Versa Training

Lab Guide – Day3

 Versa-Training Lab Guide
Lab 5 – Hub and Spoke

2
 Lab 5 Hub and Spoke
Objective: To configure a hub spoke topology and filter routes between spoke groups

1. Use diagram on next slide and create a hub and spoke environment

2. First 3 branches in each group will be in a spoke to spoke direct group while others (last 3) will be configured as spoke to
spoke via hub

3. The first step is to create a spoke group. Select Workflows and then click on Template and Spoke Groups.

4. Create a new spoke group with any name. Note that all branches in a given spoke group should use the same group name.
Select the organization as tenant1 and then select which type of spoke group you would like to configure. Select the hub for
this spoke group and give it a priority of 1. The hub for each group has been pre-configured and is mentioned in your lab
topology. (see next few slide)

5. If you select the spoke group type to be “Spoke to Spoke Direct” then you have to give a community name (use any name)
and number (use number 105). All routes from this group will be marked with this community. You can use this community to
filter routes.

6. After the spoke group is created, create a new post staging template or edit your existing template and add the device type as
Spoke on page 1 of the configuration.

7. After the configuration is done, delete your device from under the devices in the Workflow. Check if you device has been
deleted also from the Appliance list under Administration.

8. Onboard your device again with ZTP

9. Verify correct paths are used with show route and pings . You can verify the route communities of the l3vpn routes in the
Tenant1-Control-VR by using the command “show route table l3vpn.ipv4.unicast receive-protocol/advertising-protocol bgp”

3
 Lab Group - 1 Director Analytics

Control
DC 1 Network DC 2
Director external Access
https://103.231.208.51:1443
SSH Jump node access Controller01 Controller02
103.231.208.51 1122
192.168.100.2 145.67.89.2 192.168.100.50 145.67.89.50

Hub157

192.168.157.0/24 MPLS Internet Layer 3 Router

MPLS WAN: VNI-0/0

Internet WAN: VNI-0/1
LAN: VNI-0/2

To access device mgmt (eth0)

address Branch 151 Branch 152 Branch 153 Branch 154 Branch 155 Branch 156
ssh to 172.16.10.xxx
xxx = branch number
192.168.151.0/24 192.168.152.0/24 192.168.153.0/24 192.168.154.0/24 192.168.155.0/24 192.168.156.0/24
Spoke Group 1 – spoke 2 spoke direct Spoke Group 2 – spoke 2 spoke via hub
Lab Group - 2 Director Analytics

Control
DC 1 Network DC 2
Director external Access
https://103.231.208.51:2443
SSH Jump node access Controller01 Controller02
103.231.208.51 2222
192.168.100.2 145.67.89.2 192.168.100.50 145.67.89.50

Hub157

192.168.157.0/24 MPLS Internet Layer 3 Router

MPLS WAN: VNI-0/0

Internet WAN: VNI-0/1
LAN: VNI-0/2

Branch 151 Branch 152 Branch 153 Branch 154 Branch 155 Branch 156
To access device mgmt
(eth0) address
ssh to 172.16.20.xxx 192.168.151.0/24 192.168.152.0/24 192.168.153.0/24 192.168.154.0/24 192.168.155.0/24 192.168.156.0/24
xxx = branch number
Spoke Group 1 – spoke 2 spoke direct Spoke Group 2 – spoke 2 spoke via hub
 Lab 5 Hub and Spoke
Result:
1. The LAN routes of the spoke branches in spoke group 1 should be
learnt directly from each other.
2. The LAN routes of the spoke branches in spoke group 2 should be
learnt via the hub.
3. The LAN interface routes from branches in the spoke group 1 should
be seen in spoke group-2’s branches via the hub

6
 Versa-Training Lab Guide
Lab 6
SDWAN and QOS

7
 Lab 6– SDWAN & QOS

Objective: To classify traffic and apply an SDWAN and QOS policy for it.
• Use the table provided in one of the following slides to determine what configuration
should be done. The SDWAN configuration part is coloured in grey and the QOS part of
the configuration is coloured in blue. The Match traffic rule should be configured
individually for both the SDWAN policy and QOS policy.
• Configure the branch to use both the internet and mpls wan link. This is required for
testing SDWAN policies.
• When naming a particular profile or rule, use any name that describes the task best.
E.g. when creating an SDWAN policy rule for Salesforce traffic you could name it as
rule_salesforce

