Cisco SD-WAN 007 - Templates Overview, Single vEdge Sites Setup and Deployment

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

how's it going everybody we're going to transition a little bit away from the routing componentry of sd-wan and focus more on the templatizing of the sd-wan solution so templates are not policies right it's not how we're going to control how sd-wan forwards traffic or dictates what goes on inside the network but it's a way for us to make it easier to deploy devices and easier to control them so uh there's some pros and cons to working with them so i've yeah there's there's a couple different types of templates but they cut the the main con that i found with the templates is that you can't batch changes together ahead of time so if you've got a number of changes you have to make so that depending on how your environment is laid out at least nothing that i've found anyway um i'm working with a slightly older version 18.4 so if something changed in maybe 19 or 20 and i'm not aware of it yet i haven't upgraded to those versions yet so but to my understanding when i've made a change to something you make a change and you have to update the template so when you go to a feature template which is used to configure devices individual features interfaces vpn system banner the ip addressing the routing all that type of stuff feature templates are called by a device template which is the parent object for the most part and feature templates are considered the child objects when you configure your child objects to basically tell the vh device what it's going to be doing you map that to a device template and then device the device template gets pushed to the device hence the device template but when you need to go in and make an adjustment to a feature template when you make that adjustment to that feature template you can't say i want to make an adjustment to feature template one three and six and then push right you're going to make it a adjustment to one then push then three then push then six then push so it's kind of that's the only con that i've really found and as i progressed through i found some things here and there that i wish were a little bit different but you know what i'm not in charge of the operations or the development so with that being said it's like okay like to take it for what it is um it's meant to help mass deployments if you have a very large solution or deployment you know several hundred v-edge devices this is an easy way for you to ma mask deploy changes instead of having to log into individual devices at a time or try to rely on like snmp or solarwinds config manager that would manually go out and do the push this probably could be automated somehow with like ansible or python and for those of you that are working in that stuff but i have not started ansible or python i'm not an automation person at all i'm i'm becoming less and less resistant to it as i've been playing with sd-wan i'm starting to see the power of it but i really wanted to dive into the individual technology first before i started diving into you know the automation components so let's talk a little bit about how the templates work i've described them at a high level but let's take this a little bit deeper the the idea is you first have the feature template the feature template i'll just put ft here it first calls the actual device that you're going to be working with because not every device is the same so you're going to call the device in this case here we're going to be using the v edge cloud you use the bh cloud or you sorry you select the bh cloud and then there's a number of templates that you're going to call from so and we'll take a look at the gui it'll make it much easier to break this down once you've configured your your template so you're going to have like a system template and a banner then you'll have your vpn then you'll have your vpn etc etc etc and then you're going to have a device template which we'll also call the edge cloud and then you're going to start taking the ban the system or the templates that you created the feature templates and you're gonna start calling them from different attributes with inside of the device template and then once all that's configured or i should say added then depending on how you configure the feature template you may have to manually populate a bunch of information into the feature template before you push it down to the the actual b edges and then once that happens you'll be able to go forward with your deployment and then convert from cli over to the manage and go from there so let's talk about this let's actually walk through the gui and take a look at how that works because it'll be a lot easier to try to explain than it will be to try to go that route so let's go to monitor and network and then we'll go back over to um dashboard and see if there's any updates okay so i still have one partial connection down i'm not sure why i've got did i you know what i wonder did i not do a vh5 if i show on vh5 let's do an admin admin showrunvpn 0. oh because i have this i have the interface there okay that's why and it's no shutdown okay so it's turned on so let me go ahead and i have restrict so let me go fix this real quick vpn 0 no or it should say interface ge 0 0 and shut down and commit that real quick and do show run vpn 0. what should end up happening now is the vpn g 0 0 is down so i should not be trying to form a connection over the top of it so the control should go to be up so that should fix that problem here momentarily okay cool so i just it just dawned on me what the problem was with that one so let's go ahead and go back to monitor and to network and