but there are a number of steps that we have to go through in order to do that so um having those steps laid out is i've pretty much memorized it because i've only done it like 50 times in the past couple of weeks so i'm pretty comfortable with the flow by now so uh so yeah that's where we're gonna that's what we're gonna do in this video get them all up and running and then get them added to be managed and v bond and set up the omp peering and stuff like that so you'll actually start to see some of this stuff come to life because right now we just got the controllers up and running and that's just like meh it's whatever but the real power of sd-wan doesn't come into play until you get the v-ages online and start actually working with it so it's actually pretty cool stuff so i'm gonna go ahead and get out of the way and i'm gonna go ahead and begin the config of bringing these guys up because there's a number of steps that we have to go through so i'm going to um i'm going to automate this once we get the first one done so we can speed the process up but for the most part it's going to be a lot of repetitive config so we're going to go admin and then admin and go to global config and it's going to be the same system config that you've seen before so system the the host name is going to be av edge and this one's going to be edge one the site id will be 12 because we're dealing with this bigger site over here on the left the system ip here will be 10.12.0.1 the v bond ip will be 223.1.1.11 and the organization will be lab you don't really have to do anything else if you don't want to that's this is that's fine so i'm going to go ahead and commit that config and next thing i'm going to do is set up a vpn 0. so vpn 0 again iprout i'm going to create a single default route that's going to point out towards the internet right here so ip route is going to be zero to zero to zero to zero four slash zero to 192.1.1.1 okay pretty straightforward stuff and then interface ge zero zero i p address of 192.1.1.2 24. i'm gonna no shut that interface and then underneath here i'm gonna type in tunnel interface underneath here is gonna be encapsulation is going to be ipsec and we're going to allow service all okay i'm going to exit out and exit out again and interface ge 0 1 ip address here will be 172.30 24. i'm gonna no shut that guy and then tunnel interface encapsulation is going to be ipsec and then allow service all okay that's basically the initial config so i'm gonna do a show config that's gonna be all of the syntax we need to throw in for that particular device i'm gonna go ahead and i'm gonna commit that config oh and okay so that's one thing i forgot to mention so what we have to do is underneath interface ge 0 0 tunnel interface we're going to specify the color is going to be public internet i'm going to come up here to ge01 tunnel interface and then the color is going to be mpls so i'm going to go ahead and commit that now what does that actually mean think of a color a color is a way to to provide designation between different transports that's literally all it is there's nothing to do with like qos or prioritization or anything like that it simply has something to do it can be tied to those things but it's simply a way to differentiate between multiple transports so you could have multiple transports plugged into a single v edge and then you could send traffic you know via public internet biz internet whatever the case might be so by doing it this way i'm allowing basically enabling the ability to define who uh where traffic goes and that type of stuff but it's a way to define what the transport actually is so by using the color i can differentiate public internet from private lan so for example if i had 4g lte or some other type of service i could designate it as such there's a number of colors that you can use as a matter of fact you can use color and then you can use a bunch of them you've got uh 3g biz internet blue bronze etc then you get down here you got um private three lte metro ethernet mpls public internet red custom one two three whatever the case might be you've got uh all that stuff working out for you so i'm going to go ahead and i'm going to commit that config no changes to commit i'm going to go ahead and exit out or jump out of the video i'm going to jump out of here and i'm going to do show run vpn 0. i'm going to take a number of these lines of config and i'm going to dump them into here so in this case here it's going to be the edge 1 and it's going to be 10.12.0.1 site id will be 12 and that the b bond will be uh did i make a mistake on that be smart show run system i don't think i put in 12 no i that's it's right that's supposed to be 11. and then i'll grab the config from the edge one and i will pretty much take this copy it all in but i'll concatenate it a little bit in other words clean up the config i'm going to do this and then what i'll do is i will bring all this up to here to where it says allow service all and i'll schwack all that and same thing here like that there we go so that's pretty much the minimum config that you need to have we have our ge zero zero interface which is going to be your public internet and then we have ge 0 1 which will be color mpls no shutdown on both of them we have our default route so now i can take this config and dump it into the other boxes but right now i'm not too terribly concerned with that i've committed a config let's make sure on that yep the first thing i have to do is i have to go in and download the certificate from the ca server now one of the things that i have to do initially is on the inet router go up here to global config or on the inet router is do a show ip route and verify that i have a default route or a route two two two three one one one zero and i do so i should be able to ping 192.1.20.2 i can ping that which is what i want to see on v edge one i'm going to do the same thing i did on the controllers request download tftp colon four slash four slash two two three dot 1.1.13 forward slash pki dot ca give that a couple seconds it looks like it worked there we go timed out let me make sure ping 223.1.1.13 let me make sure that the config is working the way it looks