Step 6: Deploy the vEdge Routers

vEdge routers, as their name implies, are edge routers that are located at the perimeters of the sites in your overlay network, such as remote office, branches, campuses, and data centers. They route the data traffic to and from their site, across the overlay network.

vEdge routers are either physical hardware routers or software vEdge Cloud routers, which run as virtual machines on a hypervisor or an AWS server.

An overlay network can consist of a few or a large number of vEdge routers. A single vManage NMS, which provides management and configuration services to the vEdge routers, can support up to about 2,000 routers, and a vManage cluster can support up to about 6,000 routers.

To deploy vEdge routers:

1. For software vEdge Cloud routers, create a VM instance, either on an AWS server, or on an ESXi or a KVM hypervisor.
2. For software vEdge Cloud routers, install a signed certificate on the router. In Releases 17.1 and later, the vManage NMS can act as a Certificate Authority (CA) and can automatically generate and installed signed certificates on vEdge Cloud routers. In earlier releases, send a certificate signing request to Symantec and then install that certificate on the router so that the router can be authenticated on and can participate in the overlay network.
3. From the vManage NMS, send the serial numbers of all vEdge routers to the vSmart controllers and vBond orchestrators in the overlay network.
4. Create a full configuration for the vEdge routers. You do this by creating a vManage template for the vBond orchestrator and attaching that template to the orchestrator. When you attach the vManage template, the initial minimal configuration is overwritten.
5. Prepare hardware vEdge routers for automatic provisioning, which is done using the Viptela zero-touch provisioning (ZTP) tool. The ZTP process allows hardware routers to join the overlay network automatically.

Starting with Release 18.2.0, vEdge routers that are hosted in countries affected by United States government embargoes cannot connect to overlay network controllers (vBond orchestrators, vManage NMSs, and vSmart controllers) that are hosted in the Cisco cloud. Any vEdge router from an embargoed country that attempts to connect to one of these controllers will be disabled. (The vEdge routers can, however, connect to controllers that are hosted in other clouds.) As a result, when a vEdge router initially attempts to connect to a controller in the Cisco cloud, the router might not come up and might remain in a pending state if the vBond orchestrator and the vManage NMS are unable to communicate with each other or if the Cisco cloud server is down.