So, I have to stat preparation for CCIE Enterprise Infrastructure instead of CCIE R&S.
https://learningnetwork.cisco.com/docs/DOC-36509
This article will be focused on my main installation steps and troubleshooting experience of Cisco SD-WAN (vManage, vBond, vSmart, vEdge) Software. Going to use version 19.3
- viptela-smart-19.3.0-genericx86-64.ova
2: Deploy vManager OVA on ESXi.
2.1 When I try to login to the console usind admin/admin and password changed, I have error that no storage available and VM must be powered off. So, had to cheate additional disk 100Gb for vManage database.
2.2 Also had to add additional vNICs for the management interface and for the message bus.
2.3 Corfigure IP to have WEB access:
config
(config)# vpn 512
(config)# ip route prefix/length next-hop-ip-address
(config-vpn-512)# interface eth0
(config-interface-eth0)# ip address ip-address
(config-interface-eth0)# no shutdown
(config-interface-eth0)# commit
Issues I had: eth0 should be deleted under vpn 0 first.
2.4: Configure the address of the vBond orchestrator In vManage NMS: Select the Administration ► Settings screen ► Edit vBond.
- Default port is 12346.
2.5: Create Template In vManage NMS: Select the Configuration ► Templates screen ► Create Template ► From Feature Template.
-
From the Device Model drop-down, select vManage and enter a name for the device template and descryption.
- I had to create next custom templates: vManagerAAATemplate,
vManagerSystemTemplate, vManagerVPN0Template, vManagerVPN512Template
2.6: Attach vManager to the cheated template clicking the More Actions icon to the right of the row, and select Attach Devices.
- We have to assign manually Hostname, System IP, Site ID.
Note: Push telmplate option was unsuccessful for me with error (Failed to publish the task on message bus), will leave it for now and going to configure the vManager with CLI:
system
host-name vManage01
system-ip 10.3.53.110
site-id 200
organization-name "Cisco"
vbond 10.3.54.111
vpn 0
interface eth1
ip address 10.3.54.110/24
tunnel-interface
color public-internet
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
allow-service netconf
no allow-service ntp
no allow-service stun
allow-service https
!
no shutdown
ip route 0.0.0.0/0 10.3.54.254
!
vpn 512
interface eth0
ip 10.3.53.110/24
no shutdown
ip route 0.0.0.0/0 10.3.53.254
2.7: Configure Organisation Name in vManage NMS. Select the Administration ► Settings screen ► Organization Name.
2.8: Configure vBond IP address.
2.9: Configure Cetrificate. Select the Administration ► Settings screen ► Controller Certificate Authorisation (Set to MANUAL)
Note: for lab purposes we will use the vManage as the root certificate authority.
vshell
openssl genrsa -out ROOTCA.key 2048
openssl req -x509 -new -nodes -key ROOTCA.key -sha256 -days 1024 \
-subj "/C=AU/ST=VIC/L=VIC/O=Cisco/CN=vmanage.lab" -out ROOTCA.pem
exit
request root-cert-chain install /home/admin/ROOTCA.pem
Next step is to generate CSR: Go to Configuration ► Certificates ► Controllers ► vManage ► Generate CSR
Create file vmanage.csr on the vmanager with CSR we got and sign the vmanage.csr file with the ROOTCA.key:
vshell
vim vmanage.csropenssl x509 -req -in vmanage.csr \
-CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial \ -out vmanage.crt -days 500 -sha256
View and install certificate:
cat vmanage.crt
install certificate going to Configuration ► Certificates ► Controllers ► Install Certificate
Note: The ROOTCA.pem certificate will need to be installed manually on all the devices in the fabric.
3: Deploy vBond Orchestrator from viptela-edge-19.3.0-genericx86-64.ova and make initial configuration
vBond#config vBond(config)#
vBond(config)#system host-name hostnamevBond(config-system)#system-ip ip-address
vBond(config-system)#vbond ip-address local
vBond(config-system)#upgrade-confirm minutes
vBond(config)#vpn 0 interface interface-name
vBond(config-interface)#ip address ipv4-prefix/length
vBond(config-interface)#no shutdown
vBond(config)#vpn 512 interface interface-name
vBond(config-interface)#ip address ipv4-prefix/length
vBond(config-interface)#no shutdown
3.1 Add vBond into the vManage via Configuration ► Devices screen ► Controllers tab ► Add Controller ► select vBond.
Note: vManager will communicate from vpn0 interface to the vpn512 on the vBond. Make sure you have connectivity.
