SD-WAN Versa Collector Deployment and Configuration Guide

Edit online

About

Edit online

This document describes the steps to deploy and configure the SD-WAN Versa collector.

Important:

Please do not run sevone-cli command from a subdirectory under /opt/SevOne/upgrade and /var/log/pods. It can be run from any directory except for from subdirectories under /opt/SevOne/upgrade and /var/log/pods.

Important:

Please use support user for NMS version 7.0.0 and above.

However, for NMS versions prior to version 7.0.0, please use root user instead of support user.

Deployment

Edit online
Contains the following topics.

Login Credentials & Password Change

Edit online

To perform SD-WAN collector installation process, you need to SSH into your machines by using non-root credentials for the user sevone. Before continuing, you need to SSH into each machine that you plan to run SD-WAN collector on and change the default password for this user. This applies whether you are using a SD-WAN appliance or have deployed an .ova. You need to do this for all nodes (control plane and all agent nodes). This is important for security reasons.

Note: If you are performing an appliance-based installation (instead of deploying an .ova), you will need to perform the steps below after configuring the network. For details, please refer to Configure Network Settings in SD-WAN Versa Collector Pre-Deployment Guide.
Warning: Failure to change the default password presents a significant security risk. This publication includes a default password and this document has probably been made available to the public.
  1. SSH into your SD-WAN collector machine and log in as sevone.
  2. At the Password prompt, enter sevone.
  3. Execute the following command: 
    passwd
  4. At the prompt New password, enter a new password for the sevone user.
  5. At the prompt Retype new password, enter the new password again.
  6. Repeat the steps above for each machine that you plan to run SD-WAN collector on.

Install sevone-cli

Edit online

Execute the following command to install sevone-cli using Command Line Interface.

sudo rpm -Uvh /opt/SevOne/upgrade/utilities/sevone-cli-*.rpm
Note: To deploy the collector, you need to install sevone-cli, if not already installed.

Generate SSH Keys

Edit online

As a security measure, fresh installations do not ship with pre-generated SSH keys. Execute the following command to generate unique SSH keys for your cluster.

sevone-cli cluster setup-keys
Note: Please provide the SSH password when prompted.

Single-Node Deployment

Edit online
  1. Please refer to SD-WAN Versa Collector Pre-Deployment Guide to deploy a single SD-WAN Versa node.
  2. Using ssh, log in to the SD-WAN Versa collector control plane node as sevone. 
    ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>

    Example

    ssh sevone@10.49.10.29
  3. Change the hostname. For details, please refer to Change Hostname in SD-WAN Versa Collector Use-Cases Guide.
    Important: Please make sure to set the hostname for all k3s nodes in lowercase when deploying the collector.

Multi-Node Deployment

Edit online
Note: When a multi-node virtual machine is used for the collector and flow augmentor deployment, flows must be streamed to the node where the Flow Augmentor pod is deployed (it may be an agent node).

The settings for the flow augmentor's buffer size and net.core.rmem_default values are set only on the node where the augmentor is deployed.

If the flow augmentor pod is in the agent node and the flows are streamlined to the control plane node, it results in a spoofing issue.

During deployment, flow augmentor, and collector nodes may interchange. Accordingly, the flows must be streamed to the correct node.

  1. For a multi-node setup, repeat the steps in SD-WAN Versa Collector Pre-Deployment Guide for each additional node in your cluster. Every SD-WAN collector node ships as a running single-node Kubernetes cluster.
  2. Using ssh, log in to each node and change the hostname. In order to create a multi-node cluster, you must designate one of the nodes to be your control plane node. For details on how to change the hostname, please refer to Change Hostname in SD-WAN Versa Collector Use-Cases Guide.
    Important:
    • Please make sure to set the hostname for all k3s nodes in lowercase when deploying or upgrading the collector.
    • If you have created cluster or added agent nodes by using the hostname method, please skip to step 7.
    • If you want to create, cluster or add agent nodes by using the IP address method, please perform steps 3, 4, 5, and 6.

