SD-WAN Viptela Collector Deployment and Configuration Guide

About

This document describes the steps to deploy and configure the SD-WAN Viptela collector.

Important: Please do not run sevone-cli command from a subdirectory under /opt/SevOne/upgrade and /var/log/pods. It can be run from any directory except for from subdirectories under /opt/SevOne/upgrade and /var/log/pods.

Important:

Please use support user for NMS version 7.1.0.

However, for NMS versions prior to version 7.0.0, please use root user instead of support user.

Important:

IPv6 Limitation: Viptela Collector does not support IPv6 for flow data or non-flow data (interfaces, devices, etc.).
Data Handling: IPv6 flow OR non-flow data is not collected or processed by the Sevone Viptela Collector.

As a result, any data that is related to IPv6 interfaces is not collected by the SD-WAN solution and flow packets are not processed or passed through to the SevOne NMS PAS or DNC.

Deployment

To perform SD-WAN collector installation process, you will need to SSH into your machines using non-root credentials for the user sevone. Before continuing, you will need to SSH into each machine that you plan to run SD-WAN collector on and change the default password for this user. This applies whether you are using a SD-WAN appliance or have deployed an .ova. You will need to do this for all nodes (control plane and all agent nodes). This is important for security reasons.

Note: If you are performing an appliance-based installation (instead of deploying an .ova), you will need to perform the steps below after configuring the network. For details, please refer to SD-WAN Viptela Collector Pre-Deployment Guide > section Configure Network Settings. Failure to change the default password presents a significant security risk. This publication includes a default password and this document has probably been made available to the public.

Warning: Failure to change the default password presents a significant security risk. This publication includes a default password and this document has probably been made available to the public.

SSH into your SD-WAN collector machine and log in as sevone.
At the Password prompt, enter sevone.
Execute the following command:
```
passwd
```
At the prompt New password, enter a new password for the sevone user.
At the prompt Retype new password, enter the new password again.
Repeat the steps above for each machine that you plan to run SD-WAN collector on.

Install sevone-cli

Execute the following command to install sevone-cli using Command Line Interface.

sudo rpm -Uvh /opt/SevOne/upgrade/utilities/sevone-cli-*.rpm

Important: To deploy the collector, you need to install sevone-cli, if not already installed.

Generate SSH Keys

As a security measure, fresh installations do not ship with pre-generated SSH keys. Execute the following command to generate unique SSH keys for your cluster.

sevone-cli cluster setup-keys

Important: Please provide the SSH password when prompted.

Single-Node Deployment

Please refer to SD-WAN Pre-Deployment Guide to deploy a single SD-WAN Viptela node.

Using ssh, log into the SD-WAN Viptela collector control plane node as sevone.

ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>

Example

ssh sevone@10.49.15.130

Stop / reset the kubernetes.
```
sevone-cli cluster down
```
Change the hostname. For details, please refer to SD-WAN Viptela Collector Use-Cases Guide > Use-Cases > section Change Hostname.

Multi-Node Deployment

Note: When a multi-node virtual machine is leveraged for the collector and flow augmentor deployment, flows must be streamed to the node where the Flow Augmentor pod is deployed (it may be an agent node).

The settings for the flow augmentor's buffer size and net.core.rmem_default values are set only on the node where the augmentor is deployed.

If the flow augmentor pod is in the agent node and the flows are streamlined to the control plane node, it will result in a spoofing issue.

During deployment, flow augmentor and collector nodes may interchange. The flows must be streamed to the correct node accordingly.

For a multi-node setup, repeat the steps in SD-WAN Viptela Collector Pre-Deployment Guide for each additional node in your cluster. Every SD-WAN collector node ships as a running single-node Kubernetes cluster.

Using ssh, log into each node and change the hostname. In order to create a multi-node cluster, you must designate one of the nodes to be your control plane node. For details on how to change the hostname, please refer to SD-WAN Viptela Collector Use-Cases Guide > section Use-Cases > subsection Change Hostname.

Important:

Please make sure to set the hostname for all k3s nodes in lowercase when deploying the collector.
If you have created cluster or added agent nodes using the hostname method, please skip to step 7.
If you want to create cluster or add agent nodes using the IP address method, please perform steps 3, 4, 5, and 6.

Example

Important: The hostnames and IP addresses mentioned in this table are used in the examples for the steps below. Please make sure to replace the hostnames and IP addresses with your machine's hostnames and IP addresses.


