Catalyst SD-WAN – Introduction to Configuration Groups

One of the challenges with Catalyst SD-WAN is managing templates. Depending on how successful you are in standardizing your deployment, you risk ending up with many device templates. This can also be amplified if you have several platforms as each platform requires its own set of device templates. Feature templates, while reusable, offers no concept of grouping feature templates which means that there is a lot of work involved in building a new device template. To overcome some of these challenges, Cisco has introduced Configuration Groups starting with 20.8 and going forward where 20.11 currently has the most features implemented. This is also often referred to as UX 2.0 in some presentations. Let’s take a look at Configuration Groups by looking at the building blocks.

• Configuration Group – Logical grouping of features or configuration that is applied to devices. Similar to a device template but it can be applied to different models.
• Feature Profile – Building block of configurations that can be reused across different Configuration Groups. Example feature profiles are Transport Profile, System Profile, Service Profile.
• Feature – The Feature Profile consists of features. The individual capability to be shared across Configuration Groups such as service VPN, transport interface, logging, etc.

The image below taken from Cisco’s system documentation shows an overview of Configuration Groups:

This image demonstrates how different Configuration Groups apply to different regions but where Feature Profiles are reused across the Configuration Groups.

What are the benefits of using Configuration Groups as opposed to device templates?

• Simplicity – A workflow is provided for you with step-by-step instructions where it is clear what is mandatory or optional, and where smart defaults are provided.
• Day-zero Deployment – More easily onboard devices by creating Configuration Group with minimum information needed.
• Reusability – Components can be reused across entire device families instead of a specific model. For example, with device templates a Catalyst 8200 would need a different template than a 8300 even if they had identical configuration.
• Structure – Better grouping of devices based on business needs and shared configuration rather than device type.
• Visibility – By leveraging Configuration Groups, a site-level topology is generated which shows a visual map of the device and its configuration.
• Findability – It’s now possible to tag devices to make them more easy to find as well to apply a Configuration Group to them.

Note that Configuration Groups are only supported on IOS-XE based devices. A device either belongs to a Configuration Group or a device template, not both.

To get started with Configuration Groups, go to Workflows -> Workflow Library. The following workflows are available:

Select Create Configuration Group. The following is then displayed giving some information about Configuration Groups:

You can choose to not have this info shown again. Click Let’s Do it to continue. The next step is then to provide a name for the Configuration Group and optionally a description:

Click Next to continue but note that you can also exit the workflow and resume it later. The following is then displayed where you can see a visual representation of the site type and where there are different sections with settings to be configured. Note that currently only single router sites are supported:

Below is the entire list of sections with all sections collapsed:

Let’s start to configure the Site Settings:

There are three things presented to us here:

• Password for the admin account
  MOTD banner
• Login banner

Note that we can choose to use the default banners which means we only need to specify a password for the admin account. As usual, you can either set it to a global value or a device specific value:

Note that the section will be red if there is information missing and the workflow will guide you to what information is missing. When the missing information has been provided, the section turns green again:

The next section is WAN Interfaces. Three interfaces are added by default:

It is assumed that all of the interfaces will be using DHCP. For my scenario, I only need one interface and it will have a static IP:

The following advanced options are available:

In the CG WAN Routing section is where you add static routes (if not using DHCP) or if using a routing protocol towards the provider:

Let’s add a static default route:

The next section is for adding service VPNs:

Define the number of VPNs needed. It’s possible to add routing or to change the names of the device specific values.

When done, click Next. You are asked if you want to configure Remote Access:

We don’t need RA right now so we will skip this.

A summary is shown of what will be configured:

Click Create Configuration Group to create the CG. The CG has successfully been created:

We will add devices later. The CG is now available under Configuration -> Templates:

Feature Profiles have also been created for us:

I created a Demo CG with all the default settings to demonstrate how it at first uses certain Feature Profiles:

Clicking Actions on a Feature Profile allows for switching to another profile:

A list of available profiles is then shown and it’s also possible to create a new one:

It’s also possible to edit an existing profile to add additional features:

Notice how the Basic System Profile includes feature profiles for BFD, global, logging, OMP, etc., but we didn’t need to configure these which we would have to using a device template. We can customize them if needed, though.

To start associating devices with the CG, edit the CG and go to Associated Devices:

There are different options available here, such as creating rules for the CG but for now let’s associate a device manually. Click Associate Devices which presents the following screen:

Click Next and then select one or more devices to associate with before clicking Next again:

A list is shown with devices to be added. Click Save to complete the process:

You are then asked if you want to provision a device:

We will provision a device so we select Provision Devices which then shows the following screen where we need to click Next:

We get to select what devices to deploy before clicking Next:

There is then information that we need to fill, just like with device specific values when using ordinary templates. When done, click Next:

A summary is then shown. Click Deploy to provision the device:

The request to deploy has been submitted:

To check the status, click View Deployment Status that shows that the device is currently offline:

When the device comes online, it will pull the config as normally happens.

One of the nice features with Configuration Groups is the overview we can get of the site when we go to Monitor -> Devices and click the Site ID:

This view will show transport interfaces, service VPNs and provide information about the health of the site.

Configuration Groups is still work in progress but a welcomed feature that will make it easier to create standardized configurations an onboarding templates with less input required from the administrator. They also provide nice visualization of your sites to give you insights into how the site is performing. I hope this post has been helpful and that you now know what a Configuration Group is.