Scribd
Upload
111 views24 pages

CCIE EI SD WAN Lab1 - Sample Lab

Uploaded by

Modou Gueye
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
111 views24 pages

CCIE EI SD WAN Lab1 - Sample Lab

Uploaded by

Modou Gueye
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.

1|Page
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

Workbook Description
Author: CCIE Lab Center (CLC)
Focus: Practice
Level: Expert (CCIE)
Stream: CCIE Enterprise Infrastructure: SD-WAN Technology
Content: Topology, Questions, Initial Configuration, Solutions, Verifications.
Format: PDF
Protection: DRM Protected
Price/Cost: $100 USD

2|Page
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

Table of Contents Page No

1) Lab Details 6
A) Lab Summary 6
B) Initial configuration 12

2) SD-WAN Controller Deployment 26


A) Initial Configuration 26
I. vManage 26
II. vBond 29
III. vSmart 30
B) ROOTCA on vManage & uploading Certificate 33
I. vManage 33
II. vBond 39
III. vSmart 42
C) Controllers final bring up 45
D) Final verification of all controllers 47
E) Viptela vEdges License downloading Procedure 49

3) SD-WAN vEdge routers onboarding 64


A) Common procedure for alI vEdges Routers (.pem Certification) 64
B) Configuration of all vEdges 65
C) vEdges nodes with vManage licenses installation 75
D) Verification on vEdges 76

4) Common Template for all vEdges 82


A) Create common basic templates 82
B) vSmart template 96

5) Deployment of vEdges (RTP) @ Data Center 97


A) Data center details 98
B) Configure the transport VPN 0 98
C) Configure the Service VPN 108
D) Creating devices Template 116
E) Attaching device Templates to DC vEdges 1 & 2 120
F) Final verification of template output from vEdges CLI 124

6) Deployment of vEdges (San Jose) @ Branch 127


A) Branch details 127
B) Creating Transport feature template of vEdges 3 & 4 128
C) Branch Service side VPN 1 138
D) Attaching device template to vEdge3 & vEdge4 147
E) Verification on vEdges 3 & 4 154

7) Deployment of vEdges (New York) @ Branch 155


A) Branch details 155
B) Creating device templet of vEdges 5 & 6 157
C) Creating device template from feature template for vEdges 5 & 6 160
D) Attaching to vEdges 5 & vEdge6 162
E) Verification on vEdges & vManage 166

3|Page
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

8) Deployment of vEdges (Las Vegas) @ Branch 169


A) Branch details 169
B) Creating Device template for Las Vegas vEdge 7 170
C) Verification on vEdge 7 171

9) Deployment of vEdges (New Jersey) @ Branch 172


A) Branch details 172
B) Creating device template for Francisco vEdge8 173
C) Attaching device template to vEdge8 174
D) Verification vEdge8 177

10) Deployment of vEdges (Francisco) @ Branch 178


A) Branch details 178
B) Creating device template for Francisco vEdge9 178
C) Attaching device template to vEdge9 180
D) Verification on vEdge 9 182

11) Hub & Spoke Integration 183


A) Create Site lists 185
B) Create Topology 187
C) Create Policy 189
D) Policy Activation 190
E) Verification on Spoke vEdges 191
F) Default route originate from Site100 (RTP) 193

12) Local Internet Breakout 194


A) Create Lists 194
B) Create Data Policy 195
C) Global Policy 198
D) Verification 199

13) Implementing Traffic Engineering (Policy Based routing) 202


A) Create Policy list(Data Lists) 202
B) Create Traffic Policy 203
C) Global Policy 204
D) Activation 205
E) Verification 206

14) Implementing QoS Policy 207


A) Create Policy Lists 207
B) Create QoS Policy 208
C) Activation 211
D) Verification 211

15) Application Aware routing 213


A) Create Policy List/SLA List 213
B) Traffic Policy (AAR Policy) 215
C) Global AAR Policy 217
D) Activation 218
4|Page
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

E) BFD Polling template 218


F) Verification 220

16) Traffic Flow Monitoring with Cflowd 222


A) Create Traffic Policy 223
B) Applying policy into Local-Internet-Access 224
C) Policy activation 226
D) Verification 226

17) Final CLI output of all vEdges & vSmart controller 227

5|Page
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

1 LAB Details
A) Lab Summary
1) Feature & Devices Template
2) Hub & Spoke Policy.
3) Local Internet Breakout
4) Implementing Traffic Engineering (PBR)
5) QoS
6) Application aware policy
7) TLOC
8) cflowd

a) Hardware Requirement
CPU 8 core
RAM 32 GB
HDD 500 GB

Note: After starting all nodes wait for 10 minutes for CPU utilization getting back to normal.