Hostname	IP Address	Role
sdwan-node01	10.49.15.130	control plane
sdwan-node02	10.49.15.131	agent1
sdwan-node03	10.49.15.132	agent2

Using ssh, log into SD-WAN collector control plane node as sevone.

ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>

Example

ssh sevone@10.49.15.130

Add nodes.
```
sevone-cli cluster worker add <IP address for node 1>
```
Important:
- When adding a new agent node to your cluster, please repeat steps 4, 5, and 6 every time. Please add agent nodes using the IP address only.
- Please do not run sevone-cli cluster worker remove command when there is no k3s cluster running.
Stop / reset the kubernetes.
```
sevone-cli cluster down
```
The following spins up your Kubernetes cluster.
```
sevone-cli cluster up
```
Important: The message FAILED - RETRYING: Wait for k3s server to be up means that k3s is trying to come up and it may take a long time. If all retries are exhausted and k3s is unable to come up, the command will fail automatically. Please contact IBM SevOne Support for help.

Verify that your control plane and agent node(s) are Ready and have been added to the Kubernetes cluster.


kubectl get nodes

NAME                             STATUS   ROLES    AGE     VERSION
<your 'control plane' hostname>  Ready    master   4d1h    v1.27.1+k3s1
<your 'agent1' hostname>         Ready    <none>   4d1h    v1.27.1+k3s1
<your 'agent2' hostname>         Ready    <none>   4d1h    v1.27.1+k3s1
...
<your 'agent<n>' hostname>       Ready    <none>   4d1h    v1.27.1+k3s1

Example


kubectl get nodes

Output
NAME           STATUS   ROLES                  AGE        VERSION
sdwan-node01   Ready    control-plane,master   4d1h       v1.27.1+k3s1
sdwan-node02   Ready    <none>                 4d1h       v1.27.1+k3s1
sdwan-node03   Ready    <none>                 4d1h       v1.27.1+k3s1

Important: You are now ready to configure your SD-WAN collector.

k3s Certificates

Important: When deploying the Kubernetes cluster, Kubernetes certificates get generated which are valid for 365 days. When the certificate is about to expire in 90 days or less, an alert is sent notifying how many days remain. In order to rotate the expiring certificate, a restart of the node(s) on the kubernetes cluster is necessary.

For details, please refer to SD-WAN Viptela Collector Use-Cases Guide > section Use-Cases > subsection Rotate Kubernetes Certificates.

Installation

using Graphical User Interface

Warning: You must be on SD-WAN >= 6.5 to perform the installation using GUI.

Using ssh, log into SD-WAN Viptela collector control plane node as sevone.

ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>

Example

ssh sevone@10.49.15.130

Copy SSH keys to SevOne NMS and install GUI.

ssh-copy-id support@<SevOne NMS IP Address> && sevone-cli solutions guii

Example

ssh-copy-id support@10.49.15.175 && sevone-cli solutions guii

Important: Please provide the SSH password when prompted.

Example: The command returns the following


╒═════════════════════════════════════════════════════════════╕
│ SEVONE GUI INSTALLER                                        │
╞═════════════════════════════════════════════════════════════╡
│ Please open https://10.49.15.130:3000 in your web browser   │
│ to access the GUI Installer.                                │
├─────────────────────────────────────────────────────────────┤
│ Your credentials are:                                       │
│ - Username: admin                                           │
│ - Password: ZAQ}crckRf                                      │
├─────────────────────────────────────────────────────────────┤
│ If you ever lose your credentials, they're stored in:       │
│ /etc/sevone-guii/creds                                      │
╘═════════════════════════════════════════════════════════════╛

You are now ready to install using the Graphical User Interface Installer.

Using a web browser of your choice, enter the URL the setup script has returned. For example, https://10.49.15.130:3000.
Note: You will also need the credentials (Username and Password) that the setup script returns. These credentials are also stored in /etc/sevone-guii/creds file.
Example
```
cat /etc/sevone-guii/creds | jq 
                
```
```
{
  "password": "ZAQ}crckRf",
  "tokenSecret": "ECyqIkKdVrILcZIEdjyboADGASwlFzhl",
  "username": "admin"
}
 
```
Click Update Cluster to install SD-WAN Viptela Collector.
Enter the credentials returned to perform the Self-Service Upgrade. For example, Username: admin and Password: ZAQ}crckRf,

Note: To use the Graphical User Interface installer in dark theme, click next to SevOne logo.
For help on what each upgrade step does, click button in the upper-right corner.

