The Bootstrap Process
In the Part 1 of this series we covered the first step to converting and ISR from IOS-XE onto the Cisco SD-WAN platform. We will continue from there with my story of frustrations and the discovered caveats and need to knows. Starting first with bootstrapping the ISR.
Cisco ISR SD-WAN Bootstrap
The bootstrap process is very similar to that of a vEdge device. The reason I am bringing up bootstrap and now talking about the Zero Touch model is the simple fact that I like consistency. vEdges use different interfaces depending on models for the ZTP interface and I would prefer all of my external transport interfaces to be the same. For this reason I prefer the bootstrap process. With that comes needing to know how to bootstrap an ISR converted to the SD-WAN image. The documentation referenced wasn’t bad documentation per se, however there were some quirks you will need to know. I will outline the high level steps and then dig deeper into the actions needed to complete them.
To set the stage we will be utilizing the Software Installation and Upgrade for Cisco IOS XE Routers guide once again. Also, please note (as this just drives me nuts and should be fixed) that although on vEdges you can still use config t (even though the command is config transaction and not config terminal) for some reason it was decided to drive us engineers nuts on the ISR 4k SD-WAN image and you must use config-transaction (config-t) instead. Yes you MUST put the dash in. Consider that the first caveat, your years of IOS and Nexus “conf t” muscle memory need to be broken.
- Disable PnP
- Configure System Requirements
- Configure Tunnel Interface
- Configure Physical Interface
- Associate Interface with SD-WAN
- Configure DNS and Routing Requirements
Configure System Requirments
This is a pretty straightforward step. Once you have successfully logged into the router issue the following command. Note this command is issued in Exec mode not Config mode.
pnpa service discovery stop
Configure System Requirements
These requirements are the same requirements you use on a vEdge to associate the device with the proper vBond and ultimately talk with vSmart and vManage. These commands will occur in config mode which again remember is uniquily “config-t” (config-transaction) for the ISR 4k SD-WAN image.
config-t ISR4K(config)#system host-name ISR-SD-RTR ISR4K(config-system)#system-ip 10.1.1.1 ISR4K(config-system)#site-id 13524 ISR4K(config-system)#vbond myvbond.viptela.com ISR4K(config-system)#organization-name "MyBiz - 001122"
There are a few caveats to note here which are the same with the vEdge devices. First note that you can use the IP address of your vbond instead of it’s hostname. You will be issued it with a hostname and will manually have to resolve it if you choose to use the IP. In this case we will still with their guide and enable DNS lookups later for the ISR to resolve the hostname itself.
Next I want to call out the organization-name variable. You may be issued a name with spaces inbetween the values and the dash as I represented above. If this is the case you need to put the quotations around it. In my opinion it is easier to just make it your best practice to always put the organization name in quotations.
Configure Tunnel Interface
This is the first place I really think the documentation gets ahead of itself without being clear and has a couple of very strict rules. First I will put the documentation configuration in and then indicate the caveats/need to know items referenced by line number.
ISR4K(config)# interface Tunnel # ISR4K(config-if)# ip unnumbered wan-physical-interface ISR4K(config-if)# tunnel source wan-physical-interface ISR4K(config-if)# tunnel mode sdwan
The first thing I want to draw your attention to is the initial configuration parameter we are configuring. In line 1 there are two caveats you need to know. First, if you notice the reference above it has a capital letter “T” in the word Tunnel. This is necessary or it will not take your command. I found this out the hard way…and to me it’s kind of ridiculous and I hope they fix it in the future. If you use a lowercase it will give you a syntax error stating “element does not exist”.
The second thing I want to call out is also in line 1 of the above config and it is the numeric variable you use after the word Tunnel. This number has to correlate with the physical interface you are using. In other words if you want to use GigabitEthernet0/1 as the physical interface then your tunnel must be interface Tunnel 1. If you are using GigabitEthernet0/3 then likewise you must use interface Tunnel 3.
There is one more caveat/need to know in reference to that short snippet of configuration above. Look at lines 2 and 3 and you will notice a variable named wan-physical-interface. This variable has to be the specific interface name associated with the platform you are using. In other words interface 1 on an ISR4431 is GigabitEthernet0/0/1. This breaks the tradition of the vEdge naming of ge0/1. The router will accept the wrong interface reference until you go to commit, at that point the error message simply says inconsistent value: Device refused one or more commands. A filled out example of this configuration is below.