    Example

    Important: The hostnames and IP addresses mentioned in this table are used in the examples for the steps below. Please make sure to replace the hostnames and IP addresses with your machine's hostnames and IP addresses.
    Hostname IP Address Role
    sdwan-node01 10.49.10.29 control plane
    sdwan-node02 10.49.10.30 agent1
    sdwan-node03 10.49.10.31 agent2
  3. Using ssh, log in to SD-WAN collector control plane node as sevone. 
    ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>

    Example

    ssh sevone@10.49.10.29
  4. Stop / reset the running cluster.
    Important: Please perform this step on control plane node and all agent nodes that you want to add.
    sevone-cli cluster down
  5. Log in to SD-WAN collector control plane node as sevone and add nodes by executing the following command. 
    sevone-cli cluster worker add <IP address for node>
    Important:
    • Please add agent nodes by using the IP address only.
    • When adding a new agent node to your cluster, repeat step 5 every time.
    • Please do not run sevone-cli cluster worker remove command when there is no k3s cluster running.
  6. The following spins up your Kubernetes cluster. 
    sevone-cli cluster up
    Important: If you want to add more nodes to your cluster, execute the following commands in the same order as shown below. 
    sevone-cli cluster down
    command on control plane node every time. 
    1. 
sevone-cli cluster worker add <IP address for node>
      command.
    2. sevone-cli cluster up
      command.
    Important: The message FAILED - RETRYING: Wait for kubernetes node to be up means that kubernetes node is trying to come up and it may take a long time. If all retries are exhausted and kubernetes node is unable to come up, the command will fail automatically. Please contact IBM SevOne Support for help.
  7. Verify that your control plane and agent node(s) are Ready and have been added to the Kubernetes cluster. 
    kubectl get nodes
    NAME                             STATUS   ROLES                 AGE     VERSION
<your 'control plane' hostname>  Ready    control-plane,master  19h     v1.28.10+k3s1
<your 'agent1' hostname>         Ready    <none>                19h     v1.28.10+k3s1
<your 'agent2' hostname>         Ready    <none>                19h     v1.28.10+k3s1
...
<your 'agent<n>' hostname>       Ready    <none>                19h     v1.28.10+k3s1

    Example

    kubectl get nodes
    NAME           STATUS   ROLES                  AGE      VERSION
sdwan-node01   Ready    control-plane,master   19h      v1.28.10+k3s1
sdwan-node02   Ready    <none>                 19h      v1.28.10+k3s1
sdwan-node03   Ready    <none>                 19h      v1.28.10+k3s1
    Important: You are now ready to configure your SD-WAN collector.

k3s Certificates

Edit online
Important: When deploying the Kubernetes cluster, Kubernetes certificates are generated which are valid for 365 days. When the certificate is about to expire in 90 days or less, an alert is sent notifying how many days remain. In order to rotate the expiring certificate, a restart of the node(s) on the Kubernetes cluster is necessary.

For details, please refer to Rotate Kubernetes Certificates in SD-WAN Versa Collector Use-Cases Guide.

Installation

Edit online
Contains the following topics.

using Graphical User Interface

Edit online
Warning: You must be on SD-WAN >= 6.5 to perform the installation by using GUI.
  1. Using ssh, log in to SD-WAN Versa collector control plane node as sevone. 
    ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>

    Example

    ssh sevone@10.49.10.29
  2. Copy SSH keys to SevOne NMS and install GUI. 
    ssh-copy-id support@<SevOne NMS IP Address> && sevone-cli solutions guii

    Example

    ssh-copy-id support@10.49.12.58 && sevone-cli solutions guii
    Note: Please provide the SSH password when prompted.

    Example: The command returns the following

    
╒══════════════════════════════════════════════════════════════╕
│ SEVONE GUI INSTALLER                                         │
╞══════════════════════════════════════════════════════════════╡
│ Please open https://10.49.10.29:3000  in your web browser to │
│ access the GUI Installer.                                    │
├──────────────────────────────────────────────────────────────┤
│ Your credentials are:                                        │
│ - Username: admin                                            │
│ - Password: b%{dMI/qO*                                       │
├──────────────────────────────────────────────────────────────┤
│ If you ever lose your credentials, they're stored in:        │
│ /etc/sevone-guii/creds                                       │
╘══════════════════════════════════════════════════════════════╛

    You are now ready to install by using the Graphical User Interface Installer.

  3. Using a web browser of your choice, enter the URL the setup script has returned. For example, https://10.49.10.29:3000.Versa Fresh GUI Installer Start
    Note: You will also need the credentials (Username and Password) that the setup script returns. These credentials are also stored in /etc/sevone-guii/creds file.

    Example

    
cat /etc/sevone-guii/creds | jq

{
  "password": "b%{dMI/qO*",
  "tokenSecret": "JqyxJosBFqVpypfOBdzkLgMfHrcBdETV",
  "username": "admin"
}
  4. Click Update Cluster to install SD-WAN Versa Collector.
  5. Enter the credentials returned to perform the Self-Service Upgrade. For example, Username: admin and Password: b%{dMI/qO*

    Versa Fresh GUI Installer Credential

    Note: To use the Graphical User Interface installer in dark theme, click GUI Install Dark Theme next to the SevOne logo.

    For help on what each upgrade step does, click GUI Install Help Icon button in the upper-right corner.