Important: All the screenshots below are based on the example being used to write this document. Your total number of tasks passed (ok), skipped, failed, ignored, unreachable, or unexecuted will vary based on your setup. The tasks failed must be addressed as ansible has not ignored them.
Enter username & password and then click Login. The graphical user interface installer checks the Current Version and allows you to proceed with the installation.
Note: Example
Current Version is on SD-WAN Viptela Collector 7.1.0+56.

You can proceed with redeploy/install.

Important: During the Self-Service Upgrade, if you experience network connectivity issue or the upgrade has been halted for any reason, the self-service upgrade will resume from the step where it left off after the issue is resolved. However, if you are at the Deploy step and the self-service upgrade has been halted for any reason, self-service upgrade will show a message requesting you to contact IBM SevOne Support.
To resume with the Self-Service Upgrade, using a web browser of your choice, re-enter the URL the setup script has returned. For example, https://10.49.15.130:3000.
Click the Continue to Configure button to configure SD-WAN Viptela solution. Using GUI, you can configure only basic settings for your collector. To configure the advanced settings, please refer to section Configure.
1. From Configuration drop-down, choose a configuration file from the list. The default configuration file is solutions-sdwan-viptela_custom_guii.yaml. Provide inputs for all mandatory fields.
  Important: Once you provide inputs for all mandatory fields, error messages will no longer appear.
2. Show advanced config - Select the check box to show advanced configuration variables. For more details, please refer to SD-WAN Viptela Collector Advanced Use-Cases Guide > section Advanced Configuration Settings.
3. Collector Service
  - Credentials (All values must be base64-encoded format)
    - Controller Credentials
      - Username - The username for Viptela vManage credentials with admin-level read privilege.
      - Password - The password for Viptela vManage.
    - NMS Credentials
      - NMS API Credentials
        
        Username - The SevOne NMS user name for an administrator-level account.
        
        Password - The SevOne NMS password.
      - SSH Credentials
        
        Username - The SevOne NMS user name for ssh access to the appliance. It is recommend to set to support in base64-encoded format.
        
        Password - The SevOne NMS password for support user.
    - DI Credentials
      - DI API Credentials
        
        Username - The SevOne Data Insight user name for an adminstrator-level account.
        
        Password - The SevOne Data Insight password.
4. Collector Configuration
  - MSP Name - The Managed Service Provider (MSP) name for this instance. MSP is a grouping of one or more tenants.
5. Log
  - Log Level - Defines the log-level for the collector. Value can be info, debug, warning, or error.
6. Jaeger
  - Disabled - Select the check box to disable Jaeger tracing.
7. Load Reports
  - Disabled - Select the check box to not import TopN views and OOTB reports.
8. Vendor Controller Settings
  - Viptela vManage Controller Settings
    - vManage API URL - The API URL of vManage.
    - Insecure TLS - Select the check box to enable insecure TLS connection by skipping certification verification. This is necessary for servers with self-signed server certificates.
9. NMS
  - NMS API Settings
    - NMS API IP / Hostname - The hostname or IP address for SOA and REST API endpoints. i.e., targeted SevOne NMS.
    - Insecure TLS - Select the check box to enable insecure TLS connection by skipping certification verification. This is necessary for servers with self-signed server certificates.
  - DI
    - DI API Settings - The hostname or IP address for targeted SevOne Data Insight.
    - Insecure TLS - Select the check box to enable insecure TLS connection by skipping certification verification. This is necessary for servers with self-signed server certificates.
    - Tenant - Tenant name for this SevOne Data Insight instance. This is an internal name used to keep settings and cached data segregated by tenant. Default value is SevOne.
10. Flow Augmentor Service Settings
  - Enable - Select the check box to enable Flow Augmentor installation.
  - Flow Receiver Port - The port on which Flow Augmentor listens for inbound flows. The port number can range from 9000 - 33000.
11. Flow Augmentor Configuration
  - Flow Augmentor Sender Configuration
    - Flow Augmentor Sender Buffer Size - Sender output buffer size in number of packets.
    - DNC IP - IP address of the DNC, where the augmented flows are sent.
    - Port No - Port of DNC, where the the augmented flows are sent.
Click Save. Configuration is saved in /opt/SevOne/chartconfs/solutions-sdwan-viptela_custom_guii.yaml.
Important: Once the configuration is saved, click Continue button to upgrade SOA.
Click Continue button to Upgrade SOA.
Note: SOA version
SOA must be on the latest version on all appliances in SevOne NMS cluster.
If your peers are on SevOne NMS 7.x or above, skip the following command. However, if your peers are on SevOne NMS 6.x,
- Command Line Interface (CLI) must be used to upgrade SOA on all peers as the graphical user interface (GUI) only upgrades SOA for the NMS appliance you are connected to.
- Add flag --all-peers if you want to install SOA on all peers in the cluster.
```
 sevone-cli soa upgrade \
/opt/SevOne/upgrade/utilities/SevOne-soa-*.rpm \
<enter SevOne NMS IP address> --all-peers
 
