In Cisco SD-WAN, you can apply configurations to network devices with either one of the following two methods:

  • Via the CLI - This is the well-known way of configuring network nodes in traditional networking. You connect to the device via TELNET/SSH or CONSOLE and modify the running configuration. As much as we network engineers love the CLI, it has not been designed to make massive scale configuration changes to multiple devices at the same time.
  • Via the vManage GUI - This is the recommended centralized approach of configuring the devices in the Cisco SD-WAN solution. It is significantly less error-prone, can easily scale, and has support for automation, backups, and recovery.

Configuration Templates

The actual process of configuring Cisco SD-WAN nodes via vManage is done by applying device templates to one or multiple devices. A device template holds the whole operational config of a device. When vManage provisions the configuration of a node, it acts as a single source of truth and "locks" the device in a configuration mode called "vManage mode". That means that configuration changes can only be applied via vManage and changes via CLI are not allowed.   

A device template can be either Feature-based or CLI-based as is shown in figure 1. Something very important about templates is that when we create a CLI-based template for a specific device, the whole configuration of the device must be in the CLI template and not only a specific snippet of the configuration. The opposite is true about feature templates.

Feature-based vs CLI-based Template
Figure 1. Feature-based vs CLI-based Template

Creating a feature-based template is comparable to assembling a template of lego blocks where each block is a different technology feature. For example, OSPF is one lego block, BGP is another lego block, AAA is another, and so on. Let's highlight the main benefit of configuring devices using feature-based templates:

  • Feature templates can be reused across multiple devices. This brings greater flexibility and scale.
  • It is more granular than CLI-based templates. You can modify only a specific device feature such as AAA or BGP.
  • You don't need to know the device-specific syntax of different platforms. You just apply the template and vManage handles the actual configuration behind the scenes. 

Configuration Variables

Network engineers know very well that network devices have many device-specific parameters that are unique per device. For example, each one has a unique name, IP addresses, interface names, router-id, and so on. To account for that, Cisco SD-WAN gives us the ability to specify three different types of values when creating feature templates:

  • Global - When we specify a value to be Global that means that it will be applied to all devices to which the feature template is attached. For example, this will most probably be the case for the SNMP communities, Syslog servers, or the company's banner message. At a later stage, when we want to change the Banner of all nodes, we would just update the feature template value and it will update every device template that is using this feature template.  
  • Device-specific - When we know that a particular parameter will be unique for every different device, we specify a device-specific value. When we do that, the wizard will ask for a variable name. In the example in figure 2, this is [inet_if_name]. Upon applying a device template to a given device, the vManage Wizzard will ask us to provide the actual unique value for this variable. 
  • Default - The default value simply represents the factory default settings. It cannot be changed, that is why the text-box is always greyed-out and inactive. When we want to overwrite the default value, we change the value type to either Global or Device-specific.
Feature Template Parameters
Figure 2. Feature Template Parameters

In the example shown in figure 2, you can see a Feature Template of VPN Interface Ethernet type. You can see that there is a drop-down box before each parameter that specifies the parameter type. 

Device Templates

It is important to understand that a device template defines a given device's complete operational configuration. The structure of a device template is shown in figure 3. It is made of a number of feature templates depending on the specific device, role, and so on.

Device Template Structure
Figure 3. Device Template Structure

As you know, on the traditional Cisco networking devices, some essential features are mandatory and turned on by default (for example spanning-tree, vtp, etc). In the same way in Cisco SD-WAN, when creating a device template, some features are mandatory, indicated with an asterisk (*). That is why there are factory-default templates named Factory_Default_{Feature-Name}_Template that is applied by default in case you do not overwrite them with a more specific configuration. This can be seen in the screenshot below.

Factory Default Templates
Figure 3. Factory Default Templates

Upon attaching a configuration template to a cisco SD-WAN node, vManage requires all device-specific values to be filled in. This can be done through the vManage GUI directly, or by or by using a CSV file. In the case of large-scale deployment, the CSV method allows you to configure a large number of WAN Edge nodes very quickly.

Once a device template is applied to vEdge or vSmart device, the device is put in "vManaged mode" and its configuration can no longer be modified via CLI. This can be verified using the following command:

vEdge-5# show system status

Viptela (tm) vedge Operating System Software
Copyright (c) 2013-2017 by Viptela, Inc.
Version: 17.1.0
Build: 20

#lines omitted for clarity

Personality:             vedge
Model name:              vedge-cloud
Services:                None
vManaged:                true
Commit pending:          false
Configuration template:  VEDGE-MPLS+INET

In cases where we attach a device template to a WAN edge router and it for whatever reason loses control plane connectivity to the vManage controller, the vEdge will immediately start a 5-min rollback timer. If the control-plane connectivity does not come up within that 5 minutes, the vEdge will revert back its configuration to the last-known working setup and will eventually reconnect to vManage. 

Cisco SD-WAN Templates seem difficult and convoluted at first. However, when you go through our lab lessons and start playing around with them, you will see that they are very straightforward and very flexible at the same time.