Cisco SD-WAN Templates Explained [Configuration Example]

What is a template in Cisco SD-WAN

Templates are used to automate the configuration of devices across the SDWAN fabric. They provide a centralized way to manage configurations via the vManage GUI.

They are 2 type of templates, each has its own purpose and they are complementary:

I- Feature Templates

Feature templates are modular components that define individual features or functions of a SDWAN EDGE device. Multiple feature templates are combined within a vManage Device Template to form the full configuration of the device.

Below are categories of the commonly used Feature templates:

  • System Template: Defines global system parameters for a device, such as:
    • Hostname
    • Site ID
    • System IP
    • Time zone

VPN Templates: VPNs are used in Cisco SD-WAN to segment traffic. Different feature templates are available for VPN-specific configurations:

  • VPN Template: Configures basic settings for a VPN instance, including:
    • VPN ID
    • Interfaces belonging to this VPN.
  • VPN Interface Template: Configures interface-specific settings within a VPN, such as:
    • IP address (static or DHCP).
    • Encapsulation (IPsec).
    • NAT settings….
    • MTU.
    • Interface Bandwidth.

OSPF Template: Defines OSPF settings such as:

  • Area ID.
  • Network advertisements.
  • Hello and dead intervals.

BGP Template: including:

  • ASN (Autonomous System Number).
  • Neighbor details
  • Route maps and policies.


II- Device Templates

Device templates are high-level templates that bind multiple feature templates into a unified configuration for a specific device or group of devices. They define the overall structure of a device’s configuration.

You can thing it about lego pieces forming the SD-WAN configuration and automating it.


SD-WAN Template Configuration

We will first starting by preparing the feature templates to be used later to form the device template:


I- Feature Template Variables Types

For the Feature template configuration variables, they are 3 types (they are easy identified in GUI by small icon beside the parameter entry):

  • Global: applied to all devices to which the feature template is attached.
  • Device-specific: meaning that parameter is unique/specific for each device, these variables will have to be populated by user when attaching and pushing the device template.
  • Default: it’s the factory/system default value for that parameter.


II- Feature Templates Configuration


System template:


We always first specify the template name and description, good practice is to make it meaningful, and well structured, that will help with configuration and troubleshooting:


Banner template:

I chose to keep it global, meaning it will applied to all devices:


VPN0 Template:

Default route added under the VPN 0 template:

  • Prefix is global 0.0.0.0/0
  • Next is device-specific:


VPN0 Interface template:

Since the MPLS facing interfaces are setup to be ge0/0 on vEDGE devices, it will suitable to create VPN0 Interface template for MPLS interface and put ge0/0 as global variable.

If this is not the case, I may need to make it device specific or create multiple template to cover it.


I’ve created ge0/0 template as below:

Since this is VPN0 interface, we specify tunnel status as “On”, for this VPN interface template, it for MPLS transport, so, I’m selecting color mpls:


Some other templates are also created:


Now, it’s time to combine these feature templates and create a Device template:

II- Device Template Configuration


For each feature, each just about drop down and select the created feature template for it, you can add feature template by (+) on the left pane:


Until now, no configuration is really pushed to the vEDGE devices, we need to attach the Device template to the actual devices:

Select the vEDGEs and click attach:


To enter the parameters, you can do it from table option, or via following form (Also possible via csv):


Once all device-specific parameters are entered, you submit the configuration and will take a moment to push:


vManage basically validating the configuration and connecting to the vEDGE nodes to apply the configuration:


Next, I’ve added some static routes for VPN0, I find that it’s pretty useful, that after adding new feature template or modifying feature template, we can just update device template and repush the configuration:


You can see the configuration drift for each device, what will be added and what be removed based on the current device configuration and the target configuration, allowing to verify impact before pushing device template to the devices.


Now, since I made sure, vEDGE are up after pushing the configuration via templates:


After pushing template via vManage, by default, the vEDGE will not accept configuration from CLI:

it will show: “This device is being managed by the vManage. Configuration through the CLI is not allowed”

LearnDuty-vEdge1(config-vpn-0)# ip route 0.0.0.0/0 222.2.2.6
LearnDuty-vEdge1(config-vpn-0)# commit
Aborted: 'system is-vmanaged': This device is being managed by the vManage. Configuration through the CLI is not allowed.
LearnDuty-vEdge1(config-vpn-0)#
Code language: PHP (php)


Next, we will continue utilizing the Template to push VPN1 and VPN2 and OSPF/BGP templates:

Bilel Ameur

Enthusiastic Network Engineer specializing in Cisco ACI, passionate about solving challenges. A lifelong learner who loves gaining and sharing knowledge. Profile: https://www.linkedin.com/in/bilel-ameur-71116b2b5
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x