12
Course Duration 5 day Course Price $4,795.00 Methods of Delivery Instructor Led Virtual ILT On-Site Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) This course discusses the Cisco’s SDWAN solution using Viptela. In this class, students will configure and manage the SD-WAN Fabric. Student will learn how the Fabric enables an Enterprise to extend its network footprint to all infrastructure elements using a single platform. Student will deploy and manage and Fabric infrastructure using the vManage, vSmart, vBond, and the vEdge Devices. Student will also learn how to migrate an existing IWAN Deployment to a Viptela Fabric. Objectives SDWAN Overview Cisco SDWAN Hardware Deploying the Overlay Configuring vManage Deploying using Templates Creating Policies Monitoring vManage vAnalytics Troubleshooting Tools for VManage Outline Module 1: SDWAN Overview Describe what a Software-Defined Wide Area Network (SD-WAN) is Describe the secure extensible network Describe the function of the virtual IP fabric created in the SD-WAN solution What is SDWAN Cisco Cloud vs On-premises vs private cloud management Cisco IWAN vs Viptela SDWAN IWAN Migration to SDWAN SDWAN Integration with Cisco Cisco SDWAN Licensing o DNA Essentials o DNS Advantage o C1 Advantage 6210 Central Ave, Portage, IN. 46368 Phone: 219.764.3800 Fax: 219.764.3805 Web: http://www.ctclc.com

Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

  • Upload
    others

  • View
    51

  • Download
    1

Embed Size (px)

Citation preview

Page 1: Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

Course Duration

5 day

Course Price

$4,795.00

Methods of Delivery

Instructor Led

Virtual ILT

On-Site

Implementing and Configuring Cisco SDWAN (ICSDWAN-CT)

This course discusses the Cisco’s SDWAN solution using Viptela. In this class, students will configure

and manage the SD-WAN Fabric. Student will learn how the Fabric enables an Enterprise to extend its

network footprint to all infrastructure elements using a single platform. Student will deploy and manage

and Fabric infrastructure using the vManage, vSmart, vBond, and the vEdge Devices. Student will also

learn how to migrate an existing IWAN Deployment to a Viptela Fabric.

Objectives • SDWAN Overview • Cisco SDWAN Hardware • Deploying the Overlay • Configuring vManage • Deploying using Templates • Creating Policies • Monitoring vManage • vAnalytics • Troubleshooting Tools for VManage Outline

Module 1: SDWAN Overview Describe what a Software-Defined Wide Area Network (SD-WAN) is Describe the secure extensible network Describe the function of the virtual IP fabric created in the SD-WAN solution What is SDWAN Cisco Cloud vs On-premises vs private cloud management Cisco IWAN vs Viptela SDWAN IWAN Migration to SDWAN SDWAN Integration with Cisco Cisco SDWAN Licensing

o DNA Essentials o DNS Advantage o C1 Advantage

6210 Central Ave, Portage, IN. 46368 Phone: 219.764.3800 Fax: 219.764.3805 Web: http://www.ctclc.com

Page 2: Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

Module 2: Cisco SDWAN Edge Devices vEdge Appliances

o vEdge 100 o vEdge 1000 o vEdge 2000 o vEdge 5000

vEdge Cloud o ESXI o KVM o AWS o Microsoft Azure

Cisco IOS-XE Platforms o Cisco ISR 1100 Series Routers o Cisco ISR 4300 Series Routers o Cisco ISR 4400 Series Routers o Cisco ASR 10XX Routers

Cisco CSR 1000V Router Cisco 54xx Enterprise Network Compute System (ENCS)

Module 3: Cisco SDWAN Certificates and Whitelists On-Prem vs Cloud Certificate deployment Controller Certificates Hardware Device Certificates Software Device Certificates Certificates

o Export Device Data in CSV Format o Check the vEdge Router Certificate Status o Validate a vEdge Router o Stage a vEdge Router o Invalidate a vEdge Router o Send the Controller Serial Numbers to vBond Orchestrator o Install Signed Certificate o View the CSR o View the Certificate o Generate the CSR o Reset the RSA Key Pair o Invalidate a Device o View Log of Certificate Activities

