APIC-EM

IWAN App Lab v1 (with LiveAction

Integration)

by Ratnesh
Task:

Scenario 1: Provisioning a Dual DC IWAN Environment

Scenario 2: Configuring a Greenfield Dual Router IWAN Branch Site
Scenario 3: Configuring a Brownfield Single Router IWAN Branch Site
Scenario 4: Configuring PfRv3 Application Policy
Scenario 5: Day N Bandwidth and WAN IP Updates
Scenario 6: Integrating LiveAction with APIC-EM
IWAN App Whats New
The IWAN 1.4 Application has the following new features:
IWAN App automatically builds, deploys,
updates and monitors network devices and Polaris Support
configurations, accelerating the transition to NBAR PP update
hybrid WAN, and quickly realizing the benefits 4G Support
of lowered WAN transport costs while
increasing available usable throughput,
Multi DHCP Support
simplified IT, increased security, and Day 0 QoS queue bandwidth customization
optimized application performance based Day-N update QoS queue bandwidth + WAN Interface IP
directly on business outcomes.
Address + Bandwidth
ASR1k as spoke
Spoke behind NAT
Custom App Deletion
Robustness and Usability
Inline documentation help
 Scenario 1: Provisioning a Dual DC
IWAN Environment

Steps: 1 80
1. Select Google Chrome from the desktop
and access APIC-EM using
https://198.18.129.100.
2. 2. Log into APIC-EM using the saved
credentials, userid admin and password
C1sco12345
3. 3. In the upper right, click Admin >
Settings
4. 4. On the CLI Credentials page, enter the
following information. Click Add.
5. From the left hand menu bar, select the
IWAN App icon.
NOTE: This is the main dashboard of the IWAN
application; from here, you can configure and
update hub site settings, administer
application policy, and deploy new branch
sites all through automated workflows as well
as Monitor Existing Sites Performance.
6. Now in the APIC-EM IWAN application deploy
both hub sites from a single workflow. Select
Configure Hub Site & Settings.
7. In the resulting Network wide settings page of
the Hub Workflow, enter the following information:
Netflow Destination IP: 198.18.133.34 (Live Action) Port Number: 2055 (Default) APIC-EM behind NAT/Proxy: No
Version: V2C (Default) Read Community: dcloud-ro Domain Name: dcloud.cisco.com
8. Click Show More to expand the amount of information you can enter.
9. Click Save & Continue to move on to the Certified IOS releases step.
10. On the Certified IOS releases page pictured below, click Continue.
11. Now on the IP Address Pools step in the Hub Site workflow, enter the following information: Remote Site Count: 10 Service Provider
Count: 2
12. Click Add Address Pool and enter 198.19.8.0/22 as a Generic Pool as seen below. 13. Click Add Address Pool again and enter
10.3.0.0/16 as a LAN Greenfield pool as seen below.
NOTE: You can also upload address pools or add site-specific address pools on this screen.
DMVPN and Loopback IP Address Pool Configuration
14. With the IP Address Pools now selected click on Check IP Range.
15. The below pictured window displays detailing the required minimum subnet size based on expected usage by APIC-EM. Then click the OK
button to continue.
16. Again, click the Save & Continue button to move on to the Service Providers step in the IWAN App Hub workflow.
17. Now on the below pictured Service Providers step in the IWAN App Hub workflow hover over the small information circle to see addition
directions from APIC-EM.
18. Enter MPLS1 into the WAN Label section and select Private from the drop down menu before clicking on the plus sign to add
another WAN Label.
19. Enter INET1 into the WAN Label section and take the default of Public in the drop down menu as seen below.
20. Click the edit icon for one of the Service
Provider QoS models. This allows you to
customize QoS class models DSCP values to
match SLAs or service provider configurations.
21. Click Cancel as customizations to QoS
Models is not required in this environment
22. Click the Continue button to move on in
the workflow. 23. The IWAN aggregation site
step in the workflow will appear.
Figure
IWAN AGGREGATION SITE
24. Begin by clicking on the Master Controller
at the Hub Site labeled MC as displayed.
25. 25. A new embedded window opens. 26.
Enter the LAN Side IP Address of this
Router 198.18.129.201 and click the
Validate button.
27. APIC-EM sends a test message to ensure
this addresses IP stack is available then
displays the Configure Router window. Enter
the following router specific information into
this window then click Add Device.
Read Community: dcloud-ro
Write Community: dcloud
Username: admin
Password: C1sco12345
Enable Password: C1sco12345
28. APIC-EM contacts the device and makes it
available for provisioning as part of the IWAN
domain.
29. Back in the main window click the HUB router connecting
to the MPLS1 service provider transport.
30. Again, a new embedded window opens. Enter the LAN Side
IP Address of this Router 198.18.133.211 and click the
Validate button.
31. Again, enter the following router specific information into
this window then click Add Device. Read Community:
dcloud-ro Write Community: dcloud Username: admin
Password: C1sco12345 Enable Password: C1sco12345
NOTE: These fields pre-populate with the data from the last
successfully discovered router via the workflow.
32. APIC-EM contacts the device and makes it available for
provisioning as part of the IWAN domain just as before.
33. On the main screen, click the HUB router connecting to
the INET1 service provider transport.
34. Again, a new embedded window opens. Enter the LAN
Side IP Address of this Router 198.18.133.212 and click the
Validate button.
35. Again, enter the following router specific information into
this window then click Add Device. Read Community:
dcloud-ro Write Community: dcloud Username: admin
Password: C1sco12345 Enable Password: C1sco12345
NOTE: These fields pre-populate with the data from the last
successfully discovered router via the workflow.
36. Again, APIC-EM contacts the router and makes it available
for provisioning as part of the IWAN domain.
37. On the main screen, take note that some of the routers at
the HUB have turned an orange color. This indicates that
these routers are ready for further configuration.
Transit Hub Configuration

