Cisco SD-WAN: Enhancing Intelligent Routing with ThousandEyes

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello my name is aaron and i'm a technical marketing engineer on cisco's sqn product team and in today's video we're going to take a quick look at how you can enhance sd-wan intelligence by leveraging cisco thousand eyes now for those that don't know cisco acquired thousand eyes in august of 2020 in order to enhance visibility and monitoring across all products what's unique about the thousandized solution is the fact that it enables organizations to visualize both network and application telemetry now we're already somewhat familiar with this level of visibility as it relates to sd-wan because this is similar to the data that vmanage and v analytics provide us where thousand eyes takes it a step further however is that it allows organizations to harvest this telemetry from within the sd-wan overlay as well as from the networks underneath the sd-wan overlay where vmanage and v-analytics don't typically have visibility now this video isn't a deep dive on the thousand i solution nor does it do justice to his capabilities rather our focus here is how sd-wan can harness this newfound power to make more informed decisions so stay tuned and be sure to subscribe if you want more on thousand eyes with that let's dig into the integration now we all know that cisco sd-wan measures lost latency and jitter across the network this is a cornerstone to intelligent routing but this is only part of the picture you see sometimes the network can look good but the application being accessed is performing badly as network engineers how many times have you had to troubleshoot a problem that manifests as a network issue but really the problem resided within the application itself or within the hosting infrastructure for this we need real-time application telemetry being able to analyze both network telemetry and application telemetry gives us new perspectives when determining how best to solve problems now you may say why not use a feature like cloud onramp for sas to measure these layer 7 attributes and you'd be right cloud9s does indeed support layer 7 telemetry to and from cloud-based sas applications and with features like o365 telemetry enhancements we can even ingest application performance into our decision making but what if we could go deeper not just with telemetry but being able to test all aspects of an application regardless of where it sits then make decisions on the network based on how it's performing this is where thousand eyes comes into the picture and by deploying probes around your organization thousand eyes can be configured to periodically measure how applications are performing from inside and outside your fabric these probes can be deployed within your network infrastructure such as within the sd-wan router itself or as a service on your users machines in the future vmanage can be used to orchestrate the deployment of these probes to further reduce operational burden you can use this telemetry to offer insights into how your sd-wan policies are performing for troubleshooting or in our case here to remediate perceived issues let's assume that one of our branches san francisco in this case has users that are accessing google docs under normal circumstances sd-wan would send this traffic via the site's nearest aggregation point a co-location facility to reach the internet now in the absence of cloud onramp for sas how would we know that this is the best path sd-wan believes that it is based on configured policy and computed metrics to the co-location but after it leaves the sd-wan fabric we lose all visibility after deploying a thousand i's probe at the branch we notice that this application is incurring significant loss across this path user experience could be approved for this branch if we simply allow this traffic to escape locally rather than by the co-location with these new metrics thousand eyes can trigger a notification to our integration host which executes an api call to vmanage that invokes a path change so let's take a closer look at how this can be accomplished to make this integration work you'll need to spin up an integration host that will facilitate the transaction between thousand eyes and your v manage this host should be reachable from the thousand eyes dashboard but should also have reachability to your vmanage in order to execute api calls in our case we created a ubuntu server that sits in our data center this host will listen for requests from thousand eyes then via python translate those notifications into rest api calls for remediation you can download the script we created for this exercise along with instructions on setting up your integration host here but more on this in just a moment first let's configure our test within thousand eyes from the test settings screen we'll choose network then target docs.google.com using tcp port 443 the test can be executed from all probes or ones that you specify here we'll execute the test from our san francisco probe since it sits adjacent to our branch users next we need to configure the alert rule which specifies the thresholds we want to observe for notifications we'll select network as the alert type then specify the test we created in the previous step you can specify which probes this rule can generate notifications for as well again here we'll select the san francisco probe the alert conditions will be set to trigger after the probe sees greater than five percent loss when executing the test lastly we need to configure the web hook notification this is where the magic happens here we point the web hook notification at our integration host on port 5500 but you could use any port next you'll need to deploy the python script you downloaded previously on the integration host i'm going to let my good friend say show you that piece thank you aaron now let's have a look at the script which we will be running on the integration host the script has a username and password defined as part of this highlighted section and the username and password is used by the webhook server and we would configure this username and password as part of the webhook notifications setup configuration on the thousand eyes dashboard script has a function called policy activation which when triggered would process the we manage login credentials and the ip address and port details and activate the centralized control policy global policy v4 using the vmanage api calls now let's have a look at how to define the config details ml file this particular ml file has to be follow this particular syntax that i'm highlighting on the screen and using this we provide the we manage login credentials and the access details to the script once we have this file defined we can go to ubuntu host or a linux machine where we are running this particular python script and activate the virtual environment and install the requirements that are needed by the specific script various python packages that we will be using in order to automate the policy change using api calls in my case all the requirements were already installed so that's why we would see that requirement already satisfied message once we have the requirements installed we can go ahead and run the sd-wan t integration script that's part of the github repository once we have this particular script up and running you'll start seeing a webhook server which is listening on a port 5500 for the webhook messages whenever this particular webwork server receives a message from the thousand eyes dashboard it triggers the respective api calls to be managed to change the policy to enable the direct internet access for a specific site with that i'll hand it over to you taro thank you sai all that's left to do now is test now before we begin let's see the path visualization for the current path that our google docs traffic is taking as you can see the traffic is back all to our co-location where it makes its way out to google notice how thousand ice has already picked up on abnormal latency that exists beyond the co-location after a few moments thousand eyes notices that lost exists on the path to google docs you can see the webhook trigger enter our ubuntu host where the python script then triggers policy activation against vmanage let's head back to the thousand ice dashboard to visualize what happened after the latest batch of testing is rolled up into the gui you can clearly see how loss spiked the path changed to dia was invoked and loss in latency almost immediately started calming down now obviously this is a simple example of how we can use thousand eyes to invoke policy changes in your estimate fabric but hopefully this gets you thinking about the level of intelligence that you can add to sd-wan that's far beyond the norm i'd like to thank you for spending some time with me today to discuss thousand eyes and cisco sd-wan stay tuned like and subscribe for more on thousand eyes and the latest on cisco sd-wan

Info

Channel: Cisco SD-WAN and Cloud Networking

Views: 1,576

Rating: undefined out of 5

Keywords:

Id: K8_KNpRsnIg

Channel Id: undefined

Length: 8min 37sec (517 seconds)

Published: Fri Apr 16 2021