    Important: All the screenshots below are based on the example being used to write this document. Your total number of tasks passed (ok), skipped, failed, ignored, unreachable, or unexecuted will vary based on your setup. The tasks failed must be addressed as ansible has not ignored them.
  6. Enter username and password and then click Login. The graphical user interface installer checks the Current Version to perform a fresh installation with, and allows you to proceed with the installation.

    Versa Fresh GUI Installer Check Versions

    Note: Example

    The Current Version is on SD-WAN Versa Collector 8.0.0+39.

    You can proceed with redeploy/install.

    Note: During the Self-Service Upgrade, if you experience network connectivity issue or the upgrade has been halted for any reason, the self-service upgrade will resume from the step where it left off after the issue is resolved. However, if you are at the Deploy step and the self-service upgrade has been halted for any reason, self-service upgrade shows a message requesting you to contact IBM SevOne Support.

    To resume with the Self-Service Upgrade, by using a web browser of your choice, re-enter the URL the setup script has returned. For example, https://10.49.10.29:3000.

  7. Click the Continue to Configure button to configure SD-WAN Versa solution. Using GUI, you can configure only basic settings for your collector. To configure the advanced settings, please refer to section Configure.
    Important: To configure advanced settings, you must click Save button.

    Versa Fresh GUI Installer Configure

    1. From the Configuration drop-down, choose a configuration file from the list. The default configuration file is solutions-sdwan-versa_custom_guii.yaml. Provide inputs for all mandatory fields.
      Important: Once you provide inputs for all mandatory fields, error messages will no longer appear.

      Versa Fresh GUI Installer Configure Primary

    2. Show advanced config - Select the checkbox to show advanced configuration variables. For more details, please refer to Advanced Configuration Settings in SD-WAN Versa Collector Advanced Use-Cases Guide.
    3. Collector Service
      • Credentials (All values must be base64-encoded format)
        • Controller Credentials
          • Username - The username for Versa Director credentials with admin-level read privilege.
          • Password - The password for Versa Director.
        • NMS Credentials
          • NMS API Credentials
            • Username - The SevOne NMS username for an administrator-level account.
            • Password - The SevOne NMS password.
          • SSH Credentials
            • Username - The SevOne NMS username for ssh access to the appliance. It is recommended to set to support in base64-encoded format.
            • Password - The SevOne NMS password for support user.
        • Syslog Receiver Port - The port on which the collector listens for non-flow syslog data sent by Versa Analytics.
    4. Collector Configuration
      • MSP Name - The Managed Service Provider (MSP) name for this instance. MSP is a grouping of one or more tenants.
    5. Log
      • Log Level - Defines the log-level for the collector. Value can be info, debug, warning, or error.
    6. Jaeger
      • Disabled - Select the checkbox to disable Jaeger tracing.
    7. Load Reports
      • Disabled - Set the checkbox to not import TopN views.
    8. Vendor Controller Settings
      • Versa Director Settings
        • Versa Director API URL - The API URL of Versa Director.
        • Insecure TLS - Select the checkbox to enable insecure TLS connection by skipping certification verification. This is necessary for servers with self-signed server certificates.
    9. NMS
      • NMS API Settings
        • NMS API IP / Hostname - The hostname or IP address for REST API endpoints. i.e., targeted SevOne NMS.
        • Insecure TLS - Select the checkbox to enable insecure TLS connection by skipping certification verification. This is necessary for servers with self-signed server certificates.
    10. Flow Augmentor Service Settings
      • Enable - Select the checkbox to enable Flow Augmentor installation.
      • Flow Receiver Port - The port on which Flow Augmentor listens for inbound flows. The port number can range from 9000 - 33000.
    11. Flow Augmentor Configuration
      • Flow Augmentor Sender Configuration
        • Flow Augmentor Sender Buffer Size - Sender output buffer size in number of packets.
        • DNC IP - IP address of the DNC, where the augmented flows are sent.
        • Port No - Port of DNC, where the the augmented flows are sent.
  8. Click Save. Configuration is saved in /opt/SevOne/chartconfs/solutions-sdwan-versa_custom_guii.yaml.
  9. Click the Continue button to Pre-Check.
    Note: Pre-Check step runs various checks to ensure that the SD-WAN Versa collector cluster is healthy before the deployment.

    Versa Fresh GUI Installer Run PreCheck

  10. You are now ready to run the pre-check. Click the Run Pre-Check button.

    Versa Fresh GUI Installer Pre Check Completed

    Note: To view the logs for a task, click GUI Installer Eye Icon for the task you need the details for. The pop-up has a Copy to clipboard button, which allows you to copy all the contents in the pop-up and paste it into a file.
  11. Click the Continue button to Deploy.