6|Page
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

7|Page
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

b) How to upload images into EVE-NG server


Step1: After starting eve-ng instance Login with filezilla (with your displayed ip address using
username & password as root & eve respectively)

Step2: Upload qemu images as shown below

Step3: Login to your eve-ng server/hypervisor/vmware/etc. with username root & password eve

Step4: Run below command using cli

/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Step5: Uploading IOL images as shown below

8|Page
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

Step6: Run below command using cli

/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

For more details on uploading images you can visit the below link.
https://www.eve-ng.net/index.php/documentation/howtos/howto-add-cisco-iol-ios-on-linux/

c) Lab Topology in light mode

9|Page
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

d) Lab Topology in dark mode

10 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

e) IP details

S/N Hostname Locations Site ID System-IP OU


1 edge1 RTP 100 10.200.1.1
2 edge2 RTP 100 10.200.1.2
3 edge3 San Jose 200 10.200.1.3
4 edge4 San Jose 200 10.200.1.4
5 edge5 New york 300 10.200.1.5
6 edge6 New york 300 10.200.1.6
viptela sdwan
7 edge7 Las vegas 400 10.200.1.7
8 edge8 New Jersey 500 10.200.1.8
9 edge9 Francisco 600 10.200.1.9
10 vmanage AWS 700 10.200.1.10
11 vsmart AWS 700 10.200.1.11
12 vbond AWS 700 10.200.1.12

Controller IP's details


Hostname VPN0 ETH0 VPN512 ETH0 VPN0 GW VPN512 GW
vmanage 10.10.0.5/24 59.239.98.5/24
vbond ge0/0 10.10.0.4/24 59.239.98.4/24 10.10.0.1 59.239.98.1
vsmart 10.10.0.3/24 59.239.98.3/24

f) Lab nodes
Image versions used in lab.
 Viptela 18.4.4:, vManager, vBond, vSmart, vEdge
 MPLS Router: i86bi-linuxl3-adventerprisek9-15.5.2T.bin
 Internet Router: i86bi-linuxl3-adventerprisek9-15.5.2T.bin
 L2 Switches: viosl2-adventerprisek9-m.03.2017 & i86bi-linuxl2-adventerprisek9-15.2d.bin
 Host system: EVE Docker GUI-Server
 CA Server: EVE Docker GUI-Server

11 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

B) Initial configurations
For ISP router, Switches, hosts and servers configurations are pasted as given bellows.

Startup configuration

I. Internet Router

hostname Biz-INT
ip name-server 8.8.8.8
ip name-server 1.1.1.1

interface Ethernet0/0
description *** Connected to Internet ***
ip address dhcp
ip nat outside
ip virtual-reassembly in
!
interface Ethernet0/1
description *** Connected to vedge1 ***
ip address 64.100.101.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface Ethernet0/2
description *** Connected to vedge2 ***
ip address 64.100.102.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface Ethernet0/3
description *** Connected to vedge4 ***
ip address 64.100.103.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface Ethernet1/0
description *** Connected to vedge6 ***
ip address 64.100.104.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface Ethernet1/1
description *** Connected to vedge7 ***
ip address 64.100.105.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface Ethernet1/2
description *** Connected to vedge8 ***
ip address 64.100.106.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface Ethernet1/3

12 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

description *** Connected to vedge9 ***


ip address 64.100.107.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface Ethernet2/0
description *** Connected to SW2 ***
ip address 64.100.108.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface Ethernet2/1
description *** Connected to MPLS P2P Link ***
ip address 5.5.5.6 255.255.255.252
!
ip nat inside source list nat interface Ethernet0/0 overload
ip route 10.1.1.12 255.255.255.252 5.5.5.5 name static-4-vedge9
ip route 10.10.0.0 255.255.255.0 64.100.108.2 name static-4-controller
ip route 192.168.0.0 255.255.0.0 5.5.5.5 name static-4-MPLS
!
ip access-list standard nat
permit 64.100.101.0 0.0.0.15
permit 64.100.102.0 0.0.0.15
permit 64.100.103.0 0.0.0.15
permit 64.100.104.0 0.0.0.15
permit 64.100.105.0 0.0.0.15
permit 64.100.106.0 0.0.0.15
permit 64.100.107.0 0.0.0.15
permit 64.100.108.0 0.0.0.15

II. SW2

hostname SW2
vlan 200
name VPN0

interface E0/0
description *** Conneced to vManage VPN0 ***
switchport access vlan 200
switchport mode access
no shutdown
spanning-tree portfast edge
!
interface E0/1
description *** Conneced to vSmart VPN0 ***
switchport access vlan 200
switchport mode access
no shutdown
spanning-tree portfast edge
!
interface E0/2
description *** Conneced to vBond VPN0 ***
switchport access vlan 200
switchport mode access
13 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

no shutdown
spanning-tree portfast edge
!
interface E1/2
description *** Connected to MPLS ***
no switchport
ip address 192.168.8.2 255.255.255.252
no shutdown
!
interface E1/0
description *** Connected to Internet ***
no switchport
ip address 64.100.108.2 255.255.255.240
no shutdown
!
interface E0/3
description *** Connected CA Server ***
switchport access vlan 200
switchport mode access
no shutdown
spanning-tree portfast edge
!

interface Vlan200
description ** Created for VPN0 ***
ip address 10.10.0.1 255.255.255.0
!
router ospf 10
network 10.10.0.0 0.0.0.255 area 10
network 192.168.8.0 0.0.0.3 area 10
ip route 0.0.0.0 0.0.0.0 64.100.108.1

