Protocol Pack Management and Compliance

Protocol Pack Management and Compliance

Table 1. Feature History

Feature Name

Release Information

Feature Description

Protocol Pack Management and Compliance

Cisco IOS XE Catalyst SD-WAN Release 17.14.1a

Cisco Catalyst SD-WAN Manager Release 20.14.1

Cisco SD-WAN Manager management of Protocol Packs includes functions such as the following:

  • Upgrading Protocol Pack releases on routers in the network.

  • Flagging the status of routers using an older Protocol Pack release than the current reference release.

Information About Protocol Pack Management and Compliance

Cisco SD-WAN Manager includes a pre-installed Protocol Pack, which is a standard set of protocols for classifying network traffic according to the application producing the traffic. The protocols, also called applications, can be used for application-aware policy, security policy, and QoS policy, to match traffic based on the application producing the traffic. And they are used for tracking which applications are producing traffic within the network—called application visibility.

Protocol Pack Releases

Periodic Protocol Pack releases include updates to the application set, such as the following:

  • Expanding individual applications to a set of related applications to enable more granular classification of traffic

    For example, a Protocol Pack release may enable classifying the traffic produced by a multimedia application, and a subsequent release could distinguish with better granularity between the audio traffic and the video traffic that the multimedia application produces.

  • New applications

  • Renamed applications

Upgrading the Protocol Pack Installed on Devices

Devices running a long-lived Cisco IOS XE release support upgrading from the Protocol Pack built into the release to a later Protocol Pack release.

Uses for the Reference Protocol Pack Release

You can upload new Protocol Pack releases into Cisco SD-WAN Manager when they become available. For the procedure, see Upload a Protocol Pack to Cisco SD-WAN Manager. The latest release uploaded into Cisco SD-WAN Manager has a specific role. It functions as the reference Protocol Pack release. Cisco SD-WAN Manager displays the current reference release on the Configuration > Application Catalog > Application Source Settings page, in the Version field.

Cisco SD-WAN Manager uses the reference Protocol Pack release for the following functions:

  • Checking whether each router in the network is using the latest Protocol Pack available through Cisco SD-WAN Manager. If a router is using an earlier Protocol Pack, the table on the Configuration > Application Catalog > Application Source Settings page shows the status in the Compatibility Status column.

  • Checking whether policies that match traffic by application use applications that have been changed in a more recent Protocol Pack release. For information about policy compliance, see Protocol Pack Management and Compliance.

Restrictions for Protocol Pack Management and Compliance

  • We recommend upgrading the reference Protocol Pack on Cisco SD-WAN Manager to the latest version before upgrading the Protocol Pack on any devices in the network to that version.

  • We recommend using Cisco SD-WAN Manager to upgrade the Protocol Pack release on devices in the network, and not to do this individually on devices by CLI.

Upload a Protocol Pack to Cisco SD-WAN Manager

Before You Begin

For information about Protocol Pack releases, see the Cisco Protocol Pack documentation. A list of Protocol Packs appears on the NBAR2 Protocol Pack Library page.

Uploading a Protocol Pack that is a later release than previously uploaded Protocol Packs has two effects:

  • As with any upload, the Protocol Pack is available for upgrading compatible devices in the network.

  • If the uploaded Protocol Pack is a later release than previously uploaded Protocol Packs, it becomes the new reference release for Cisco SD-WAN Manager.

    Cisco SD-WAN Manager shows the current reference release on the Configuration > Application Catalog > Application Source Settings page, in the Version field.

    Cisco SD-WAN Manager uses the reference release as the basis for determining application compliance, policy compliance, and device Protocol Pack version compliance. For more information about compliance, see Protocol Pack Management and Compliance.

