Cisco SD-WAN Plugin Deployment and Configuration Guide

Edit online

This document describes the steps to deploy and configure the Cisco SD-WAN Plugin.

Important:

To provision a single Cisco SD-WAN integration device, ensure that both the SD-WAN and SNMP plugins are enabled, then proceed to save the configuration. Please refer to the Installation steps below for more details.

Prerequisites

Edit online
  • Cisco SDWAN integration in SevOne NMS supports standard basic authentication using the vManage URL, username, and password.
  • SNMP v2 or SNMP v3 details for the edge devices, based on device compatibility.

Installation Steps - Cisco SDWAN

Edit online
Note:

When onboarding Cisco SDWAN devices in SevOne NMS, you only need to add a single SD-WAN integration device (the Cisco SDWAN Orchestrator) with the appropriate orchestrator credentials. Once the integration device is added and saved, SevOne NMS automatically discovers all edge devices managed by that integration. There is no need to manually add each edge device.

If the edge devices already exist in SevOne NMS with SNMP-only monitoring and valid IP addresses, adding the SD-WAN integration device with both SNMP and SD-WAN plugins will automatically associate the integration with the existing devices. The SD-WAN metadata will then populate alongside the existing SNMP data, without creating duplicates.

Please perform following steps on SevOne NMS using CLI.

  1. Using ssh, login to SevOne NMS appliance as support. 
    ssh support@<SevOne NMS appliance IP address>
  2. To install the spk files, execute the following commands in the sequence as shown below.
    • For a list of containers and its ids, run the following command. 
      podman ps
    • Go to SevOne NMS container. 
      podman exec -it <nms_container_id_or_name>/bin/bash
    • Make directory CiscoSDWAN under /tmp folder and change the directory to /tmp/CiscoSDWAN. 
      cd /tmp/
      mkdir CiscoSDWAN
      cd /tmp/CiscoSDWAN
  3. Download the following (latest) files from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact IBM SevOne Support for the latest files. You must place <tar/compressed file> files in /tmp/CiscoSDWAN directory.
    1. sdwan-cisco-sdwan-installation-v7.2.0-build.<###>.tgz
    2. sdwan-cisco-sdwan-installation-v7.2.0-build.<###>.tgz.sha256.txt
    3. signature-tools-<latest-version>-build.<latest>.tgz
    4. signature-tools-<latest-version>-build.<latest>.tgz.sha256.txt
  4. Execute the following commands to verify the checksum of the code signing tool before extracting it. 
    
(cd /tmp/CiscoSDWAN && cat $(ls -Art signature-tools-*.tgz.sha256.txt | \
tail -n 1) | sha256sum --check)
    
sudo tar xvfz $(ls -Art /tmp/CiscoSDWAN/signature-tools-*.tgz | \
tail -n 1) -C /tmp/CiscoSDWAN
  5. Verify the signature of Solutions .tgz files. 
    
sh usr/local/sbin/SevOne-validate-image \
-i $(ls -Art /tmp/CiscoSDWAN/Cisco-SDWAN-*.tgz | tail -n 1) \
-s $(ls -Art /tmp/CiscoSDWAN/Cisco-SDWAN-*.tgz.sha256.txt | tail -n 1)
  6. Make a directory. For example, sdwan-cisco-sdwan-installation. 
    mkdir /tmp/CiscoSDWAN/sdwan-cisco-sdwan-installation
  7. Extract the latest build. 
    
tar xvfz $(ls -Art /tmp/CiscoSDWAN/Cisco-SDWAN-*.tgz | \
tail -n 1) -C /tmp/CiscoSDWAN/sdwan-cisco-sdwan-installation

    You will see the following files in the directory.