```
You are now ready to upgrade SOA. Click Run Upgrade SOA button. This can take a few minutes to run.
Click the Continue button to Pre-Check.
Note: Pre-Check step runs various checks to ensure that SD-WAN Viptela collector cluster is healthy before the deployment.
You are now ready to run the pre-check. Click the Run Pre-Check button.
Note: To view the logs for a task, click for the task you need the details for. The pop-up has Copy to clipboard button which allows you to copy all the contents in the pop-up and paste it into a file.
Click the Continue button to Deploy.
Click the Run Deploy button to run the upgrade. This can take a few minutes to run.
Click the Continue button to Post-Check.
Click the Run Post-Check button to run the post-check. This can take a few minutes to run.
Click the Continue button.
Important: This indicates that the installation has completed successfully. It typically takes around 30-40 minutes for the data to become visible in SevOne NMS.

using Command Line Interface

Note: The steps in this section apply to both Single-node and Multi-node configurations.

Please execute the steps sequentially as they appear in these sections.

Note: For a large cluster, it may possible that the metadata agent does not update metadata information for all devices in a single run due to a large number of devices. To overcome this issue, perform the following settings.

Set the timeout value for the REST API to 600 seconds.
Point to a different SevOne NMS for each agent.
Run metadata agent twice in 24 hours. Currently, it is scheduled to run only once in 24 hours.
Run the Metadata agent at a different time interval. For example, at noon 12:00 PM UTC and at 01:00 PM UTC. Currently, it is set to 00:00 UTC.
Set a different time to run the Metadata agent for each tenant. For example, in the case of two tenants, if the agent for tenant A is scheduled to run at midnight 01:00 AM UTC and 12:00 PM UTC, then for tenant B, set the schedule to run this agent at midnight 02:00 AM UTC and 01:00 PM UTC. Metadata agent for these tenants can be scheduled to run at a difference of 30 minutes to 1 hour depending on the response time of vManage and SevOne NMS.

Important: If the same problem occurs for any other agents, please follow the steps above to schedule them at a different time.

Example: Configuration for the agent to run at 1:15 and 19:15


vendor:
  metadata:
    schedule: "15 1,19 * * *"
  vmanage_api:
    url: http://10.128.11.105:5014
    insecure_tls_connection: true

Configure

Using ssh, log into SD-WAN collector control plane node as sevone.
```
ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>
```
Note: SD-WAN collector runs as a helm chart deployed within the Kubernetes cluster. The helm chart is configured with a base set of configuration options that can be overwritten as needed.
Copy /opt/SevOne/upgrade/utilities/example-solutions-sdwan-viptela_config.yaml to /opt/SevOne/chartconfs/solutions-sdwan-viptela_custom_guii.yaml.
```
cp /opt/SevOne/upgrade/utilities/example-solutions-sdwan-viptela_config.yaml \
/opt/SevOne/chartconfs/solutions-sdwan-viptela_custom_guii.yaml
```
/opt/SevOne/chartconfs/solutions-sdwan-viptela_custom_guii.yaml contains the default (basic / minimum) configuration for Viptela. To change the configuration settings, using a text editor of your choice, /opt/SevOne/chartconfs/solutions-sdwan-viptela_custom_guii.yaml file must be updated and saved. For details on variables used in the .yaml file, please refer to section Configuration.

Upgrade SOA

Attention:

This section only applies if your SevOne NMS is on 6.x and you want to upgrade SOA.

If your SevOne NMS is on 7.0 or above, please skip this section.

After the collector configuration is updated, check SOA version, and upgrade SOA, if necessary.

Note: SOA Version

SOA must be on the latest version on all appliances in SevOne NMS cluster. Command Line Interface (CLI) must be used to upgrade SOA on all peers as the graphical user interface (GUI) only upgrades SOA for the NMS appliance you are connected to.

