SDWOTS-Cisco SD WAN Operations, Troubleshooting and Best

Practices
Course Outline

Module 1: Cisco SD-WAN Introduction

 High-level Cisco SD-WAN Deployment models

 Application level SD-WAN solution
 Cisco SDWAN high availability solution
 Cisco SD-WAN Scalability
 Cisco SD-WAN Solution Benefits

Module 2: Cisco SD-WAN Orchestration

 Introduction
 vManage NMS
 vSmart Controller
 vBond Orchestrator
 Controller Resiliency Architecture

Module 3: Site Architecture and Deployment Models

 Site Capabilities
 cEdge Router
 Upgrading a current ISR router to support SD-WAN

Module 4: Plug and Play Connect Portal - Zero Touch Provisioning

 Overview
 Understanding Cisco Plug and Play Connect Portal
 cEdge registration, licensing and onboarding
 Understanding the legacy ZTP Portal for vEdge
 User Input Required for the ZTP Automatic Authentication Process
 Authentication between the vBond Orchestrator and a cEdge Router
 Authentication between the cEdge Router and the vManage NMS
 Authentication between the vSmart Controller and the cEdge Router

Module 5: Cisco SD-WAN Solution

 Overlay Management Protocol (OMP)

 Cisco SDWAN Circuit Aggregation Capabilities
 Secure Connectivity in Cisco SD-WAN
 Performance Tracking Mechanisms
 Application Discovery
  Dynamic Path Selection
 Performance Based Routing
 Dynamic Cloud Access
 Understanding the Cisco SD-WAN Onramp
 Understanding Direct Internet Access (DIA) and it’s advantages
 Zone Based Firewall
 Umbrella integration
 SD-WAN security features overview

Module 6: Operations Best Practices

 Config: Test Configuration Changes Before Committing

 NAT: Secure Routers Acting as NATs
 cEdge / vEdge Routers: Connect to the Console Port
 cEdge / vEdge Routers: Use the Poweroff Command
 cEdge / Viptela Devices: Site ID Naming Conventions
 Edge Devices: Using the System IP Address
 vManage NMS: Disaster Recovery

Module 7: Application Monitoring

 vManage
 vAnalytics
 Ecosystem Partner Solutions

Module 8: Troubleshooting Methods

 Remote Access
 Console Access
 LAN Interfaces
 WAN Interfaces
 Control Connections

Module 9: General Troubleshooting

 Check Application-Aware Routing Traffic

 Collect Device Data To Send to Customer Support
 Monitor Alarms and Events
 Monitor TCP Optimization
 Ping a Viptela Device
 Run a Traceroute
 Simulate Flows
 Troubleshoot Cellular Interfaces
 Troubleshoot Device Bringup
 Troubleshoot WiFi Connnections
 Use Syslog Messages
  Tunnel Health

Module 10: Troubleshooting: Data Plane Issues

 BFD Session Information

 Cflowd Information
 Data Policies
 DPI Information
 Symptom: Site Cannot Reach Applications in Datacenter
 Symptom: vManage Showing vEdge or Interface Down
 Symptom: Site-Wide Loss of Connectivity (Blackout)
 Symptom: Poor Application Performance (Brownout)
 Issue Severity Assessment

Module 11: Troubleshooting: Routing Issues

 BGP Information
 Multicast Information
 OMP Information
 OSPF Information
 PIM Information
 Symptom: Some or All Routes Missing from vEdge Routing table
 Symptom: Data Traffic Using Suboptimal Path
 Symptom: Data Traffic Not Using All Transports

Module 12: Application-Aware Routing

 Application Performance with CloudExpress Service

 Tunnel Latency Statistics
 Tunnel Loss Statistics

Module 13: Interface Troubleshooting

 Reset an Interface
 All Interfaces
 ARP Table Entries
 Cellular Interface Information
 DHCP Server and Interface Information
 Interface MTU Information
 Management Interfaces
 VRRP Information
 WAN Interfaces

Module 14: Network Operations

 Check Alarms and Events

  Check User Accounts and Permissions
 Deploy the Viptela Overlay Network
 Determine the Status of Network Sites
 Control Connections
 Data Connections
 Network Performance with vAnalytics Platform
 OMP Status

