• Bring Up the Sequence of Events
• Download Software
• Deploy Cisco vManage
• Deploy Cisco vBond Orchestrator
• vContainer Host
• Deploy Cisco vSmart Controller
• Deploy Cisco Catalyst 8000V Using Cloud Services Provider Portals
• Deploy Cisco CSR 1000v Using Cloud Service Provider Portals
• Deploy the vEdge Cloud routers
Bring Up the Sequence of Events
The bring-up process for edge devices—which includes authenticating and validating all the devices and
establishing a functional overlay network—occurs with only minimal user input. From a conceptual point of
view, the bring-up process can be divided into two parts, one that requires user input and one that happens
automatically:
1. In the first part, you design the network, create virtual machine (VM) instances for cloud routers, and
install and boot hardware routers. Then, in Cisco vManage, you add the routers to the network and create
configurations for each router. This process is described in the Summary of the User Portion of the
Bring-Up Sequence.
2. The second part of the bring-up process occurs automatically, orchestrated by the Cisco SD-WAN software.
As routers join the overlay network, they validate and authenticate themselves automatically, and they
establish secure communication channels between each other. For Cisco vBond Orchestrators and Cisco
vSmart Controllers, a network administrator must download the necessary authentication-related files
from Cisco vManage, and then these Cisco vSmart Controllers and Cisco vBond Orchestrators automatically
receive their configurations from Cisco vManage. For vEdge Cloud routers, you must generate a certificate
signing request (CSR), install the received certificate, and then upload the serial number that is included
in the certificate to Cisco vManage. After Cisco hardware routers start, they are authenticated on the
network and receive their configurations automatically from Cisco vManage through a process called
zero-touch provisioning (ZTP). This process is described in the Automatic Portions of the Bring-Up
Sequence.
The end result of this two-part process is an operational overlay network.
This topic describes the sequence of events that occurs during the bring-up process, starting with the user
portion and then explaining how automatic authentication and device validation occur.
Sequence of Events of the Bring-Up Process
From a functional point of view, the task of bringing up the routers in the overlay network occurs in the
following sequence:
1. The Cisco vManage software starts on a server in the data center.
2. The Cisco vBond Orchestrator starts on a server in the DMZ.
3. The Cisco vSmart Controller starts on a server in the data center.
4. Cisco vManage and the Cisco vBond Orchestrator authenticate each other, Cisco vManage and the
Cisco vSmart Controller authenticate each other, and the Cisco vSmart Controller and the Cisco vBond
Orchestrator securely authenticate each other.
5. Cisco vManage sends configurations to the Cisco vSmart Controller and the Cisco vBond Orchestrator.
6. The routers start in the network.
7. The routers authenticate themselves with the Cisco vBond Orchestrator.
8. The routers authenticate themselves with Cisco vManage.
9. The routers authenticate themselves with the Cisco vSmart Controller.
10. Cisco vManage sends configurations to the routers.
Before you start the bring-up process, note the following:
• To provide the highest level of security, only authenticated and authorized routers can access and
participation in the Cisco SD-WAN overlay network. To this end, the Cisco vSmart Controller performs
automatic authentication on all the routers before they can send data traffic over the network.
• After the routers are authenticated, data traffic flows, regardless of whether the routers are in a private
address space (behind a NAT gateway) or in a public address space.
To bring up the hardware and software components in a Cisco SD-WAN overlay network, a transport network
(also called a transport cloud), which connects all the routers and other network hardware components, must
be available. Typically, these components are in data centers and branch offices. The only purpose of the
transport network is to connect all the network devices in the domain. The Cisco SD-WAN solution is agnostic
with regards to the transport network, and, therefore, can be any type, including the internet, Multiprotocol
Label Switching (MPLS), Layer 2 switching, Layer 3 routing, and Long-Term Evolution (LTE), or any mixture
of transports.
For hardware routers, you can use the Cisco SD-WAN zero-touch provisioning (ZTP) SaaS to bring up the
routers. For more information, see Prepare Routers for ZTP.
For full article click here