How you install the traditional network devices?
A skilled technician would go on to the site to deploy the router and connect cables on them and make sure everything is working.
But how to implement SD-WAN gateway? You cannot install SD-WAN gateway in our case NSG (Network Service Gateway) just like that. You would have to do a process called NSG bootstrapping at the branch location.
However, the process of bootstrapping is much easier when compared to the traditional network rollout. You do not require a skilled technician on the site.
Process of Creating Nuage SD-WAN gateway – NSG
When you install the SD-WAN gateway at the branch locations. There are specific prerequisites to be made available in nuage VSD architect.
That way during the deployment of the Nuage NSG, you can bootstrap them with a couple of clicks in VSD architect.
You can also say these steps, the creation of Nuage NSG and its templates to enable zero-touch provisioning.
You don’t necessarily have to do these steps each time when you deploy a new NSG at the branch.
This is only required for the first time unless something else changed on the Nuage SDN network setup.
This NSG is the data plane in the Nuage VNS solution knows as SD-WAN, which is an OpenFlow switch based on Linux. It also supports IPSec security.
Steps to Create NSG Gateway
- Creation of Enterprise in Nuage VSD.
- Attaching Nuage Controller (VSC) in the enterprise.
- SD-WAN gateway Access profile.
- Creation of NSG (SD-WAN-Gateway)profiles
- Creation of NSG template.
The one advantage of nuage SD-WAN is that you can have multi-tenancy with the help of Network overlay, meaning you can control multiple customers in one VSD. Similar to the ISP environment, you connect multiple customers to one particular cloud and manage them.
- Since we don’t have any enterprise or customer created under VSD architect by default, you can no go ahead and define an enterprise by clicking on the plus icon on the left bottom corner.
- You need to define the Organisation name Admin password, also select the Organisation profile that you are going to use I am selecting the default profile, rest everything else keep as default.
Remember, we had deployed Nuage Controller (VSC) in our previous lab, now you need to call those VSC’s under VSC profiles in Platform configuration.
- Goto Platform configuration by clicking on the gear icon on the right top corner.
- Click on Infrastructure tab, Network Services Gateways and click on NSG profiles and VSC profile.
- Add infrastructure VSC profile one and two.
Sometimes you would want to SSH into the NSG for checking the configs remotely. To enable the SSH, go to Access profiles under NSG profiles and create a new access profile.
Important fields are the username and password, and you could use these credentials to log in.
Note: to SSH into the nuage NSG we cannot use the default port number which is 22, you will have to use port 893.
During the bootstrapping process, this NSG has to talk to a nuage proxy server to start the bootstrap process and eventually exchange the certificates with the VSD.
Now the question is how would the NSG know about where the nuage proxy server is?
The answer to that question is, you would have to define nuage proxy URL under NSG profiles.
- Click on the plus icon to create NSG profile.
- Add the below details to it.
- Sync= don’t update
- VSD proxy FQDNS =proxy.getlabsdone.com
- Uncheck Enable two-factor authentication.
- Whenever you create an NSG at the branch location you can use some predefined settings that have been defined under the template.
- In the template, you could attach access profile details, NSG profiles, and also define underlay network interfaces, such as WAN interfaces and LAN interfaces.
- I am creating an NSG template with one WAN link and one LAN link, also added VLAN 0 on both the interfaces.
We need to assign a new IP address to the wan link that way NSG can talk to the underlay network. Which we can during the NSG bootstrapping.
You can define the IP address through NSG template or while creating the NSG in the enterprise, I recommend you to use the IP address while creating the NSG on the branch, which I have covered next.