Installing, Configuring, Monitoring and Troubleshooting Cisco Catalyst SD-WAN (SDWAN) V20.15.2/17.15.2

Installing, Configuring, Monitoring, and Troubleshooting Cisco Catalyst (SDWAN) v20.15.2/17.15.2

< This release begins the Journey of streamlining Configuration Groups and Policy Groups, empowering network administrators with greater control and efficiency. This release is pretty close to feature complete, and the first release that I would tell customers that it is time to look to convert Configuration Templates to Configuration Groups.

Here are some of the Updates: 

Configuration Groups: Simplifying Network Management

With the advent of configuration groups, network administrators can now create and manage device configurations more effectively. The feature allows for the grouping of devices based on specific criteria, enabling consistent and centralized configuration deployment. By reducing manual configurations on individual devices, configuration groups ensure uniformity and significantly decrease the potential for errors, leading to a more streamlined and reliable network management process.

Policy Groups: Enhanced Policy Management

The introduction of policy groups in Cisco SD-WAN 20.15.2 marks a substantial improvement in policy management. This feature allows administrators to define and apply policies to specific groups of devices or regions, facilitating more granular control over network behavior. By aligning policies with organizational requirements and regional compliance standards, policy groups enhance security and performance across the network. This targeted approach ensures that policies are both effective and relevant to the specific needs of different network segments.

The release of Cisco SD-WAN 20.15.2 underscores the importance of adopting configuration and policy groups to optimize network operations. These features not only simplify the management of complex network environments but also enhance scalability and responsiveness to organizational changes. By leveraging configuration groups, administrators can ensure maintaining a secure and efficient network infrastructure. >

In this 5-day hands-on up-to-date course on Cisco Catalyst (Viptela) SD-WAN 20.15.2 / IOS-XE 17.15.2, students will learn how to administer SD-WAN. Students will learn about Deploying and Configuring SD-WAN Controllers, vEdge Devices, and Cisco IOS-XE Devices. Students will learn how to manage the (SD-WAN Manager (vManager) Interface, along with the change in the interface in 20.6 and above. Students will learn about Device Template, Feature Template, Configuration Groups, and CLI Templates. Students will learn how to tune OMP, BFD, TLOCs, QoS, TCP OPT, DRE, FEC, and Packet Duplication. Students will learn how SD-WAN implements Security using SASE, SIG, Umbrella, FW, IPS, AMP, Threat grid, TLS Decryption, and Direct Internet Access (DIA). Students will learn about Local and Central Policies. Students will also learn how Cisco SD-WAN allows Enterprises to deploy effective Cloud Solutions such as Amazon AWS, Microsoft Azure, Google Cloud, MegaPort, Equinix, and SAAS applications such as O365 and Webex. Students will also learn how to Monitor and Troubleshoot the SDWAN Solution.

Use this course towards your Cisco Continuing (CE) Education Credits (40)

• SD-WAN Overview
• SD-WAN Controllers (vSmart)
• Allow Lists and Certificates
• Platforms
• Router Deployment
• Configure SD-WAN Manager (vManager)
• SD-WAN Software Updates
• OMP / Fabric
• QoS / QoE
• Security / SASE
• Creating and Applying SD-WAN Templates
• Local and Central Policy
• Deploying using Templates
• ThousandEyes Integration
• Cloud Onramp for SaaS
• Analytics
• Monitoring & Troubleshooting the SD-WAN Solution

Who should sit this course?

This course is suitable for Network Engineers, System Administrators, IT Professionals, Technical Support Staff, and Cisco-Certified Professionals looking to enhance their skills and proficiency with Cisco Catalyst SD-WAN network management tailored for networks. 

The course is highly recommended for:

• Network Engineers: Professionals tasked with the design, implementation, and maintenance of the network infrastructure. This includes managing both Catalyst SD-WAN and data communication systems, ensuring they meet the high standards required for government operations.
• System Administrators: Individuals responsible for the daily management and configuration of the network systems. Their role is crucial in ensuring the reliable operation of Catalyst SD-WAN and WAN services across various departments.
• IT Professionals: This group includes a wide range of IT personnel working who require a robust understanding of secure and reliable Catalyst SD-WAN network systems. Their work is critical in ensuring that these networks comply with stringent standards and regulations.
• Technical Support Staff: These are the frontline personnel who provide essential technical support for Catalyst SD-WAN network systems within the environments. Their expertise ensures that any issues are promptly resolved to maintain network integrity and security.
• Cisco Certified Professionals: Individuals who have already achieved Cisco certifications and are looking to further their knowledge and expertise specifically in Catalyst SD-WAN Networks and Technologies. This course offers them an opportunity to specialize in Catalyst SD-WAN solutions, enhancing their skill set in the context of the network requirements.

