Hello again,
Lately I have been working in my lab to create a Cisco SD-WAN deployment on top of Virtual Internet Routing Lab. I just completed the deployment and I wanted to share some screenshots and my impressions on the deployment of a Cisco SD-WAN fabric.
I chose to use the feature and device templates as much as possible in my deployment and relied very little on the CLI other than bootstrap operations required for the virtual environment. I wanted to understand the configuration through the feature templates and get a feel for how they could be used in day to day operations.
I have completed the deployment of 5 sites. HQ,DR,CHI,SJC, and an Internet/Services POP. I must say that it has all gone very smoothly. This is a very elegant solution in many ways. The more that I work with vManage, the more that I really like the power and visibility it gives you over the fabric.
Below is a view of the main Dashboard which has some great information. One of my favorites is the aggregated transport health for each transport cloud where you can choose to graph latency, loss, or jitter:
You can also expand that graph and dig in a bit, you can see that my “biz-internet” provider has more latency than my “mpls” provider:
This is the Map that places your devices based on statically set coordinates or GPS. You can also visualize the control and data plane connections for each node on this map:
Below is a view from the device template screen. I love that device templates are really just a combination of reusable feature template objects. At one point in the deployment I just copied my existing single site template when I was ready to add a dual site template. I changed the interface template to add VRRP, changed two variables and boom, done. Deployed the new template to both the primary and secondary router at the site and everything was pushed in about 30 seconds.
As you go to deploy templates or policies, you can preview the CLI based configuration. I like the warm/fuzzy I get from seeing the CLI, especially the built-in diff you can display before you deploy a template! That feedback gives you a lot of confidence that you are getting the results you expect.
Next image is the underlying VIRL topology in my lab. The vManage, vSmarts, and vBond are hosted on esxi, but the rest is running inside of this VIRL simulation. I am bridging the two together via the FLAT network connection on VIRL. I really like that I can introduce latency, loss, and jitter on the links in VIRL to simulate brownout conditions on the underlying transport. This allows me to test the App Aware routing capabilities by introducing problems that take my policy out of threshold.
The most difficult piece of the whole deployment is dealing with certificates. Most of that can be automated in a real world deployment and is not a concern. I was forced to use my own Root Certificate Authority due to the lab setting and I did not have much luck with the recommended TinyCA. Luckily, I already had a CA deployed on my Domain Controller. I just used OpenSSL to convert the .p7b cert files to .pem for installation on the vEdge, vSmart, vBond, and vManage.
That is all for now. I just wanted to share some of what I learned deploying Cisco SD-WAN in my lab. There is a definitely a ton more to discuss with this solution as I am just now scratching the surface on the policy capabilities. App Aware Routing, Arbitrary VPN topologies, Service-Insertion for FirePower :). There is much to test and learn…
Thanks, and see you next time folks!!
Packets Love Coffee!!! 