we're going to see that go back to dashboard uh it'll it'll eventually update it'll take probably take you know a couple minutes for this to update but not that big of a deal so in order to work with this you're going to click on configuration and then templates and out of the gate you have none right there are some factory default templates but there are none created for you to use really so you have device templates you can create templates if you want to you have to obviously select the the device model you're going to work with and then you have to name it and all that type of stuff i'm going to go start on feature templates here you're going to say add template we're going to scroll down here to vh cloud select it as you can see we have a number of templates we can use we have you know basic information aaa bfd security omp system 100 vpn you got all the vpn options available to you to actually create the vpn itself create the interfaces that you're going to be tying so routed interfaces and then underneath other templates you have banner dhcp server ospf bgp so on and so forth so we're going to start off with the system template so i'm going to come in here and type in the edge underscore system template something very very obvious right we're going to copy and paste that into the description you must have a description so both the system name or template name and the description both must be populated now on the here in the middle you'll notice that um you've got a uh it says site or sorry system site id if you click down here you're gonna have this case here it's only the one but if you have global and you have device specific so if you plug in global you can plug in if you all have the same site which you shouldn't then you could plug in whatever value you want but you should have device specific and it'll be you enter the key you can say system site id i'm okay with that site system ip device specific there's only that one option now we come down here to time zone you'll notice that we have three different options you have global device specific in default default automatically will revert to utc but if i wanted to say device specific i could come in here and say system time zone so i'll go ahead and do that and that changes it from what it was to default of utc to system time zone so that means it'll be anything you see set up like this where you have something in brackets is something you have to populate when you go to push the configuration to the individual b edges so you'll have to populate the site id the system ip the time zone the host name all that type of stuff now the console baud rate is another one that you're going to have to specify and i'm going to say globally it's going to be 115 200. then you come down here a little bit further you have gps if you want to add that in tracker if you want to add in tracking and if you wanted to limit the connectivity you could do that as well so there's some options in here if you wanted to use it you could but we're not going to be taking advantage of any of this stuff right now at least for right now so i'm going to go click on save so now i've created my system template for my b edges and i'm good to go right the next thing i have to do is i have to create i'm going to create a banner choose vh cloud and i'm going to come down here to banner now one thing that i want you to pay attention to is that the when you're doing the cli part it's actually not too bad because you can pretty much create a little script inside a notepad and then edit whatever variables you need so templatize it and then paste it into the console and you're in good shape right that's pretty obvious when you're dealing with the cli it's pretty easy to get up and running and you can even have an entire script written in notepad just dump it into the box when you're good to go and everything should work relatively easily all that's well and great the problem with that is it's initially your your barrier to entry let me go ahead and just whiteboard this it'll be easier to draw than it is to use my hands initially with the cli you're going to be like this your your bell curve will be like this slowly and then eventually when you get to a large amount of devices you'll be way up here and then it might taper back up but it might stay up like this for an extended period of time right that's the cli variation with the with the temp oh that's a bad color let me go to let's go to green when i go to the template right my barrier to entry will actually be like this a lot of initial configuration at the beginning but then that will taper off and rather quickly will fade back out and then it'll be pretty easy it might have a little little blurb here and there but as you can see cli is easier to start with but more difficult to work with long term where with the template when you're dealing with a template you can create the template and then it's there right you can be you can call a template anytime you'd like you can um once you've got a template created you can call that from a device template maybe you've got 20 different devices you've got deployed in your sd-wan solution the cool thing is is you can have templates for every type of device and then all you have to do is keep them organized and then once you need to add say for instance you're going to add an is or 4k at one site but you're going to add an asr 1000 and another site you're going to do bh cloud and another another site so on and so forth you can take advantage of those areas and once you've built those templates it's just a matter of that's that particular device comes online and then you just basically once it's added to vmanage and it's