Cisco SDWAN: vManage as Management Plane

Network devices in traditional network used to be managed in box-by-box manner manually by network administrator. This approach was time-consuming, error-prone. Cisco SD-WAN Solution employs vManage as a single pane of window to provision, policy definition, configure, upgrade, and troubleshoot all your WAN edge devices. 

Though the vManage has rich feature sets, if required 3rd Party application can interact with vManage using APIs. It also support REST and NETCONF. Using this programmability capability user can build and utilize scripts and interface with vManage in an automation fashion. 

vManage is highly scalable, depending on the need of the network it can be clustered, redundancy can be provided with multiple clusters deployed in DC and DR location. A single cluster can have minimum 3 or more nodes but must always be odd number to prevent the split-brain scenario. 

Figure 1.1: vManage Dashboard

vManage home screen is called the Dashboard. This dashboard provides an aggregated view of the entire network to administrator for monitoring and troubleshooting lead. It is made up of multiple widgets. From this single window network administrator or CXO can get the view of the multiple aspect of the network such as: 
  • Status of the solution components such as vManage, vSmart and vBond
  • Number of Reboots during last 24 hours in the network
  • Visibility around the certificates as it native method to authenticate and authorize device, and inform if certificate are about to expire
  • What is the state of the control connections from Edge router
  • What is the status of the WAN Edge router – how many deployed, total devices etc. 
  • Site health – sites have full, partial and no connectivity
  • WAN Edge Router health – how many are healthy, critical and warning state
  • What is the SLA matrix for all logical tunnels – Loss, latency, and jitter 
  • What are the top applications running in the network, locations, source and destination information
  • Link categorization based on the consumption 
This dashboard helps administrator to understand and assess what the ideal statistics of the entire network. In case of any anomaly, engineers can proactively deep-dive in to a device and troubleshoot the issue. 

vManage Device 360 View 
Device 360 view provide the detailed visibility on how the device is working and the critical health parameters such as reboots, fan & power status, temperatures, CPU and memory utilization (real-time and historical). 

Figure 1.2: Device 360 View

Using the left slide-bar in figure 2, administrator can get the visibility around – what are the applications running from this device, how the links are consumed by the application, Interface status – health, utilization (real-time and history statistics), Logical Tunnel status and utilization, security view – firewall/IPS/URL filtering etc. inspection. 

Software Image Management 
In a large scale network with hundreds of WAN edge router, image consistency is required to ensure the predictive behaviour or the protection against any security vulnerability. vManage SWIM feature allow network administrator to simplify this tedious task which is time consuming and costly engagement. 

vManage maintains the software repository for the network devise at centralized place. 

Figure 1.3: SWIM- Image Repository

Also the image can be defined as golden image (stable image in current environment) to ensure whenever there is new device comes on the network should have the golden image from day 0. 

At any given point to time network engineer can login to any router from vManage in the network and perform the various troubleshooting steps such as Tunnel health between two locations, Application routing visibility, packet capture and flow simulation (generating synthetic traffic to understand how actual traffic will flow through this device). 

Management Plane Summary 
vManage is the single pane of view to network administrator that allows them to manage the all aspect of a network – Connectivity tasks, application performance related policies, security related policies in a simplified Intent Based GUI. Where engineer only need to focus on the WHAT not on the HOW part to configure a device.

Author: Pankaj Verma

No comments