sd-wan-ansible-pipeline-code

This collection of Ansible inventory and playbooks is designed to be used with the DevNet Learning Module Cisco SD-WAN Ansible Pipeline and the DevNet Multi-IOS Cisco Test Network sandbox. However, it can also be applied to any VIRL server that has the appropriate Cisco SD-WAN images installed.

Note: future development of the SDWAN DevOps code base has been moved to the sdwan-devops repo. There are many improvements there, including support for VIRL2/CML2 and VMware deployments.

Requirements

VIRL server with vManage, vSmart, vBond and vEdge images installed. For instructions on how to do this, look at the virl-howtos repo.
sshpass installed

Installation

Clone the repo. Note the use of the recursive switch. This is to make sure the necessary submodules get pulled down as well.

git clone --recursive https://github.com/CiscoDevNet/sd-wan-ansible-pipeline-code.git

Change into the sd-wan-ansible-pipeline-code directory.

cd sd-wan-ansible-pipeline-code

Install the required Python modules.

pip install -r requirements.txt

Topology

The Ansible inventory data included in this repo is designed to build and configure the following topology:

Playbooks

There are seven playbooks in this collection:

build.yml builds the dynamic VIRL topology file and starts the simulation
configure.yml pushes the Day 1 configuration to devices via NETCONF
import-templates.yml imports device/feature templates into vManage
export-templates.yml writes device/feature templates from vManage to a local YAML file
attach-template.yml attaches device templates to devices
detach-template.yml detaches device templates from devices
clean.yml cleans up file and stops the simulation

Basic usage

Build the topology.

ansible-playbook build.yml

Bring up the control plane and basic device connectivity.

ansible-playbook configure.yml

Import device/feature templates into vManage

ansible-playbook import-templates.yml

Attach device templates to devices.

ansible-playbook attach-template.yml

When you're done, cleanup.

ansible-playbook clean.yml

Adding a site to the topology

Ensure you are starting with clean directory and no simulation running.

ansible-playbook clean.yml

Copy a new viptela-workshop.yml file with the additional branch site into the inventory directory.

cp inventory_files/viptela-workshop-2branch.yml inventory/viptela-workshop.yml

Build the topology.

ansible-playbook build.yml

Bring up the control plane and basic device connectivity.

ansible-playbook configure.yml

Import device/feature templates into vManage

ansible-playbook import-templates.yml

Attach device templates to devices.

ansible-playbook attach-template.yml

Note: It can take some time for vEdges to register in vManage, trying to run the attach-template.yml playbook before the vEdge is registered in vManage will result in an error.

Updating a device banner

Copy a new network.yml file with an updated banner into the vedge1 directory.

cp inventory_files/vedge1_network.yml inventory/host_vars/vedge1/

Reattach the device template to vedge1

ansible-playbook attach-template.yml --limit=vedge1

Useful tips

Use virl nodes to find node management IP addresses.
When running the attach-template.yml playbook, you can limit the playbook to a specific node (e.g --limit=vedge1).
When running the configure.yml playbook, you can limit the playbook to just control plane or just edge with --limit=control and --limit=edge.

Use Case

Objectives

Build test environments for SD-WAN.
Create infrastructure-as-code for WANs.
Automate Day 0, Day 1, and Day 2 configurations for onboarding, configuring, and managing SD-WANs.

Requirements

VIRL server with vManage, vSmart, vBond, and vEdge images installed. For instructions on how to do this, look at the virl-howtos repo.
sshpass installed.

Day One:

Create scalable and flexible Ansible inventory file structures.
Dynamically populate Ansible inventory from VIRL simulation data.
Target playbook execution to specific host groups or plays based upon tags.
Bootstrap Cisco SD-WAN configuration from Ansible inventory data.
Automate the attachment of device templates to devices in vManage.

Day Two:

Day Two operations on an SD-WAN topology.
How to manipulate Ansible inventory data in order to accomplish the following tasks:

Add a branch site to the SD-WAN topology
Modify a device login banner

Primary components of the Cisco SD-WAN solution

This solution uses the following tools and platforms:

vManage NMS (management plane)
Cisco vManage, Cisco’s centralized management and provisioning platform for day 0, day 1, and day n+ for the entire Cisco SD-WAN infrastructure. You can log in to the Cisco vManage dashboard to centrally manage the WAN. Cisco vManage provides the ability to manage all aspects of the WAN—from provisioning, monitoring, and upgrading routers to application visibility and troubleshooting the WAN.
vSmart controller (control plane)
vSmart Controllers are the centralized brain of the solution that implements policies and connectivity between SD-WAN branches. The centralized policy engine in Cisco vSmart Controllers provides policy constructs to manipulate routing information, access control, segmentation, extranets, and service chaining
vBond orchestrator (orchestration plane)
The vBond Orchestrator facilitates the initial bring-up by performing authentication and authorization of all elements into the network. Cisco vBond Orchestrator also provides information on how each of the components connects to other components. Cisco vBond Orchestrator plays an important role in facilitating Cisco SD-WAN devices that sit behind the Network Address Translation (NAT) to communicate with the network.
vEdge router (data plane)
Cisco SD-WAN vEdge routers are delivered as hardware, software, cloud or virtualized components that sit at the perimeter of a site, such as remote office, branch office, campus, or a data center. They participate in establishing a secure virtual overlay network over a mix of any WAN transports.