Intro
As Cisco SD-WAN plays a significant role in the CCIE Lab exam and also has its own certification (300-415 ENSDWI). I might as well start off by learning all about Cisco SD-WAN. This will also be the main building block to connect all the different areas within the topology to each other.
Requirements
As per my previous post I already have deployed my EVE-NG lab environment. These are the images that I'll be using for my SD-WAN lab
Name | Image | Node requirements |
vManage (Cisco Catalyst SD-WAN Manager) | viptela-vmanage-20.9.4.1-genericx86-64.qcow2 | CPU: 16 cores RAM: 32GB |
vSmart (Cisco Catalyst SD-WAN Controller) | viptela-smart-20.9.4-genericx86-64.qcow2 | CPU: 4 cores RAM: 8GB |
vBond (Cisco SD-WAN Validator) | viptela-edge-20.9.4-genericx86-64.qcow2 | CPU: 2 cores RAM: 4GB |
vEdge | viptela-edge-20.9.4-genericx86-64.qcow2 |
The QEMU Nic option has been set to virtio-net-pci for all of these nodes. Required resource info can be found on cisco.com
Add image to EVE-NG
Just as an example, here's how to add your vManage image to EVE-NG. For the latest info, please refere to the documentation on the website off EVE-NG.
Connect to EVE-NG using WinSCP (or any other file transfer application)
Navigate to /opt/unetlab/addons/qemu/ . This is the folder in which you'll import your images
Create a new directory with the name "vtmgmt-<version number>" in my case: vtmgmt-20.9.4
Copy your vManage image into the folder
Now rename your image to "virtioa.qcow2"
Your image should now be ready to be used inside of your EVE-NG lab
Building the lab
After adding our 3 components for the SD-WAN setup according to the specs above, we can start by adding the initial bootstrap configuration to each of them.
vManage initial setup
Connect to the vManage and log on using the default username and password (admin/admin), you'll be prompted to provide a new admin password
Next we need to choose its persona, as we only deploy 1, we choose COMPUTE_AND_DATA. In a clustered setup you would seperate the personas to spread the load
In the next step you need to select the storage device. If you only see 1 disk, you probably forgot to add a second hard drive according to the instructions on the EVE-NG website for vManage. If you did forget, just add another disk using your EVE-NG console:
cd vtmgmt-20.9.4
/opt/qemu/bin/qemu-img create -f qcow2 virtiob.qcow2 100G
cd
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions
After doing so, you should see 2 disks in your initial vManage deployment. Choose the newly created disk (vdb 100GB in my case)
vManage will now reboot and after waiting a few minutes after the reboot, you'll be able to log on and continue to add the bootstrap configuration.
#vManage bootstrap config
config
system
host-name vManage
system-ip 1.1.1.181
site-id 1
organization-name vallit.be
vbond 10.10.0.183
vpn 0
interface eth0
ip address 10.10.0.181/24
no shutdown
no tunnel-interface
exit
ip route 0.0.0.0/0 10.10.0.1
vpn 512
interface eth1
ip address 192.168.1.181/24
no shutdown
exit
commit and-quit
vBond initial setup
Login using admin/admin and change the password
#vBond bootstrap config
config
system
host-name vBond
system-ip 1.1.1.183
site-id 1
organization-name vallit.be
vbond 10.10.0.183 local # Local tells the device it is vBond
vpn 0
interface ge0/0
ip address 10.10.0.183/24
no shutdown
no tunnel-interface
exit
ip route 0.0.0.0/0 10.10.0.1
vpn 512
interface eth0
ip address 192.168.1.183/24
no shutdown
exit
commit and-quit
vSmart initial setup
Login using admin/admin and change the password
#vSmart bootstrap config
config
system
host-name vSmart
system-ip 1.1.1.182
site-id 1
organization-name vallit.be
vbond 10.10.0.183
vpn 0
interface eth0
ip address 10.10.0.182/24
no shutdown
no tunnel-interface
exit
ip route 0.0.0.0/0 10.10.0.1
vpn 512
interface eth1
ip address 192.168.1.182/24
no shutdown
exit
commit and-quit
Border router initial setup
Finally I've configured my border router to connect to 2 MPLS circuits to which I'll connect my remote sites.
#Border router config
config t
hostname BorderRouter
no ip domain lookup
interface gig0/0
description HQ_VPN-0
ip address 10.10.0.1 255.255.255.0
no shut
interface gig0/1
description MPLS_1
ip address 172.16.10.1 255.255.255.0
no shut
interface gig0/2
description MPLS_2
ip address 172.16.20.1 255.255.255.0
no shut
We can verify all connectivity is ok by performing some basic pings
# From Border router to vSmart
BorderRouter#ping 10.10.0.182
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.0.182, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
# From Border router to vBond
BorderRouter#ping 10.10.0.183
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.0.183, timeout is 2 seconds:
!!!!!
# From vSmart to vManage
vSmart# ping 10.10.0.181
Ping in VPN 0
PING 10.10.0.181 (10.10.0.181) 56(84) bytes of data.
64 bytes from 10.10.0.181: icmp_seq=1 ttl=64 time=0.822 ms
64 bytes from 10.10.0.181: icmp_seq=2 ttl=64 time=0.411 ms
^C
--- 10.10.0.181 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.411/0.616/0.822/0.205 ms
# From vSmart to vBond
vSmart# ping 10.10.0.183
Ping in VPN 0
PING 10.10.0.183 (10.10.0.183) 56(84) bytes of data.
64 bytes from 10.10.0.183: icmp_seq=1 ttl=64 time=21.5 ms
64 bytes from 10.10.0.183: icmp_seq=2 ttl=64 time=28.5 ms
^C
--- 10.10.0.183 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 21.542/25.022/28.502/3.480 ms
# From vSmart to MPLS-1 interface
vSmart# ping 172.16.10.1
Ping in VPN 0
PING 172.16.10.1 (172.16.10.1) 56(84) bytes of data.
64 bytes from 172.16.10.1: icmp_seq=1 ttl=255 time=0.760 ms
64 bytes from 172.16.10.1: icmp_seq=2 ttl=255 time=0.861 ms
^C
--- 172.16.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1012ms
rtt min/avg/max/mdev = 0.760/0.810/0.861/0.050 ms
# From vSmart to MPLS-2 interface
vSmart# ping 172.16.20.1
Ping in VPN 0
PING 172.16.20.1 (172.16.20.1) 56(84) bytes of data.
64 bytes from 172.16.20.1: icmp_seq=1 ttl=255 time=0.983 ms
64 bytes from 172.16.20.1: icmp_seq=2 ttl=255 time=0.767 ms
^C
--- 172.16.20.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.767/0.875/0.983/0.108 ms
Comentários