VERSA SD-WAN FLEXVNF NOTES-5
Branch Deployment:
The template is everything for sd-wan. The template makes our work easier. I will prepare the templates
in the Workflow section.
For my topology, I will select full-mesh because there is no hub device. After branches learn the necessary route from the controller with BGP, they will install direct communication between them.
The interfaces come up as empty, we choose the interface functions as wan or lan. I have two wan interfaces and one LAN interface for the default configuration. Also, I configure MPLS and CLOUD routers as DHCP servers. Automatically IP address is assigned to wan interfaces by the DHCP server.
Mgmt interface is Eth0. You can access the web UI of the branch over eth0. I don't need it as I work on the console.
Wan interfaces configuration;
Lan interface configuration;
Leave as default the following section, for now, don't make any changes then click the Create button.
After creating the branch template, I need to define the branch device. this part is related to device registration.
Device Group appears empty, click +Device group section
Don't forget to select the Branch Template is created before.
Set location;
There is no Device Service Template, pass this section and click the continue button.
I had left the Lan interface as static when I created the Branch Template. I assign the IP address to the Lan interface at this part.
we will see branch1 as deployed.
I need to input a static route so that the director can access the overlay network.
I have finished the template part. I need staging parameters. The following figures show where I will find the parameters. Mpls-controller-1-staging and internet-controller-1-staging parameters are the same. I will use the one's parameters of them for staging.
This information is necessary for the IKE session between controller and branch
I am login via console. I will configure it as a branch device.
Default Credential;
Username:admin
Password:versa123
I input the following command for staging.
-l Local ID
-r Remote ID
-c Controller ip address
-w Wan port number ( vni0/0 is mpls for us)
-d Use dhcp for wan link
sudo /opt/versa/scripts/staging.py -l SDWAN-Branch@networktcpip.com -r Controller-1-staging@networktcpip.com -c 192.168.50.2 -w 0 -d
staging is started. check the interface status.
IKE session starts between a branch and a staging server.
After the IKE session comes up, the staging server assigns an IP address to the branch.
The Versa Director IP address is notified to the branch.
I see the branch device on Director as an unknown device.
I had defined the Branch1 device before. I match the unknown device to Branch1
at This part;
Versa Director pushes the stage two configuration to the branch device, through the staging server.
The controller IP address, in the IPSec profile, is given as a remote IP.
The branch device is rebooted.
After the branch device comes up with stage two configuration, it establishes the IKE session with the controller.
Also, look via console, Director uses netconf to configure the branch device. the following figure shows
The controller assigns an IP address to the branch device and generates a notification to Versa Director.
Branch1 device is ready.
I will see BGP and IPsec connections between controller and branch.
By repeating the same steps, configure the Branch2 device.
Remember, I have installed a full-mesh topology between branches. I have to see two IPsec tunnel
Branch to Controller
Branch1 to Branch2
check the routing table, are Branch2's routes in the Branch1 routing table? Yes, I see 192.168.128.0/24
How do branch devices monitor interfaces? The following figure gives some information. SLA-monitor is important for link redundancy. I made a link redundancy test. Versa is successful
Test with ping from Branch1 to Branch2;
Everything is properly working.
When I check the Analytics, I see the Analytics start to collect the information from devices.
After all these installations, The rest is up to your imagination :))
Thanks for reading.
Great work ! appreciating your effort. Thanks
my controller cannot communicate with branch mgmt ip 10.0.0.0/8. there is route on controller vrf, but vrf name on branch is mgmt, vrf name on controller is internet-control-VR.
Which emulator did you use for this lab? And did you face any issues during VNF pre-stage phase, it stuck on 30% and then drops