onboarded and it's part of the fabric then it's nothing to just push a bunch of templates down to it and boom is configured right you're not having to spend a few hours trying to do this it's whatever time frame you need and as long as the device templates already been created for it it's just a matter of adding that device to that device template and then pushing the device template down to the device makes it very easy to work with so let's go ahead and continue our our layout here so i'm going to come in here and type in v edge banner template tend to like using this because it makes it easy very easy to understand what it is and then underneath here if you put in global and you type in uh authorized users only for example let me go ahead and get out of the way and then underneath the mess message of the day i'm going to do say for example device specific you have banner mltd you'd have to populate that field so we're going to say global for everybody we're going to type in welcome to the next gen of networking boom we're going to go ahead and click save so now i have two two templates created i'm going to go ahead and create continue on i'm going to be edge cloud with all of these that's the only device i have running currently now i've got the system and i've got the banner now i need to start adding vpns the very first one i'm going to add is vpn 0. so underneath here i am going to go ahead and say template name is going to be v edge underscore vpn 0 underscore template and then copy and paste this in and what i'm going to do is in the basic configuration get the only option i have is global so i'm going to type in zero and then if you wanted to you can create a name we're going to type in here device or globally we're going to type in transport vpn we're going to come down a little bit further and underneath vbn0 we're not going to do anything here because we don't need to because right now we're just trying to get the transport connect connectivity between the v edges where that's where we don't need to worry about that with omp because om remember omp is used on the service side of the v edge so vpn one vvn30 vpn 100 for example it's used to take vpn one routes that are learned interfaces connected routes static routes dynamic routes that type of stuff and propagate that over to this be smart then it'll push that down to other b edges down into that vpn until you have that bpm created it's not going to do anything so here you don't use omp and vpn 0. that's not what it's for now i'm going to create an ipv4 route and i'm going to create it's going to be a global route 0.0.0.0.0 and i'm going to specify the next top so i've already selected next top i'm going to come in here and click on add next hop i'm going to click on add next top one more time and then i'm going to say device specific so it says underneath here i'm going to say vpn 0 and then i'm going to type in g0-0 underscore next top ip address next stop ip i'll pull all this other stuff out this is all this extraneous information so it's going to say vpn 0 for gig 0 0 because you can't put a slash in here it's that is not an allowed character so you have to put a dash and click inside of there so it's uh vpn0 gig00 vpn next top ip so i'm going to go ahead and click on add and then add one more time and then you're in good shape so now we have that in there and i'm going to add another route and you might say why are you adding another route actually i'm sorry i don't need another route right now because when i when it comes time for me to transition to the service vpn i'll have to create a static route inside of the service vpn to point to the routers loopback addresses that are sitting behind the v edges i'm going to come down here a little further and i'm pretty much done there's nothing else that i really need to add in here i could add a service this is not a service vpn this is if you wanted to add in a firewall ips or some other type of service that you want to advertise to the rest of the network let's say you have a firewall sitting at a data center and you want to have all the traffic in the network point uh be sent to the data center to be inspected by the firewall and then to be sent back out over the sd-wan fabric to the remo to the destination network that it's going to the destination v edge well you can inject a firewall it's called service chaining so you can basically no matter where in the network you are you can basically tell sd-wan hey if you've got traffic coming into a v-edge device go ahead and point it towards the data center have a come across the lan or the the the the wan fabric internet and mpls to the data center pass it through the firewall send it back out the firewall back to the edge and then onto the destination v edge or the destination network pretty cool stuff we'll take a look at that in an upcoming video but we're going to say cancel there because we're not actually going to be doing servers but this is not a service bpn this is not a lan facing connection this is if you want to inject the capability into the service that isn't already there and i'm going to click on save so now i've got a vpn 0 template what i'm going to go do is i'm actually going to save or i'm going to click in here and i'm going to edit i'm sorry copy and i'm going to change this this is going to be vpn 512. 