Monitoring SD-WAN for Viptela

casp1031
Starting from 10.3.1 release CA Spectrum supports monitoring of Cisco Viptela devices through CA VNA integration. This functionality allows you to use SD-WAN solution that is provided by Viptela. SD-WAN stands for Software Defined Wide Area Networking. It is a combination of Software Defined Networking (SDN) and Wide Area Networking (WAN).
When CA Spectrum is integrated with CA VNA (configured with Viptela plug-in), CA Spectrum receives the inventory information of the Viptela devices through CA VNA. 
CA VNA configured with Viptela plug-in. acts as an SDN Gateway to collect Viptela inventory information and forwards information to CA Spectrum. Ensure that the CA VNA must be configured with Viptela plug-in.
The CA Spectrum and CA VNA integration fetches the following Viptela entities inventory information and displays under the SDN Manager hierarchy in OneClick.
  • Sites
  • vEdge
  • vManage
  • vSmart
  • Policy Group
Viptela hierarchy.png
This integration supports Viptela entities synchronization. When the CA Spectrum and CA VNA integration is enabled, synchronization happens automatically at the scheduled time interval that is displayed in the OneClick view. Additions, deletions, and modifications of Viptela entities in CA VNA are reflected in CA Spectrum after the full synchronization. 
Icons for Viptela Devices in Spectrum
Following are the new icons that are created for Viptela devices in CA Spectrum.
SDN Site
SDN Site.png
A site is a particular physical location within the Viptela overlay network. Each site is identified by a unique integer, called a site ID. Each Viptela device at a site is identified by the same site ID.
vManage
vManage.png
The vManage is a centralized network management system to maintain all Viptela devices and links in the overlay network. It is a fully manageable centralized portal to run and operate software defined network (SD-WAN).
vBond
vbond.png
The vBond orchestrator is a software module that authenticates the vSmart controllers and the vEdge routers in the overlay network and coordinates connectivity between them. A Viptela overlay network can have one or more vBond orchestrators. It initiates the bring up process of every vEdge device, at the first step it creates secure tunnel with vEdge and informs vSmart and vManage about its parameters like for instance IP address. It has to be fully connected with every device.
vSmart
vSmart.png
The vSmart Controller establishes a secure DTLS connection to each vEdge router in the network and runs an Overlay Management Protocol (OMP) to share routes, security, and policy information.
vEdge
vEdge Cloud.png
vEdge is a router which receives complete control and data policies from the vSmart. It establishes secure IPSec tunnels with others vEdges depending on selected topology.
SLA Path
SLA Path.png
Default Domain
Default Domain.png
SDN Policy and Policy Group
SDN policy.png SDN policy group.png
SDN Transport
SDN Transport.png
SDN Tunnel
SDN Tunnel.png
Viptela Topology
CA Spectrum displays topology for Viptela devices. vSmart, vEdge, and SLA Paths.
Topology for vSmart
CA Spectrum displays an Overlay Topology for vSmart, which shows vEdges associated with SDN Transports.
vSmart Toplology.png
Topology for SLA Paths
The SLA Path topology that is displayed when a SLA path is selected under Policy Group in the Explorer tab. This topology shows the connectivity between vEdge router models, Transport models.
image2019-4-1_15-55-2.png
Topology for vEdges
The vEdge topology is displayed when a Policy is selected in the Policy Group under SDN Manager.
Support for Alarms Traps and Events
CA Spectrum can perform automatic discovery and mapping of a device interface and connections based on the following events and conditions:
  • A change in the number of configured interfaces on a device
  • When a device sends a LINK up trap
  • When CA VNA reconfigures a modeled device
Viptela Inventory
You can view the Viptela entities such as vEdge, vBond, vSmart, vManage in the OneClick console. Logical entities such as Sites and Policy Groups can also be viewed in the OneClick Navigation page. A new container '
VNA Inventory
' is created under Universe view, this container has the Viptela entities. In the Explorer View, 
SDN Manager
  provides a more detailed hierarchy i.e.
 Domain > Sites > Policy Groups > Policy > vEdges
, compared to the 
VNA Inventory
 view, which only displays the hierarchy of vEdges and associated Tunnels. 
The vEdge devices are discovered and placed in the VNA Inventory folder under Universe in OneClick. A vEdge device must have a valid security certificate to participate in a Viptela network. You can configure the certificate state from the vManage Certificates administration page.
Viptela Alarms
The Alarms tab in OneClick displays the alarms for Viptela devices. The status of the alarms is fetched from VNA. 