N/A

Module 0: Introductions

Module 1: Catalyst SD-WAN (Viptela) Platform Overview

• SD-WAN WAN Architecture Overview
  • Review SD-WAN architecture fundamentals.
• Cisco SD-WAN Solution Overview
  • Overview of Cisco SD-WAN platform.
• New Features by Version
  • Explore features introduced in new versions.
• Licensing for Cisco SD-WAN
  • Understand licensing models and options.
• SD Routing Overview (20.12)
  • Routing features available in version 20.12.

Module 2: Cisco SD-WAN Controllers 

• Cisco SD-WAN Controller Architecture
  • Architecture for control plane components.
• Cisco Catalyst SD-WAN Portal
  • Portal-based access and management.
• Multitenant Tenancy
  • Controller tenancy model.
• Controller High Availability
  • Controller redundancy and failover.
• Verify Control Plane
  • Confirm control connectivity and functions.

Module 3: Catalyst SD-WAN Platforms

• SD-WAN Platform Overview
  • Overview of SD-WAN compatible platforms.
• SD-WAN vEdge Platforms
  • Capabilities of vEdge hardware.
• Cisco ISR 4000 Series Routers
  • Deployment using ISR 4000 routers.
• Cisco ASR 1000 Routing Portfolio
  • Use of ASR routers in SD-WAN.
• Catalyst 8000 Series Router Overviews
  • Main platform for SD-WAN routers.
• Catalyst 8500 Series Routers
  • High-performance edge routers.
• Catalyst 8300 Series Routers
  • Branch and small office routers.
• Catalyst 8200 Series Routers
  • Compact branch routers.
• Catalyst 8000v Series Virtual Router
  • Cloud-deployed router instance.
• Catalyst 8000 SD-WAN Supported Modules
  • Module compatibility and support.
• Cellular Gateways for SDWAN
  • Support for cellular transport options.
• SD-WAN WAN Edge High Availability
  • Redundancy options for WAN edge.

Module 4: Cisco SD-WAN WAN Edge Deployments        

• Adding Device to the PNP Portal
  • Onboarding devices to SD-WAN.
• Device Initial Bootup and Image Selection
  • Initial software provisioning.
• SD-WAN Zero Touch Provisioning
  • Auto-provisioning with ZTP.
• SD-WAN Quick Connect
  • Rapid manual setup.
• Manually Provision SD-WAN IOS-XE
  • CLI-based setup of edge devices.
• Verifying SD-WAN WAN Edge Configuration
  • Confirming WAN edge deployment.

Module 5: Catalyst SD-WAN SD Routing

• SD Routing Overview
  • Routing technologies supported in SD-WAN.
• SD Routing Onboarding
  • Enable SD routing in the platform.
• SD Routing Configuration
  • Configure routing protocols and policies.
• SD Routing Management
  • Monitoring and verification.

Module 6: Configuring SD-WAN Manager

• Dashboard Overview and Changes
  • Updates in new SD-WAN manager UI.
• SD-Wan Manager Monitoring Dashboard
  • Monitor devices and events.
• SD-WAN Manager Configuration
  • Create and edit configurations.
• SD-WN Manager Tools
  • Available tools for operations.
• SD-WAN Manager Maintenance
  • Maintenance workflows.
• Administrative Settings
  • System-wide settings.
• Resource Groups
  • Segment access and resources.
• Users and Groups
  • Identity and access management.
• RADIUS and TACACS
  • Authentication integrations.
• Single Sign-On / IDP Management
  • Integrate identity platforms.
• License Management
  • Track and assign licenses.
• Network Wide Path Insight
  • Path analysis and visibility.

Module 7: SD-WAN Software Upgrades

• Upgrading the SD-WAN Environment
  • Upgrade best practices.
• Upgrade SD-WAN Controllers
  • Update controller software.
• Software Upgrade Workflow Version 20.10 / 17.10
  • Step-by-step process.
• Upgrading Devices via CLI
  • Command-line driven upgrade.