like it's sort of working oh you know what i don't have a default route on here so let me go back to the switch show ip or show ip route oh that's because i don't have a default route that's my mistake so i p route to 192.1.20.1 do right so now i should be good let me go ahead and do this one more time from the v edge try to ping that again and now the ping works so now if i try to run that command again i should have no problem downloading it which i don't so now go back to the edge one and then i'll request root certificate chain install home admin and then pki.ca all right easy enough so what i'm going to do is i'm literally going to start taking some of these commands out right here i'm going to basically grab these two lines of config right there i'm going to paste them like so so that i know what commands i have to type in and then i've got the install working the way that i needed to the next thing for me to do is to generate the certificate signing request so type in request csr upload to home admin and then csr.txt when i do this i'm going to be prompted for the organization name so it's going to be lab and lab enter key and then the csr will get generated so i'm going to take this command right here request csr upload right there paste that in so like so and then it's going to be lab lab so you're kind of pre-scripting it if you will and then now what i have to do is i have to type in v-shell and then if i do a ls you'll see that the csr.txt is there if i type in more csr.txt that's going to show me the csr so i'm going to grab the csr right here no really no different than what we did on the v edge or the b bond or the sorry b manage to be smart b bond except for instead of seeing it in the gui and copying it out of the gui and going to the cli to submit it and then get a granted certificate back we're doing everything from the cli so we're gonna we have that process we're gonna go down here hit the enter key a couple times and crypto pki server pki request pkcs10 via the terminal and then paste that information in like so hit the enter key and type in quit and then after a couple of moments we should get a generated certificate i should say granted certificate now to generate a generated granted certificate there we go so now we're underneath here now we need to actually paste the output into a file so we're going to type in cat so we're going to basically tell the edge device to create a file so we're going to do greater than sign greater than sign less than sign sorry um and then we're going to do a quote quote or yeah quote quote um and then it's going to be close greater than sign so less than sign less than sign quote quote space greater than sign space c e r t c e rt.txt and then we're going to paste the contents of our clipboard into the cli hit the enter key a couple times and then we're good to go and then we're going to type in exit and then we're going to type in request certificate install home admin and then cert.txt if i've done everything correctly there it goes now we've now we're good to go we've just installed the certificate so now we're going to type in show certificate serial and hit the enter key and now we've got our our chassis number and we have our serial number so i'm going to come back over here to v manage i'm going to type in request the edge add chassis number paste that in and then i'm going to say serial number and then look at the edge one and it's zero five so i'm gonna type in zero five hit the enter key i'm gonna grab all this right here and go to the v bond paste that in as well now that i've added that i should be able to go back over here to the manage and then on devices we can see vh cloud was added and then after a short period of time via site id 12 is there if i look at the certificates i can see the certificate is good and we're squared away now the next thing to do is click on the send to controllers so i'm going to send to controllers and that's going to push the v edge list the wan list down to the controllers so that the v smart will see it so if we type in show control connections eventually we should have a control connection set up to the v edge and there's the b edge the edge is now there it just came up and if we do a show omp appears we should have a connection to the edge one which we do which is what we want to have so now i'm going to repeat the process on two three four and five again it's a little it's a repetitive process but at this point in time let me go back to the edge one there's this command right here some things you can't pre-script and for those things that can't be pre-scripted we can well let me go ahead and grab some of these other commands that we can use grab all this and so we have we type in v shell and then we type in more csr.txt and then we type in that command right there so we can paste in the contents and then we install so this is basically the workflow that we need to have in play so if we go over to vh2 let's go ahead and kind of in this case here it's kind of a template so this will be v edge two we're going to go ahead and dot two we're gonna say that this is let me go ahead and minimize this guy and move this over so this will be 192.1.2.2 for ge0 it'll be 12 172 31 12.2 for the mpls connection it'll be 1.2.1 for the internet and then everything else is pretty much the same so we're literally able to copy all this into vh2 let me go ahead and log in real quick and paste all this information in as such and commit it all right so now we've got that let's go ahead and ping 223.1.1.13 excellent so now it's going to be a matter of coming back here and doing the the install so let's go ahead and execute those commands so that worked let's go ahead and internal error okay so okay so now we're gonna go ahead and install the certificate which is what we want and then i'm gonna go grab this command here and let's actually try with this i don't know if it's actually gonna work copy that and then paste it in it looks like it worked excellent so it just goes way faster when you do it that way and then we're going to go [Music] we'll type in v shell ls more csr.txt there it is and grab all this go back to the ca and then it's going to be a crypto pki server