3.2: Configure Cetrificate. (Manually)
request root-cert-chain install scp://This email address is being protected from spambots. You need JavaScript enabled to view it.:/home/admin/ROOTCA.pem vpn 512
3.2.1: Add the vBond to vManage web interface.
Configuration ► Devices ► Controllers ► Add Controller ► vBond
3.2.2: Get a copy of the vBond CSR text. Configuration ► Certificates ► Controllers ► vBond ►View CSR
3.2.3: Create file vmanage.csr on the vmanager with CSR we got and sign the vbond.csr file with the ROOTCA.key:
vshell
vim vbond.csropenssl x509 -req -in vbond.csr \
-CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial \ -out vbond.crt -days 500 -sha256
View and install certificate:
cat vbond.crt
3.2.4: Install certificate going to Configuration ► Certificates ► Controllers ► Install Certificate
4: Deploy the vContainer Host and start it.
Download vContainer vmdk file and upload it to ESXi host to new directory.
Create VM (Other 64bit) with 4CPU and 2GB memory, attached the VMDK. Aldo add additional 10Gb disk.
Note: both disks must be setup with IDE controller.
4.1: Configure MGMT interface
vpn 512 interface eth1
ip address-list 10.3.53.112/24
ip route 0.0.0.0/0 10.3.53.254
4.2: Configure dataplain interface
vpn 0 interface eth0
ip address-list 10.3.54.112/24
ip route 0.0.0.0/0 10.3.54.254
5.1: Deploy the vSmart into vConteiner.
5.1.1: Copy the vSmart controller software images
request container image install tftp://X.X.X.X/viptela-smart-19.3.0-genericx86-64_vhd.tar.gz vpn 512
5.1.2: Create a container for the vSmart controller instance
container
instance vSmart01
image viptela-smart-19.3.0-genericx86-64_vhd.tar.gz
memory 1024
interface eth0
host-ip-address X.X.X.X
interface eth1
host-ip-address Y.Y.Y.Y
no shutdown
Note: Experienced issue to extract the vhd file duting uploading into vContainer. Further investigation shows that database disk was not attached. After few hours or troubleshooting decided to deploy vSmart directly on ESXi.
5.2: Deploy the vSmart instance on ESXi from viptela-smart-19.3.0-genericx86-64.ova and make initial configuration.
system host-name vSmart01
system-ip 10.3.53.113
site-id 200
vbond 10.3.54.111
vpn 0
interface eth1
ip address 10.3.54.113/24
no shutdown
tunnel-interface
allow-service netconf
color default
!
ip route 0.0.0.0/0 10.3.54.254
vpn 512
interface eth0
ip address 10.3.53.113/24
no shutdown
!
ip route 0.0.0.0/0 10.3.53.254
5.3 Add vSmart into the vManage via Configuration ► Devices screen ► Controllers tab ► Add Controller ► select vSmart.
Note: vManager will communicate from vpn0 interface to the vpn512 on the vSmart. Make sure you have connectivity.
5.4: Configure Cetrificate. (Manually).
5.4.1: Add ROOTCA.pem
to vSmart cert chain:
request root-cert-chain install scp://This email address is being protected from spambots. You need JavaScript enabled to view it.:/home/admin/ROOTCA.pem vpn 512
5.4.2: Get a copy of the vSmart CSR text. Configuration ► Certificates ► Controllers ► vBond ►View CSR
5.4.3: Create file vmanage.csr on the vManager with CSR we got and sign the vbond.csr file with the ROOTCA.key:
vshell
vim vsmart01.csropenssl x509 -req -in vsmart01.csr \
-CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial \ -out vsmart01.crt -days 500 -sha256
View and install certificate:
cat vsmart01.crt
5.4.4: Install certificate going to Configuration ► Certificates ► Controllers ► Install Certificate
6: Deploy the vEdge Routers