Versa Training

Lab Guide – Day2

 Versa-Training Lab Guide
Lab 3 – Branch Preparation

2
 Lab 3

Objective: To onboard the branches using Script based Zero Touch Provisioning (ZTP)
• After your branch has been successfully deployed in lab 2, you need to configure your
branch to connect to any one of the Controllers in your group and start the staging
process
• Go to jump box [refer access details provided earlier] and from there ssh to your assigned
branch
• Enter “cd /opt/versa/scripts” to get into the scripts directory
• After getting into scripts directory, execute following script to show the possible options
with the script
sudo ./staging.py –h
• Root password is “versa123”
• More information on which variables to use is in the next slide

3
 Lab 3
Staging script layout

Remote identifier - Refer the next

Default Branch Name Use vni-0/0 to connect
slide to know which identifier to use
Can be used if branch is not added to the Controller on
for this option Branch WAN Address
with Provider org MPLS Transport Branch Serial Number

sudo ./staging.py -l [email protected] -r [email protected] -c 192.168.100.2 -w 0 -s 192.168.100.6/30 -g 192.168.100.5 -n SR151

Local identifier - Refer the next Controller 1 MPLS intf address WAN next-hop address
slide to know which identifier to use Check IP details MPLS
for this option and Internet next hop

4
 Lab 3
To know the procedure to identify local-id (-l option) and the remote id (-r option) to use in the staging script
Under the Configuration tab select Devices and then select the first controller in your group. Then navigate to
Services and select IPSec. Then select the Organization as Provider in the drop down list and click on the VPN
profile of the WAN link. A pop will show up as seen below. Select the IKE option.

Remote id

Local id

5
 Lab 3

After script is run you should see the following

messages

6
 Lab 3
• As soon as you have executed the script, go into the cli Mode and execute the command
“show interface brief” (see next slide for a screenshot of this step)
• You should see a 10.x.y.z/24 IP address assigned to the tvi-0/1.0 interface from the
Controller. It may take a few seconds before this IP shows up as the IPSec is getting
established. Repeat the show interface brief command till you see this IP address.
• Once the 10.x.y.z IP address is seen on the tvi interface it means that the IPSec connection
between the Branch and the Controller has been established.
• Within a few seconds the branch should automatically reboot which means that the
communication between the Director and the branch has been established and the
configuration has been downloaded to the branch by the Director.
• After the device comes back up after reboot, verify if the BGP session to the Controller has
been established – show bgp neighbor brief
• Also you can track the ZTP process on the Director by clicking on the Task list (available on
the right hand top side of the browser window just right of the bell icon)

7
 Lab 3

Go into CLI mode

Enter show interfaces brief

If TVI-0/1.0 is created and a
10.0.1.x address is shown
IKE worked with controller, This is
a transient phase before the
branch device has rebooted

8
 Lab 3
Result: Once the ZTP process is complete it means that your branch has its configuration
downloaded and is part of the SD-WAN VPN network. You can execute the command “show
interface brief” to see all the interfaces that have got created. You can verify the configuration
by executing the command “show configuration”. On the Versa Director under Administration
and Appliances you should see your branch getting listed. The Configuration Synchronized tab
and the Reachability should show the green tick box and the Service should show as Up.

9
 Versa-Training Lab Guide
Lab 4
Operations and Maintenance

10
 Lab 4
• Objective: In this lab, you will be performing many of the typical day to
day activities to operate and maintain your SD-WAN network
• Typical administration tasks:
− Routing configuration
− Changes to branch configurations
− RMA’s
− Software upgrades
− Security upgrades
− Troubleshooting (covered in separate presentation/lab)
− QOS/SLA/NGFW changes
− Network optimization

• There are a few ways to administer the network

− Director GUI
− CLI
− 3rd party management tool using REST API’s – not covered

11
 Lab 4
• In this lab the specific tasks we will be performing are:
− Routing changes via appliance and templates
− RMA of a branch device
− Upgrade of branch software

12
 Lab 4 – Appliance Configuration
• Objective: The first lab assignment is to change BGP routing so branch LAN addresses are advertised to each other

• Under Device configuration, select Networking and then click on Virtual-Routers. Here select your LAN Virtual and then
click on Static Routing in the pop up window router (see screenshots in the next 2 slides)