pki request pkcs10 terminal paste that in enter key and then quit there's our generated certificate let me grab all that bring it back over here to the edge and it's going to be that cat less than sign less than sign quote quote greater than sign cert.txt paste it in and enter key exit and then request certificate install home admin cert.txt and then show certificate serial so now we're going to be zero six so i'll just basically take this information right here request the edge add chassis number and then the chassis number here and then serial number zero six enter key grab all that go back to v bond paste that in pull up our config here and then let's actually go to certificates and then after a couple seconds we should see might take it a couple of a moment or so for there it goes so if you don't see it right away be patient it does take a couple seconds for it to load there it is and then we can go ahead and send the controllers so there we have it and excellent so now if we go to i really like to check the be smart show control connections and then after a moment or so we should have a second v edge uh omp piers we should have again it might take some there it goes there we are so we're good to go now and we're in good shape um so the remainder of it is literally going to be the same thing it's going to be bh 3 4 and 5 and through that so i don't see the need to really i know i mentioned i was going to do the repetitiveness but it's taking takes a while to get this working so it's just a lot of repetitive tasks so i'm going to pause the video until we're 100 complete and then i'll bring you guys back in and we'll validate that everything's working the way that it needs to so i'm going to go ahead and do that all right i was able to get the first four v edges online but the fifth v edge is kind of a unique bird it's only got a connection to the mpls cloud and not to the internet so a traditional deployment won't actually work here so it's going to be kind of a hybrid way of deploying it but that's okay for right now i'm going to go ahead and pull up v manage and i'm going to go back to devices and we should have all four v edges up and running we go to certificates all of them are showing up as well if we go to v manage and we do a show this is why i don't use show control connections we should have a bunch of vh connections we should have four of them up currently which we do if we jump on v bond and we do a show orchestrator connections we should have a number of connections to the edges as well and if we go to be smart and log back in we should show a bunch of omp piers as well four of them doesn't matter oh you know why because i haven't pushed the certificates down to the the controllers yet that's why we don't see those show up showing up yet because i hadn't done that yet so just to show you you could add a bunch of devices in mass if you wanted to and then after a couple of minutes we should start to see these guys show up all four of them we should see 10.3.0.1 and 10.4.0.1 here momentarily once the connections come online and everybody's happy so this might take a little longer than there's the first one and there's the second one excellent so well it's now we're up okay cool so we have all of our devices are now associated that we need to have squared away so i'm going to hold off on vh5 because i plan on walking you guys through how to bring up the secondary transport because right now we've only done a single transport right now we've only done the internet transport right so anything that connects to the internet cloud as our main transport or i should say our internet transport that's all we brought up in terms of the operations so this vh5 who is attached to the mpls cloud he'll come up in the next video because that's where i'm going to go through and walk you guys through how that process works and then once we have that all squared away we're going to start to see issues start to pro crop up inside of vmanage let me go ahead and show you what i mean by that we come back over here and we click on the dashboard tab and what you're going to see is it's kind of a mixed bag of connectivity right we're so we're we're sort of working sort of not you can see stuff is starting to come together and we have everything squared away so if i pull up the the command line and i bring this down just a little bit right and i click on say vh1 and i log back in you can see that at full lane connectivity three sites which means that i can talk to the other three sites so i can talk to from v edge1 i can talk to the sites 3 and 4. so if i do a show bfd sessions i should have connections going out to 3 and 4 which i do and if i do a show ipsec outbound connections i should have a number of connections going out i should have two of them one going to site three one going to site four which is what i have eventually this partial will go to control up so i'll have five total once we're all squared away or i should say it should be it'll be four total because or five yeah it'll be five total but um this eventually will go to five but right now we've only got a single transport operational the transport that we have operational is just internet because in the next video i'll go through and i'll walk you guys through how to set up the bgb peering inside of vpn0 so that we can get that process done and then we'll be able to add vh5 because then we need to set up bgp on the course on the dc switch in order to get it operational because there are going to be certain times when you're only going to have one transport type connected to a v edge and this is one of those scenarios where you only have one connected and that's basically what you need to work with so we'll take care of that in the next video beyond that that is how you set up the edges inside of viptela this is a completely on-prem solution as you can probably tell so until next time guys thanks so much for stopping by and i'll catch you guys in the next video
Info
Channel: Rob Riker's Tech Channel
Views: 9,789
Rating: undefined out of 5
Keywords:
Id: v8zmmXEc758
Channel Id: undefined
Length: 24min 40sec (1480 seconds)
Published: Sat Sep 19 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.