SD-WAN Versa Collector Deployment and Configuration Guide

Edit online

ABOUT

Edit online

This document describes the steps to deploy and configure the SD-WAN Versa collector.

Important:

Please do not run sevone-cli command from a subdirectory under /opt/SevOne/upgrade and /var/log/pods. It can be run from any directory except for from subdirectories under /opt/SevOne/upgrade and /var/log/pods.

Important:

Please use support user for NMS version 7.1.0..

However, for NMS versions prior to version 7.0.0, please use root user instead of support user.

➤   Login Credentials & Password Change

Edit online

To perform SD-WAN collector installation process, you will need to SSH into your machines using non-root credentials for the user sevone. Before continuing, you will need to SSH into each machine that you plan to run SD-WAN collector on and change the default password for this user. This applies whether you are using a SD-WAN appliance or have deployed an .ova. You will need to do this for all nodes (control plane and all agent nodes). This is important for security reasons.

Note: If you are performing an appliance-based installation (instead of deploying an .ova), you will need to perform the steps below after configuring the network. For details, please refer to SD-WAN Versa Collector Pre-Deployment Guide > section Configure Network Settings.
Warning: Failure to change the default password presents a significant security risk. This publication includes a default password and this document has probably been made available to the public.
  1. SSH into your SD-WAN collector machine and log in as sevone.
  2. At the Password prompt, enter sevone.
  3. Execute the following command:
    passwd
  4. At the prompt New password, enter a new password for the sevone user.
  5. At the prompt Retype new password, enter the new password again.
  6. Repeat the steps above for each machine that you plan to run SD-WAN collector on.

➤   Install sevone-cli

Edit online

Execute the following command to install sevone-cli using Command Line Interface.

sudo rpm -Uvh /opt/SevOne/upgrade/utilities/sevone-cli-*.rpm
Note: To deploy the collector, you need to install sevone-cli, if not already installed.

➤   Generate SSH Keys

Edit online

As a security measure, fresh installations do not ship with pre-generated SSH keys. Execute the following command to generate unique SSH keys for your cluster.

sevone-cli cluster setup-keys
Note: Please provide the SSH password when prompted.

➤   Single-Node Deployment

Edit online
  1. Please refer to SD-WAN Versa Collector Pre-Deployment Guide to deploy a single SD-WAN Versa node.
  2. Using ssh, log into the SD-WAN Versa collector control plane node as sevone.
    ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>

    Example

    ssh sevone@10.49.13.154
  3. Change the hostname. For details, please refer to SD-WAN Versa Collector Use-Cases Guide > section Use-Cases > subsection Change Hostname.
    Important: Please make sure to set the hostname for all k3s nodes in lowercase when deploying the collector.

➤   Multi-Node Deployment

Edit online
Note: When a multi-node virtual machine is leveraged for the collector and flow augmentor deployment, flows must be streamed to the node where the Flow Augmentor pod is deployed (it may be an agent node).

The settings for the flow augmentor's buffer size and net.core.rmem_default values are set only on the node where the augmentor is deployed.

If the flow augmentor pod is in the agent node and the flows are streamlined to the control plane node, it will result in a spoofing issue.

During deployment, flow augmentor and collector nodes may interchange. The flows must be streamed to the correct node accordingly.
  1. For a multi-node setup, repeat the steps in SD-WAN Versa Collector Pre-Deployment Guide for each additional node in your cluster. Every SD-WAN collector node ships as a running single-node Kubernetes cluster.
  2. Using ssh, log into each node and change the hostname. In order to create a multi-node cluster, you must designate one of the nodes to be your control plane node. For details on how to change the hostname, please refer to SD-WAN Versa Collector Use-Cases Guide > section Use-Cases > subsection Change Hostname.
    Important:
    • Please make sure to set the hostname for all k3s nodes in lowercase when deploying or upgrading the collector.
    • If you have created cluster or added agent nodes using the hostname method, please skip to step 7.
    • If you want to create cluster or add agent nodes using the IP address method, please perform steps 3, 4, 5, and 6.

    Example

    Important: The hostnames and IP addresses mentioned in this table are used in the examples for the steps below. Please make sure to replace the hostnames and IP addresses with your machine's hostnames and IP addresses.
    Hostname IP Address Role
    sdwan-node01 10.49.13.154 control plane
    sdwan-node02 10.49.13.155 agent1
    sdwan-node03 10.49.13.156 agent2
  3. Using ssh, log into SD-WAN collector control plane node as sevone.
    ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>

    Example

    ssh sevone@10.49.13.154
  4. Stop / reset the running cluster.
    Important: Please perform this step on control plane node and all agent nodes you want to add.
    sevone-cli cluster down
  5. Log into SD-WAN collector control plane node as sevone and add nodes by executing the following command.
    sevone-cli cluster worker add <IP address for node>
    Important:
    • Please add agent nodes using the IP address only.
    • When adding a new agent node to your cluster, repeat step 5 every time.
    • Please do not run sevone-cli cluster worker remove command when there is no k3s cluster running.
  6. The following spins up your Kubernetes cluster.
    sevone-cli cluster up
    Important: If you want to add more nodes to your cluster, execute the following commands in the same order as shown below.
    sevone-cli cluster down
    command on control plane node every time.
    1. sevone-cli cluster worker add <IP address for node>
      command.
    2. sevone-cli cluster up
      command.
    Important: The message FAILED - RETRYING: Wait for kubernetes node to be up means that kubernetes node is trying to come up and it may take a long time. If all retries are exhausted and kubernetes node is unable to come up, the command will fail automatically. Please contact IBM SevOne Support for help.
  7. Verify that your control plane and agent node(s) are Ready and have been added to the Kubernetes cluster.
    