Device Whitelists Controller Whitelists Module 4: Deploying Cisco SDWAN Controllers On-Prem vs Cloud deployment vManage NMS

o Deploy the vManage NMS o Configure the vManage NMS o Configure the vManage NMS Cluster o Configure Multitenant vManage NMS

Page 3: Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

o Configure Certificate Settings o Generate vManage NMS Certificate

vBond Orchestrator o Deploy vBond VM Instance o Configure the vBond Orchestrator o Add the vBond Orchestrator to the Overlay Network o NAT Traversal o Start the Enterprise ZTP Server

Deploy the vSmart Controller o Deploying vSmart Controller on ESXi o Deploying vSmart Controller on KVM o Configure the vSmart Controller o Add the vSmart Controller to the Overlay Network

Controller High Availability Cluster Management

o Change the IP Address of the Current vManage NMS o Add a vManage NMS o Configure the Statistics Database o View Statistics Database Space Usage

Module 5: Cisco SDWAN Fabric and Overview Virtual Fabric Overview Overlay Management Protocol Transport Locators (TLOCs)

o TLOC Extension o TLOC Colors

Multicast TCP Optimization Opening Firewall Ports Software Installation and Upgrade

o Software Version Compatibility o Add New Software Images to the Repository o Software Upgrades Best Practices o Activate a New Software Image o Redundant Software Images

vContainer Host o Create vContainer Host o Configure the vContainer Host

vEdge Routers o Deploy vEdge Cloud router o Deploy a vEdge 100 VM on Azure o Deploy vEdge Cloud VM on ESXi o Deploy vEdge Cloud VM on KVM o Deploying vEdge 100 Routers o Deploying vEdge 1000 Routers o Deploying vEdge 2000 Routers o Device configuration using CLI o Install Signed Certificates on vEdge Cloud Routers

Migrating IOS-XE Devices to Cisco SD-WAN

Page 4: Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

Zero Touch Provisioning o Using ZTP on Non-Wireless Routers o Using ZTP on Wireless Routers

Deploy AWS Gateway using the AWS Wizard

Module 6: Cisco SD-WAN Security Solution Security Firewall Ports Control Plane Security

o DTLS o TLS

Data Plane Security o IPSEC o GRE

Traffic Segmentation o VPN o Policies

Service Chaining o Firewalls o IDS

Cloud Security o Umbrella o Z-Scaler

Zone Based Firewall

Module 7: Quality of Service

Application Visibility and Recognition

Differentiated Services - Quality of Service

Critical Applications SLA

Path MTU Discovery

TCP Performance Optimization

Bidirectional Forwarding Detection (BFD) o BFD Hello Timer and Multiplier o BFD Measurements

vEdge Router Queuing o Marking o Remarking o Shaping o Policing

Module 8: Configuring vManage Using the vManage Interface Using the vManage Dashboard

o Device Pane o Reboot Pane o Certificates Pane o Control Status Pane o Site Health View Pane

Page 5: Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

o Transport Interface Distribution o vEdge Inventory Pane o vEdge Health Pane o Transport Health Pane o Top Applications Pane o Application-Aware Routing Pane o Web Server Certificate Expiration Date Notification o Maintenance Window Alert Notification

Administration o Setting

Configure Organization Name Configure vBond DNS Name or IP Address Configure Certificate Authorization Settings Configure vEdge Cloud Certificate Authorization Settings Generate Web Server Certificate View Web Server Certificate Expiration Date Enforce Software Version on vEdge Routers Create a Custom Banner Collect Device Statistics Enable CloudExpress Service Enable vAnalytics Platform Enable vManage Client Session Timeout Enable Data Stream Collection Set the Tenancy Mode Set Interval to Collect Device Statistics Configure a Maintenance Window

o Manage Users Add a User Delete a User Edit User Details Change User Password Add a User Group Delete a User Group Edit User Group Privileges View vManage Service Details View Devices Connected to a vManage NMS Edit a vManage NMS Remove a vManage NMS from the Cluster View Available Cluster Services

o Tenant Management Add a Tenant View All Tenants View a Single Tenant Edit a Tenant Remove a Tenant