III. R3

hostname R3
interface GigabitEthernet0/0
description *** Connected to vedge9 ***
ip address 10.1.1.13 255.255.255.252
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description *** Connected to MPLS ***
ip address 192.168.7.2 255.255.255.252
duplex auto
speed auto
media-type rj45
ip route 0.0.0.0 0.0.0.0 192.168.7.1

14 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

IV. CA Server

15 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

ifconfig eth0 10.10.0.254 netmask 255.255.255.0


route add default gw 10.10.0.1 eth0

vim /etc/resolv.conf

nameserver 1.1.1.1
nameserver 8.8.8.8

esc>:wq

Same way you can do for FTP,WEB & system hosts

V. RTP

VI. SAN JOSE

VII. New York

VIII. Las Vegas

Host1
ifconfig eth0 172.19.1.254 netmask 255.255.255.0
route add default gw 172.19.1.1 eth0

IX. New Jersey

X. Francisco

16 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

2 SD-WAN Controller Deployment


A) Initial Configuration
i. vManage initial config

NOTE: The IP addresses and details are given on the topology.

Step 1.1 First time boot. Login in the vManage

Login ID:admin
Pass :admin

Login: admin
Password: admin
Welcome to Viptela CLI
admin connected from 127.0.0.1 using console on vmanage
You must set an initial admin password.
Password: admin
Re-enter password: admin
Available storage devices:
hdb 100GB
hdc 3GB
1) vdb
2) hdc
Select storage device to use: 1
Would you like to format vdb? (y/n): y

Step 1.2. After reboot you need to login again & configure vManage with following:

Be careful to configure exactly the same organization-name. Organization name, when you downloaded
from https://software.cisco.com (PnP) section
conf t
system
clock timezone America/Los_Angeles
host-name vManage
system-ip 10.200.1.10
site-id 700
organization-name "viptela sdwan"
vbond 10.10.0.3
ntp
server 192.168.10.1
version 4
prefer
exit
commit and

config t

vpn 0
interface eth0
description Connected-vSmart-ETH0-VPN0
ip address 10.10.0.5/24
17 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

no tunnel-interface

!
no shutdown
!
ip route 0.0.0.0/0 10.10.0.1
commit and
config t

vpn 512
interface eth1
description Connected-vSmart-ETH1-VPN512
ip address 54.239.98.5/24
no shutdown
!
ip route 0.0.0.0/0 54.239.98.1
commit and

reboot
Are you sure you want to reboot?[yes,NO] yes

Step 1.3. From CA server host open Chrome web browser and navigate to vManage web interface.
https://10.10.0.5 Navigate to Administrator > Settings. Verify that Organization Name is correctly
displayed. Edit the vBond settings and enter vBond Public IP address (10.10.0.3).

Even though you have already entered vBond IP address in the CLI, you still need to configure vBond
address also under system settings. Otherwise, process of generating bootstrap configuration for vEdge
Cloud instances will not be successful.

18 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

The dashboard looks like this.

Once logged in navigate to the settings page.

Enter the Organization Name and click Save. This field must match what you used when creating the vBond profile.

19 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

ii. vBond initial config

Login ID: admin


Password: admin

conf t
system
clock timezone America/Los_Angeles
host-name vbond
system-ip 10.200.1.12
site-id 700
organization-name "viptela sdwan"
vbond 10.10.0.3 local

ntp
server 192.168.10.1
version 4
prefer
exit
commit and

config t
vpn 0
interface ge0/0
description Connected-vBond-GE0/0-VPN0
ip address 10.10.0.3/24
no tunnel-interface

no shutdown
!
ip route 0.0.0.0/0 10.10.0.1
commit and
config t

vpn 512
interface eth0
description Connected-vBond-ETH0-VPN512
ip address 54.239.98.3/24
no shutdown
!
ip route 0.0.0.0/0 54.239.98.1
commit and

reboot
Are you sure you want to reboot?[yes,NO] yes

20 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

iii. vSmart initial config

Login ID:admin
Pass :admin

conf t
system
clock timezone America/Los_Angeles
host-name vsmart
system-ip 10.200.1.11
site-id 700
organization-name "viptela sdwan"
vbond 10.10.0.3
ntp
server 192.168.10.1
version 4
prefer
exit
commit and

config t

vpn 0
interface eth0
description Connected-vSmart-ETH0-VPN0
ip address 10.10.0.4/24
no tunnel-interface

!
no shutdown
!
ip route 0.0.0.0/0 10.10.0.1
commit and
config t

vpn 512
interface eth1
description Connected-vSmart-ETH1-VPN512
ip address 54.239.98.4/24
no shutdown
!
ip route 0.0.0.0/0 54.239.98.1
commit and

Final Verification on controller before certificate installation on all controllers.

show control local-properties


clear installed-certificates

21 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

22 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

Clear all the certificates on the local device, including the public and private keys and the root
certificate, and return the device to the factory-default state

23 | P a g e
CCIE Enterprise Infrastructure: SD-WAN Practice Lab v1.0

Join Now

This is a free sample copy


The Index page number will differ
To get the complete Workbook
Visit: https://ccielabcenter/.com

24 | P a g e

You might also like