CA Spectrum and CA VNA integration for Viptela devices management supports the alarms that are received from VNA. Alarms with following statuses are supported in CA Spectrum:
  • Alarms with state as 'CREATED' 
    When an alarm notification is received from VNA, an event and alarm is generated in CA Spectrum for the respective alarm with the event code 0x673000c
  • Alarms with state as 'CLEARED'
    When an alarm notification is received from VNA, an event and alarm is generated in CA Spectrum for the respective alarm with the event code 0x673000d
The following Viptela alarms are supported in CA Spectrum:
Alarm
Description
BFD Between Sites Up
At least one BFD session on a vEdge router between two sites is in the Up state.
BFD Node Up
At least one BFD session for a vEdge router is in the Up state.
BFD Site Up
At least one BFD session on a vEdge router in a site is in the Up state.
BFD TLOC Up
At least one BFD session for a TLOC is in the Up state.
Control Node Up
At least one control connection for a vEdge router is in the Up state.
Control Site Up
At least one control connection from the vManage NMS and the vBond orchestrator in the site is in the Up state.
Control vSmart Up
At least one control connection from a vSmart controller in the overlay network is in the Up state. 
Control TLOC Up
At least one control connection for a TLOC is in the Up state.
OMP vSmarts Up
At least one OMP connection from all vSmart controllers in the overlay network is in the Up state.
OMP Node Up
At least one OMP connection for a vEdge router is in the Up state.
OMP Site Up
At least one OMP connection to vSmart controllers from all nodes in the site is in the Up state.
Control vManage Up
At least one control connection from a vManage controller in the overlay network is in the Up state. 
OSPF Router Up
All OSPF peering sessions from a particular OSPF router to all its OSPF peers on other vEdge routers are up.
Admin Password Change
The password for the admin that is changed on a router or controller.
Clear Installed Certificate
All certificates on a controller or device, including the public and private keys and the root certificate, have been cleared, and the device has returned to the factory-default state.
Cloned vEdge Detected
A duplicate router that has the same chassis and serial numbers and the same system IP address has been detected.
Cloud onRamp
The Cloud onRamp service was started on a router.
Control vManage Down
All control connections from a vManage NMS are in the Down state.
Default App List Update
The default application and application family lists, which are used in application-aware routing policy, have changed.
Interface Admin State Change
The administrative status of an interface in a controller or router that is changed from up to down (Critical) or down to up (Medium).
Memory Usage
The memory usage on a controller or device has reached a critical level that could impair or shut down functionality, or a medium level that could impair functionality.
New CSR Generated
A controller or router generated a certificate signing request (CSR).
Correlation of CA Spectrum Alarms to Viptela Alarms
CA Spectrum tries to correlate alarms that are received from Viptela and creates a root cause alarm in Spectrum. For example, if there is a physical interface down in Viptela, Spectrum receives multiple alarms for different events. CA Spectrum correlates these alarms from Viptela and creates a Bad Link Detected alarm in Spectrum. Alarms that are received from Viptela are shown as symptomatic alarms and the Spectrum alarm is considered as the root cause.
CA Spectrum keeps updating/replacing the symptomatic alarms with the latest alarms that are received from Viptela. The root cause alarm remains same (bad link detected) in Spectrum until all the alarms are cleared from Viptela.
Alarms for SLA Violation
Whenever there is a violation for the defined SLA, CA Spectrum generates a critical alarm on the vEdge routers for the SLA. 
Reconciling Viptela Entity Data in CA Spectrum
During CA VNA data synchronization, when a new Viptela entity is created in CA VNA it is reported to CA Spectrum. Spectrum performs a search to identify if this entity was modeled during CA Spectrum discovery and modeling. If such an existing model is found, CA Spectrum reconciles the CA Viptela entity information with the existing model, instead of creating a model.
Interfaces Information
CA Spectrum reads the information of the following Viptela devices from VNA and displays in the OneClick Interfaces tab:
  • Tunnels
  • Physical Interfaces 
  • Transport
SDN Tunnels associated to vEdge Interfaces
The Interfaces tab in the Component Details panel shows all the tunnels information which is associated to the selected vEdge.
SDN Tunnels.png
Policies Information
For vEdges, assoicated policy and policy group information is displayed in the Information tab of the contents panel.
vEdge Policy Information
Policy Information.png
Viptela VRRP Models
Using the search functionality in the Locater tab to find Virtual Router Redundancy Protocol (VRRP) enabled Viptela devices that are available in the CA Spectrum environment. You can access the Locater search from the Locater tab of the Navigation Panel. The Search results appear in the Results tab of the Contents panel.
