top of page
Vallit-logo
  • Foto van schrijverJelle Leyman

Cisco Basic SD-WAN Deployment - EVE-NG

Intro

As Cisco SD-WAN plays a significant role in the CCIE Lab exam and also has its own certification (300-415 ENSDWI). I might as well start off by learning all about Cisco SD-WAN. This will also be the main building block to connect all the different areas within the topology to each other.


Requirements

As per my previous post I already have deployed my EVE-NG lab environment. These are the images that I'll be using for my SD-WAN lab


Name

Image

Node requirements

vManage (Cisco Catalyst SD-WAN Manager)

viptela-vmanage-20.9.4.1-genericx86-64.qcow2

CPU: 16 cores RAM: 32GB

vSmart (Cisco Catalyst SD-WAN Controller)

viptela-smart-20.9.4-genericx86-64.qcow2

CPU: 4 cores RAM: 8GB

vBond (Cisco SD-WAN Validator)

viptela-edge-20.9.4-genericx86-64.qcow2

CPU: 2 cores RAM: 4GB

vEdge

viptela-edge-20.9.4-genericx86-64.qcow2


The QEMU Nic option has been set to virtio-net-pci for all of these nodes. Required resource info can be found on cisco.com


Add image to EVE-NG

Just as an example, here's how to add your vManage image to EVE-NG. For the latest info, please refere to the documentation on the website off EVE-NG.


  1. Connect to EVE-NG using WinSCP (or any other file transfer application)

  2. Navigate to /opt/unetlab/addons/qemu/ . This is the folder in which you'll import your images

  3. Create a new directory with the name "vtmgmt-<version number>" in my case: vtmgmt-20.9.4

  4. Copy your vManage image into the folder

  5. Now rename your image to "virtioa.qcow2"

  6. Your image should now be ready to be used inside of your EVE-NG lab


Building the lab


After adding our 3 components for the SD-WAN setup according to the specs above, we can start by adding the initial bootstrap configuration to each of them.


vManage initial setup

  • Connect to the vManage and log on using the default username and password (admin/admin), you'll be prompted to provide a new admin password

  • Next we need to choose its persona, as we only deploy 1, we choose COMPUTE_AND_DATA. In a clustered setup you would seperate the personas to spread the load

  • In the next step you need to select the storage device. If you only see 1 disk, you probably forgot to add a second hard drive according to the instructions on the EVE-NG website for vManage. If you did forget, just add another disk using your EVE-NG console:

cd vtmgmt-20.9.4
/opt/qemu/bin/qemu-img create -f qcow2 virtiob.qcow2 100G
cd
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions
  • After doing so, you should see 2 disks in your initial vManage deployment. Choose the newly created disk (vdb 100GB in my case)

vManage bootstrap 1
vManage bootstrap 2
  • vManage will now reboot and after waiting a few minutes after the reboot, you'll be able to log on and continue to add the bootstrap configuration.

#vManage bootstrap config
config
system
 host-name vManage
 system-ip 1.1.1.181
 site-id 1
 organization-name vallit.be
 vbond 10.10.0.183
vpn 0
 interface eth0
  ip address 10.10.0.181/24
  no shutdown
  no tunnel-interface
  exit
 ip route 0.0.0.0/0 10.10.0.1
vpn 512
 interface eth1
  ip address 192.168.1.181/24
  no shutdown
  exit
 commit and-quit

vBond initial setup

Login using admin/admin and change the password

#vBond bootstrap config
config
system
 host-name vBond
 system-ip 1.1.1.183
 site-id 1
 organization-name vallit.be
 vbond 10.10.0.183 local	# Local tells the device it is vBond
vpn 0
 interface ge0/0
  ip address 10.10.0.183/24
  no shutdown
  no tunnel-interface
  exit
 ip route 0.0.0.0/0 10.10.0.1
vpn 512
 interface eth0
  ip address 192.168.1.183/24
  no shutdown
  exit
 commit and-quit

vSmart initial setup

Login using admin/admin and change the password

#vSmart bootstrap config
config
system
 host-name vSmart
 system-ip 1.1.1.182
 site-id 1
 organization-name vallit.be
 vbond 10.10.0.183
vpn 0
 interface eth0
  ip address 10.10.0.182/24
  no shutdown
  no tunnel-interface
  exit
 ip route 0.0.0.0/0 10.10.0.1
vpn 512
 interface eth1
  ip address 192.168.1.182/24
  no shutdown
  exit
 commit and-quit

Border router initial setup

Finally I've configured my border router to connect to 2 MPLS circuits to which I'll connect my remote sites.

#Border router config
config t
hostname BorderRouter
no ip domain lookup
interface gig0/0
 description HQ_VPN-0
 ip address 10.10.0.1 255.255.255.0
 no shut
interface gig0/1
 description MPLS_1
 ip address 172.16.10.1 255.255.255.0
 no shut
interface gig0/2
 description MPLS_2
 ip address 172.16.20.1 255.255.255.0
 no shut

We can verify all connectivity is ok by performing some basic pings

# From Border router to vSmart
BorderRouter#ping 10.10.0.182
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.0.182, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

# From Border router to vBond
BorderRouter#ping 10.10.0.183
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.0.183, timeout is 2 seconds:
!!!!!
# From vSmart to vManage
vSmart# ping 10.10.0.181
Ping in VPN 0
PING 10.10.0.181 (10.10.0.181) 56(84) bytes of data.
64 bytes from 10.10.0.181: icmp_seq=1 ttl=64 time=0.822 ms
64 bytes from 10.10.0.181: icmp_seq=2 ttl=64 time=0.411 ms
^C
--- 10.10.0.181 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.411/0.616/0.822/0.205 ms

# From vSmart to vBond
vSmart# ping 10.10.0.183
Ping in VPN 0
PING 10.10.0.183 (10.10.0.183) 56(84) bytes of data.
64 bytes from 10.10.0.183: icmp_seq=1 ttl=64 time=21.5 ms
64 bytes from 10.10.0.183: icmp_seq=2 ttl=64 time=28.5 ms
^C
--- 10.10.0.183 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 21.542/25.022/28.502/3.480 ms

# From vSmart to MPLS-1 interface
vSmart# ping 172.16.10.1
Ping in VPN 0
PING 172.16.10.1 (172.16.10.1) 56(84) bytes of data.
64 bytes from 172.16.10.1: icmp_seq=1 ttl=255 time=0.760 ms
64 bytes from 172.16.10.1: icmp_seq=2 ttl=255 time=0.861 ms
^C
--- 172.16.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1012ms
rtt min/avg/max/mdev = 0.760/0.810/0.861/0.050 ms

# From vSmart to MPLS-2 interface
vSmart# ping 172.16.20.1
Ping in VPN 0
PING 172.16.20.1 (172.16.20.1) 56(84) bytes of data.
64 bytes from 172.16.20.1: icmp_seq=1 ttl=255 time=0.983 ms
64 bytes from 172.16.20.1: icmp_seq=2 ttl=255 time=0.767 ms
^C
--- 172.16.20.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.767/0.875/0.983/0.108 ms

28 weergaven0 opmerkingen

Recente blogposts

Alles weergeven

Comentários


bottom of page