• To add the static route

- The route should be 172.17.bbb.0/24 (bbb is your branch number). Route should be in Tenant1 LAN VR with a
next hop of 192.168.vlan.100. Use your assigned VLAN for your branch
- After creating the static route, you will need to redistribute statics into BGP by adding a rule in the redistribution
policy in the routing-instance “tenant1-LAN-VR”. Add a new rule in the policy “Default-Policy-To-BGP”

• After the change has been done, check to see if your new routes are being advertised to other branches

• To check the routing table on any branch, execute the command

- show route routing-instance <LAN VR name>.
- show interface brief (To get the LAN VR name)

• To verify which routes are sent or received by BGP protocol, use any of the following commands (Use ? at the end of the
command to see all possible options with the command)
- show route receive-protocol/advertising-protocol bgp
- show route table (useful to see routes in the l3vpn.ipv4 address family)

13
 Lab 4 – Appliance Configuration

14
 Lab 4 – Appliance Configuration

15
 Lab 4 – Appliance Configuration

Click on Commit Template to

push the configuration from the
template to the appliance

To view the configuration

difference between the
Template and the Appliance

To push the configuration from the

Template to the Appliance.
The configuration in the Appliance
will get overwritten

16
 Lab 4 – Template Configuration
• Objective: The second lab assignment is to make a template
change to add a new LAN VLAN to your Branch
• Click on Configuration and then select the Device Templates under
the Templates option. Then select the Tenant1 org on the left hand
bar (see screenshot in the next slide)
• Add a VLAN to your existing LAN interface (see screen shot in the
next few slides)
− The VLAN should match your branch number
− Create a static address on the sub-interface of 172.16.bbb.bbb/24
with bbb being your branch number
• Now commit your template. This will push the configuration
changes to the appliance. (See screenshot in the next few slides)
• Did anything change from appliance configuration? (Hint: look at
the configuration of the last lab exercise)

17
 Lab 4 – Template Configuration

18
 Lab 4 – Template Configuration

Select your post-staging

template here

Fill the vlan and unit

information. Unit
number can be the same
as vlan number

19
 Lab 4 – RMA’s
• Objective: To RMA the device on the Versa Director to enable a hardware replacement at the
branch.
• You are going to simulate a new device being put in to a branch by erasing your branches
configuration and changing the serial number
• First step is to change the serial number on director. Go to administration/inventory/hardware
and change serial number from SRbbb to SERbbb (see screenshot on next page)
• Access your branch device and do the following:
− In CLI mode enter “request erase running-config”
− Answer yes to the are you sure question
− Branch will erase configuration and restart all the needed versa processes. During this phase you will be
dropped out of the CLI terminal.
− On the Linux shell terminal, verify all Versa processes are running by executing the command “vsh status”
− Go to /opt/versa/scripts and execute the script you entered in lab 3 to connect the branch to the staging
controller
− Change the serial number(-n option) for your device to SERbbb instead or SRbbb, where bbb is your
branch number.

• Verify branch comes up and is reachable and synchronized. It may take up to 5 minutes to go
to synch state on the Versa Director User Interface.

20
 Lab 4 – RMA’s

To change
the Serial No

21
 Lab 4 – SW Upgrades
Objective: To upgrade the Software version on the Versa FlexVNF branches
• Upgrades to appliances can be done via Versa Director or device CLI
• We will use director to upgrade your branch to a more current 16.2R2S5 image
• The software file has to be first uploaded to the Versa Director. Select
AdministrationInventoryImage. Then click on the + icon on the right hand top side
to upload the image. A new pop up will open, where you have to select if this image is
a Versa Director image or a Versa FlexVNF image. (see screenshot in the next slide)
Please note that a copy of the FlexVNF image file (.bin) has been uploaded to each of
the lab directors so this step can be skipped.
• Now go to Administration  Appliances and select your branch by checking the tick
box next to the name and then select “Upgrade Selected Appliance” from the right
hand top . Don’t tick the Upload only option. This option is if you want to only upload
the file but not upgrade the software (see screenshot in the next few slides)
• Select the FlexVNF-16.1R2S5 image and click OK to initiate the upgrade process
• Monitor the status of the upgrade from the Task list

22
Lab 4 – Upload software image to Director

23
 Lab 4 – Upgrade Software

Option to upgrade
the software

24
Thank You