kubectl get nodes

Output:
NAME                             STATUS   ROLES                 AGE     VERSION
<your 'control plane' hostname>  Ready    control-plane,master  19h     v1.28.10+k3s1
<your 'agent1' hostname>         Ready    <none>                19h     v1.28.10+k3s1
<your 'agent2' hostname>         Ready    <none>                19h     v1.28.10+k3s1
...
<your 'agent<n>' hostname>       Ready    <none>                19h     v1.28.10+k3s1

    Example

    
kubectl get nodes

Output:

NAME           STATUS   ROLES                  AGE      VERSION
sdwan-node01   Ready    control-plane,master   19h      v1.28.10+k3s1
sdwan-node02   Ready    <none>                 19h      v1.28.10+k3s1
sdwan-node03   Ready    <none>                 19h      v1.28.10+k3s1
    Important: You are now ready to configure your SD-WAN collector.

k3s CERTIFICATES

Edit online
Important: When deploying the Kubernetes cluster, Kubernetes certificates get generated which are valid for 365 days. When the certificate is about to expire in 90 days or less, an alert is sent notifying how many days remain. In order to rotate the expiring certificate, a restart of the node(s) on the kubernetes cluster is necessary.
For details, please refer to SD-WAN Versa Collector Use-Cases Guide > section Use-Cases > subsection Rotate Kubernetes Certificates.

➤   using Graphical User Interface

Edit online
Warning: You must be on SD-WAN >= 6.5 to perform the installation using GUI.
  1. Using ssh, log into SD-WAN Versa collector control plane node as sevone.
    ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>

    Example

    ssh sevone@10.49.13.154
  2. Copy SSH keys to SevOne NMS and install GUI.
    ssh-copy-id support@<SevOne NMS IP Address> && sevone-cli solutions guii

    Example

    ssh-copy-id support@10.49.15.58 && sevone-cli solutions guii
    Note: Please provide the SSH password when prompted.

    Example: The command returns the following

    
╒══════════════════════════════════════════════════════════════╕
│ SEVONE GUI INSTALLER                                         │
╞══════════════════════════════════════════════════════════════╡
│ Please open https://10.49.13.154:3000 in your web browser to │
│ access the GUI Installer.                                    │
├──────────────────────────────────────────────────────────────┤
│ Your credentials are:                                        │
│ - Username: admin                                            │
│ - Password: cfE)M&H~F/                                       │
├──────────────────────────────────────────────────────────────┤
│ If you ever lose your credentials, they're stored in:        │
│ /etc/sevone-guii/creds                                       │
╘══════════════════════════════════════════════════════════════╛

    You are now ready to install using the Graphical User Interface Installer.

  3. Using a web browser of your choice, enter the URL the setup script has returned. For example, https://10.49.13.154:3000.Versa Fresh GUI Installer Start
    Note: You will also need the credentials (Username and Password) that the setup script returns. These credentials are also stored in /etc/sevone-guii/creds file.

    Example
    
cat /etc/sevone-guii/creds | jq

Output
{
  "password": "cfE)M&H~F/",
  "tokenSecret": "tIGpQReiQzgPlIMDiBUlVHBPGRPhlPlv",
  "username": "admin"
}
  4. Click Update Cluster to install SD-WAN Versa Collector.
  5. Enter the credentials returned to perform the Self-Service Upgrade. For example, Username: admin and Password: cfE)M&H~F/.
    Versa Fresh GUI Installer Credential
    Note: To use the Graphical User Interface installer in dark theme, click GUI Install Dark Theme next to SevOne logo.

    For help on what each upgrade step does, click GUI Install Help Icon button in the upper-right corner.
    Important: All the screenshots below are based on the example being used to write this document. Your total number of tasks passed (ok) , skipped , failed , ignored , unreachable , or unexecuted will vary based on your setup. The tasks failed must be addressed as ansible has not ignored them.
  6. Enter username & password and then click Login. The graphical user interface installer checks the Current Version and allows you to proceed with the installation.Versa Fresh GUI Installer Check Versions
    Note: Example
    Current Version is on SD-WAN Versa Collector 7.1.0+54.
    You can proceed with redeploy/install.
    Note: During the Self-Service Upgrade, if you experience network connectivity issue or the upgrade has been halted for any reason, the self-service upgrade will resume from the step where it left off after the issue is resolved. However, if you are at the Deploy step and the self-service upgrade has been halted for any reason, self-service upgrade will show a message requesting you to contact IBM SevOne Support.