38. Begin by clicking on the Master Controller

at the TRANSIT-HUB-1 site labeled MC as
displayed.
39. A new embedded window opens.
40. Enter the LAN Side IP Address of this
Router 198.19.2.201 and click the Validate
button.
41. APIC-EM sends a test message to ensure this addresses IP stack is available then displays the Configure Router window. Enter
the following router specific information into this window then click Add Device. Read Community: dcloud-ro Write
Community: dcloud Username: admin Password: C1sco12345 Enable Password: C1sco12345
42. APIC-EM contacts the device and makes it available for provisioning as part of the IWAN domain.
43. Click the TRANSIT-HUB-1 router connected to the MPLS1 service provider transport.
44. In the resulting embedded pop-up window, enter the IP address of the routers LAN facing interface 198.19.2.211 and click
the Validate button.
45. Again, enter the following router specific information into this window then click Add Device. Read Community: dcloud-ro
Write Community: dcloud Username: admin Password: C1sco12345 Enable Password: C1sco12345
NOTE: These fields pre-populate with the data from the last successfully discovered router via the workflow.
46. On the main screen, click the only remaining untouched router at TRANSIT-HUB-1 connected to INET1.
47. In the resulting pop-up enter the IP address of the router 198.19.2.212 and click the Validate button.
48. Again, enter the following router specific information into this window then click Add Device. Read Community: dcloud-ro
Write Community: dcloud Username: admin Password: C1sco12345 Enable Password: C1sco12345
NOTE: These fields pre-populate with the data from the last successfully discovered router via the workflow.

After these basic setup move to next

49. On the main screen, click the first router,
the MC at HUB.
50. In the pop-up window pictured here check
the box for 198.18.129.201 GigabitEthernet1 1.
for the LAN IP-Interface then click the Save
button.
51. The router turns a deep blue, signifying it
is ready. Click the router connected to MPLS1
at the HUB site to configure the interfaces
just like the last router.

3.

