In this blog, we will cover the roles of Templates in Cisco SD-WAN. In the previous blog of Zindagi, we have tried to explain why there is a need to switch from traditional networks to Software-Defined Wide Area Networking (SD-WAN).
Before we start with templates, you should have a better understanding of each component (vManage, vBond, vSmart & vEdge) & their role in SD-WAN.
In traditional networks today, the management plane, data plane, and control plane are all on the same router, and together they facilitate communication within the network. On a traditional router, we have line cards (which handle switching and forwarding of our data packets), a CPU module (which handles calculating our route table and advertising networks to the rest of the network), and the command-line interface (CLI) is used to program the router.
The Cisco SD-WAN solution is a distributed architecture, meaning Cisco has separated the data plane from the control plane and management plane.
Management Plane– vManage is a network management system (NMS), and it can be utilized for onboarding, provisioning, policy creation, software management, troubleshooting, and monitoring. Device configurations are built-in Vmanage via feature templates or CLI templates.
Orchestration plane: The orchestration plane functionality is provided by the vBond controller. vBond authenticates and authorizes all the SD-WAN components. The vBond controller provides connectivity information about the vSmart and vManage controllers. One remaining functionality that vBond provides is it operates as a STUN Server. What this means is that the vBond can detect when WAN Edges which operate as a STUN client is behind a NAT device such as a firewall.
Control Plane– The component responsible for control-plane functionality is referred to as vSmart. The vSmart provides all routing and data plane policies to the routers in the environment.
Data Plane– The data plane is where user traffic flows and utilizes information learned from the control plane to build connections between branches. The data plane can be a full mesh, partial mesh, point-to-point, hub-and-spoke, or a combination thereof. The data plane in the Cisco SD-WAN solution is extremely flexible and can be designed to meet the needs of most deployments.
CONFIGURATION TEMPLATES – Cisco SD-WAN
The network administrator can either apply configuration manually via the CLI (that is, by using SSH to connect to the device or by connecting via the console port) or by using the vManage GUI. The mechanism preferred is the vManage GUI, as it is less error-prone and has support for automatic recovery. Configurations provisioned on vManage can be applied to both WAN Edges and vSmart controllers. When vManage is responsible for applying the configuration, it is the single source of truth, and changes can only be applied via vManage.
The device templates can either be CLI-based or feature template-based.
When a CLI template is being built, the whole configuration must be in the template (not just specific configuration snippets) as opposed to feature templates.
Feature templates define what specific feature or technology you want to be enabled or configured, such as routing protocols, interface parameters, and Overlay Management Protocol (OMP). Feature templates can be reused between multiple device templates, and it is the recommended way of configuring the device.
Device templates are a collection of feature templates and can only be applied to specific device types. For this reason, you may have multiple device templates for the same model of hardware, depending on the device’s location, connectivity options, or what role it is playing in the network. A device template can’t be shared, but feature templates can be used across multiple different device types.
The Device Template’s Four Main Parts Or Groups
Basic Information:- This part includes items such as System, Logging, AAA, BFD, and OMP feature templates.
Transport and Management VPN: This section has templates for the configuration of VPN 0 and VPN 512 (such as underlay routing protocol configuration and interface configuration).
Service VPN: This portion is where service VPNs or LAN-facing template configurations will exist. In this section BGP, OSPF, and interface parameters are configured.
Additional Templates: This section is for local policies, security policies, SNMP configuration templates, and so on.
The values that can be defined in a template are:
Default: Factory default value. Default values cannot be changed. An example of it might be using the default BFD timers.
Global: Values set here will be the always same wherever this configuration option is used. An example could be SNMP community strings that you want globally applied to all devices utilizing this template. The beauty of this is that later on (if there needs to be a change to these values), you just update the feature template global option, and it updates each and every device template that is using this feature template.
Device-Specific: The user-defined variable set the value. This is the first referred-to model with interface names. The values of these variables are set when the device template is attached to a specific device.
Here are some common feature templates:
System: Configure basic system information such as Hostname, System IP, and Site ID.
BFD: Adjust BFD timers and app-route multipliers for all transport or color. For App-Aware Routing BFD timers are used.
OMP: Change graceful restart timers or control redistribution from other routing protocols into OMP.
Security: Change IPsec security settings such as authentication, encryption, and anti-replay.
VPN: Define a service VPN, redistribution of routing protocols, or static routing.
BGP: BGP configuration in a VPN or VRF.
OSPF: OSPF configuration in a VPN or VRF.
VPN Interface: Define an interface that is part of a service VRF or VPN. Common configuration options here include IP Address, QoS, ACLs, and NAT.
After the device template is created, you can attach it to devices.
select the devices to apply the configurations
The vManage is the centralized manager where we create templates and policies for SD-WAN edge devices and vSmart. In the next blog, we will discuss how policies are created and pushed to edge devices with the help of vSmart.
Zindagi Technologies consists of experts in the field of Network Security, Data Centre technologies, Enterprise & Service Provider Networks, Virtualization, Private Cloud, Public Cloud, Data Center Networks, Collaboration, Wireless, Surveillance, ACI, storage, and security technologies. With our help, you can take your business mile-mile ahead. To know more about us, visit us or call us at +91 9773973971.
Senior Consultant Enterprise Networking