    Versa Fresh GUI Installer Run Deploy

  12. Click the Run Deploy button to run the upgrade. This can take a few minutes to run.

    Versa Fresh GUI Installer Deploy Completed

  13. Click the Continue button to Post Check.

    Versa Fresh GUI Installer Run Post Check

  14. Click the Run Post-Check button to run the post-check. This can take a few minutes to run.

    Versa Fresh GUI Installer Post Check Completed

  15. Click the Continue button.

    Versa Fresh GUI Installer Upgrade Finished

    Important: This indicates that the installation has completed successfully. It typically takes around 30-40 minutes for the data to become visible in SevOne NMS.

using Command Line Interface

Edit online
Note: The steps in this section apply to both Single-node and Multi-node configurations.

Please execute the steps sequentially as they appear in these sections.

Configure

Edit online
  1. Using ssh, log in to SD-WAN collector control plane node as sevone. 
    ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>
    Note: SD-WAN collector runs as a helm chart deployed within the Kubernetes cluster. The helm chart is configured with a base set of configuration options that can be overwritten as needed.
  2. Copy /opt/SevOne/upgrade/utilities/example-solutions-sdwan-versa_config.yaml to /opt/SevOne/chartconfs/solutions-sdwan-versa_custom_guii.yaml. 
    
cp /opt/SevOne/upgrade/utilities/example-solutions-sdwan-versa_config.yaml \
/opt/SevOne/chartconfs/solutions-sdwan-versa_custom_guii.yaml
  3. /opt/SevOne/chartconfs/solutions-sdwan-versa_custom_guii.yaml contains the default (basic / minimum) configuration for Versa. To change the configuration settings, by using a text editor of your choice, /opt/SevOne/chartconfs/solutions-sdwan-versa_custom_guii.yaml file must be updated and saved. For details on variables used in the .yaml file, please refer to section Configuration.

Pre-Check Environment

Edit online
Execute the following command to perform the pre-check of your environment and monitor the output. Ensure that there are no failures reported in the output. 
sevone-cli playbook precheck
Note: Pre-check performs the following tasks in your environment:
  • Checks if your SevOne NMS appliance and Versa Director are reachable.
  • Confirms port availability.
  • Validates checksum for the entire deployment.
  • Validates Versa Director version.
  • Confirms all flow port settings are available and DNC is reachable (Flow checks are only performed if the Flow Augmentor is enabled).
  • In case of multi-tenants, pre-checks are performed on all tenants.

The pre-check must complete successfully before you can continue to the next step. You will see the output similar to the following.

Example


TASK [prechecks : Check if the cloud-init config file exists] ****************************************************
ok: [sdwan-node01]

TASK [prechecks : Copy a default config file if it doesn't exist] ************************************************
skipping: [sdwan-node01]

PLAY RECAP *******************************************************************************************************
sdwan-node01               : ok=44   changed=4    unreachable=0    failed=0    skipped=62   rescued=0    ignored=0
Important: The output of the command above is based on the example being used to write this document. Your total number of tasks passed (ok), changed, unreachable, failed, skipped, rescued, or ignored will vary based on your setup. The tasks failed must be addressed as ansible has not ignored them.

If the pre-check does not complete successfully, please resolve the issue(s) before continuing or contact IBM SevOne Support.

Deploy

Edit online

You are now ready to deploy the applications based on your configuration file. This applies to multi-tenant scenarios as well. Ensure that there are no failures reported in the output.

Note: Ensure that the solutions-sdwan-versa_custom_guii.yaml file is present in /opt/SevOne/chartconfs/. 

sevone-cli cluster up

The deployment must complete successfully before you can continue to the next step. You will see the output similar to the following.

Example


TASK [kernel : Copy SevOne sysctl configuration overrides] *******************************************************
ok: [sdwan-node01]

TASK [kernel : Check if machine needs to be restarted] ***********************************************************
ok: [sdwan-node01]

PLAY RECAP *******************************************************************************************************
sdwan-node01               : ok=157  changed=34   unreachable=0    failed=0    skipped=77   rescued=0    ignored=1
Important: The output of the command above is based on the example being used to write this document. Your total number of tasks passed (ok), changed, unreachable, failed, skipped, rescued, or ignored will vary based on your setup. The tasks failed must be addressed as ansible has not ignored them.

If the deployment does not complete successfully, please resolve the issue(s) before continuing or contact IBM SevOne Support.