512 is going to be our out of band management vpn template and we need to have one if we don't have one created it will we could use the default one but i have ran into problems where it won't push correctly if we use the default one so what i got to come in here now and do is do an edit and i have to change this guy here to be 512 and then this guy right here will be mgmt and then i'll come down to the the default route and i'm just going to go ahead and get rid of it because i don't want a default route and click on update there we go now you might be like well didn't you say that for every feature template that you update you had to push the update down to the edges you're right i did but none of these feature templates are being called from a device template and there's no device templates currently being used by a device so until the feature template is tied to a device template that's actually applied to a device you don't need to worry about that i'm going to go ahead and add the next template which is going to be vh cloud again and this time it's going to be a vpn interface so this guy here i'm going to type in v v edge underscore vpn 0 underscore int g 0 0 underscore template copy and actually let me adjust that real quick int for interface g 0 0 copy and paste that in and then underneath here i'm going to check this down to be global and say no shutdown the interface name you have to specify something here which is going to be ge 0 0 and the description will be i'll say for this particular solution yours might vary but i'll just type in inet interface so we know what it is now there's ip addressing underneath here if we wanted to create a static ip we could which is what we're going to be doing and underneath here we're going to come in and say device specific so i'm going to type in underneath here vpn 0 and then underneath here is going to be i'll specify int underscore g 0-0 underscore so it's going to be vpn 0 interface g 0 0 let me go ahead and edit that one more time i got one too many underscores in there ipb4 address perfect so then i don't have to type in the ip address here i'll have to type it in later and then will this be a tunnel interface will i have a tunnel coming over the top of it the answer to that is yes i will so i'm going to check this and go to global turn this on and then i need to specify the color so underneath here i'll say global and i'll choose public internet restrict i'll turn that to global and turn that on and then that's what i need to do now if i had the edges that were singly connected so like for example i have vh5 which is connected to mpls only i will create a bunch of mpls only templates so that i can push specific data to him so if you've got a mishmash of connections you're going to want to create templates that map to the individual devices that map that so if you only have one device that does that then you're only going to have one set of templates for that particular device but if you scale that solution so add more and more v edges to the mpls service but not internet as well then you would just simply start adding you push that mpls only template down to your mpls only connection v edge and you'll be in good shape and beyond that there's a bunch of other stuff in here uh you do have to allow service you do have to set this to global and click on and all that good stuff we're not turning on that we're not turning on vrp we're not doing any acl or qos right now and we're not doing rpg 2.1x or any advanced capabilities down here i'm going to go ahead and click on save now here's the cool part about doing the templates the first time i played with this stuff i had to be honest with you it was just like wow this is a lot of leg work like i watched i was watching videos and i was reading the documentation this seems like it's going to be painful but because i was doing it one at a time so to speed this process up you can actually click on here and go to copy again and then you just swap out the some information right here and right here click on copy and now it's been updated now it's geek zero slash one then we come in here and edit and then we just swap out the information and here we just say gig gig 1 and this will be the mpls interface like that and then we come down here we edit this device specific this will be g01 uh actually it didn't work quite the way i wanted it to there we go uh in gig 0-1 and the color will not be public internet it will be mpls restrict is still on allow services all and none of the other details need to be associated i'm going to click on update and there we go so now i've created my vpn 0 template and my interfaces that are going to go inside of that i need to create one more template for bpm512 i'm gonna click on add and vh cloud vpn interface this will be vpn i'm sorry the edge underscore vpn 5 12 underscore int underscore eth 0 copy and paste that in and then it's going to say shutdown it will be yes static ip address we're going to say default is fine no tunnel interface and i'm good to go i can just click on save uh what did i miss oh the interface name is going to be eth0 and then save there we go so now we have so right now as it sits right now we're going to actually go back to where we were before so now you might say okay what about you've got the let me go ahead and get this out of the way real quick so you've got the you've got vh5 right you've got vh5 you've got vh4 3 1 and 2. where are you connecting this particular template that you're building okay so where i'm connecting the template i'm building currently is i'm going to be associating this to vh3 and vh4 okay i will be creating a new set of templates basically copying and pasting what i have for these guys right here but i'll be renaming them and i'll say dual v edge sites so right now we just got a these guys right now i should have probably named them single v edge and then having another set of templates called dual v edge sights so i don't want to push this template down to everybody because i will be it because if