    • CiscoSDWAN-MIBS.spk - imports Edge devices and Controller Devices.
    • CiscoSDWAN-Certification.spk - imports Device certification in deviceType.
    • CiscoSDWAN-TopN.spk - imports 24 TopN Report views.
  8. Change the directory to /tmp/CiscoSDWAN/sdwan-cisco-sdwan-installation. 
    cd /tmp/CiscoSDWAN/sdwan-cisco-sdwan-installation
  9. To import the following spk files, run the commands in the following sequence. 
    SevOne-import --allow-overwrite --file CiscoSDWAN-MIBS.spk
    SevOne-import --allow-overwrite --file CiscoSDWAN-Certification.spk
    SevOne-import --allow-overwrite --file CiscoSDWAN-TopN.spk

Device Onboarding using Graphical User Interface

Edit online

To onboard a Cisco SD-WAN device in SevOne NMS, execute the following steps.

  1. Using a web browser, navigate to the SevOne NMS appliance URL, log in with your credentials, then go to the Devices menu via the navigation bar, select Device Manager, and click Add Device to create a new device.
  2. On the New Device page, add the following details.
    1. In the Name field, enter the device name.
    2. Leave the IP Address field blank.
    3. By default, the plugin is set to SNMP.

      1. Cisco SDWAN SNMP Plugin

      2. Ensure that the field SNMP Capable check box is selected to enable the discovery of SNMP object types and to poll SNMP data on the device.
      3. In the Version field, user has an option to select either Version 2 or Version 3, wherein the corresponding configurations need to enter manually. Here, for example, version selected is 3 from the available options in the drop-down list.
      4. Enter the Username and Password for the Cisco SD-WAN device.
        Note: Ensure the same SNMP credentials are configured on all Cisco SD-WAN devices.
      5. Select other options and click Save to save the current changes as a New Device.
      1. Now, from the drip down list , select SDWAN and ensure that Enable SDWAN API Integration check box is selected.

        Cisco SDWAN Plugin

      2. Click the Vendor drop-down and select the Cisco SD-WAN option.
      3. In the vManage URL field, enter the URL for the SDWAN vendor, Cisco SD-WAN.
      4. In the Username field, enter the username for the SDWAN vendor, Cisco SD-WAN.
      5. In the Password field, enter the password for the SDWAN vendor, Cisco SD-WAN.
      6. Enable field Auto-discover and monitor associated Edge Devices - Use SNMP Plugin to automatically discover and monitor Cisco SD-WAN devices and click on Save.
    5. Once the SDWAN plugin settings are configured, click the Devices menu and select Discovery Manager.
    6. After the discovery process is completed, Cisco SD-WAN devices will be visible on the Device Manager screen.

      Cisco SD-WAN Device

Note:

The TopN Report Views are automatically imported and are listed as shown below. Manual importing is not required for these reports.

  • Cisco SD-WAN TLOC - Jitter Metrics
  • Cisco SD-WAN TLOC - Latency Metrics
  • Cisco SD-WAN TLOC - Packet Loss Metrics
  • IOS-XE Highest CPU Util - Max
  • IOS-XE Highest Memory Util - Max
  • IOS-XE IPSEC Tunnels - Bytes In Bytes Out
  • IOS-XE SD-WAN BFD Sessions Flap
  • IOS-XE SD-WAN BFD Sessions Up
  • IOS-XE SD-WAN SLA AppRoute Jitter
  • IOS-XE SD-WAN SLA AppRoute Latency
  • IOS-XE SD-WAN SLA AppRoute Packet Loss
  • IOS-XE SD-WAN TLOC BFD Sessions Flap
  • IOS-XE QoS Queue Depth
  • IOS-XE QoS Queue Discards
  • IOS-XE QoS Class Dropped Bytes
  • IOS-XE QoS Class In Bytes - Pre-policy Util
  • IOS-XE QoS Class Out Bytes - Post-policy Util
  • Viptela CPU Utilization
  • Viptela Interface Drops
  • Viptela Interface Errors
  • Viptela Interface Utilization
  • Viptela Top BFD Sessions
  • Viptela Top Bytes Received/Transmitted
  • Viptela Top Qos Queue Utilization
  • Viptela Top Used Memory
  • Viptela vSmart SLA Policy Packet Loss
In case the TopN report view does not appear in the SevOne NMS, you can import it by running the following command. 
SevOne-import --allow-overwrite --file <CiscoSDWAN_TopN_*.spk>

Upgrade

Edit online
Important: After upgrading from SevOne NMS version 7.1.x to version 7.2.x, the Cisco SDWAN vendor will be available under SDWAN plugin.