Execute the command to install / upgrade SOA only on NMS' Cluster Master and HSA

sevone-cli soa upgrade \
/opt/SevOne/upgrade/utilities/SevOne-soa-*.rpm

Execute the command to install / upgrade SOA on ALL peers in the NMS cluster

sevone-cli soa upgrade \
/opt/SevOne/upgrade/utilities/SevOne-soa-*.rpm \
--all-peers

Check SOA Version

Using ssh , log in as support to SevOne NMS appliance you are linking SD-WAN Viptela Collector with.
```
ssh support@<SevOne NMS appliance>
```

Check SOA version.

curl -k https://<SevOne NMS appliance IP address or hostname>/api/v3/health/version

Example


curl -k https://10.49.15.175/api/v3/health/version

{"buildTime":"2024-10-11T15:57:06Z","gitHash":"","goVersion":"go1.23.1","version":"7.1.0","nmsVersion":"7.1.0"}[support@SevOne ~]$

Note: 7.1.0 in the example above is the SOA version.

Pre-Check Environment

Execute the following command to perform the pre-check of your environment and monitor the output. Ensure that there are no failures reported in the output.

sevone-cli playbook precheck

Note: Pre-check performs the following tasks in your environment:

checks if your SevOne NMS appliance and Viptela vManage are reachable.
validates SOA and all other versions that NMS is dependent on, are valid.
confirms port availability.
validates checksum for the entire deployment.
validates Viptela vManage version.
confirms all flow port settings are available and DNC is reachable (Flow checks are only performed if the Flow Augmentor is enabled).
in case of multi-tenants, pre-checks are performed on all tenants.

The pre-check must complete successfully before you can continue to the next step. You will see the output similar to the following.

Example

TASK [reports : Import Top N Views into NMS] *********************************************************************
skipping: [sdwan-node01]

TASK [reports : Import OOTB report into DI] **********************************************************************
skipping: [sdwan-node01]

PLAY RECAP *******************************************************************************************************
sdwan-node01               : ok=57   changed=13   unreachable=0    failed=0    skipped=20   rescued=0    ignored=0

Important: The output of the command above is based on the example being used to write this document. Your total number of tasks passed (ok), changed, unreachable, failed, skipped, rescued or ignored will vary based on your setup. The tasks failed must be addressed as ansible has not ignored them.

If the pre-check does not complete successfully, please resolve the issue(s) before continuing or contact IBM SevOne Support.

Deploy

You are now ready to deploy the applications based on your configuration file. This applies to multi-tenant scenarios as well. Ensure that there are no failures reported in the output.

Note: Ensure that solutions-sdwan-viptela_custom_guii.yaml file is present in /opt/SevOne/chartconfs/.

sevone-cli cluster up

The deployment must complete successfully before you can continue to the next step. You will see the output similar to the following.

Example

TASK [kernel : Force kernel to use RHEL's network interface naming convention] ***********************************************
skipping: [sdwan-node01]

TASK [kernel : Copy SevOne sysctl configuration overrides] *******************************************************************
ok: [sdwan-node01]

TASK [kernel : Check if machine needs to be restarted] ***********************************************************************
ok: [sdwan-node01]

PLAY RECAP *******************************************************************************************************************
sdwan-node01               : ok=154  changed=34   unreachable=0    failed=0    skipped=77   rescued=0    ignored=1

Important: The output of the command above is based on the example being used to write this document. Your total number of tasks passed (ok), changed, unreachable, failed, skipped, rescued or ignored will vary based on your setup. The tasks failed must be addressed as ansible has not ignored them.

If the deployment does not complete successfully, please resolve the issue(s) before continuing or contact IBM SevOne Support.

Post-Check Environment

After successfully applying the configuration file, execute the following command to perform the post-check. Ensure that there are no failures reported in the output.

Important: Sometimes SSH keys for SevOne NMS are not available in the control plane node. To create SevOne NMS SSH keys, please execute the following command before proceeding with the post-check.

sevone-cli soa setup_keys

sevone-cli playbook postcheck

Note: Post-check performs the following tasks:

copies flow views to SevOne NMS.
flow views must be ready on SevOne NMS.
confirms port availability.
cron jobs collect the periodic logs.
after waiting for 2 minutes, it checks to ensure that all pods are either in Ready or Completed status and no pod(s) have restarted.
in case of multi-tenants, post-checks are performed on all tenants.

The post-check must complete successfully before you can continue to the next step. You will see the output similar to the following.

Example

TASK [reports : Loading configuration from file /opt/SevOne/chartconfs/solutions-sdwan-viptela_custom_guii.yaml] ************
ok: [sdwan-node01]

TASK [reports : Import Top N Views into NMS] ********************************************************************************
skipping: [sdwan-node01]

TASK [reports : Import OOTB report into DI] *********************************************************************************
skipping: [sdwan-node01]

PLAY RECAP *******************************************************************************************************************
sdwan-node01               : ok=57   changed=13   unreachable=0    failed=0    skipped=20   rescued=0    ignored=0

Important: The output of the command above is based on the example being used to write this document. Your total number of tasks passed (ok), changed, unreachable, failed, skipped, rescued or ignored will vary based on your setup. The tasks failed must be addressed as ansible has not ignored them.

If the deployment does not complete successfully, please resolve the issue(s) before continuing or contact IBM SevOne Support.

Important: The SD-WAN collector has been successfully deployed, the configuration has been applied, and the collector is now fully operational. It typically takes around 30-40 minutes for the data to become visible in SevOne NMS.

Configuration

Value Types

The collector configuration is defined in YAML format. Each setting may be one of the following.


Value Type	Description
String	String value.
Integer	Numeric integer value.
Boolean	Boolean true or false.
Duration	Time duration using syntax such as, 30s for 30 seconds 5m for 5 minutes 1m15s for 1 minute and 15 seconds. May also use h=hours, d=days.
Base64	Base64-encoded string. To create it, execute the following command. Generate username 'admin' in base64-encoded format `echo -n "admin" \| base64 YWRtaW4=` Important: If the password contains an exclamation mark (!), please use any online *string to base64 converter* tool (other than CLI) to convert the password into base64 format. For example, https://www.base64encode.org/
Array of <...>	An array of one of the other value types. This is set in YAML as, YAML array `my_setting: - value1 - value2`
Schedule string	Can be either: Cron syntax. Please refer to https://en.wikipedia.org/wiki/Cron for details. For example, 30 5 * * * is every day at 5:30 am. Special statement "@every <#>", where <#> is a duration. For example, @every 10m is every 10 minutes.

Note: The variables are listed in alphabetical order.

How are variable names in the tables below written in YAML file?

Example# 1: Variable names starting with 'collector Service'


collectorService:
  secrets:
    controller:
      # vManage credentials.
      username: ZGV2ZWxvcA==
      password: RGV2VGVhbTEyMw==
    nms:
      ssh:
      # NMS ssh credentials.
        username: cm9vdA==
        password: ZFJ1bSY1ODUz
      api:
        # NMS API credentials.
        username: YWRtaW4=
        password: U2V2T25l
    di:
      # DI API credentials list.
      api:
        - username: YWRtaW4=
          password: U2V2T25l

Example# 2: Variable names starting with 'collectorConfig'


collectorConfig:
  # MSP name.  Short and descriptive name for the collector that becomes part# of the generated NMS configuration, such as the "<MSP>::SDWAN" device# group that contains all collected devices.## Must be unique per tenant.
  msp_name: VIPTELA
  nms:
    api:
      # NMS server name or IP address.
      host: 10.49.15.175
  # di:
    api:
      - host: 10.128.10.20 # DI server name or IP address
        tenant: SevOne  # DI tenant (default: SevOne)# Tenant name for multitenant deployments.  Short and descriptive internal name.## Must be unique per tenant.
  tenant_name: Tenant 1

Mandatory Settings

Variable Name Value Type Default Value Description

collectorConfig.msp_name String The Managed Service Provider (MSP) name for this instance. MSP is a grouping of one or more tenants. The default value is ORGANIZATION.

collectorConfig.nms.api.host String The hostname or IP address for SOA and REST API endpoints. i.e., targeted SevOne NMS.

collectorConfig.di.api

Array of objects

An array of mapping of the following variables:


Variable Name	Value Type	Default Value	Description
host	String		The hostname or IP address for targeted SevOne Data Insight.
tenant	String	SevOne	Tenant name for this SevOne Data Insight instance. This is an internal name used to keep settings and cached data segregated by tenant.
insecure_tls_connection (optional)	Boolean	false	Set true to enable insecure TLS connection by skipping certification verification. This is necessary for servers with self-signed server certificates.

