Manufacturer: Cisco

Switch Model(s): Viptela SDWAN

Version(s): 18.2

URL: https://www.cisco.com/c/dam/en/us/td/docs/routers/sdwan/configuration/config-18-2.pdf

Notes:

• Configurable through the GUI or CLI. The following example uses the GUI.

Configuration steps for Viptela IPFIX (via cflowd)

Cflowd monitors traffic flowing through vEdge routers in the overlay network and exports flow information to Scrutinizer, where it can be analyzed and reported on. The Viptela cflowd software implements cflowd version 10, also called the IP Flow Information Export (IPFIX) protocol.

In the Viptela overlay network, you configure cflowd using centralized data policy. You can configure a maximum of four cflowd policies.

1. Launch the Policy Configuration Wizard

In vManage NMS, select the Configure > Policies screen. When you first open this screen, the Centralized Policy tab is selected by default. Click Add Policy.

2. Create Applications or Groups of interest

Prefix:

• In the left bar, click Prefix.
• Click New Prefix List.
• Enter a name for the list.
• In the Add Prefix field, enter one or more data prefixes separated by commas.
• Click Add.

Site:

• In the left bar, click Site.
• Click New Site List.
• Enter a name for the list.
• In the Add Site field, enter one or more site IDs separated by commas.
• Click Add.

VPN:

• In the left bar, click VPN.
• Click New VPN List.
• Enter a name for the list.
• In the Add VPN field, enter one or more VPN IDs separated by commas.
• Click Add.

Click Next to configure topology.

3. Configure the Network Topology

There are three options when configuring the network topology. You can import an existing topology that has been used elsewhere, create a hub and spoke topology or a Mesh topology.

To use an existing topology:

• In the Add Topology drop-down, click Import Existing Topology. The Import Existing Topologypopup displays.
• Select the type of topology.
• In the Policy drop-down, select the name of the topology.
• Click Import.

Hub and Spoke – Policy for a topology with one or more central hub sites and with spokes connected to a hub

• In the Add Topology drop-down, select Hub and Spoke.
• Enter a name for the hub-and-spoke policy.
• Enter a description for the policy.
• In the VPN List field, select the VPN list for the policy.
• In the left pane, click Add Hub and Spoke. A hub-and-spoke policy component containing the text string My Hub-and-Spoke is added in the left pane.
• Double-click the My Hub-and-Spoke text string and enter a name for the policy component.
• In the right pane, add hub sites to the network topology:
  • Click Add Hub Sites.
  • In the Site List Field, select a site list for the policy component.
  • Click Add.
  • Repeat the above 3 steps to add more hub sites to the policy component.
• In the right pane, add spoke sites to the network topology:
  • Click Add Spoke Sites.
  • In the Site List Field, select a site list for the policy component.
  • Click Add.
  • Repeat the above to add more spoke sites to the policy component.
• Repeat the above steps as necessary to add more components to the hub-and-spoke policy.
• Click Save Hub and Spoke Policy.

Mesh – Partial-mesh or full-mesh region

• In the Add Topology drop-down, select Mesh.
• Enter a name for the mesh region policy component.
• Enter a description for the mesh region policy component.
• In the VPN List field, select the VPN list for the policy.
• Click New Mesh Region.
• In the Mesh Region Name field, enter a name for the individual mesh region.
• In the Site List field, select one or more sites to include in the mesh region.
• Repeat Steps 5 through 7 to add more mesh regions to the policy.
• Click Save Mesh Region.

Click Next to move to Configure Traffic Rules in the wizard. When you first open this screen, the Application-Aware Routing tab is selected by default.

4. Configure traffic rules

To create the match and action rules to apply to traffic affected by the policy:

• In the Application-Aware Routing bar, select the Cflowd
• Click the Add Policy drop-down.
• Select Create New. The Add Cflowd Policy popup opens.
• Configure timer parameters for the cflowd template:
  • In the Active Flow Timeout field, specify 60 seconds.
  • In the Inactive Flow Timeout field, specify 15 seconds.
  • In the Flow Refresh Interval field, specify 60 seconds
  • In the sampling Interval field, specify how many packets to wait before creating a new flow, a value from 1 through 65,536 seconds. While you can configure any integer value, the software rounds the value down to the nearest power of 2.
• Click Add New Collector, and configure the location of the cflowd collector
• In the VPN ID field, enter the number of the VPN in which the collector is located.
• In the IP Address field, enter the IP address of the Scrutinizer collector.
• In the Port Number field, enter the collector port number. The default port is 4739.
• In the Transport Protocol drop-down, select UDP.
• In the Source Interface field, enter the name of the interface to use to send flows to the collector.
• Click Save cflowd Policy.
• Click Next to move to Apply Policies to Sites and VPNs in the wizard.

5. Apply Policies to Sites and VPNs

• In the Policy Name field, enter a name for the policy.
• In the Policy Description field, enter a description of the policy.
• From the Topology bar, select the type of policy block. The table then lists policies that you have created for that type of policy block.
• Click Add New Site Select one or more site lists, Click Add.
• Click Preview to view the configured policy. The policy is displayed in CLI format.
• Click Save Policy. The Configuration > Policies screen opens, and the policies table includes the newly created policy.

6. Activate a Centralized Policy

Activating a cflowd policy sends that policy to all connected vSmart controllers.

• Select the newly created policy.
• Click the More Actions icon to the right of the row and click Activate. The Activate Policy popup opens. It lists the IP addresses of the reachable vSmart controllers to which the policy is to be applied.
• Click Activate.