dokucama

User Tools

Site Tools

Trace: netsim zscaler vagrant
network_stuff:sd-wan

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:sd-wan [2025/01/06 19:09] jotasandokunetwork_stuff:sd-wan [2025/01/22 17:38] (current) jotasandoku
Line 64: Line 64:
 Three elements. Only one of them needs high resources for the lab: Three elements. Only one of them needs high resources for the lab:
   * sd-wan manager (vmanage, centralized dashboard): ~20GB RAN   * sd-wan manager (vmanage, centralized dashboard): ~20GB RAN
-  * controllers (vsmart, policy engines): router with 'policy' role +  * controllers (vsmart, policy engines): router with 'policy' role (~control plane) 
-  * edge nodees (vedge): these are just the dumb switches+  * edge nodes (vedge): these are just the dumb switches 
 +  * vbond (CA)
  
-No need for smart account. Just a button with **pay as you go** license.\\+No need for smart account. Just a button with **pay as you go** license. **this is in the vmanage itself, we need to have last version. (20.6.3 (Jul 2022))
 All air gapped, you need to do your your Wan edge certificates yourself and your controller certificates.So you need to know how to generate open SSL root CA and then sign certs from that CA.\\ All air gapped, you need to do your your Wan edge certificates yourself and your controller certificates.So you need to know how to generate open SSL root CA and then sign certs from that CA.\\
 basically the first step in onboarding a router like ACSR 1000V or a Catalyst 8000V virtual router is to take the CA certificate and install it.  put it on the boot flash of the router and then you import it into the router's trust store.So what that does is when it does that initial connection to the controllers, it now uses your certificate to validate them and form that mutual trust instead of using the one that Cisco would use if you were in the cloud.\\ basically the first step in onboarding a router like ACSR 1000V or a Catalyst 8000V virtual router is to take the CA certificate and install it.  put it on the boot flash of the router and then you import it into the router's trust store.So what that does is when it does that initial connection to the controllers, it now uses your certificate to validate them and form that mutual trust instead of using the one that Cisco would use if you were in the cloud.\\
 +
network_stuff/sd-wan.1736190540.txt.gz · Last modified: by jotasandoku

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki