9. SD-WAN Templates and WAN Edge Routers

2. Cisco SD-WAN Implementation Guide

the current mode of WAN Edge routers can be checked in vManage interface before we change them to vManage GUI mode.

Configuration -> devices -> WAN Edge List -> Mode

SD-WAN Templates

With Template, we prepare a configuration that can be applied to many devices at the same time. The configuration can have device-specific variables which can be different for very devices such as host name and IP address.

We need to use two types of template in vManage Interface. Feature Template and Device Template.

SD-WAN Feature Templates

With Feature Template, we configure many features that are in the same context mode. For example BGP configuration is a feature template and it includes any configuration related to BGP protocol. OSPF is a feature Template. System configuration is a feature Template.

SD-WAN Device Template

You can then collect configured feature templates inside a specific device template that can be applied to many devices at the same time.

You probably have thousands of WAN routers in your SD-WAN infrastructure, but you certainly have a few device types or configuration types that can be collected in a few device templates and applied to many devices at the same time.

In our topology we have four WAN routers, but they have all the same type, CSR1000v, and the same configuration, so I can only use one device template which will be applied to all four WAN routers.

SD-WAN Templates Configuration

Before we start creating a feature template, let’s review what we have configured in WAN routers. System configuration, NTP configuration, interface configuration, interface tunnel and default route are the most important configurations that we have already implemented.

cEdge1# show sdwan running-config
!!! extra configuration is deleted here
system
 system-ip             1.1.1.101
 site-id               101
 admin-tech-on-failure
 organization-name     RAYKA
 vbond 192.168.1.51
!
hostname cEdge1
username admin privilege 15 secret 5 $1$By4.$CoGnXU40Y9wuxbmECn42W.
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
interface GigabitEthernet1
 no shutdown
 ip address 192.168.1.101 255.255.255.0
 negotiation auto
exit
interface Tunnel0
 no shutdown
 ip unnumbered GigabitEthernet1
 tunnel source GigabitEthernet1
 tunnel mode sdwan
exit
clock timezone Tehran 3 30
!
ntp server 37.156.28.13 prefer
sdwan
 interface GigabitEthernet1
  tunnel-interface
   encapsulation ipsec
   allow-service all
   no allow-service bgp
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service netconf
   no allow-service ntp
   no allow-service ospf
   no allow-service stun
   no allow-service snmp

now let’s configure feature templates that are required for CSR1000v WAN routers. 

configurations -> templates -> feature -> feature template à add template

for every parameter to be configured in feature template, we have three option:

Global means the value of this parameter is the same for all devices. for example in our configuration, time zone and NTP server IP address are the same in all WAN routers. so we will choose global option.

Device Specific means, that the value of this parameter is different for each device. such as host name, system IP and site ID, which can be different for each device. Of course, we are asked to configure device-specific values before configurations are applied to end devices..

Default means, it’s default value will not be changed.

First we add a feature template for system configuration

device type: csr1000v

Template: Cisco System

Template Name: CSR1000v_SYSTEM

Description: CSR1000v_SYSTEM

Section: Basic Configuration

Parameter	Scope	Value
Site ID	Device specific
System IP	Device specific
Timezone	Global	Asia/Tehran
Hostname	Device specific
Console Baud Rate (bps)	Global	115200

then we add a feature template for NTP configuration

device type: csr1000v

Template: Cisco NTP

Template Name: CSR1000v_NTP

Description: CSR1000v_NTP

Section: Server

Parameter	Scope	Value
Hostname/IP Address	Global	37.156.28.13
Prefer	Global	On

then we add a feature template for username/password to edit admin password and add a new user

device type: csr1000v

Template: Cisco AAA

Template Name: CSR1000v_AAA

Description: CSR1000v_AAA

Section: Local

Parameter	Scope	Value
Name	Global	admin/majid
Password	Global	rayka-co.com
Privilege Level	Global	15

Section: Authentication order

Parameter	Scope	Value
ServerGroups priority order	Global	local

Now we add VPN 0 or default VRF for connecting GigabitEthernet1 to internet transport. 

device type: csr1000v

Template: Cisco VPN

Template Name: CSR1000v_VPN0

Description: CSR1000v_VPN0

Section: Basic Configuration

Parameter	Scope	Value
VPN	Global	0
name	Global	VPN0

Section: IPV4 Route

In our topology, the gateway IP address is the same for all routers, 192.168.1.1. but in the real scenario it is of course different at each site.

Parameter	Scope	Value
Prefix	Global	0.0.0.0/0
Next Hop	Global	Add Next Hop -> 192.168.1.1

Now we need to add the transport interface in WAN routers, which in our topology is GigabitEthernet1 for all routers.              it may be different in WAN routers in your real topology.

device type: csr1000v

Template: Cisco VPN Interface Ethernet

Template Name: CSR1000v_Interface_Internet

Description: CSR1000v_Interface_Internet

Section: Basic Configuration

Parameter	Scope	Value
shutdown	Global	No
Interface Name	Global	GigabitEthernet1
Description	Global	*** Internet ***
IP Address/ Prefix Length	Device specific

Section: Tunnel

Parameter	Scope	Value
Tunnel Interface	Global	On
Color	Global	Public-internet
Allow Service All	Global	On

We’ll talk about the color option in the next few videos. But for now, each transport is marked with a different tag or a different color. In our topology, the first transport color is public-internet and the second transport color is mpls. By default color name is default.

Now we will create device template from feature template.

configurations -> templates -> device -> create template à from feature template

Device Model: csr1000v

Template Name: CSR1000v_Device_Template

Description: CSR1000v_Device_Template

Section: Basic Configuration

Parameter	Value
Cisco System	CSR1000v_SYSTEM
Cisco NTP	CSR1000v_NTP
Cisco AAA	CSR1000v_AAA

Section: Transport & Management VPN

Parameter	Value
Cisco VPN 0	CSR1000v_VPN0
Cisco VPN Interface Ethernet	CSR1000v_Interface_Internet

Now let’s attach the device to apply this configuration. We select all WAN edge routers. but If you are not sure of your configuration, you can only select one device to review the configuration. apply the configuration, analyse the result and if everything works correctly then you can apply device template configuration to all other devices.

In this step you will be asked to enter the value of the device-specific parameters. Now you can configure the system IP, the site ID, the host name and the IP address of the interface connected to the Internet for each device.

Parameter	cEdge1	cEdge2	cEdge3	cEdge4
System IP	1.1.1.101	1.1.1.102	1.1.1.103	1.1.1.104
Site ID	101	102	103	104
Hostname	cEdge1	cEdge2	cEdge3	cEdge4
IP Address	192.168.1.101/24	192.168.1.102/24	192.168.1.103/24	192.168.1.104/24

now, we can not only review the configuration but also we can check how the configuration will be changed after applying device template. white lines are the configuration that will not be changed. green lines will be added to the current configurations and  red lines will be removed from current configuration.

After applying the configuration, WAN Edge routers mode of operation can be check to make sure that it has changed from CLI to vManage mode.

Configuration -> devices -> WAN Edge List -> Mode