2.
52. In the pop-up window select 198.18.133.211 GigabitEthernet1 as the LAN IP-Interface and click the Save button.
53. Like the last router, this one as well turns blue. Click the router at HUB connected to the INET1 transport.
54. In the pop-up window select 198.18.133.212 GigabitEthernet1 as the LAN IP-Interface and click the Save button.
55. Click the master controller at TRANSIT-HUB-1.
56. Select the 198.19.2.201 GigabitEthernet1 interface
and click the Save button.
57. Click the router at TRANSIT-HUB-1 connecting to the
MPLS1 transport.
58. Select the 198.19.2.211 GigabitEthernet1 interface
and click the Save button.
59. Click the router at TRANSIT-HUB-1 connecting to the
INET1 transport.
60. Select the 198.19.2.212 GigabitEthernet1 interface
and click the Save button
61. Click the green plus symbol between MPLS1 and the HUB
router as seen below.
62. The below pictured Configure Link pop-up window
opens. Enter the below information to complete this link
and click the Save button to continue. Default Gateway:
172.16.11.2 Use Loopback for DMVPN Tunnel: Checked
Loopback IP-Interface: 172.16.11.254 Loopback100
Bandwidth: 10 Service Profile: Default 8-Class Model
NOTE: Always ensure that the correct Service Provider QoS
Model and physical Interface have populated through the
validation process completed by APIC-EM in the previous
steps. Hub site provisioning fails if this information is
incorrect. Consult the Diagram if needed.
63. Back on the main page of the workflow click the line
connecting the TRANSIT-HUB-1 router to MPLS1 as seen below.
64. The below pictured Configure Link pop-up window opens.
Enter the below information to complete this link and click the
Save button to continue. Default Gateway: 172.16.12.2 Use
Loopback for DMVPN Tunnel: Checked Loopback IP-Interface:
172.16.12.254 Loopback100 Bandwidth: 10 Service Profile:
Default 8-Class Model

Now Lets Configure Transit-Hub-1

65. Back on the main page of the workflow click the line
connecting the HUB router to INET-1 as seen below.
66. The below pictured Configure Link pop-up window opens.
Enter the below information to complete this link and click Save
to continue. Default Gateway: 198.20.0.1 Bandwidth: 10
68. The below pictured Configure Link pop-up window opens.
Enter the below information to complete this link and click the
Save button to continue. Default Gateway: 198.20.0.5
Bandwidth: 10
69. At this point, the Dual Hub Site Workflow is complete and APIC-EM has all of the information it needs to provision the IWAN Data
Center Sites. Click Save & Continue.
70. Back at the main screen click the set of cylinders at the top left of the HUB settings.
71. The below pictured window will appear. Leave the AS
Number as the default for the datacenter side routing
protocol.
72. After examining the Datacenter Prefixes, click the
Save button to continue. 73. Back at the main screen
click the set of cylinders at the top left of the TRANSIT-
HUB-1 settings.
73. Back at the main screen click the set of cylinders at
the top left of the TRANSIT-HUB-1 settings.
74. The below pictured window will appear. Leave the AS
Number as the default for the datacenter side routing
protocol.
75. After examining the Datacenter Prefixes, click the
Save button to continue.
76. Click Save and Continue.
77. The Hub Site summary window opens allowing for the
review all selected information as well as allow for an
immediate apply or a scheduled time to apply
automatically. Click the Continue button to apply this
configuration to the routers.
78. Click Continue and APIC-EM will return to the main screen to monitor the process.
79. Watch as APIC-EM configures the entire IWAN dual Head end in fewer than 10 minutes time.
80. When the screen changes from HUB site(s) is being configured please wait to Hub site(s) is ready Manage branch Sites the configuration
process has completed.
NOTE: After the Hub provisioning, the Application Dashboard comes alive. Hover over a chart to view the details.
We are done with Scenario 1 :
Scenario 2: Configuring a Greenfield Dual Router IWAN Branch Site
Steps