For more information, please refer to SevOne NMS Upgrade Process Guide.

Cisco SD-WAN OOTB Reports

Edit online
  1. Log in to your SevOne Data Insight by navigating to the appropriate URL in your web browser. Enter your credentials on the login page and click Login.

    diLoginPage

  2. On the Report Manager screen, click Reports and then click on SevOne Folders. Select the Cisco folder from the SD-WAN drop-down list.

    ciscoDIReportManager

  3. Select the Cisco Report displayed. You can either click on the Run button as shown below or click on the report link directly to view detailed OOTB reports.

    ciscosdwanReportInManager

    Note: Cisco SD-WAN Dashboard report is imported.

DNC / Flow Specific Changes

Edit online

Flow Interface Manager

Edit online

To check the flows received on SevOne NMS, from the navigation bar, click the Administration menu, select Flow Configuration, and then select Flow Interface Manager.

flowInterfaceManager

Deny 'Router-Generated' on Flow Rules

Edit online

Cisco SD-WAN forwards duplicate flow records for the same conversion. So, it is necessary to deny flow from the Router Generated interface to avoid double counting. To create a rule, click the Administration menu, select Flow Configuration, and then select Flow Rules. For more details, please refer to SevOne NMS System Administration Guide > section Flow Rules.

flowRules

To configuration additional parameters in the SD-WAN Flow Views options template, refer to SD-WAN Flow Views Additional Configuration Guide

View Cisco SD-WAN Flow Reports in SevOne Data Insight

Edit online

Login to SevOne Data Insight and to view the flow reports after initiating data collection. Follow the steps below in the Report Manager page.

  1. Select Reports, now under the SevOne Folders, click on the SD-WAN drop-down list, and select Cisco folder and lastly select the Cisco SD-WAN Dashboard report.

    Example

    ciscosdwanReportInManager

  2. To proceed to view the reports, either click directly on the report link or click the Run button.
  3. On the Cisco SD-WAN Dashboard page, click the Flow tab. Now, you can view the collected flow data and reports.

    ciscoSdwanFlowReports

Note: Cisco SD-WAN Dashboard report is imported.

Support Long Flows on SevOne NMS

Edit online
Warning: Sometimes, the flows are dropped when Cisco SD-WAN devices send flows with a longer duration than what is configured. To allow long flows, from the navigation bar, click the Administration menu and select Cluster Manager > Cluster Settings tab > FlowFalcon subtab > uncheck Drop Long Flows field.

dropLongFlows

Solution Verification & Customization

Edit online

Perform the following steps to log onto your SevOne NMS appliance. For more details, please refer to SevOne NMS System Administration Guide or SevOne NMS User Guide > section Login.

  1. Enter the URL for the SevOne NMS appliance into your web browser to display the Login page.
  2. Enter the credentials and click Login. For example, Username: admin and Password: SevOne
  3. To check MIB files imported, click the Administration menu, select Monitoring Configuration, and then select MIB Manager. For more details on MIB Manager, please refer to SevOne NMS System Administration Guide > section MIB Manager.

    ciscoMibReports

  4. To check device groups imported, click the Devices menu and select Grouping, then Device Groups. For more details on Device Groups, SevOne NMS User Guide > section Device Groups.

    ciscoDeviceGroups

  5. To check device types imported, click the Administration menu and select Monitoring Configuration, then Device Types. For more details on Device Types, SevOne NMS User Guide > section Device types.

    ciscoSdwanDeviceTypes

  6. To check object types, click on the Administration menu and select Monitoring Configuration, then Object Types. For more details on Object Groups, SevOne NMS System Administration Guide > section Object Types.

    Cisco SD-WAN Object Types