Module 8: SD-WAN OMP/Fabric

• SD-WAN Fabric Overview and Terminology
  • Control, data, and management planes.
• SD-WAN Segmentation
  • Isolating traffic across the fabric.
• OMP / TLOCs / Routes
  • OMP route propagation.
• SD-WAN BFD
  • Reliable transport detection.
• On-Demand Tunnels
  • Build tunnels only as needed.
• SD-WAN Fabric Verification
  • Test and validate fabric operation.

Module 9: SD-WAN QoS / QoE

• QoE / QoS Challenges
  • Common performance problems.
• Quality of Experience (QoE) / Quality of Service (QoS)
  • Understanding SD-WAN's approach.
• Per-Tunnel QoS
  • Traffic shaping per tunnel.
• Adaptive QoS
  • Dynamic quality adjustment.
• Per VPN QoS
  • Traffic management by VPN.
• Application Quality of Experience (AppQoE)
  • App-based optimization.
• Forward Error Correction (FEC) / Packet Duplication
  • Mitigation for lossy networks.
• TCP Optimization
  • Improve TCP performance.
• Data Redundancy Elimination (DRE) / Lempel-Ziv Compression (LZ)
  • Compression options.
• SD-AVC / Microsoft O365 Telemetry
  • Deep app-level analytics.

Module 10: SD-WAN Security 

• Security Overview
  • Security in SD-WAN.
• Secure Analytics (StealthWatch) Integration
  • Integration with telemetry tools.
• Locking Down Edge Access
  • Best practices for access control.
• SD-WAN Fabric Security
  • Secure data and control planes.
• IPSec Key Exchange in SD-WAN Fabric
  • Encryption and key exchange.
• SD-WAN Security Options
  • Firewall, IPS, URL filtering.
• SD-WAN Integrated Security
  • Built-in advanced security.
• SD-WAN Enterprise Firewall
  • Layer 7 NGFW protection.
• SD-WAN Identity Firewall
  • User-identity-based policies.
• SD-WAN Intrusion Prevention System
  • Detect and stop intrusions.
• URL Filtering
  • Web access control.
• Anti-Malware Protection / Threatgrid
  • Integrated malware detection.
• DNS Security
  • Secure DNS lookups.

Module 11: SD-WAN Templates and Configuration Groups 

• Template Overview
  • Use of templates to simplify management.
• Feature Templates
  • Configure per-feature settings.
• Device Templates
  • Apply complete configurations.
• CLI Templates
  • Freeform CLI input.
• Create Device Templates using Feature Templates
  • Combine templates for reuse.
• Attaching Devices to Template
  • Apply settings to devices.
• Configuration Groups Overview
  • Reusable config bundles.
• Creating Configuration Groups
  • How to define groups.
• Deploy Configuration Group Workflow
  • Deploy changes with review.
• View/Edit Configuration Groups
  • Manage groups over time.
• Configuration Catalog
  • Manage and browse configuration items.

Module 12: SD-WAN Local Policy

• Local Policy Overview
  • Device-specific policy application.
• Local Policy Lists
  • Match conditions for local policy.
• Local Data Policies
  • Routing or forwarding logic.
• Local Policy QoS Configuration
  • Bandwidth controls at device level.
• Access Control Lists
  • Permit or deny flows.
• Localized Control Policy
  • Control-plane route influence.
• Save and Apply Local Policy
  • Policy enforcement process.

Module 13: SD-WAN Central Policies

• Central Policy Overview
  • Controller-wide policy model.
• Policy Construction
  • How to build a policy.
• Central Control Policy
  • Route influence using OMP.
• Control Policy - Dis-contiguous Data Planes
  • Cross-VPN path control.
• Control Policy - Data Center Priority
  • Traffic prioritization policies.
• Control Policy - VPN Topologies
  • Star and full-mesh configurations.
• Control Policy - VPN Membership Policy
  • Which VPNs access what.
• Control Policy - Application-Aware Routing
  • Path selection by application.
• Control Policy - Service Chaining
  • Traffic redirection via middlebox.
• Central Data Policies
  • Forwarding decisions centrally enforced.
• Central Data Policies - Use Cases
  • Practical implementations.
• Central Data Policies - Cflowd
  • Traffic visibility.
• Creating Centralized Policies
  • Putting the concepts into action.

Module 14: SD-WAN Policy Groups

• What are Policy Groups?
  • Logical grouping of policies.
• Groups of Interest (Policy Objects)
  • Reuse building blocks.
• Application Priority and SLA
  • Define app expectations.
• NGFW
  • Next-generation firewall control.
• SIG/SSE and DNS Security
  • Secure Internet Gateway integration.
• Policy Group Creation
  • Build new policy groups.
• Associate and Deploy Policy Groups
  • Activate across the network.
• UX 2.0 Topology
  • Improved interface for topology mapping.

Module 15: Cisco SD-WAN with ThousandEyes Integration

• ThousandEyes Introduction
  • Digital experience monitoring.
• Architecture and SD-WAN Deployment
  • Deploying with SD-WAN.

Module 16: Cloud On Ramp for SaaS

• Cloud OnRamp - Overview
  • What OnRamp enables.
• Cloud OnRamp for SaaS Overview
  • End-to-end SaaS optimization.
• Cloud OnRamp for M365
  • Microsoft apps acceleration.
• Cloud OnRamp for Webex
  • Better experience for Webex.
• Cloud OnRamp for Enterprise & Custom Apps
  • Non-standard SaaS apps.
• Cloud OnRamp for SaaS – Security
  • Securing SaaS access.
• Deployment Use cases
  • Example architectures.
• Cloud OnRamp for SaaS Configuration
  • Initial deployment.
• Cloud OnRamp for SaaS Monitoring
  • Health visibility.

Module 17: Analytics 3.0

• SD-WAN Analytics Overview
  • Data collection and use cases.
• SD-WAN Analytics Dashboards
  • Visual insights for metrics.
• SD-WAN Analytics KPIs and Scores
  • Performance indicators.
• SD-WAN Analytics Bandwidth Forecasting
  • Predict future bandwidth needs.
• SD-WAN Analytics Troubleshooting
  • Identify root causes.
• SD-WAN Analytics IDP Onboarding
  • IDP integration with analytics.
• SD-WAN Analytics Onboarding & Access Workflow
  • Enable analytics for sites.

Module 18: Monitoring & Troubleshooting the SD-WAN Solution

• SD-WAN Troubleshooting Overview
  • Approach to resolving issues.
• SD-WAN Technical Support Access
  • TAC support options.
• Controller Failure Scenarios
  • Recovering from controller issues.
• Troubleshooting Controllers
  • Isolate and fix controller faults.
• Troubleshooting Control Connections
  • Fix routing and tunnel issues.
• Typical Control Connection Issues
  • Common misconfigurations.
• Troubleshooting Data Plane
  • Check traffic flow issues.
• Troubleshooting Routing
  • Check route leaks or flaps.
• Centralized Policies Troubleshooting
  • Misapplied or misconfigured policies.
• Packet Forwarding Troubleshooting
  • Verify path decisions.
• Device Configuration and Upgrades Failure
  • Upgrade failure recovery.
• vDiagnose - Diagnostic Tool for SD-WAN
  • In-depth diagnostics.
• Troubleshooting cEdge
  • Troubleshoot IOS XE edges.
• Troubleshooting using SD-WAN Manager
  • GUI-based diagnosis.
• Device Troubleshooting
  • Command-based troubleshooting.
• Using the GUI for cli show command under Troubleshooting > Real-time
  • Real-time visibility.
• CLI Troubleshooting
  • Command line issue resolution.
• Network-Wide Path Insights
  • End-to-end flow tracking.
• NetFlow Collectors
  • Flow visibility using NetFlow.
• SNMP Overview
  • Basic device monitoring.
• SD-WAN Logs
  • View event logs.
• SD-WAN Reporting
  • Custom and scheduled reporting.
• SD-WAN Manager APIs & Programmability
  • Automate via API.

Appendix A: Deploying SD-WAN Controllers

• On-Prem Controller Deployment
  • Manual deployment in local DC.
• Create vManage VM Instance on ESXi or KVM
  • Virtual appliance setup.
• Initial vManage Setup
  • Bootstrap process.
• Create vBond VM Instance on ESXI or KVM
  • Orchestrator deployment.
• Create vSmart VM Instance on ESXI or KVM
  • Control-plane setup.
• Add Controllers to vManage
  • Unified visibility in vManage.
• Enterprise CA Configuration
  • Configure certificate authority.

LAB OUTLINE

• Deploy the SD-WAN Controller
• Deploy the vEdge, ISR 4K /C8000V Routers
• vManage Configuration
• Creating Device Templates (Lab 4-8)
• Use APIs to Import Feature Templates
• Upgrade SDWAN Environment
• Perform ZTP on SDWAN Environment (Lab 11-13)
• SDWAN Policies (Lab 14-17)
• Application Visibility
• Cloud On-RAMP
• Monitoring / Troubleshooting