8
 Lab 6A– SDWAN Configuration steps

Steps to create an SDWAN Policy

• Step 1 - Under the services tab select SDWAN and define the
SLAs using the SLA Profiles tab. Use the table in the next slide for
SDWAN SLA profile creation
• Step 2 – Then create Forwarding Profiles to select the WAN link
priority. The Forwarding profile should reference the SLA profile
created in Step 1. Set the recompute timer to 30 seconds and
enable the Evaluate Contiousaly option.
• Step 3 – Create the SDWAN Rules to classify traffic and reference
the Forwarding profile defined in Step 2. Note the order in which
the policy rules are applied. Once the traffic matches a particular
rule, further rules down the list wont be checked. The rules can be
configured under the Default-Policy

9
 Lab 6A – SDWAN SLA parameters

Match Traffic SLA WAN Link priority

Priority 1 - mpls,
SIP, Skype Latency 100 ms
Priority 2 - internet

Priority 1 - mpls
TCP Jitter 30 ms
Priority2 - internet

Latency 100 ms,

Priority 1 - mpls,
salesforce Jitter 30 mss,
Priority 2 - Internet
PDU Packet loss 10%

Priority1 - internet,
Default
Avoid mpls

Where to go for SDWAN configuration ? See next slide

10
 SDWAN Configuration

11
 Lab 6B – QOS configuration steps

Steps to create a QOS Policy

• Step 1 – Under the Networking tab, select Class of Service and create a QOS profile to set the Forwarding class and the
policing rate

• Step 2 – Create a RW rule to rewrite the IP TOS bits

• Step 3 – Under App Qos or Qos Policies create the required rules to match traffic. The rules can be defined under the Default-
Policy. The Qos policy does L3/L4 classification and App Qos policy does L3-L7 classification. If the traffic matches both
policies then the L3/L4 policy is applied first followed by the App Qos policy

• Step 5 – Create a Scheduler to set the shaping rate for the traffic class and to set the weight of each of the queues within the
traffic class. Use the command “show orgs org-services <org-name> class-of-service mapping” to check the Forwarding Class
to Traffic class and queue mapping.

• Step 6 – Create a Scheduler map to assign the Schedulers to the traffic class. The traffic class 0 to 3 follows strict priority

• Step 7 – Associate the scheduler map to the mpls and internet vlan’s using the networks option. The dscp rw policy can also be
assigned to the tunnel interface to mark the inner header. If the rw policy is applied to the networks (internet or mpls) then the
outer header is marked. Use the network option to shape the mpls and internet vlan’s to 5Mbps.

12
 Lab 6 – SDWAN & QOS

Match Traffic SLA WAN Link priority QOS Forwarding class Remark to Traffic class Configuration Traffic Class Associate Interface
3% Transmit Rate,
3% Guaranteed Rate, 0 mpls & internet
Queue 0 - weight 4
FC4, 10% Transmit Rate,
Priority 1 - mpls,
SIP, Skype Latency 100 ms Police 1Mbps, ef 7% Guaranteed Rate, 1 mpls & internet
Priority 2 - internet
Low drop threshold Queue 0 - weight 4
30% Transmit Rate,
Priority 1 - mpls FC8,
TCP Jitter 30 ms 20% Guaranteed Rate, 2 mpls & internet
Priority2 - internet Low drop threshold
Queue 0 - weight 4

Latency 100 ms,

Priority 1 - mpls, FC12,
salesforce Jitter 30 mss,
Priority 2 - Internet Low drop threshold Queue 0 - weight 2
PDU Packet loss 10% 3 mpls & internet
Queue 1 - weight 1
Priority1 - internet, FC13,
Default
Avoid mpls High drop threshold

13
 QOS Configuration

14
 Lab 6A&B – SDWAN and QoS

Result: After this lab, you should be able to configure an SWAN policy and QOS policy. Some aspects of the SDWAN policy like
underlay failure should be verified using the traffic generators in the lab. Also QOS attributes like traffic going in the forwarding class
and shaping rate should be verified.

15
Thank You