Post-Check Environment

Edit online

After successfully applying the configuration file, execute the following command to perform the post-check. Ensure that there are no failures reported in the output.


sevone-cli playbook postcheck
Note: Post-check performs the following tasks:
  • Copies flow views to SevOne NMS.
  • Flow views must be ready on SevOne NMS.
  • Confirms port availability.
  • Cron jobs collect the periodic logs.
  • After waiting for 2 minutes, it checks to ensure that all pods are either in Ready or Completed status and no pod(s) have restarted.
  • In case of multi-tenants, post-checks are performed on all tenants.
Important: If the post-check process fails due to multiple restarts of pods, perform the following steps to archive the POD logs.
  1. Using ssh, log in to the SD-WAN Versa collector control plane node as sevone. 
    
ssh sevone@<SD-WAN collector 'control plane' node IP address or hostname>
  2. For each node in the cluster, copy the attached script archive-pod-logs.sh to the folder /home/sevone. 
    
cp /opt/SevOne/upgrade/ansible/playbooks/roles/postchecks/files/archive-pod-logs.sh \
/home/sevone/
  3. Provide execute permission to the archive-pod-logs.sh script. 
    
chmod 0755 archive-pod-logs.sh
  4. Create a sudo session. 
    
sudo -s
  5. Change the directory to /etc/cron.d. 
    
cd /etc/cron.d
  6. Create a cronjob entry by creating the archive_pod_logs file. Using a text editor of your choice, edit archive_pod_logs and save the file. 
    
vi archive_pod_logs

    #Ansible: Daily cron job for archiving pod logs
0 0 * * * sevone /home/sevone/archive-pod-logs.sh collector aug

The post-check must complete successfully before you can continue to the next step. You will see the output similar to the following. Restart / Crash logs are stored in /opt/SevOne/logs/restartlogs/.

Example

TASK [postchecks : Copy K3s certificate expiration load script] ******************
ok: [sdwan-node01]

TASK [postchecks : cron] *****************************************************************************************
changed: [sdwan-node01]

PLAY RECAP *******************************************************************************************************
sdwan-node01               : ok=58   changed=11   unreachable=0    failed=0    skipped=16   rescued=0    ignored=0
Important: The output of the command above is based on the example being used to write this document. Your total number of tasks passed (ok), changed, unreachable, failed, skipped, rescued, or ignored will vary based on your setup. The tasks failed must be addressed as ansible has not ignored them.

If the deployment does not complete successfully, please resolve the issue(s) before continuing or contact IBM SevOne Support.

Important: The SD-WAN collector has been successfully deployed. The configuration has been applied, and the collector is now fully operational. It typically takes around 30-40 minutes for the data to become visible in SevOne NMS.

Versa Collector - OOTB Reports

Edit online
  1. Log in to your SevOne Data Insight by navigating to the appropriate URL in your web browser. Enter your credentials on the login page and click Login.Data Insight Login Page
  2. On the Report Manager screen, click Reports and then click SevOne Folders. Data Insight Report Manager
  3. Under SevOne Folders, select the Versa folder from the SD-WAN drop-down list.Versa Data Insight Report Manager
  4. Select the Versa Report displayed. You can either click the Run button as shown below or click on the report link directly to view detailed OOTB reports. Versa Data Insight Reports In Manager

    The following list of OOTB reports are imported.

    • SDWAN Device Health Object Summary
    • Versa Device Summary
    • Versa Inerface Summary
    • Versa Summary Report

Configuration

Edit online
Contains the following topics.

Value Types

Edit online

The collector configuration is defined in YAML format. Each setting may be one of the following.

Value Type Description
String String value.
Integer Numeric integer value.
Boolean Boolean true or false.
Duration Time duration by using syntax such as,
  1. 30s for 30 seconds
  2. 5 m for 5 minutes
  3. 1m15s for 1 minute and 15 seconds.
May also use h=hours, d=days.
Base64 Base64-encoded string. To create it, execute the following command. Generate username 'admin' in base64-encoded format echo -n "admin" | base64YWRtaW4=
Important: If the password contains an exclamation mark (!), please use any online string to Base64 converter tool (other than CLI) to convert the password into Base64 format. For example, https://www.base64encode.org/
Array of <...> An array of one of the other value types. This is set in YAML as, YAML array my_setting:

- value1

- value2
Schedule string Can be either:
  1. Cron syntax. Please refer to https://en.wikipedia.org/wiki/Cron for details.

    For example, 30 5 * * * is every day at 5:30 am.

  2. Special statement "@every <#>", where <#> is a duration.

    For example, @every 10 m is every 10 minutes.
Note: The variables are listed in alphabetical order.

How are variable names in the tables below written in the .yaml file?