Module 15: Security Certificate Troubleshooting

 Generate a Certificate
 Upload the vEdge Serial Number File
 Certificate
 CSR

Module 16: Viptela Devices Maintenance

 Decommission an vEdge Cloud Router

 Determine the Status of a Network Device
 Locate an Edge Device
 Migrate a Controller's Virtual Machine Using vMotion
 Reboot a Device
 Remove an Edge Router's Serial Number from the vManage NMS
 Replace an Edge Router
 Restore the vManage NMS
 Set Up User Accounts to Access Viptela Devices
 Validate or Invalidate a vEdge Router
 Software Versions Installed on a Device
 Status of a vBond Orchestrator
 Status of a cEdge / vEdge Router
 Status of a vSmart Controller

Module 17: Viptela Device Operation and Troubleshooting

 Determine Changes to a Configuration Template

 Determine Why a Device Rejects a Template
 Alarm Severity Levels
 Hardware Alarms
 Checking Alarms and Notifications
 LEDs
 Additional Information
 Restore a cEdge / vEdge Router
 Remove cEdge / vEdge Router Components

Module 18: Working With Viptela Support

  Case Priority Levels and Response Times
 Information for Opening Cases
 Viptela Customer Support Portal
 Other Ways to Contact Support

LAB Outline

• Introduction to the Cisco SD-WAN

• Add a vSmart Controller to the vManage Inventory
• Add a vEdge Router to the vManage Inventory
• Add a cEdge Router to the vManage Inventory
• Add vEdge to vManage Inventory
• Control-Plane Connectivity
• Overlay Network
• Zero-Touch Provisioning
• vManage Templates
• vManage Basic Policies
• Application Aware Policies
• Advanced Policies
• Internet Exit lab (DIA)
• Zone Based Firewall lab
• URL Filter
• AMP Lab
• Analytics from vManage
• MultiTenant Mode and Tenants
• Troubleshooting Methods
• Troubleshooting Data Plane Issues
• Troubleshooting Routing Issues
• Best Practices

Module 0: Introductions

• Module Introduction
o Topic List
• Lesson 1: Introductions
o General Administration
o WebEx Basics
o Introductions
o Questions Asked by Companies about SD-WAN
o What id SD-WAN?
o SD-WAN Desired Benefits
o How does Cisco define SD-WAN?
o Pre-Requisites for the Advanced SD-WAN
• Module Summary

Module 1: Cisco SD-WAN Overview

• Module Introduction
o Topic List
• Lesson 1: Cisco SD-WAN Overview
o Dashboard
o SD-WAN Architecture
• Lesson 2: SD-WAN Platform Discussion
o What’s in a Name?
o SD-WAN WAN Edges
▪ cEdges
▪ vEdges
o SD-WAN Controllers
▪ vBond
▪ vSmart
▪ vManage
o SD-WAN Fabric

Module 2: SD-WAN Advanced Settings

• Module Introduction
o Topic List
• Lesson 1: Design Considerations and Scaling
o SD-WAN Smart Licensing
o Advanced Controller Settings
o Overlay and WAN Edge Recommended Settings
• Lesson 2: Site Design
o System IP Design
o Multitenant Design
• Lesson 3: Advanced Settings
• Lesson 4: Ether Channel Support (20.6)
• Lesson 5: Hot Standby Router Protocol (HSRP)
• Lesson 6: LTE Design and Deployment
• Module Summary

Module 3: SD-WAN High Availability

• Module Introduction
o Topic List
• Lesson 1: Common WAN Topologies Design and Deployment Considerations
o High Availability
o Controller Scalability
• Lesson 2: Active vManage, Backup Inactive vManage, Clustering vManage
o Resource Groups
o RBAC Enhancements
• Lesson 3: SD-WAN Disaster Recovery
• Lesson 4: Troubleshooting Cluster Operation
• Module Summary

Module 4: SD-WAN Templates

• Module Introduction
o Topic List
• Lesson 1: Template Overview
o Future Templates
o Device template using Future Templates
o Device template using CLI Templates
o Designing templates for Reusability
o Attaching Devices to Templates
• Lesson 2: Using Python to Import / Export Templates
• Lesson 3: Parsing JSON with Python
• Lesson 4: Create / Delete / Import / Export of Templates
• Module Summary