Change the State of the ViptelaVRRPMode Attribute
To search VRRP models, follow these steps:
  1. Open the CA Spectrum OneClick Console.
  2. From the Navigation Panel, select the Locater tab.
    The Search Options window opens.
  3. Expand Application Models, All Application Models.
    The Locater Search results are displayed in the Contents pane.
  4. In the Results tab, filter for the ViptelaVRRPApp model.
    The VRRP enabled Viptela devices are displayed.
    VRRP Viptela.png
  5. Select an App model from the list
  6. In the Component Detail panel, select the Attributes tab then search for the ViptelaVRRPMode attribute.
  7. Set the attribute value to Active. The default value is Off.
    Repeat the same for remaining similar App models.
Spotlighting Viptela Devices
Spotlighting Viptela Devices in the Topology view helps you isolate and visualize the Viptela model relationships within your network. Use the OneClick Spotlight feature to see all Access Points that are related to a Viptela in the Topology view.
To spotlight Viptela devices, follow these steps:
  1. Open OneClick.
  2. Expand the desired landscape on the Explorer tab and select Universe.
    Details about the selected Universe appear in the Contents panel.
  3. Select the Topology tab.
    The topology of the Universe is displayed.
  4. Select Spotlight View Icon(Spotlight View) and select Router Redundancy
     
    from the list of options.
    The list of Router Redundancy Groups appears.
  5. Select a Router Redundancy group from the list to spotlight all participating devices in the topology.
    Sptlight Router Redundancy.png
    The Group Members view shows the list of devices for the selected Router Redundancy Group.
Network Configuration Manager (NCM) Support for Viptela Devices
After the CA Spectrum and CA VNA integration is enabled, during the CA Spectrum discovery a folder for Viptela is created under the Device Families folder of Configuration Manager. Network Configuration Manager automatically assigns all Viptela devices to the Viptela family. 
The Configuration Management process helps in identifying and monitoring configurations of single devices and device families that comprise a network. Using the Network Configuration Manager, you can you perform the following tasks for Viptela devices:
  • Manage configurations for Viptela devices that are modeled in CA Spectrum.
  • Capture device configurations and store them in the CA Spectrum database.
Configure Device Family General Settings
The General Configuration subview contains the Configuration Manager settings. Configuration Manager lets you disable tasks for an entire device family. When Configuration Manager is set to disabled, Network Configuration Manager operations are not performed on any of the devices that are contained by this device family.
Configure Device Family Communication Mode
The Primary Communication Mode determines how Network Configuration Manager interacts with the associated devices. By default, Viptela device family supports 'SSH' communication mode. You need to specify the device username, password, and enable password to contact the devices. 
Manually Capture the Viptela Device Configuration
You can manually capture the Viptela device configurations in OneClick. Capturing the device configurations helps to see that any changes occurred in device configurations and helps to store the updated configuration in the database.
Follow these steps:
  1. Select the Viptela device in the Explorer tab.
    The device appears in the List tab of the Contents panel.
  2. Select the Host Configuration tab in the Component Detail panel.
  3. Select the Capture Configuration for Selected Host icon.
    The results of the capture appear. Either a new configuration appears in the list or the last verified time is updated for the current configuration.
Upload Configuration
You can manually upload a configuration file to a Viptela device on your network. When you upload a configuration file, you merge it into the existing configuration file.  
Follow these steps:
  1. Select the Viptela device in the Explorer tab.
    The device appears in the List tab of the Contents panel.
  2. Select a configuration from the Host Configuration tab in the Component Detail panel.
  3. Select the Upload Configuration to the Selected Host icon.
    The Upload Configuration window opens.
  4.  Modify the configuration and select update
  5. Perform any of the following optional steps:
    • Edit configuration content as desired.
    • Enter criteria in the Search field to locate specific lines in the configuration file to change content or to verify content prior to an upload.
    • Select Open to import a previously exported configuration file that is saved locally on your system.
    • Select Save As if you want to save and export this configuration file in txt or html format.
  6. Select Upload to upload the configuration file to the selected device.
    The message “The configuration upload succeeded” appears when the procedure is complete.
    To compare configuration differences, capture the newly uploaded configuration.
Known Anomalies
CA Spectrum has following known anomalies for supporting Viptela devices:
  1. SDN Tunnels do not show the connected device and port unless the vEdge model is reconfigured.
  2. SDN Tunnels getting deleted when physical interface goes down.
  3. Overlay topology shows the overlapped transports.