    To resume with the Self-Service Upgrade, using a web browser of your choice, re-enter the URL the setup script has returned. For example, https://10.49.13.154:3000.
  7. Click the Continue to Configure button to configure SD-WAN Versa solution. Using GUI, you can configure only basic settings for your collector. To configure the advanced settings, please refer to section Configure .
    Important: To configure advanced settings, you must click Save button.
    Versa Fresh GUI Installer Configure
    1. From Configuration drop-down, choose a configuration file from the list. The default configuration file is solutions-sdwan-versa_custom_guii.yaml . Provide inputs for all mandatory fields.
      Important: Once you provide inputs for all mandatory fields, error messages will no longer appear.
      Versa Fresh GUI Installer Configure Primary
    2. Show advanced config - Select the check box to show advanced configuration variables. For more details, please refer to SD-WAN Versa Collector Advanced Use-Cases Guide > section Advanced Configuration Settings.
    3. Collector Service
      • Credentials (All values must be base64-encoded format)
        • Controller Credentials
          • Username - The username for Versa Director credentials with admin-level read privilege.
          • Password - The password for Versa Director.
        • NMS Credentials
          • NMS API Credentials
            • Username - The SevOne NMS user name for an administrator-level account.
            • Password - The SevOne NMS password.
          • SSH Credentials
            • Username - The SevOne NMS user name for ssh access to the appliance. It is recommend to set to support in base64-encoded format.
            • Password - The SevOne NMS password for support user.
        • DI Credentials
          • DI API Credentials
            • Username - The SevOne Data Insight user name for an adminstrator-level account.
            • Password - The SevOne Data Insight password.
        • Syslog Receiver Port - The port on which the collector listens for non-flow syslog data sent by Versa Analytics.
    4. Collector Configuration
      • MSP Name - The Managed Service Provider (MSP) name for this instance. MSP is a grouping of one or more tenants.
    5. Log
      • Log Level - Defines the log-level for the collector. Value can be info, debug, warning, or error.
    6. Jaeger
      • Disabled - Select the check box to disable Jaeger tracing.
    7. Load Reports
      • Disabled - Set the check box to not import TopN views and OOTB reports.
    8. Vendor Controller Settings
      • Versa Director Settings
        • Versa Director API URL - The API URL of Versa Director.
        • Insecure TLS - Select the check box to enable insecure TLS connection by skipping certification verification. This is necessary for servers with self-signed server certificates.
    9. NMS
      • NMS API Settings
        • NMS API IP / Hostname - The hostname or IP address for SOA and REST API endpoints. i.e., targeted SevOne NMS.
        • Insecure TLS - Select the check box to enable insecure TLS connection by skipping certification verification. This is necessary for servers with self-signed server certificates.
      • DI
        • DI API Settings - The hostname or IP address for targeted SevOne Data Insight.
        • Insecure TLS - Select the check box to enable insecure TLS connection by skipping certification verification. This is necessary for servers with self-signed server certificates.
        • Tenant - Tenant name for this SevOne Data Insight instance. This is an internal name used to keep settings and cached data segregated by tenant. Default value is SevOne.
    10. Flow Augmentor Service Settings
      • Enable - Select the check box to enable Flow Augmentor installation.
      • Flow Receiver Port - The port on which Flow Augmentor listens for inbound flows. The port number can range from 9000 - 33000.
    11. Flow Augmentor Configuration
      • Flow Augmentor Sender Configuration
        • Flow Augmentor Sender Buffer Size - Sender output buffer size in number of packets.
        • DNC IP - IP address of the DNC, where the augmented flows are sent.
        • Port No - Port of DNC, where the the augmented flows are sent.
  8. Click Save. Configuration is saved in /opt/SevOne/chartconfs/solutions-sdwan-versa_custom_guii.yaml.
    Important: Once the configuration is saved, click Continue button to upgrade SOA.
  9. Click Continue button to Upgrade SOA.
    Note: SOA version
    SOA must be on the latest version on all appliances in SevOne NMS cluster.

    If your peers are on SevOne NMS 7.x or above, skip the following command. However, if your peers are on SevOne NMS 6.x,
    • Command Line Interface (CLI) must be used to upgrade SOA on all peers as the graphical user interface (GUI) only upgrades SOA for the NMS appliance you are connected to.
    • Add flag --all-peers if you want to install SOA on all peers in the cluster.
    
 sevone-cli soa upgrade \
/opt/SevOne/upgrade/utilities/SevOne-soa-*.rpm \
<enter SevOne NMS IP address> --all-peers
    Versa Fresh GUI Installer Upgrade SOA
  10. You are now ready to upgrade SOA. Click Run Upgrade SOA button. This can take a few minutes to run.Versa Fresh GUI Installer SOA Upgraded
  11. Click the Continue button to Pre-Check.
    Note: Pre-Check step runs various checks to ensure that SD-WAN Versa collector cluster is healthy before the deployment.
    Versa Fresh GUI Installer Run PreCheck
  12. You are now ready to run the pre-check. Click the Run Pre-Check button.Versa Fresh GUI Installer Pre Check Completed
    Note: To view the logs for a task, click GUI Installer Eye Icon for the task you need the details for. The pop-up has Copy to clipboard button which allows you to copy all the contents in the pop-up and paste it into a file.
  13. Click the Continue button to Deploy.Versa Fresh GUI Installer Run Deploy
  14. Click the Run Deploy button to run the upgrade. This can take a few minutes to run.Versa Fresh GUI Installer Deploy Completed
  15. Click the Continue button to Post Check.
    Versa Fresh GUI Installer Run Post Check
  16. Click the Run Post-Check button to run the post-check. This can take a few minutes to run.Versa Fresh GUI Installer Post Check Completed
  17. Click the Continue button.Versa Fresh GUI Installer Upgrade Finished
    Important: This indicates that the installation has completed successfully. It typically takes around 30-40 minutes for the data to become visible in SevOne NMS.

➤   Using Command Line Interface

Edit online
Note: The steps in this section apply to both Single-node and Multi-node configurations.

Please execute the steps sequentially as they appear in these sections.

Configure

Edit online
  1. Using ssh, log into SD-WAN collector control plane node as sevone.
    ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>
    Note: SD-WAN collector runs as a helm chart deployed within the Kubernetes cluster. The helm chart is configured with a base set of configuration options that can be overwritten as needed.
  2. Copy /opt/SevOne/upgrade/utilities/example-solutions-sdwan-versa_config.yaml to /opt/SevOne/chartconfs/solutions-sdwan-versa_custom_guii.yaml.
    cp /opt/SevOne/upgrade/utilities/example-solutions-sdwan-versa_config.yaml \
/opt/SevOne/chartconfs/solutions-sdwan-versa_custom_guii.yaml
  3. /opt/SevOne/chartconfs/solutions-sdwan-versa_custom_guii.yaml contains the default (basic / minimum) configuration for Versa. To change the configuration settings, using a text editor of your choice, /opt/SevOne/chartconfs/solutions-sdwan-versa_custom_guii.yaml file must be updated and saved. For details on variables used in the .yaml file, please refer to section Configuration

Upgrade SOA

Edit online
Attention:
This section only applies if your SevOne NMS is on 6.x and you want to upgrade SOA.

If your SevOne NMS is on 7.0 or above, please skip this section.

After the collector configuration is updated,{please refer to Configure section} check SOA Version, and upgrade SOA, if necessary.

Note: SOA Version
SOA must be on the latest version on all appliances in SevOne NMS cluster. Command Line Interface (CLI) must be used to upgrade SOA on all peers as the graphical user interface (GUI) only upgrades SOA for the NMS appliance you are connected to.

Execute the command to install / upgrade SOA only on NMS' Cluster Master and HSA

sevone-cli soa upgrade \
/opt/SevOne/upgrade/utilities/SevOne-soa-*.rpm

Execute the command to install / upgrade SOA on ALL peers in the NMS cluster

sevone-cli soa upgrade \
/opt/SevOne/upgrade/utilities/SevOne-soa-*.rpm \
--all-peers

Check SOA Version

  1. Using ssh , log in as support to SevOne NMS appliance you are linking SD-WAN Versa Collector with.
    ssh support@<SevOne NMS appliance>
  2. Check SOA version.
    curl -k https://<SevOne NMS appliance IP address or hostname>/api/v3/health/version

    Example

    
curl -k https://10.49.15.58/api/v3/health/version
    
Output:

{"buildTime":"2024-08-23T12:13:02Z", "gitHash":"5a317762c77b81698a803bd0a3297d408073cd66-dirty", 
"goVersion":"go1.22.5", "version":"7.1.0", "nmsVersion":"7.1.0"}
    Important: 7.1 in the example above is the SOA version.

Pre-Check Environment

Edit online
Execute the following command to perform the pre-check of your environment and monitor the output. Ensure that there are no failures reported in the output.
sevone-cli playbook precheck
Note: Pre-check performs the following tasks in your environment:
  • checks if your SevOne NMS appliance and Versa Director are reachable.
  • validates SOA and all other versions that NMS is dependent on, are valid.
  • confirms port availability.
  • validates checksum for the entire deployment.
  • validates Versa Director version.
  • confirms all flow port settings are available and DNC is reachable (Flow checks are only performed if the Flow Augmentor is enabled).
  • in case of multi-tenants, pre-checks are performed on all tenants.

The pre-check must complete successfully before you can continue to the next step. You will see the output similar to the following.

Example


TASK [prechecks : Check if the cloud-init config file exists] ****************************************************
ok: [sdwan-node01]

TASK [prechecks : Copy a default config file if it doesn't exist] ************************************************
skipping: [sdwan-node01]

PLAY RECAP *******************************************************************************************************
sdwan-node01               : ok=44   changed=4    unreachable=0    failed=0    skipped=62   rescued=0    ignored=0
Important: The output of the command above is based on the example being used to write this document. Your total number of tasks passed (ok), changed, unreachable, failed, skipped, rescued or ignored will vary based on your setup. The tasks failed must be addressed as ansible has not ignored them.

If the pre-check does not complete successfully, please resolve the issue(s) before continuing or contact IBM SevOne Support.

Deploy

Edit online
You are now ready to deploy the applications based on your configuration file. This applies to multi-tenant scenarios as well. Ensure that there are no failures reported in the output.
Note: Ensure that solutions-sdwan-versa_custom_guii.yaml file is present in /opt/SevOne/chartconfs/.
sevone-cli cluster up
The deployment must complete successfully before you can continue to the next step. You will see the output similar to the following.
Example

TASK [kernel : Copy SevOne sysctl configuration overrides] *******************************************************
ok: [sdwan-node01]

TASK [kernel : Check if machine needs to be restarted] ***********************************************************
ok: [sdwan-node01]

PLAY RECAP *******************************************************************************************************
sdwan-node01               : ok=157  changed=34   unreachable=0    failed=0    skipped=77   rescued=0    ignored=1
Important: The output of the command above is based on the example being used to write this document. Your total number of tasks passed (ok), changed, unreachable, failed, skipped, rescued or ignored will vary based on your setup. The tasks failed must be addressed as ansible has not ignored them.
If the deployment does not complete successfully, please resolve the issue(s) before continuing or contact IBM SevOne Support.

Post-Check Environment

Edit online
After successfully applying the configuration file, execute the following command to perform the post-check. Ensure that there are no failures reported in the output.
Important: Sometimes SSH keys for SevOne NMS are not available in the control plane node. To create SevOne NMS SSH keys, please execute the following command before proceeding with the post-check.
sevone-cli soa setup_keys
sevone-cli playbook postcheck
Note: Post-check performs the following tasks:
  • copies flow views to SevOne NMS.
  • flow views must be ready on SevOne NMS.
  • confirms port availability.
  • cron jobs collect the periodic logs.
  • after waiting for 2 minutes, it checks to ensure that all pods are either in Ready or Completed status and no pod(s) have restarted.
  • in case of multi-tenants, post-checks are performed on all tenants.
Important: If the post-check process fails due to multiple restarts of pods, perform the following steps to archive the POD logs.
  1. Using ssh, log into the SD-WAN Versa collector control plane node as sevone.
    ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>
  2. For each node in the cluster, copy the attached script archive-pod-logs.sh to the folder /home/sevone.
    cp /opt/SevOne/upgrade/ansible/playbooks/roles/postchecks/files/archive-pod-logs.sh \
/home/sevone/
  3. Provide execute permission to the archive-pod-logs.sh script.
    chmod 0755 archive-pod-logs.sh
  4. Create a sudo session.
    sudo -s
  5. Change directory to /etc/cron.d.
    cd /etc/cron.d
  6. Create a cronjob entry by creating the archive_pod_logs file. Using a text editor of your choice, edit archive_pod_logs and save the file.
    
vi archive_pod_logs

Output:
#Ansible: Daily cron job for archiving pod logs
0 0 * * * sevone /home/sevone/archive-pod-logs.sh collector aug
The post-check must complete successfully before you can continue to the next step. You will see the output similar to the following. Restart / Crash logs are stored in /opt/SevOne/logs/restartlogs/.
Example
TASK [postchecks : Copy K3s certificate expiration load script] ******************
ok: [sdwan-node01]

TASK [postchecks : cron] *****************************************************************************************
changed: [sdwan-node01]

PLAY RECAP *******************************************************************************************************
sdwan-node01               : ok=58   changed=11   unreachable=0    failed=0    skipped=16   rescued=0    ignored=0
Important: The output of the command above is based on the example being used to write this document. Your total number of tasks passed (ok), changed, unreachable, failed, skipped, rescued or ignored will vary based on your setup. The tasks failed must be addressed as ansible has not ignored them.
If the deployment does not complete successfully, please resolve the issue(s) before continuing or contact IBM SevOne Support.
Important: The SD-WAN collector has been successfully deployed, the configuration has been applied, and the collector is now fully operational. It typically takes around 30-40 minutes for the data to become visible in SevOne NMS.

➤   Value Types

Edit online

The collector configuration is defined in YAML format. Each setting may be one of the following.

Value Type Description
String String value.
Integer Numeric integer value.
Boolean Boolean true or false.
Duration Time duration using syntax such as,
  1. 30s for 30 seconds
  2. 5m for 5 minutes
  3. 1m15s for 1 minute and 15 seconds.
May also use h=hours, d=days.
Base64 Base64-encoded string. To create it, execute the following command. Generate username 'admin' in base64-encoded format echo -n "admin" | base64 YWRtaW4=
Important: If the password contains an exclamation mark (!), please use any online string to base64 converter tool (other than CLI) to convert the password into base64 format. For example, https://www.base64encode.org/
Array of <...> An array of one of the other value types. This is set in YAML as, YAML array my_setting:
- value1
- value2
Schedule string Can be either:
  1. Cron syntax. Please refer to https://en.wikipedia.org/wiki/Cron for details.

    For example, 30 5 * * * is every day at 5:30 am.

  2. Special statement "@every <#>", where <#> is a duration.

    For example, @every 10m is every 10 minutes.
Note: The variables are listed in alphabetical order.

How are variable names in the tables below written in YAML file?

Example# 1: Variable names starting with 'collector Service'

collectorService:
  # Listen for inbound Versa syslogs on this port.
  # Receiver port must be unique per tenant.
  syslogReceiverPort: 50001

  secrets:
    controller:
      # Versa Director credentials.
      username: <base64_username>
      password: <base64_password>
    nms:
      ssh:
        # NMS ssh credentials.
        username: <base64_username>
        password: <base64_password>
      api:
        # NMS API credentials.
        username: <base64_username>
        password: <base64_password>
    di:
      # DI API credentials list.
      api:
        - username: <base64_username>
          password: <base64_password>
Example# 2: Variable names starting with 'collectorConfig'

collectorConfig:
  # MSP name.  Short and descriptive name for the collector that becomes part
  # of the generated NMS configuration, such as the "<MSP>::SDWAN" device
  # group that contains all collected devices.
  #
  # IMPORTANT: This value MUST match the applicable parent organization name in
  # the Versa Director's Configuration page, listed on the left side.
  #
  # Must be unique per tenant.
  msp_name: <name>

  log:
    # Log level may be info or debug.  Change to debug only if required by SevOne Support.
    level: info

  jaeger:
    # Enable Jaeger only if required by SevOne Support.
    disabled: true
  
  load_reports:
    # Disable 'load_reports' only if Top N Views and OOTB reports are not required.
    disabled: false

  vendor:
    director_api:
      # URL to Versa Director API.
      url: https://<Versa_Director_server>:9182
      insecure_tls_connection: true

  nms:
    api:
      # NMS server name or IP address.
      host: <NMS_server>
      insecure_tls_connection: true
  
  di:
    api:
      - host: <DI_server>  # DI server name or IP address.
        tenant: <DI_tenant>  # DI tenant (default: SevOne)
        insecure_tls_connection: true

➤   Mandatory Settings

Edit online
Variable Name Value Type Default Value Description
collectorConfig.msp_name String   The Managed Service Provider (MSP) name for this instance. MSP is a grouping of one or more tenants. The default value is ORGANIZATION.
collectorConfig.nms.api.host String   The hostname or IP address for SOA and REST API endpoints. i.e., targeted SevOne NMS.
collectorConfig.di.api Array of objects   An array of mapping of the following variables:
Variable Name Value Type Default Value Description
host String   The hostname or IP address for targeted SevOne Data Insight.
tenant String SevOne Tenant name for this SevOne Data Insight instance. This is an internal name used to keep settings and cached data segregated by tenant.
insecure_tls_connection (optional) Boolean false Set true to enable insecure TLS connection by skipping certification verification. This is necessary for servers with self-signed server certificates.
e.g. Configure SevOne Data Insight API hostname and tenant like: Example collectorConfig: di: api: - host: 10.128.26.50 tenant: SevOne
collectorService.secrets.nms.api.password Base64   The SevOne NMS password.
collectorService.secrets.nms.api.username Base64   The SevOne NMS user name for an administrator-level account.
collectorService.secrets.controller.password Base64   The password for Versa Director.
collectorService.secrets.controller.username Base64   The username for Versa Director credentials with admin-level read privilege.
collectorService.secrets.nms.ssh.password Base64   The SevOne NMS password for support user.
collectorService.secrets.nms.ssh.username Base64   The SevOne NMS user name for ssh access to the appliance. Please set to support in base64-encoded format.
colletorService.secrets.di.api Array of objects   An array of mapping of the following variables:
Variable Name Value Type Default Value Description
username Base64   The SevOne Data Insight user name for an adminstrator-level account.
password Base64   The SevOne Data Insight password.
e.g. Configure SevOne Data Inisght Username and Password like: Example 
collectorService:secrets:di:api:username: GCHtaW4=password: U4S2T25l
collectorService.syslogReceiverPort Integer 50001 The port on which the collector listens for non-flow syslog data sent by Versa Analytics.
flowAugmentorService.enabled Boolean true Flag to enable Flow Augmentor installation.
flowAugmentorService.receiverPort Integer 9992 The port on which Flow Augmentor listens for inbound flows. The port number can range from 9000 - 33000.
flowAugmentorConfig.sender.ip String   IP address of the NMS/DNC, where the augmented flows are sent.
flowAugmentorConfig.sender.port Integer 9996 Port of NMS/DNC, where the augmented flows are sent.

➤   Check Pods

Edit online

Check the pods - must be Running or Completed.


kubectl get pods

Output:

NAME                                                 READY   STATUS      RESTARTS      AGE
solutions-sdwan-versa-create-keys-1-xzrt9            0/1     Completed   0             14h
solutions-sdwan-versa-collector-c55fbfbd-2jzs5       1/1     Running     0             14h
solutions-sdwan-versa-redis-master-0                 1/1     Running     0             14h
solutions-sdwan-versa-aug-decoder-c4c9d5dd4-pj7k5    1/1     Running     0             14h
solutions-sdwan-versa-redis-replicas-0               1/1     Running     0             14h
Note: If the pods are in pending or start/restart status, please wait for a few minutes until they are running/completed. If there is a failure with any of the pods, please contact IBM SevOne Support.

➤   Check Services

Edit online

kubectl get services

Output:

NAME                                   TYPE           CLUSTER-IP        EXTERNAL-IP   PORT(S)           AGE
kubernetes                             ClusterIP      192.168.96.1      <none>         443/TCP           14h
solutions-sdwan-versa-redis-headless   ClusterIP      None              <none>         6379/TCP          14h
solutions-sdwan-versa-redis-master     ClusterIP      192.168.107.167   <none>         6379/TCP          14h
solutions-sdwan-versa-redis-replicas   ClusterIP      192.168.111.17    <none>         6379/TCP          14h
solutions-sdwan-versa                  LoadBalancer   192.168.105.197   10.49.13.154   50001:10881/UDP   14h
solutions-sdwan-versa-flowservice      LoadBalancer   192.168.102.2     10.49.13.154   9992:11540/UDP    14h
Important: Ensure that all services mentioned above are available. If any service is unavailable, please contact IBM SevOne Support.

➤   Check Logs

Edit online
  1. Obtain the node IP where the collector pod is running for SD-WAN Versa collector to check the logs.
    
kubectl get pods -o wide

Output:

NAME                                                 READY   STATUS      RESTARTS      AGE   IP              NODE           NOMINATED NODE   READINESS GATES
ssolutions-sdwan-versa-create-keys-1-xzrt9           0/1     Completed   0             14h   192.168.80.9    sdwan-node01   <none>           <none>
solutions-sdwan-versa-collector-c55fbfbd-2jzs5       1/1     Running     0             14h   192.168.80.8    sdwan-node01   <none>           <none>
solutions-sdwan-versa-redis-master-0                 1/1     Running     0             14h   192.168.80.12   sdwan-node01   <none>           <none>
solutions-sdwan-versa-aug-decoder-c4c9d5dd4-pj7k5    1/1     Running     0             14h   10.49.13.154    sdwan-node01   <none>           <none>
solutions-sdwan-versa-redis-replicas-0               1/1     Running     0             14h   192.168.80.13   sdwan-node01   <none>           <none>
    Important:
    • The pod name for SD-WAN Versa collector returned is solutions-sdwan-versa-collector-c55fbfbd-2jzs5.
    • The node IP for SD-WAN Versa collector returned is 192.168.80.8.
  2. Check the logs for SD-WAN Versa collector, for example.
    1. Using ssh, log into SD-WAN Versa collector node as sevone. 
      ssh sevone@<SD-WAN Versa collector node IP address>

      Example

      ssh sevone@10.49.13.154
    2. Change directory to /opt/SevOne/logs/sdwan-versa/<collector_name>/<build_version>.
      /opt/SevOne/logs/sdwan-versa/<collector_name>/<build_version>
      Example
      /opt/SevOne/logs/sdwan-versa/solutions-sdwan-versa/7.1.0-build.54
      You should see the following folders in this directory. The main folder displays all common logs, whereas agent-specific logs can be found within their respective folders.
      • ClearAlertsAgent
      • DeviceHealthStreamingAgent
      • InstallerAgent
      • MigrationAgent
      • CreateAlertsStreamingAgent
      • FlowAgent
      • FlowAugmentor
      • InterfaceQueueStreamingAgent
      • main
      • ObjectDescriptionAgent
      • DeviceDescriptionAgent
      • FlowInterfaceCacheAgent
      • InterfaceStatAgent
      • MetadataAgent
      • TunnelStatStreamingAgent
    3. Check logs for InstallerAgent. Similarly, you can check logs for all other agents.

      Example

      
cat solutions-sdwan-versa_InstallerAgent_7.1.0-build.54.log

Output:

2024-10-16T00:00:44Z INF Sending SOA request... agent=InstallerAgent endpoint=/sevone.api.v3.Metadata/FlowAttributes requestId=2404
2024-10-16T00:00:44Z INF Received SOA response agent=InstallerAgent elapsed=9.385009ms requestId=2404
2024-10-16T00:00:44Z INF Sending SOA request... agent=InstallerAgent endpoint=/sevone.api.v3.Metadata/FlowViews requestId=2405
2024-10-16T00:00:44Z INF Received SOA response agent=InstallerAgent elapsed=3.017292ms requestId=2405
2024-10-16T00:00:44Z INF Load done agent=InstallerAgent
2024-10-16T00:00:44Z INF Run agent done agent=InstallerAgent elapsed=44.233509526s
2024-10-16T00:00:44Z INF Sending selfmon info to NMS  agent=InstallerAgent
2024-10-16T00:00:44Z INF Sending SOA request... agent=InstallerAgent endpoint=/sevone.api.v3.Devices/Data requestId=2406
2024-10-16T00:00:44Z INF Received SOA response agent=InstallerAgent elapsed=6.518768ms requestId=2406
      Note: If you see INF Run agent done agent=InstallerAgent, then you are ready for the build step. If the command does not return this log message, please contact IBM SevOne Support.
  3. The build step prepares your SD-WAN Versa collector. It executes the conntrack command that clears out all entries from the conntrack table and restarts the collector pod.

    For single vDirector

    sevone-cli solutions run_buildstep --deployment_name=<deployment_name>

    Example

    sevone-cli solutions run_buildstep --deployment_name=solutions-sdwan-versa
    Note: The deployment name is the name of the application specified in the directory /etc/ansible/group_vars/all.

    For multi-vDirector (To delete two collector pods).

    sevone-cli solutions run_buildstep

➤   Verify if Data Appears in SevOne NMS

Edit online

Versa Analytics Log Exporter

Edit online

Versa Analytics sends metric data, alarms and flows in the form of SysLogs to client machines. This can be enabled on Versa Analytics by configuration of Log Exporter. The Log Exporter (SysLog) configuration must be done in Versa Analytics by Versa Support Team.

Please ensure that SysLog data is in kvp format.

Versa Analytics Log Exporter must send these logs in UDP format to port 50001 on the machine where the Datastream Consumer is deployed (NMS/Virtual Machine). Following logs send the metric data and alarms.
  • alarm-log (for alarm data)
  • event-log (for event data)
  • site-status-log (for alarm data)
  • system-load-log (for device health objects)
  • mon-log (for tunnel objects)
  • slam-log (for tunnel objects)
  • cos-log (for queue objects)

In order to configure the flows for Versa, the Versa Analytics Log Exporter must send these logs in UDP format to the Flow Augmentor machine on port 9992. flow-log sends the flow data.