Configuration o Devices

Change Configuration Modes Upload vEdge Authorized Serial Number File Generate Bootstrap Configuration for a vEdge Cloud Router Export Device Data in CSV Format

Page 6: Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

View a Device's Running Configuration View a Device's Configuration Delete a vEdge Router Copy a vEdge Router's Configuration Decommission a vEdge Cloud Router View Log of Template Activities Add a vBond Orchestrator Add a vSmart Controller Edit Controller Details Delete a Controller Change Variable Values for a Device

Module 9: SD-WAN Templates

Templates o Describe what vManage templates are used for o List the parameter types that are used in vManage templates o Explain the use of the Template Variable Spreadsheet o Summarize the configuration elements of a device o Create a Device Template

Create a Device Template from Feature Templates Create a Device Template from the CLI

o Describe what the system feature template is used for o Explain how to configure logging using the logging feature template o Describe how OMP can be configured using the OMP feature template o Describe the function of the Security feature template o Explain how the BFD feature can be configured using the BFD feature template o List the other feature templates that can be configured o Edit a Template o View a Template o Delete a Template o View Device Templates Attached to a Feature Template o View Devices Attached to a Device Template o Perform Parallel Template Operations o Attach Devices to a Device Template o Copy a Template o Edit a CLI Device Template o Export a Variables Spreadsheet in CSV Format for a Template o Change the Device Rollback Time and View Configuration Differences o Configuration Rollback

Wide Area Application Server (WAAS) o WAAS Integration with SDWAN o Service Chaining with WAAS o Application Optimization o TCP Optimization o Data Redundancy Elimination (DRE) o LZ Compression o Akamai Connect

Maintenance o Device Reboot o Software Upgrade

Configure Cisco Umbrella

Page 7: Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

Configure Zscaler Quality of Service (QoS)

Module 10: SD-WAN Policies

Policies o Policy Construction

Lists Policy Definition Policy Application

o Configure Centralized Policy o Configure Localized Policy o View a Policy o Copy a Policy o Edit a Policy o Edit or Create a Policy Component o Delete a Policy o Activate a Policy on vSmart Controllers

Smart policies (Control, Data, AppRoute, cflowd) o Control Policy

Service Chaining Traffic Engineering Extranet VPNs Service path affinity Arbitrary VPN Topologies Fabric Policies

o Application Aware Routing Policy Application SLA

Latency Loss Jitter

Path Determination o Data Policy to manipulate different traffic types

Shaping Policies QoS Policies Service Chaining Traffic Engineering Extranet VPNs Service path affinity NAT Policies

o cFlowd Policy Cflowd-template for configuring flow cache behavior and flow export Data-policy for selection of traffic subject to flow data collection

o Multi-VPN and multi-topology policy o Hub Mesh Policies

Create a VPN Membership Policy Create an Application SLA Policy

Module 11: SD-WAN Cloud

OnRamp SAAS o View Application Performance o View Details about an Application

Page 8: Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

o Manage OnRamp Applications o Manage OnRamp Client Sites o Manage OnRamp Gateways o Manage OnRamp DIA Sites

Cloud OnRamp IAAS o Create a Cloud Instance o Display Host VPCs o Map Host VPCs to a Gateway VPC o Unmap Host VPCs o Display Gateway VPCs o Add a Gateway VPC o Delete a Gateway VPC

Module 12: Monitoring vManage Network

o View List of Devices o Export Device Data in CSV Format o View Information about a Device o View Device Status Summary o View DPI Flows o View Cflowd Flows o View Interfaces o View TCP Optimization Information o View TLOC Loss, Latency, and Jitter Information o View Tunnel Connections o View Wi-Fi Configuration

View Client Details View Client Usage

o View Control Connections o View System Status o View Events o View ACL Logs o Troubleshoot a Device