1. Log into APIC-EM using the userid admin

and password C1sco12345.
2. 2. Click on Manage Branch Sites
3. The resulting Devices page presents with
two Plug and Play discovered routers available
to the IWAN Application for deployment as
branch sites.
4. Click on Bootstrap on tab as seen below to
review the default PnP bootstrap CLI
configuration files that have been preloaded
on each of the routers that have been
automatically discovered by APIC-EM already.
5. Click the download icon for Ethernet
(Private).
6. Open the Downloads directory on the
workstation and right click the file. Select Edit
with Notepad++.
7. This configuration file supplies a good
template for connecting the branch router to
APIC-EM automatically.
8. Click X to close Notepad++ and click X to
close the directory structure.
9. Return to the Devices tab and the two
routers available for configuration.
10. Click in the Site Name field for both
routers and enter Miami. Save the change.
11. Select the check box next to the serial
number for each device and click Provision
Site.
12. The Provision Site screen lists the two
Cisco Supported options for a single router
IWAN branch site. Select the Two router with
two WAN clouds configuration topology
13. Select L2 Configuration Two routers with
two WAN clouds.
14. Enter the following information for the
new site on the Configure Topology step of the
workflow. Site Name: Miami Site Location:
Miami (Click on Set Geo to use the map to
place the site) Pop to Connect: HUB
15. Select each router individually to confirm
which router is for INET1 and which for MPLS1.
Select WAN (left): INET1 Select WAN
(right): MPLS1
16. Click the plus sign for the INET1 cloud.
17. The Configure window displays. By default, the Application offers the use of DHCP on the Internet transport. Change this to Static
IP for interface GigabitEthernet1.
18. Again, APIC-EM learns from the existing interface configuration and auto populates as much information as possible. Review the
information and enter the Upload speed before clicking on the Save button.
Interface: GigabitEthernet1 Enable: Static IP WAN IP address: 198.20.1.2 WAN IP Mask: 255.255.255.252 Gateway IP address:
198.20.1.1 Upload: 10 Download (Mbps): 300
19. The cloud turns blue to indicate it saved these selections
20. Click the plus sign for the MPLS1 cloud
21. The Configure WAN Cloud window will appear. Carefully evaluate the information that APIC-EM has auto populated based on the
exiting interface configuration required for basic reachability. Confirm the following information and correct anything that does not
match. When complete click Save. Interface: GigabitEthernet1 CE IP Address: 198.10.1.2 CE IP Mask: 255.255.255.252 PE IP
Address: 198.10.1.1 Download & Upload (Mpbs): 10 Service Provider: Default 8-Class Model
22. The cloud turns purple to indicate it saved these selections.
23. Back at the main screen of the workflow click the plus sign next to the LAN.
24. Confirm the following information and correct anything that does not
match. When complete, click Save.
25. When all components show the green checkmark, click Apply Changes.
26. A summary of the changes displays. Scroll down to verify that both Lan
Interfaces have GigabitEthernet2 for configuration. Click Submit to proceed
and provision.
27. A small message displays at the top of the screen requiring confirmation.
Click Yes to proceed.
28. APIC-EM returns to the Sites tab where it began to monitor the progress of
the new site.
NOTE: Site provisioning may take up to 7 minutes to complete and reflect in
the IWAN App.
29. When automated deployment of the site completes the Status changes to
Provisioned.
Scenario 3. Configuring a Brownfield Single Router
IWAN Branch Site
 Steps
1. Log into APIC-EM using the userid admin
and password C1sco12345.
2. 2. Click on Manage Branch Sites.
3. The resulting Devices page presents the
routers available to the IWAN Application
for deployment as branch sites.
4. We will now add the brownfield branch
by clicking Add Brownfield Device. In the
pop up window, click adding New Device.
5. Enter the following router specific
information into this window then click Add
Device. Router Management IP: 198.10.1.6
Read Community: dcloud-ro Write
Community: dcloud Username: admin
Password: C1sco12345 Enable Password:
C1sco12345
6. The system works to discover the device
and run through validation scripts to ensure
that the device has no pre-existing IWAN
configurations. When validation is complete,
the device displays in the listing
NOTE: The new device is discovered by APIC,
not PNP.
7. Select the check boxes next to the serial
number for the new device. Click Provision
Site.
8. The Provision Site screen lists the two Cisco
Supported options for a dual router IWAN
branch site. Select the One router with two
WAN clouds configuration topology.
9. Select L3 Configuration One router with two WAN
clouds.
10. Enter the following information for the new site
on the Configure Topology step of the workflow.
Site Name: Chicago Site Location: Chicago (Click on
Set Geo to use the map to place the site) Pop to
Connect: HUB Select WAN (left): MPLS1 Select
WAN (right): INET1
11. Click the plus sign for the MPLS cloud.
12. The Configure WAN Cloud window will appear.
Carefully evaluate the information that APIC-EM has
