Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Configure the vBond Orchestrator

Once you have set up and started the virtual machine (VM) for the vBond orchestrator in your overlay network, the vBond orchestrator comes up with a factory-default configuration. You then need to manually configure a few basic features and functions so that the devices can be authenticated and verified and can join the overlay network. Among these features, you configure that this device is a vBond orchestrator, you configure the system IP address, and you configure a WAN interface that connects to the Internet. This interface must have a public IP address so that all Viptela devices in the overlay network can connect to the vBond orchestrator.

You create the initial configuration by using SSH to open a CLI session to the vBond orchestrator.

After you have created the initial configuration, you create the full configuration by creating configuration templates on the vManage NMS and then attaching the templates to the vBond orchestrator. When you attach the configuration templates to the vBond orchestrator, the configuration parameters in the templates overwrite the initial configuration.

Create Initial Configuration for the vBond Orchestrator

To create the initial configuration on a vBond orchestrator from a CLI session:

  1. Open a CLI session to the Viptela device via SSH.
  2. Log in as the user admin, using the default password, admin. The CLI prompt is displayed.
  3. Enter configuration mode:
    vBond# config
    vBond(config)#
  4. Configure the hostname:
    vBond(config)# system host-name hostname
    Configuring the hostname is optional, but is recommended because this name in included as part of the prompt in the CLI and it is used on various vManage NMS screens to refer to the device.
  5. Configure the system IP address:
    vBond(config-system)# system-ip ip-address
    The vManage NMS uses the system IP address to identify the device so that the NMS can download the full configuration to the device.
  6. Configure the IP address of the vBond orchestrator. The vBond orchestrator's IP address must be a public IP address, to allow all Viptela devices in the overlay network to reach the vBond orchestrator:
    vBond(config-system)# vbond ip-address local
    In Releases 16.3 and later, the address can be an IPv4 or an IPv6 address. In earlier releases, it must be an IPv4 address.
    ​A vBond orchestrator is effectively a vEdge router that performs only the orchestrator functions. The local option designates the device to be a vBond orchestrator, not a vEdge router. A vBond orchestrator must run on a standalone virtual machine (VM) or hardware router; it cannot coexist in the same device as a software or hardware vEdge router.
  7. Configure a time limit for confirming that a software upgrade is successful:
    vBond(config-system)# upgrade-confirm minutes
    The time can be from 1 through 60 minutes. If you configure this time limit, when you upgrade the software on the device, the vManage NMS (when it comes up) or you must confirm that a software upgrade is successful within the configured number of minutes. If the device does not received the confirmation within the configured time, it reverts to the previous software image.
  8. Change the password for the user "admin":
    vBond(config-system)# user admin password password
    The default password is "admin".
  9. Configure an interface in VPN 0, to connect to the Internet or other WAN transport network. In Releases 16.3 and later, the IP address can be an IPv4 or an IPv6 address. In earlier releases, it must be an IPv4 address. Ensure that the prefix you configure for the interface contains the IP address that you configure in the vbond local command.
    vBond(config)# vpn 0 interface interface-name
    vBond(config-interface)# ip address ipv4-prefix/length
    vBond(config-interface)# ipv6 address ipv6-prefix/length
    vBond(config-interface)# no shutdown

Note: The IP address must be a public address so that all devices in the overlay network can reach the vBond orchestrator.

  1. Commit the configuration:
    vBond(config)# commit and-quit
    vBond#
  2. Verify that the configuration is correct and complete:
    vBond# show running-config

After the overlay network is up and operational, create a vBond configuration template on the vManage NMS that contains the initial configuration parameters. Use the following vManage feature templates:

  • System feature template to configure the hostname, system IP address, and vBond functionality.
  • AAA feature template to configure a password for the "admin" user.
  • VPN-Interface-Ethernet feature template to configure the interface in VPN 0.

Configure General System Parameters

When you are creating the initial vBond configuration, you may also want to configure the following general system parameters from the CLI:

  1. Configure the organization name, which is the name that is included in the certificates on all devices in the overlay network. This name must be the same on all devices.
    vBond(config-system)# organization-name name
  2. Configure the timezone, NTP servers, and physical location. See the Configuring Time and Location article for your software release.
  3. Configure a login banner, which is text that is displayed before the login prompt, and configure a general banner, which is text displayed after a user successfully logs in. The text strings can be up to 2048 characters. Use \n to insert line breaks.
    vBond(config)# banner login "text"
    vBond(config)# banner motd "text"
  4. Modify the logging parameters for syslog messages. By default, syslog messages are always logged to the local hard disk. All syslog messages above the "informational" priority value are stored in the file /var/log/vsyslog, and all debug messages for modules whose debugging is turned on and all syslog messages above the configured priority value are saved to the file /var/log/tmplog/vdebug. Syslog files are rotated when the file size reaches 10 MB, and the last 10 files are retained. You can modify the priority value or the file rotation information:
    vBond(config-system)# logging disk
    vBond(config-logging)# priority priority
    vBond(config-logging)# size megabytes
    vBond(config-logging)# rotate number

    You can also log syslog messages to one or more remote hosts reachable in one of the VPNs in the overlay network:
    vBond(config-system)# logging server (dns-name | hostname | ip-address)
    vBond(config-server)# priority priority
    vBond(config-server)# vpn vpn-id
  5. Configure AAA, and RADIUS and TACACS+ servers. See the Configuring User Access and Authentication article for your software release.
  6. Configure SNMP. See the Configuring SNMP article for your software release.
  7. Commit the configuration:
    vBond(config)# commit and-quit
    vBond#

After the overlay network is up and operational, create a vBond configuration template on the vManage NMS that contains the initial general system configuration parameters. Use the following vManage feature templates:

  • System feature template to configure the organization name, NTP servers, timezone, physical location, banners, and system logging.
  • AAA feature template to configure AAA parameters.

Sample Initial CLI Configuration

Below is an example of a simple configuration on a vBond orchestrator. Note that this configuration includes a number of settings from the factory-default configuration and shows a number of default configuration values.

vBond# show running-config 
system
 host-name         vBond
 gps-location latitude 40.7127837
 gps-location longitude -74.00594130000002
 system-ip         172.16.240.161
 organization-name "Viptela Inc"
 clock timezone America/Los_Angeles
 vbond 11.1.11.14 local
 aaa
  auth-order local radius tacacs
  usergroup basic
   task system read write
   task interface read write
  !
  usergroup netadmin
  !
  usergroup operator
   task system read
   task interface read
   task policy read
   task routing read
   task security read
  !
  user admin
   password encrypted-password
  !
 !
 logging
  disk
   enable
  !
!
vpn 0
 interface ge0/0
  ip address 11.1.1.14/24
  no shutdown
 !
 ip route 0.0.0.0/0 11.1.1.1
!
vpn 512
 interface eth0
  ip dhcp-client
  no shutdown
 !
!
  • Was this article helpful?