develop own website

© Copyright 2019 Caliberr Technologies- All Rights Reserved

Cisco SD-WAN Overlay Network Bring-Up Process

• Bring Up the Sequence of Events
• Download Software
• Deploy Cisco vManage
• Deploy Cisco vBond Orchestrator
• vContainer Host
• Deploy Cisco vSmart Controller
• Deploy Cisco Catalyst 8000V Using Cloud Services Provider Portals
• Deploy Cisco CSR 1000v Using Cloud Service Provider Portals
• Deploy the vEdge Cloud routers

Bring Up the Sequence of Events
The bring-up process for edge devices—which includes authenticating and validating all the devices and establishing a functional overlay network—occurs with only minimal user input. From a conceptual point of view, the bring-up process can be divided into two parts, one that requires user input and one that happens automatically:

1. In the first part, you design the network, create virtual machine (VM) instances for cloud routers, and install and boot hardware routers. Then, in Cisco vManage, you add the routers to the network and create configurations for each router. This process is described in the Summary of the User Portion of the Bring-Up Sequence.

2. The second part of the bring-up process occurs automatically, orchestrated by the Cisco SD-WAN software. As routers join the overlay network, they validate and authenticate themselves automatically, and they establish secure communication channels between each other. For Cisco vBond Orchestrators and Cisco vSmart Controllers, a network administrator must download the necessary authentication-related files from Cisco vManage, and then these Cisco vSmart Controllers and Cisco vBond Orchestrators automatically receive their configurations from Cisco vManage. For vEdge Cloud routers, you must generate a certificate signing request (CSR), install the received certificate, and then upload the serial number that is included in the certificate to Cisco vManage. After Cisco hardware routers start, they are authenticated on the network and receive their configurations automatically from Cisco vManage through a process called zero-touch provisioning (ZTP). This process is described in the Automatic Portions of the Bring-Up Sequence.

The end result of this two-part process is an operational overlay network.
This topic describes the sequence of events that occurs during the bring-up process, starting with the user portion and then explaining how automatic authentication and device validation occur.

Sequence of Events of the Bring-Up Process
From a functional point of view, the task of bringing up the routers in the overlay network occurs in the following sequence:


1. The Cisco vManage software starts on a server in the data center.
2. The Cisco vBond Orchestrator starts on a server in the DMZ.
3. The Cisco vSmart Controller starts on a server in the data center.
4. Cisco vManage and the Cisco vBond Orchestrator authenticate each other, Cisco vManage and the Cisco vSmart Controller authenticate each other, and the Cisco vSmart Controller and the Cisco vBond Orchestrator securely authenticate each other.
5. Cisco vManage sends configurations to the Cisco vSmart Controller and the Cisco vBond Orchestrator.
6. The routers start in the network.
7. The routers authenticate themselves with the Cisco vBond Orchestrator.
8. The routers authenticate themselves with Cisco vManage.
9. The routers authenticate themselves with the Cisco vSmart Controller.
10. Cisco vManage sends configurations to the routers.

Before you start the bring-up process, note the following:
• To provide the highest level of security, only authenticated and authorized routers can access and participation in the Cisco SD-WAN overlay network. To this end, the Cisco vSmart Controller performs automatic authentication on all the routers before they can send data traffic over the network.

• After the routers are authenticated, data traffic flows, regardless of whether the routers are in a private address space (behind a NAT gateway) or in a public address space.

To bring up the hardware and software components in a Cisco SD-WAN overlay network, a transport network (also called a transport cloud), which connects all the routers and other network hardware components, must be available. Typically, these components are in data centers and branch offices. The only purpose of the transport network is to connect all the network devices in the domain. The Cisco SD-WAN solution is agnostic with regards to the transport network, and, therefore, can be any type, including the internet, Multiprotocol Label Switching (MPLS), Layer 2 switching, Layer 3 routing, and Long-Term Evolution (LTE), or any mixture of transports.

For hardware routers, you can use the Cisco SD-WAN zero-touch provisioning (ZTP) SaaS to bring up the routers. For more information, see Prepare Routers for ZTP.

For full article click here

Source Credit:


#1A, Alsa Glenridge,
32, Langford Road,


Phone: 07619205606