e.g. Configure SevOne Data Insight API hostname and tenant like: Example collectorConfig: di: api: - host: 10.128.26.50 tenant: SevOne

collecotrConfig.di.api.tenant String SevOne Tenant name for this SevOne Data Insight instance. This is an internal name used to keep settings and cached data segregated by tenant.

collectorService.secrets.nms.api.password Base64 The SevOne NMS password.

collectorService.secrets.nms.api.username Base64 The SevOne NMS user name for an administrator-level account.

collectorService.secrets.controller.password Base64 The password for Viptela vManage.

collectorService.secrets.controller.username Base64 The username for Viptela vManage credentials with admin-level read privilege.

collectorService.secrets.nms.ssh.password Base64 The SevOne NMS password for support user.

collectorService.secrets.nms.ssh.username Base64 The SevOne NMS user name for ssh access to the appliance. Please set to support in base64-encoded format.

colletorService.secrets.di.api

Array of objects

An array of mapping of the following variables:


Variable Name	Value Type	Default Value	Description
username	Base64		The SevOne Data Insight user name for an adminstrator-level account.
password	Base64		The SevOne Data Insight password.

e.g. Configure SevOne Data Inisght Username and Password like: Example


collectorService:
  secrets:
    di:
      api:
        - username: GCHtaW4=
          password: U4S2T25l

flowAugmentorService.enabled Boolean true Flag to enable Flow Augmentor installation.

flowAugmentorService.receiverPort Integer 9992 The port on which Flow Augmentor listens for inbound flows. The port number can range from 9000 - 33000.

flowAugmentorConfig.sender.ip String IP address of the NMS/DNC, where the augmented flows are sent.

flowAugmentorConfig.sender.port Integer 9996 Port of NMS/DNC, where the augmented flows are sent.

Verification

Check Pods

Check the pods - must be Running or Completed.


kubectl get pods

NAME                                                 READY   STATUS      RESTARTS   AGE
solutions-sdwan-viptela-redis-node-1                 2/2     Running     0          4d1h
solutions-sdwan-viptela-collector-57999f65b8-mrl2q   1/1     Running     0          3d21h
solutions-sdwan-viptela-aug-6974685c89-kn62b         1/1     Running     0          3d21h
solutions-sdwan-viptela-redis-node-2                 2/2     Running     0          4d1h
solutions-sdwan-viptela-redis-node-0                 2/2     Running     0          4d1h
solutions-sdwan-viptela-upgrade-crkhs                0/1     Completed   0          4m26s
solutions-sdwan-viptela-create-keys-3-9q64z          0/1     Completed   0          4m22s

Note: If the pods are in pending or start/restart status, please wait for a few minutes until they are running/completed. If there is a failure with any of the pods, please contact IBM SevOne Support.

Check Services


kubectl get services

NAME                                     TYPE        CLUSTER-IP        EXTERNAL-IP   PORT(S)              AGE
kubernetes                               ClusterIP   192.168.96.1      <none>        443/TCP              4d1h
solutions-sdwan-viptela-redis-headless   ClusterIP   None              <none>        6379/TCP,26379/TCP   4d1h
solutions-sdwan-viptela                  ClusterIP   192.168.108.113   <none>        80/TCP               4d1h
solutions-sdwan-viptela-redis            ClusterIP   192.168.109.54    <none>        6379/TCP,26379/TCP   4d1h
solutions-sdwan-viptela-flowservice      NodePort    192.168.108.62    <none>        9995:9995/UDP        3d21h

Important: Ensure that all services mentioned above are available. If any service is unavailable, please contact IBM SevOne Support.

Check Logs

Obtain the node IP where the collector pod is running for SD-WAN Viptela collector to check the logs.

Example


kubectl get pods -o wide

NAME                                                 READY   STATUS      RESTARTS   AGE     IP              NODE           NOMINATED NODE   READINESS GATES
solutions-sdwan-viptela-redis-node-1                 2/2     Running     0          4d1h    192.168.80.11   sdwan-node01   <none>           <none>
solutions-sdwan-viptela-collector-57999f65b8-mrl2q   1/1     Running     0          3d21h   192.168.80.16   sdwan-node01   <none>           <none>
solutions-sdwan-viptela-aug-6974685c89-kn62b         1/1     Running     0          3d21h   10.49.15.130    sdwan-node01   <none>           <none>
solutions-sdwan-viptela-redis-node-2                 2/2     Running     0          4d1h    192.168.80.13   sdwan-node01   <none>           <none>
solutions-sdwan-viptela-redis-node-0                 2/2     Running     0          4d1h    192.168.80.9    sdwan-node01   <none>           <none>
solutions-sdwan-viptela-upgrade-crkhs                0/1     Completed   0          5m29s   192.168.80.17   sdwan-node01   <none>           <none>
solutions-sdwan-viptela-create-keys-3-9q64z          0/1     Completed   0          5m25s   192.168.80.18   sdwan-node01   <none>           <none>        <none>

Note:

The pod name for SD-WAN Viptela collector returned is solutions-sdwan-viptela-collector-57999f65b8-mrl2q.
The node IP for SD-WAN Viptela collector returned is 192.168.80.16.