Example# 1: Variable names starting with 'collector Service' 

collectorService:
  # Listen for inbound Versa syslogs on this port.
  # Receiver port must be unique per tenant.
  syslogReceiverPort: 50001

  secrets:
    controller:
      # Versa Director credentials.
      username: <base64_username>
      password: <base64_password>
    nms:
      ssh:
        # NMS ssh credentials.
        username: <base64_username>
        password: <base64_password>
      api:
        # NMS API credentials.
        username: <base64_username>
        password: <base64_password>
Example# 2: Variable names starting with 'collectorConfig' 

collectorConfig:
  # MSP name.  Short and descriptive name for the collector that becomes part
  # of the generated NMS configuration, such as the "<MSP>::SDWAN" device
  # group that contains all collected devices.
  #
  # IMPORTANT: This value MUST match the applicable parent organization name in
  # the Versa Director's Configuration page, listed on the left side.
  #
  # Must be unique per tenant.
  msp_name: <name>

  log:
    # Log level may be info or debug.  Change to debug only if required by SevOne Support.
    level: info

  jaeger:
    # Enable Jaeger only if required by SevOne Support.
    disabled: true
  
  load_reports:
    # Disable 'load_reports' only if Top N Views are not required.
    disabled: false

  vendor:
    director_api:
      # URL to Versa Director API.
      url: https://<Versa_Director_server>:9182
      insecure_tls_connection: true

  nms:
    api:
      # NMS server name or IP address.
      host: <NMS_server>
      insecure_tls_connection: true

Mandatory Settings

Edit online
Variable Name Value Type Default Value Description
collectorConfig.msp_name String The Managed Service Provider (MSP) name for this instance. MSP is a grouping of one or more tenants. The default value is ORGANIZATION.
collectorConfig.nms.api.host String The hostname or IP address for REST API endpoints. i.e., targeted SevOne NMS.
collectorService.secrets.nms.api.password Base64 The SevOne NMS password.
collectorService.secrets.nms.api.username Base64 The SevOne NMS username for an administrator-level account.
collectorService.secrets.controller.password Base64 The password for Versa Director.
collectorService.secrets.controller.username Base64 The username for Versa Director credentials with admin-level read privilege.
collectorService.secrets.nms.ssh.password Base64 The SevOne NMS password for support user.
collectorService.secrets.nms.ssh.username Base64 The SevOne NMS username for ssh access to the appliance. Please set to support in base64-encoded format.
collectorService.syslogReceiverPort Integer 50001 The port on which the collector listens for non-flow syslog data sent by Versa Analytics.
flowAugmentorService.enabled Boolean true Flag to enable Flow Augmentor installation.
flowAugmentorService.receiverPort Integer 9992 The port on which Flow Augmentor listens for inbound flows. The port number can range from 9000 - 33000.
flowAugmentorConfig.sender.ip String IP address of the NMS/DNC, where the augmented flows are sent.
flowAugmentorConfig.sender.port Integer 9996 Port of NMS/DNC, where the augmented flows are sent.

Verification

Edit online
Contains the following topics.

Check Pods

Edit online

Check the pods - must be Running or Completed.


kubectl get pods

NAME                                                 READY   STATUS      RESTARTS      AGE
solutions-sdwan-versa-create-keys-1-xzrt9            0/1     Completed   0             14h
solutions-sdwan-versa-collector-c55fbfbd-2jzs5       1/1     Running     0             14h
solutions-sdwan-versa-redis-master-0                 1/1     Running     0             14h
solutions-sdwan-versa-aug-decoder-c4c9d5dd4-pj7k5    1/1     Running     0             14h
solutions-sdwan-versa-redis-replicas-0               1/1     Running     0             14h
Note: If the pods are in pending or start/restart status, please wait for a few minutes until they are running/completed. If there is a failure with any of the pods, please contact IBM SevOne Support.

Check Services

Edit online
kubectl get services
NAME                                   TYPE           CLUSTER-IP        EXTERNAL-IP   PORT(S)           AGE
kubernetes                             ClusterIP      192.168.96.1      <none>         443/TCP           14h
solutions-sdwan-versa-redis-headless   ClusterIP      None              <none>         6379/TCP          14h
solutions-sdwan-versa-redis-master     ClusterIP      192.168.107.167   <none>         6379/TCP          14h
solutions-sdwan-versa-redis-replicas   ClusterIP      192.168.111.17    <none>         6379/TCP          14h
solutions-sdwan-versa                  LoadBalancer   192.168.105.197   10.49.13.154   50001:10881/UDP   14h
solutions-sdwan-versa-flowservice      LoadBalancer   192.168.102.2     10.49.13.154   9992:11540/UDP    14h
Important: Ensure that all services mentioned above are available. If any service is unavailable, please contact IBM SevOne Support.