auto populated based on the exiting interface
configuration required for basic reachability. Confirm
the following information and correct anything that
does not match. When complete click Save.
Interface: GigabitEthernet1 CE IP Address:
198.10.1.6 CE IP Mask: 255.255.255.252 PE IP
Address: 198.10.1.5 Download & Upload (Mpbs):
300 Service Provider: Default 8-Class Model
13. The cloud turns purple to indicate it saved these
selections.
14. Click the plus sign for the INET1 cloud. The
window below displays. By default the Application
offers the use of DHCP on the Internet transport.
Change this to Static IP for interface
GigabitEthernet2.
15. Again, APIC-EM learns from the existing interface
configuration and auto populates as much
information as possible. Review the information and
enter the Upload speed before clicking on the Save
button. Interface: GigabitEthernet2 Enable:
Static IP WAN IP address: 198.20.1.6 WAN IP
Mask: 255.255.255.252 Gateway IP address:
198.20.1.5 Upload: 10 Download (Mbps): 300
16. The cloud turns blue to indicate it saved these
selections.
17. Back at the main screen of the workflow click
the plus sign next to the LAN.
18. Confirm that GigabitEthernet3 is selected and
click Save
19. Click the plus sign for Routing Configuration.
20. Click the box next to the discovered Subnet IP and use the green arrow to
put it in the Selected area.
21. Select 10.4.4.0 and 10.4.40.0 from the discovered prefixes.
22. Set the Routing Protocol to EIGRP and the AS Number to 65004. 23.
Click Save.
24. When all components show the green checkmark as can be seen above,
click Apply Changes
25. A summary of the changes displays. Click Submit to proceed and provision
26. A small message displays at the top of the screen requiring confirmation.
Click Yes.
27. APIC-EM returns to the Sites tab where it began to monitor the progress of
the new site
NOTE: Site provisioning may take up to 8 minutes to complete and reflect in
the IWAN App.
Scenario 4. Configuring PfRv3 Application Policy
Steps
1. Log into APIC-EM using the userid admin
and password C1sco12345.
2. 2. Click on Administer Application Policies.
3. View the application policies.
4. Click the down arrow to expand the listing of applications. Click the Edit icon next to the App to open the details window.
5. Click Edit to open the edit options. This window allows you to edit application information.
6. Click Define Application Policy to show the
applications in three categories: Business
Relevant Default Business Irrelevant
7. Drag and drop one of the business
irrelevant applications to the business
relevant category to show how easily
applications can be reclassified.
8. Click on the down arrow for any of the applications to show how to Set Path Policy.
Scenario 5. Day N Bandwidth and WAN IP Updates
Steps
1. Log into APIC-EM using the userid admin
and password C1sco12345.
2. 2. Click on Manage Branch Sites.
3. Click Sites to display the previously
provisioned sites.
4. Click the Edit icon (pen) for the Miami site.
5. Click the Edit icon for the MPLS1 to open
the Configure WAN Cloud window.
6. Click the Edit icon (pencil) for Service
Provider.
7. Change the default setting on the
bandwidth for the Service Provider profile so
that the categories sum up to 100.
Figure
8. Click Update.
9. From the same screen, you can edit
download/upload speeds, CE IP Address, CE IP
Mask, or PE IP Address without breaking the
connectivity.
Scenario 6. Integrating LiveAction with APIC-EM
Steps
1. Open the LiveNX tab in your browser or
navigate to https://198.18.133.34. Log in
by entering username admin and password
C1sco12345.
2. Click in the top left corner to expand the
menu choices. Click Main > Devices to show
that the device inventory is empty.
3. Click Configure > APIC-EM Management to
show the configuration.
4. Click Discover to discover the configured
device inventory listing.
5. Click on a right arrow to expand one of the
listings. Information includes the site, the IP
mappings, and the interfaces.
6. Close the details and select all devices.
Click Add Devices. This automatically adds the
devices into the LiveNX listing.
7. From the menu, select Main > Devices to
show that the device inventory is now full of
all the devices being managed by LiveNX.
8. Click the link in the taskbar to log into the
LiveNX client using username admin and
password C1sco12345. The client shows the
default arrangement for all the devices being
added into LiveNX.
9. The client topology displays the devices.
Use the zoom tool to zoom out on the display.
10. Move the devices so that they look more like a logical
topology by dragging and dropping them into new locations.
11. Identify an MPLS cloud that leads to Tunnel 10. Right click
and select Merge Clouds.
12. In the Create Network Output window, enter MPLS1 for the
name of the merged cloud.
13. Adjust the size of the cloud using the slide bar for Size.
14. Click OK
15. Identify an MPLS cloud that leads to Tunnel 11. Right click and
select Merge Clouds.
16. In the Create Network Output window, enter INET1 for the name of
the merged cloud.
17. Change the Object/Shape of the cloud to a normal gray cloud.
18. Ok
19. Zoom back out to show the cleaned up topology.
20. Select the Flow tab and click Refresh to display the flows configured by APIC-EM.