Check the logs for SD-WAN Viptela collector, for example.

Using ssh, log into SD-WAN Viptela collector node as sevone.

ssh sevone@<SD-WAN Viptela collector node IP address>

Example

ssh sevone@10.49.15.130

Change directory to /var/log/sdwan-viptela/<collector_name>/<build_version>.
```
cd /var/log/sdwan-viptela/<collector_name>/<build_version>
```
Example
```
cd /var/log/sdwan-viptela/solutions-sdwan-viptela/7.1.0-build.56/
```
You should see the following folders in this directory. The main folder displays all common logs, whereas agent-specific logs can be found within their respective folders.
- ApprouteEventAgent
- DeviceHealthAgent
- InstallerAgent
- InterfaceStatAgent
- MetadataAgent
- NextHopTableAgent
- PolicyParserAgent
- DeviceDescriptionAgent
- FlowAgent
- InterfaceQueueAgent
- main
- MigrationAgent
- ObjectDescriptionAgent
- TunnelStatAgent

Check logs for InstallerAgent. Similarly, you can check logs for all other agents.

Example


cat InstallerAgent/ solutions-sdwan-viptela_InstallerAgent_7.1.0-build.56.log

2024-10-21T00:00:11Z INF Sending SOA request... agent=InstallerAgent endpoint=/sevone.api.v3.Metadata/FlowAttributes requestId=33306
2024-10-21T00:00:11Z INF Received SOA response agent=InstallerAgent elapsed=33.083291ms requestId=33306
2024-10-21T00:00:11Z WRN FlowAttribute with Id: 116855322710271 already exists. agent=InstallerAgent
2024-10-21T00:00:11Z INF Sending SOA request... agent=InstallerAgent endpoint=/sevone.api.v3.Metadata/FlowAttributes requestId=33307
2024-10-21T00:00:11Z INF Received SOA response agent=InstallerAgent elapsed=235.007283ms requestId=33307
2024-10-21T00:00:11Z INF Sending SOA request... agent=InstallerAgent endpoint=/sevone.api.v3.Metadata/FlowViews requestId=33308
2024-10-21T00:00:11Z INF Received SOA response agent=InstallerAgent elapsed=42.306095ms requestId=33308
2024-10-21T00:00:11Z INF Load done agent=InstallerAgent
2024-10-21T00:00:11Z INF Run agent done agent=InstallerAgent elapsed=11.333107689s
2024-10-21T00:00:11Z INF Sending selfmon info to NMS  agent=InstallerAgent
2024-10-21T00:00:11Z INF Sending SOA request... agent=InstallerAgent endpoint=/sevone.api.v3.Devices/Data requestId=33309
2024-10-21T00:00:11Z INF Received SOA response agent=InstallerAgent elapsed=39.491592ms requestId=33309

Verify if Data Appears in SevOne NMS

Once the collector has been running for 15 to 20 minutes, data should appear in SevOne NMS. Perform the following steps to verify this.

Log into SevOne NMS.
From the navigation bar, go to Administration, select Object Types from Monitoring Configuration. Filter to xStats.
From the navigation bar, go to Devices, select Grouping, and then select Device Groups.
From the navigation bar, go to Devices, select Grouping, and then select Object Groups.
From the navigation bar, go to Administration and select Metadata Schema. Click on Add Namespace to check metadata creation.
If enable_flow_view_creation and flow_enabled are set to true, then the user will be able to see the created SDWAN:Viptela:AugmentedFlow view. To see the created view, from the navigation bar go to Administration, select Flow Configuration, and then select FlowFalcon View Editor.

Note: Some flow view fields may not be added in the SDWAN:Viptela:AugmentedFlow view. Please verify the addition of above highlighted flow view fields in the Fields in View section. Add the missing fields from the Available Fields section.