Check Device Connectivity Check Device Bringup Ping a Device Run a Traceroute View Control Connections in Real Time

o Check Traffic Health View Tunnel Health Check Application-Aware Routing Traffic Simulate Flows Check Device Syslog Files

o View Real-Time Data ACL Log

o Set ACL Log Filters Alarms

o Set Alarm Filters o Export Alarm Data in CSV Format o View Alarm Details

Page 9: Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

o Alarms Generated on vManage NMS Audit Log

o Set Audit Log Filters o Export Audit Log Data in CSV Format o View Audit Log Details o View Changes to a Configuration Template

Events o Set Event Filters o Export Event Data in CSV Format o View Device Details

Geography o Set Map Filters

View Device Information

View Link Information

Configure Geographic Coordinates for a Device

Module 13: vAnalytics Applications

o Display Bandwidth Utilization o Display vQoE Values o Display Deviations from Baseline Utilization

Network Availability o Display Downtime by Site o Display Downtime by Time

Network Health o Display Latency, Loss, and Jitter on Circuits o Display Application Performance by Carrier

vAnalytics Dashboard o Network Availability Pane o Applications Pane

Least Performing Applications Applications Consuming Most Bandwidth Anomalous Application Families

o WAN Performance Pane Carrier Performance Tunnel Performance

Module 14: Troubleshooting Tools for vManage Using vManage to Troubleshoot the environment Operational Commands

o Admin Tech Command o Interface Reset Command

Rediscover Network o Rediscover the Network o Synchronize Device Data

CLI Command to troubleshoot the environment. SSH Terminal

o Establish an SSH Session to a Device

Page 10: Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

Labs

Lab 1: Deploy the vManage NMS

Create vManage VM Instance on ESXi

Configure Certificate Settings

Create a vManage Cluster

Lab 2: Deploy the vBond Orchestrator

Create vBond VM Instance on ESXi

Configure the vBond Orchestrator

Add the vBond Orchestrator to the Overlay Network

Start the Enterprise ZTP Server

Lab 3: Deploy the vSmart Controller

Create vSmart Controller VM Instance on ESXi

Configure the vSmart Controller

Add the vSmart Controller to the Overlay Network

Lab 4: Deploy the vEdge Routers

Create vEdge Cloud VM Instance on ESXi

Install Signed Certificates on vEdge Cloud Routers

Send vEdge Serial Numbers to the Controller Devices

Configure the vEdge Routers

Prepare vEdge Routers for ZTP

Lab 5: vManage Configuration

Explore the Interface

Add Controllers to the Whitelist

Add vEdge whitelist

BFD Tuning

Create and Update Users

Manage the Fabric

Lab 6: Creating Device Templates

Create CLI Policy Template

Create Feature Policy Template

o System Feature Template

o BFD Feature Template

o OMP Feature Template

Page 11: Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

o VPN Feature Template

o MPLS-TLOC Feature Template

o Internet-TLOC Feature Template

o OSPF Feature Template

o VPN 10 Hub and Spoke Feature Template

o VPN 20 Full Mesh Feature Template

o VPN 40 Guest Feature Template

Attach Devices to Template

Configuration Rollback

TLOC Extension Lab

Lab 7: Create Policies

List types of policies that can be implemented in the SD-WAN solution

Describe how policies can be implemented that affect the control plane

Describe what affect policies can have on data traffic forwarding

Identify the various components of the vSmart policy architecture

Describe how different policies are enabled in different devices

Detail how policies are processed and applied

Control Policy Lab

o Configure a Vpn-membership-policy

o Configure Site-list Selection Policies

o Configure a Service Chaining Policy

o Configure an Extranet VPN Policy

o Configure a Service path affinity Policy

o Configure Fabric Policies

o Configure Security Zones

Data Policy Lab

o Configure Shaping Policies

o Configure QoS Policies

o Configure a Service Chaining

o Configure a Extranet VPN Policy

o Configure Service path affinity Policy

o Configure a NAT Policies for DIA

o Configure a OSPF BGP Routing Policy

Page 12: Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) · 2018-10-22 · Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) ... o View Tunnel Connections ... Lab 4: Deploy the vEdge

Application Aware Routing Policy Lab

o SLA Classes

o Path Selection using Application Policies

Create a cFlowd

Lab 8: Application Visibility

Lab 9: Monitoring the Solution

Lab 10: API Integration

Lab 11: Troubleshooting