ISR4K(config)# interface Tunnel 1 ISR4K(config-if)# ip unnumbered GigabitEthernet0/0/1 ISR4K(config-if)# tunnel source GigabitEthernet0/0/1 ISR4K(config-if)# tunnel mode sdwan
Configure Physical Interface
The next block of configuration required is the WAN interface. If you have caught on to the theme of the caveat/need to know this one will be pretty quick to answer what you need to do. The guide reference is below.
ISR4K(config)# interface GigabitEthernet # ISR4K(config)# ip address ip-address mask ISR4K(config)# no shut ISR4K(config)# exit
Again the documentation simply lists GigabitEthernet # which is not clear that you need to utilize the full interface name and numbering nomeclature utilized within the hardware platform you are on. In the case of the 4431 my example is based on this would be referenced as GigabitEthernet0/0/1.
Also noteworthy is the ip address assignment configuration. In vEdge world you utilize CIDR to assign the IP Address. In ISR 4k SD-WAN world you use the same old IOS configuration you have been for years. That is the address and mask in dotted decimal form.
ISR4K(config)# interface GigabitEthernet0/0/1 ISR4K(config)# ip address 172.16.100.1 255.255.255.0 ISR4K(config)# no shut ISR4K(config)# exit
Associate Interface with SD-WAN
Our next step is to associate our WAN interface into the SD-WAN configuration on the ISR SD-WAN image. This is pretty straightforward with the only real need to know being the interface name and number reference theme we have been discussing. Utilize the full IOS interface nomenclature in the below configuration as well.
ISR4K(config)# sdwan ISR4K(config-sdwan)# interface GigabitEthernet0/0/1 ISR4K(config-interface-interface-name)# tunnel-interface ISR4K(config-tunnel-interface)# color metro-ethernet ISR4K(config-tunnel-interface)# encapsulation ipsec
Configure DNS and Routing Requirements
The following requirements allow the Tunnel interface to know it’s next hop towards vBond and provides the ability to lookup the issued vBond DNS name provided by Cisco for your installation. This section has no caveats.
ISR4K(config)# ip route 0.0.0.0 0.0.0.0 next-hop-ip-address ISR4K(config)# ip domain lookup ISR4K(config)# ip name-server dns-server-ip-address ISR4K(config)# commit
At this point provided routing is in place through the infrastructure to provide reachability to the required Cisco SD-WAN elements (vBond, vManage, vSmart) your control connections should come up and you have successfully bootstrapped your ISR4k into SD-WAN.
Conclusion and Summary
In short the process isn’t all that different than bootstrapping a vEdge device. However, knowing the nomenclature caveats such as a capital “T” in “Tunnel” and the requirement to reference the old ISR GigaBitEthernet0/0/1 style of nomenclature can save you from pulling your hair out for a bit. The documentation will get you there you just need to dissociate the vEdge nomenclature from your muscle memory on the ISR. For some reason the wheel was reinvented on certain syntax when the vEdge code was written into the ISR SD-WAN code and it will take you a bit to remember these caveats.
What are your experiences with the bootstrap process for an ISR4k into SD-WAN? Be sure to look for the next post about ISR4k and vManage caveats. Here is a hint, it’s a similar theme!
4 comments
Skip to comment form
Good stuff. Thanks for sharing, Matt! It sounds like this 5 minute read will save folks a ton of time and energy!
Thank you man! saved me a hairpulling recurring scene!!!
Thanks you so much. Nicely written and explained.
Great write-up thanks!
We went through the opposite process last week on ISR1100’s that arrived with SD-WAN software that we returned to IOS-EX as per client company standards.
Can’t believe the Cisco folks think “configure terminal” not being available is a good idea!
Just to add that the ISR’s we had arrive were operating in “Install Mode” that is the software is operating from packages, not the .bin file (“Bundle Mode”)
So software install process consists of copying the .bin file onto the box, then:
Router#request platform software sdwan software install bootflash:c1100-universalk9_ias.16.09.02.SPA.bin
then:
Router# request platform software sdwan software activate 16.9.2
(router reboots & comes up with the XE version, but boots from bootflash:packages.conf )