Check Logs

Edit online
  1. Obtain the node IP where the collector pod is running for SD-WAN Versa collector to check the logs. 
    
kubectl get pods -o wide

    NAME                                                 READY   STATUS      RESTARTS      AGE   IP              NODE           NOMINATED NODE   READINESS GATES
ssolutions-sdwan-versa-create-keys-1-xzrt9           0/1     Completed   0             14h   192.168.80.9    sdwan-node01   <none>           <none>
solutions-sdwan-versa-collector-c55fbfbd-2jzs5       1/1     Running     0             14h   192.168.80.8    sdwan-node01   <none>           <none>
solutions-sdwan-versa-redis-master-0                 1/1     Running     0             14h   192.168.80.12   sdwan-node01   <none>           <none>
solutions-sdwan-versa-aug-decoder-c4c9d5dd4-pj7k5    1/1     Running     0             14h   10.49.13.154    sdwan-node01   <none>           <none>
solutions-sdwan-versa-redis-replicas-0               1/1     Running     0             14h   192.168.80.13   sdwan-node01   <none>           <none>
    Important: Example:
    • The pod name for SD-WAN Versa collector returned is solutions-sdwan-versa-collector-c55fbfbd-2jzs5.
    • The node IP for SD-WAN Versa collector returned is 192.168.80.8.
  2. Check the logs for SD-WAN Versa collector, for example.
    1. Using ssh, log into SD-WAN Versa collector node as sevone. 
      
ssh sevone@<SD-WAN Versa collector node IP address>

      Example

      
ssh sevone@10.49.10.29
    2. Change the directory to /opt/SevOne/logs/sdwan-versa/<collector_name>/<build_version>. 
      
/opt/SevOne/logs/sdwan-versa/<collector_name>/<build_version>
      Example 
      
/opt/SevOne/logs/sdwan-versa/solutions-sdwan-versa/8.0.0-build.39

      You should see the following folders in this directory. The main folder displays all common logs, whereas agent-specific logs can be found within their respective folders.

      • ClearAlertsAgent
      • DeviceHealthStreamingAgent
      • InstallerAgent
      • MigrationAgent
      • CreateAlertsStreamingAgent
      • FlowAgent
      • FlowAugmentor
      • InterfaceQueueStreamingAgent
      • main
      • ObjectDescriptionAgent
      • DeviceDescriptionAgent
      • FlowInterfaceCacheAgent
      • InterfaceStatAgent
      • MetadataAgent
      • TunnelStatStreamingAgent
    3. Check logs for InstallerAgent. Similarly, you can check logs for all other agents.

      Example

      
cat solutions-sdwan-versa_InstallerAgent_8.0.0-build.39.log
      Note: If you see INF Run agent done agent=InstallerAgent, then you are ready for the build step. If the command does not return this log message, please contact IBM SevOne Support.
  3. The build step prepares your SD-WAN Versa collector. It executes the conntrack command that clears out all entries from the conntrack table and restarts the collector pod.

    For single vDirector

    
sevone-cli solutions run_buildstep --deployment_name=<deployment_name>

    Example 

    
sevone-cli solutions run_buildstep --deployment_name=solutions-sdwan-versa
    Note: The deployment name is the name of the application that is specified in the directory /etc/ansible/group_vars/all.

    For multi-vDirector (To delete two collector pods).

    
sevone-cli solutions run_buildstep

Verify if Data Appears in SevOne NMS

Edit online

Versa Analytics Log Exporter

Edit online

Versa Analytics sends metric data, alarms, and flows in the form of SysLogs to client machines. This can be enabled on Versa Analytics by configuration of Log Exporter. The Log Exporter (SysLog) configuration must be done in Versa Analytics by Versa Support Team.

Please ensure that SysLog data is in kvp format.

Versa Analytics Log Exporter must send these logs in UDP format to port 50001 on the machine where the Datastream Consumer is deployed (NMS/Virtual Machine). Following logs send the metric data and alarms.
  • alarm-log (for alarm data)
  • event-log (for event data)
  • site-status-log (for alarm data)
  • system-load-log (for device health objects)
  • mon-log (for tunnel objects)
  • slam-log (for tunnel objects)
  • cos-log (for queue objects)

In order to configure the flows for Versa, the Versa Analytics Log Exporter must send these logs in UDP format to the Flow Augmentor machine on port 9992. flow-log sends the flow data.

Versa Installer Verification

Edit online
  1. Log in to SevOne NMS.
  2. From the navigation bar, go to Administration > Metadata Schema.

    Versa Metadata Schema

Object Creation Verification

Edit online
Note: Please make sure that the Versa Analytics is configured to send the data to the Collector. Otherwise, SevOne NMS will not show the tunnel/device health/queue objects. Please refer to Versa Analytics Log Exporter section above for more details.

Once the collector has been running for 15 to 20 minutes, data should appear in SevOne NMS. Perform the following steps to verify that data appears from SevOne NMS.

  1. Log in to SevOne NMS.
  2. From the navigation bar, go to Administration > Monitoring Configuration > Object Types. Select xstats in the Filter field. You may check to ensure that object types are created/installed on the NMS appliance.

    Versa Object Types

  3. From the navigation bar, go to Devices and select Device Manager.

    You will see the devices that are installed.

    Versa Devices

    Please wait until all devices are discovered.
  4. From the navigation bar, go to Devices and select Object Manager. From Filter Options popup, for field Device Group, choose name ending with SDWAN (MSP Device group) under All Device GroupsDevice Group; set Plugin to xStats to see the objects and click on Apply.

    Versa Objects

    Note: The devices and objects are created in SevOne NMS.

    Some of the objects might be created after Data Verification.

Data Verification

Edit online
Important: Please make sure that the Versa Analytics is configured to send the data to the Collector. Otherwise, the SevOne NMS will not show the data for tunnel/device health/queue objects as well as alarms. Please refer to the Versa Analytics Log Exporter section above for more details.
  1. From the Object column, click an object. For example, NewYork::vni-0/0.0->Los-Angeles::vni-0/0.0 to get the Object Summary.

    Versa Tunnel Data

    Important: This indicates that the objects are now collecting data.
  2. From the navigation bar, go to Reports and select Create Reports to create reports.Sources subtab, choose Performance Metrics.Resources subtab, set the following fields. For example,
    • Type drop-down, choose Indicator
    • Device Group drop-down, choose Everything > All Device Groups > VERSA::SDWAN > SevOne > choose New York
    • Device drop-down, NewYork::SevOne
    • Object drop-down, under xStats, choose NewYork::vni-0/0.0->Los-Angeles::vni-0/0.0
      Important: VERSA::SDWAN, SevOne, NewYork above is an example where, MSP Name = VERSA
      • Tenant Name = SevOne
      • Site Name = NewYork
      • The following shown above are also examples:- NewYork::SevOne
        • NewYork::vni-0/0.0->Los-Angeles::vni-0/0.0
    • Indicator drop-down, choose jitter, latency, loss, loss_percentage, etc. for example.

      Versa PM Report

    • Click Next > Next > Next > Next > Finish.

      Versa PM Report 1

      Note: Data is now collected and gets plotted.
  3. From the SevOne NMS navigation bar, go to Events and select Alerts to run the collector as a Datastream Consumer. If the Versa analytics is sending any alarms/events/site status, the data is displayed here.

    Versa Alerts

    Important: This indicates that the Versa alerts are saved in SevOne NMS.

Flow Configuration Verification

Edit online

If the Flow Augmentor has been installed, you can verify the configurations using the following steps.

Note: This installation script installs all the Flow Augmentor components on the same machine.
  • The FlowFalcon flow view will be created after running the commands as mentioned above. Verify successful creation of FlowFalcon view. Using a browser, enter the IP address of the NMS. Go to Administration > Flow Configuration > FlowFalcon View Editor. You should be able to find a view called SDWAN:Versa:AugmentedFlow.Versa Flow View
  • To check the incoming flows on port 9992, you can execute the following command on the system where Flow Augmentor is deployed. 
    tcpdump port 9992
    Note: If you do not see any incoming data as the output of this command, the flows are not subscribed to the machine. If the flows are already subscribed to the machine, please check the firewall settings on the machine to expose 9992 port.

    Press Ctrl + C to exit the command.

  • To check whether flows are received by the system, go to Administration > Flow Configuration > Flow Interface Manager. You should be able to see your devices. The incoming flows can be checked in the Total Flows column.

    Versa Flow Interface Manager

    Important: If you do not see any data in the Flow Interface Manager, there are no flows subscribed to the machine.

    Verify the flows via the FlowFalcon Report. Go to Applications > FlowFalcon Reports.

  • Under the Resources tab, select the device, interface, and direction if required. Click Add Resource.
  • Under the Report Settings tab, select Aggregated Data as No and View as SDWAN:Versa:AugmentedFlow. In order to get aggregated flows, select Aggregated Data as Yes. You might have to wait for some time for flows to get aggregated by the DNC.

    Versa FlowFalcon

  • Click Get Results to generate the FlowFalcon Reports. You should be able to see the flows.

    Versa FlowFalcon 1

    Important: It might take some time to process and show Versa flows on the FlowFalcon Report. Also, please make sure that the flows are directed to the Flow Augmentor machine on port 9992. Please refer to Versa Analytics Log Exporter section above for more information on configuration of flows from Versa Analytics.