Module 5: SD-WAN APP-QoE, SD-AVC and QoS Policies

• Module Introduction
o Topic List
• Lesson 1: Application Quality of Experience (APPQoE)
o SD-AVC
o Application Aware Routing
• Lesson 2: Custom Application Identification
• Lesson 3: Bidirectional Forwarding Detection (BFD)
o BFD Hello Timer and Multiplier
o BFD Measurements
• Lesson 4: Cloud onRamp for SaaS for Office 365
• Lesson 5: Per Tunnel QOS
• Lesson 6: Adaptive QOS
• Lesson 7: SD-WAN 17.6/20.6 - Per VPN QOS
o vManage Configuration Workflow
• Lesson 8: TCP Optimization
• Lesson 9: Service Nodes for AppQoE
o Data Redundancy Elimination (DRE)
o APPNAV Deployment
o WAAS Integration
• Lesson 10: Forward Error Correction (FEC)
• Lesson 11: Packet Duplication
• Module Summary

Module 6: Bridging
• Module Introduction
o Topic List
• Lesson 1: Transparent Bridging
• Lesson 2: Bridging Template Configuration
• Lesson 3: cEdge Bridging Template Configuration
• Lesson 4: vEdge Bridging Template Configuration
o Monitoring Bridging
• Module Summary

Module 7: Routing Protocols

• Module Introduction
o Topic List
• Lesson 1: SD-WAN Underlay Routing
o Service-Side Routing vs Transport-Side Routing vs Overlay Routing
o Traffic Routing Decision Tree
• Lesson 2: Static Routes
• Lesson 3: VRRP Enhancements
• Lesson 4: Dynamic Routing Protocols
o OMP Routing
o OMP Templates
o OMP Policies
o Border Gateway Protocol (BGP)
o BGP Review
o BGP Templates
o BGP Policies, Local Route Policies
o BGP Lists
o BGP Local Route Policies
o BGP Troubleshooting
o OSPF
o OSPF Review
o SD-WAN OSPF
o OSPF Templates
o OSPF Local Policies
o OSPF Monitoring
o OSPF Troubleshooting
o EIGRP
o EIGRP Template Configuration
o EIGRP Monitoring and Troubleshooting
• Lesson 5: Routing Information Protocols
• Lesson 6: SD-WAN On Demand Tunnels
• Lesson 7: Route Leaking
• Lesson 8: Hierarchical SD-WAN (Regions)
• Module Summary

Module 8: Multicast
• Module Introduction
o Topic List
• Lesson 1: Complete Multicast Support on Cisco SD-WAN
• Lesson 2: vEdge Support
o cEdge Multicast Support
o Multicast RPs
o Multicast Replicators
o PIM IGMP
• Module Summary

Module 9: Direct Internet Access (DIA) Overview

• Module Introduction
o Topic List
• Lesson 1: SD-WAN Direct Internet Access (DIA)
o SD-WAN DIA Requirements
o SD-WAN Direct Internet Access Use Cases
o SD-WAN Direct Internet Access Design Components
o SD-WAN Direct Internet Access Design Considerations
o SD-WAN Direct Internet Access Failover Scenarios
• Lesson 2: Deploying DIA
• Lesson 3: Central Data Policy
• Lesson 4: NAT DIA Route
o Cisco SD-WAN Direct Internet Access Monitoring
• Module Summary

Module 10: SD-WAN Voice Configuration

• Module Introduction
o Topic List
• Lesson 1: Voice Integration in SD-WAN
o T1, PRI
o DSP Configuration
• Lesson 2: Voice Card Feature Templates
• Lesson 3: Call Routing Feature Templates
• Lesson 4: Survivable Remote Site Telephony (SRST)
• Lesson 5: Voice Policies
• Lesson 6: Create a Voice Port Policy
• Lesson 7: Voice Port Translation Profile
• Lesson 8: FXO Supervisory Disconnect
o FXO, FXS, FXS DID
• Lesson 9: Cisco Unified Border Element (CUBE)
o CUBE Functionality
o IOS-XE UC Device Template
• Module Summary

Module 11: SD-WAN Security Policy

• Module Introduction
o Topic List
• Lesson 1: SD-WAN Security
• Lesson 2: SD-WAN Base Security
• Lesson 3: SD-WAN Cloud Security
o Umbrella for SD-WAN
o Layer 7 Health Check
• Lesson 4: Zscaler Integration
• Lesson 5: SD-WAN Cloud Security Features
o Web Layer Security
o DNS Layer Security
o Firewall
o IPS (Snort)
o Interactive Threat Intel
• Lesson 6: SD-WAN Integrated Security
o TLS Decryption
• Lesson 7: 17.6/20.6 – Geo-Fencing
o Geo-Fencing
• Lesson 8: SD-WAN Security Configuration
• Module Summary