you start messing with templates at the feature template after something's been pushed again you're gonna have to update that template to every site that it needs to go to where if i create up your site specific so if you have sites where there's only a single v edge obviously and they're pretty much the same configs you can create a set of templates that map to a specific specific device template so i'll have a device template actually i'll name the device template single uh v edge single uh the edge single device template and then i'll have another one v edge dual device template and then i'll start adding the v edge templates to it that need to be associated so it'll it'll make it'll make sense more sense when i get that far but right now i'm just focusing on the one because i still have i don't have a lot more to configure but you'll also notice that in vpn 0 i also have bgp so i need to go and do that one now so let's go ahead and add template for vh cloud and we're going to click on down here bgp and i need to come in here v edge be vpn 0 underscore bgp template copy and paste and i'm going to specify that shutdown will be global will be no the as number will be specific to the device which is fine bgpas number and i'm going to come down here to the network command i'm not going to redistribute anything right now i'm just going to advertise and i'm going to add a new network statement and underneath here i'm going to say device specific and it says it's a long profile bgp network address prefix it's i'm going to just say remove some of this extraneous command address and prefix are pretty much the same thing bgp network prefix network network see again just extraneous commands why things are set up that way i don't know try to similar simplify it where you can and you want to mark this as optional if you don't have a site connected that has mpls then yes you would want to disconnect that if it i'll click on mark optional um but i'll go ahead and add it anyway and the neighbor we're going to add a neighbor and again this will be address will be device specific and we'll choose that and then the remote as this will be global and i'll put in 100 because everybody's going to be connected to the same remote as for the address family i'm going to say global and turn it on and we're going to choose the ipv4 unicast and we're not going to be doing anything fancy but at some point in the future not with vpn 0 but with other vpns that we create especially at the hq site so site 12 we'll go through and we'll do some internal land routing with bgp just show you guys how that works and we'll be taking a look at the route policies that'll come into play let's actually minimize this guy because i don't need any of this stuff on at the moment and don't forget to add this because right now we've got the bgp neighbor address we've got the remote as number and the unicast connection is on we've got the route prefix we're going to click on add that so that it does add and then we'll come down there's nothing more for us to work in here we'll click on save all right so now we've got that going for us we have bgp so now i'm pretty comfortable saying that all the templates that we need to create are created now what we'll have to do is go through and tie these templates to a device template so let's go to device we're going to create one from feature template choose vhcloud from the drop down and the template's going to be the edge single device template copy and paste so now here's the here's the fun part now you get to come down here in the system just click drop down if you've created a template for it it'll populate let's go a little bit more for transport vpn 0 create the vpn 0 1 and then down here gig 0 0 and then if you need to add one just click the bpn interface and then gig zero one there we go bpm512 bpm512 template add a vpn interface and call each zero from there we're not adding a service vpn so if we wanted to we could create a service vpn here this is where we would actually if we wanted to create a service vpn and push it through the template this is and this would actually be a lan facing interface this is not the same thing as the um if you want to add a firewall that's in that's separate from this same look and feel but different type of thing so anything except vpn0 and vpnp 12. um we have the banner template we're going to add that and we're in good shape so i'm going to go ahead and say create give that a couple seconds to do its thing and now we have that added now we need to go ahead and attach devices so i'm going to add 3 and 4 respectively because then i'll add 2 at a separate time i'll go ahead and walk you guys through how to do a dual device and then mpls only so i'm going to click on add those two click on attach now they're attaching so now i need to come in here and i can either populate these fields this way and then drag it right or i can simply click on here and click on edit device template and then populate these fields so in this thing here we got america and i'm just going to choose i'll choose chicago for these two the address for gig zero zero is next top in this particular case will be for this guy will be 192.1.3.1 the vpn 0g01 interface will be 172.31.13.2 24. the gig zero zero will be 192.1.3.2 24. the host name will be v edge 3 the system ip will be 10.3.0.1 and then this site id will be 3. i'm going to click on update and then i'm going to do the same thing for this guy edit device template and then underneath here it'll be 192.1 underneath g 0 1 be 172.31.4 14 dot 2 24 and then 192.1.4.2 24. and then time zone will be america and chicago wherever that's hiding it could be anything else too it