Versa Installer Verification

Edit online
  1. Log into SevOne NMS.
  2. From the navigation bar, go to Administration > Metadata schema.Versa Metadata Schema

Object Creation Verification

Edit online
Note: Please make sure that the Versa Analytics is configured to send the data to the Collector. Otherwise, SevOne NMS will not show the tunnel/device health/queue objects. Please refer to Versa Analytics Log Exporter section above for more details.

Once the collector has been running for 15 to 20 minutes, data should appear in SevOne NMS. Perform the following steps to verify that data appears from SevOne NMS.

  1. Log into SevOne NMS.
  2. From the navigation bar, go to Administration > Monitoring Configuration > Object Types. Select xstats in the Filter field. You may check to ensure that object types are created/installed on the NMS appliance.Versa Object Types
  3. From the navigation bar, go to Devices and select Device Manager.

    You will see the devices installed.

    Versa Devices Please wait until all devices are discovered.
  4. From the navigation bar, go to Devices and select Object Manager. From Filter Options popup, for field Device Group, choose name ending with SDWAN (MSP Device group) under All Device GroupsDevice Group; set Plugin to xStats to see the objects and click on Apply.Versa Objects
    Note: The devices and objects are created in SevOne NMS.

    Some of the objects might be created after Data Verification.

Data Verification

Edit online
Important: Please make sure that the Versa Analytics is configured to send the data to the Collector. Otherwise, the SevOne NMS will not show the data for tunnel/device health/queue objects as well as alarms. Please refer to Versa Analytics Log Exporter section above for more details.
  1. From the Object column, click an object. For example, NewYork::vni-0/0.0->Los-Angeles::vni-0/0.0 to get the Object Summary.Versa Tunnel Data
    Important: This indicates that the objects are now collecting data.
  2. From the navigation bar, go to Reports and select Create Reports to create reports.Sources subtab, choose Performance Metrics.Resources subtab, set the following fields. For example,
    • Type drop-down, choose Indicator
    • Device Group drop-down, choose Everything > All Device Groups > VERSA::SDWAN > SevOne > choose New York
    • Device drop-down, NewYork::SevOne
    • Object drop-down, under xStats, choose NewYork::vni-0/0.0->Los-Angeles::vni-0/0.0
      Important: VERSA::SDWAN, SevOne, NewYork above is an example where, MSP Name = VERSA
      • Tenant Name = SevOne
      • Site Name = NewYork
      • The following shown above are also examples:- NewYork::SevOne
        • NewYork::vni-0/0.0->Los-Angeles::vni-0/0.0
    • Indicator drop-down, choose jitter, latency, loss, loss_percentage, etc. for example.Versa PM Report
    • Click on Next > Next > Next > Next > Finish.Versa PM Report 1
      Note: Data is now collected and gets plotted.
  3. From SevOne NMS navigation bar, go to Events and select Alerts to run the collector as a Datastream Consumer. If the Versa analytics is sending any alarms/events/site status, the data will be displayed here.Versa Alerts
    Important: This indicates that the Versa alerts are saved in SevOne NMS.

Flow Configuration Verification

Edit online

If the Flow Augmentor has been installed, you can verify the configurations using the following steps.

Note: This installation script installs all the Flow Augmentor components on the same machine.
  • The Flow Falcon flow view will be created after running the above command. Verify successful creation of FlowFalcon view. Using a browser, enter the IP address of the NMS. Go to Administration > Flow Configuration > FlowFalcon View Editor. You should be able to find a view called SDWAN:Versa:AugmentedFlow.Versa Flow View
  • To check the incoming flows on port 9992, you can execute the following command on the system where Flow Augmentor is deployed.
    tcpdump port 9992
    Note: If you do not see any incoming data as the output of this command, the flows are not subscribed to the machine. If the flows are already subscribed to the machine, please check the firewall settings on the machine to expose 9992 port.
    Press Ctrl + C to exit the command.
  • To check if flows are received by the system, go to Administration > Flow Configuration > Flow Interface Manager. You should be able to see your devices. The incoming flows can be checked in the Total Flows column.Versa Flow Interface Manager
    Important: If you do not see any data in the Flow Interface Manager, there are no flows subscribed to the machine.

    Verify the flows via Flow Falcon Report. Go to Applications > FlowFalcon Reports.

  • Under Resources tab, select the device, interface and direction if required. Click on Add Resource.
  • Under Report Settings tab, select Aggregated Data as No and View as SDWAN:Versa:AugmentedFlow. In order to get aggregated flows, select Aggregated Data as Yes. You might have to wait for some time for flows to get aggregated by DNC.Versa Flow Falcon
  • Click on Get Results to generate the FlowFalcon Reports. You should be able to see the flows.Versa Flow Falcon 1
    Important: It might take some time to process and show Versa flows on the Flow Falcon Report. Also, please make sure that the flows are directed to the Flow Augmentor machine on port 9992. Please refer to Vera Analytics Log Exporter section above for more information on configuration of flows from Versa Analytics.