Module 12: SD-WAN Local Policy

• Module Introduction
o Topic List
• Lesson 1: Policy Configuration Overview
o Policy Framework-Localized Policies
o Local Control Policy
o QOS Maps
o Rewrite Policies
o Policers
o Device Access Policies
o Access Control Lists
o Local Control (Route) Policy
o Localized Control Policy Configuration
• Lesson 2: Local Data Policies
o Local Data Policy
o Configure Localized Data Policy for IPv4
Module Summary

Module 13: SD-WAN Central Policy

• Module Introduction
o Topic List
• Lesson 1: Centralized Control Policies
o Policy Creation and Management Guidelines
o Hub & Spoke / Mesh / Custom
• Lesson 2: Centralized Data Policies
• Lesson 3: Application Aware Routing
o QOS Policies
• Lesson 4: Service Chaining
• Lesson 5: Traffic Flow Monitoring with Cflowd
o cFlowd Policy
• Lesson 6: Policy Construction
• Lesson 7: Platform Support and Scalability
• Module Summary

Module 14: SD-WAN Migration

• Module Introduction
o Topic List
• Lesson 1: SD-WAN Conversation Tool
• Lesson 2: Cisco Sure Tool
• Lesson 3: Migration and Deployment Models
• Lesson 4: Typical Migrations
• Lesson 5: Data Center / Hub Migration
• Lesson 6: Branch / Spoke Site Migration
• Module Summary

LAB OUTLINE
Lab 1: Review & Troubleshoot Initials SDWAN Environment
• Review Environment
• Troubleshooting Initial Connectivity
• Troubleshooting Initial Control Connections
Lab 2: Create and Troubleshoot SDWAN Clusters
• Create a 3 Node SDWAN Cluster
• Monitor Cluster Troubleshoot Cluster
Lab 3: Template / Configurations Groups
• Advanced Techniques for Template Creation
• Variable Naming Conventions for Reusability
• Create Feature Template for reuse across all vEdge devices
• Export and Import Templates via API
• Troubleshoot Template Deployment
Lab 4: Deploy and Troubleshoot Hardware Routers with ztp.
• Troubleshoot and Deploy 4331 Router
• Troubleshoot and Deploy vEdge Router
Lab 5: Implement Routing Protocol
• Configure Transparent Routing
• Configure BGP Template and Local Policy on the Transport VPN
• Configure OSPF Template and Local Policy on the Transport VPN
• Configure BGP Template and Local Policy on the Service Side (LAN) VPN
• Configure OSPF Template and Local Policy on the Service Side (LAN) VPN
• Configure EIGRP Template and Local Policy on the Service Side (LAN) VPN
• Configure Multicast on vEdge
• Configure Multicast on IOS-XE
• Monitor Routing
• Troubleshooting Routing Protocols
Lab 6: Advanced Firewall Policy Design
• Setup and deploy a realistic firewall Configuration on vEdge and IOS-XE
• Setup IPS/URL Filtering on IOS-XE Device
• Setup Web Layer Security
• Monitoring Security Policy
• Test and Troubleshoot a Firewall Policy
Lab 7: Designing and Implementing Local Policies and QoS Policies
• Design and Implement Lists to Support Local Policies
• Design Access List
• Advanced QoS Design on Interfaces / Sub Interfaces
• Creating Shapers and Policers
• Rewriting QoS for External MPLS Circuit
• Remarking for Cisco Enterprise QoS Model
• Setup Port Mirroring for traffic analysis
Lab 8: Create Advanced Central Policies
• Advanced List Design Techniques
• Advanced Site Design
• Design and Troubleshoot a Hub and Spoke Topology
• Design, Configure, and Troubleshoot a Full Mesh Topology
• Design, Configure, and Troubleshoot a Hub and Spoke Topology with a Full Mesh Core
• Design, Configure, and Troubleshoot Custom Control Policies with Traffic Engineering
• Design, Configure, and Troubleshoot a Service Chain with an ASA Firewall
• Design, Configure, and Troubleshoot a QoS Policy at the VPN Level
• Design, Configure, and Troubleshoot Extranet with a 3rd Party Provider
• Design, Configure, and Troubleshoot Application Aware Routing Policy
Lab 9: Monitoring the Environment
• Monitoring using vManage
• Monitoring using the CLI
• Monitoring using vAnalytics
Lab 10: Troubleshooting
• Troubleshooting Hardware Issues
• Troubleshooting Control Connections
• Troubleshooting Certificate Issues
• Troubleshooting Controllers
• Troubleshooting BFD Sessions
• Troubleshooting Templates
• Troubleshooting Local Policies
• Troubleshooting Central Policies