doesn't really matter host name will be v edge four the system ip will be 10.4.0.1 and then the site id will be four and click on update okay so now i'm gonna click on next and now this is the conf you can actually check the config before you push it i'm gonna wait for that to finish loading usually takes a couple seconds for it to do its thing and i'm gonna click on config diff and here we're gonna we're adding the clock time zone of america chicago we're adding the banner and then we are removing the router bgp config that seems weird why would i be doing that oh i know what i mean i made a mistake okay so i'm glad i caught that before it got any further so let's let's go so that's a mistake i made so click on templates and click on device template we're going to go ahead and hear an edit i did not add the bgp template so that's my bad so i'm going to click on bgp and bgp we're going to add the bgp template i thought that was a little weird and i'm going to click on update and then we're going to go ahead and attach devices and then three and four again attach all right so i'm going to click over here edit device template there we go that's a little better so next top for g zero star zero will be uh 192.1.3.1 this will be 172.31.13.2 24. this will be 192.1. 24. the bgpas number will be 65003. the network prefix here will be 172.31.13.0624. if it says optional you don't actually have to populate it it'd be like well maybe this site doesn't have it so you don't have to worry about it but in this case here we do so we're going to populate it the bgp neighbor address will be 172.31.13.1 the time zone will be america and i believe adac is in alaska but don't quote me on that and then host name will be b edge three system ipv10.10.3.0.1 side id will be 3. click on update and do the same thing for vh4 add a device template 192.1.4.1 we have 172.31.14.2 24. and then we have 192.1.4.2 24. bgpas number 65004 uh 172.31.14.0.24 the neighbor address will be 172.31.14.1 time zone is america come down to chicago again actually let's do uh didn't know dawson creek was a real place denver and then we'll display we'll say that the edge 4 the system ip is 10.4.0.1 and the site id is 4. click on update and we'll say next and we'll do that same thing again so close that out come in here and then wait for it to do its thing this usually takes a couple seconds for it to populate as you previously saw but i'm glad you guys got to watch me do that so now if we scroll through here again we can see that bgp is you can see that the vpn one interface is going away and we noticed that bgp didn't get bothered right bgp is the only thing we're removing is the timers element we don't care about that and then we're adding a description returning taking away dhcp the mtu adding a description we're removing vpn one which is no big deal we're shutting down the vpn 512 interface we're adding the name of management to it and that's the same thing with the edge 4. i'm going to go ahead and click on configure devices and click on that and click on ok and now it's going to go ahead and push so i'm going to hit the refresh button expand this out and then it's a the hurry up and wait game so i'm going to pause until this is done this usually takes a couple of minutes and then once we're done we'll go ahead and bring you guys back in okay so the push was good so if we go back over here to devices you can see that vmanage is the mode so it's no longer cli it's vmanage and if we click on the templates we can see that they're good to go so if we pull up the command line and we bring this guy over let's go ahead and minimize this guy bring this guy over let me scoot this over so we don't need to be quite that big uh let's look at vh3 he's right here admin and then admin and we look at the show run we can see that everything's looking good here we have the transport going on everything looks good there if we do a show ip route we're not going to see anything because we're not receiving any routes but if we look at the show control connections we are online which is what we want to see if we do a show bfd sessions we are online everything's looking pretty good if we do a show ipsec outbound connections we should have a couple connections going out which we do we have a number of them so far as i'm concerned the device templates that we created and i'm sorry the feature templates are recreated and tied to the device template they're working just the way we want to so what i'm going to go do in the next video is i'm going to i've got three and four added to a single device template i'm going to go ahead and basically copy a lot of the stuff they've got going on and i'm going to copy those rename them and then create vh2's templates create a vh2 device template push that config and depending on how long that takes me if it's under 15 20 minutes then we'll do vh5 we'll go ahead and do him as a mpls only connection so that's the next video so that we can get all that squared away um templates are important because they pretty much are how we're going to do everything a lot of the policies will be using templates to push and stuff like that for the localized stuff uh centralized not so much but we'll take a look at those details when we get there until next time guys thanks so much for stopping by and hanging out with me and i will catch all of you in the next video

Info

Channel: Rob Riker's Tech Channel

Views: 5,464

Rating: undefined out of 5

Keywords: cisco, sd-wan, sd, wan, software defined, wide area network, templates, device, feature, deploy, manage, operate, configuration

Id: _AO-71qO8aA

Channel Id: undefined

Length: 40min 36sec (2436 seconds)

Published: Tue Sep 22 2020