Upload a Protocol Pack to Cisco SD-WAN Manager

  1. Download a Protocol Pack from the Cisco Software Download site.

  2. From the Cisco SD-WAN Manager menu, choose Configuration > Application Catalog and click Application Source Settings.

  3. Locate the SD-WAN Manager Protocol Pack section of the page.

  4. Click Upload SDWAN Manager Protocol Packs to save the Protocol Pack to Cisco SD-WAN Manager.

    The uploaded Protocol Pack is available to upgrade any compatible devices in the network.

    As noted in Before You Begin, if the uploaded Protocol Pack is a later release than previously uploaded Protocol Packs then it becomes the new reference release. A pop-up window shows whether changing the reference Protocol Pack release would affect policy or device compliance.

    If any protocols in the Protocol Pack introduce name conflicts with existing custom applications, the upload does not proceed. See Information About Application Compliance in the Policy Groups Configuration Guide.

  5. Click Update or Ignore and Proceed to complete the upload.


    Note


    If you do not want to complete the upload, such as if you do not want to change the reference Protocol Pack release, click Cancel Update.


Upgrade a Device Protocol Pack

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Application Catalog and click Application Source Settings.

  2. Locate the SD-WAN Manager Protocol Pack section of the page.

  3. Select one or more devices in the table by checking the check boxes for the devices.

  4. Click Upgrade Device Protocol Pack.

  5. In the pop-up window, choose a Protocol Pack release to install. Optionally, choose a scheduled upgrade.


    Note


    If you schedule an upgrade for a later time, you cannot perform additional upgrades until that upgrade is complete. Only one upgrade task can be active at a given time. In a multitenant scenario, it is one upgrade task per tenant.


    Cisco SD-WAN Manager upgrades the Protocol Pack on the device if the device software version allows the upgrade. See the Protocol Pack documentation for information about compatible Cisco IOS XE software versions.

Check Protocol Pack Compliance

Before You Begin

When you upload a new Protocol Pack, Cisco SD-WAN Manager automatically checks whether each device in the network is using the latest available Protocol Pack—called compliance. In addition, it checks policy and device Protocol Pack compliance at regular intervals. For more information about compliance, see Protocol Pack Management and Compliance.

You can trigger the compliance check manually using this procedure. This may be helpful, for example, to check compliance after upgrading the Protocol Pack on one or more devices.

Check Protocol Pack Compliance

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Application Catalog and click Application Source Settings.

  2. Locate the SD-WAN Manager Protocol Pack section of the page.

  3. Click Sync Compliance.

View Protocol Pack Status

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Application Catalog and click Application Source Settings.

  2. Locate the SD-WAN Manager Protocol Pack section of the page.

    At the top of the section, the Version field shows the latest Protocol Pack release uploaded to Cisco SD-WAN Manager.

    The table shows each router, the loaded Protocol Pack release, and related information, as described here:

    Field

    Description

    Hostname

    Device hostname.

    Site ID

    Device site ID.

    Device Model

    Device model name.

    Software Version

    Software release operating on the device.

    Protocol Pack Version

    Protocol Pack release loaded on the device.

    Reachability

    Reachability of the device by Cisco SD-WAN Manager.

    Compatibility Status

    • Green: The Protocol Pack loaded on the device matches the Protocol Pack loaded in Cisco SD-WAN Manager.

    • Red: The Protocol Pack loaded on the device does not match the Protocol Pack loaded in Cisco SD-WAN Manager.

    Upgrade Status

    Indicates whether a Protocol Pack upgrade has been performed on the device, and the status of the update:

    • No job history: No attempt to upgrade the Protocol Pack.

    • In-progress: Cisco SD-WAN Manager is currently upgrading the Protocol Pack on a device.

    • Success: Cisco SD-WAN Manager has upgraded the Protocol Pack.

    • Skipped: Cisco SD-WAN Manager did not find a compatible Protocol Pack.

    • Failure: Cisco SD-WAN Manager has tried unsuccessfully to upgrade a Protocol Pack.

    • Scheduled: Cisco SD-WAN Manager is scheduled to upgrade the Protocol Pack.

    • Canceled: Cisco SD-WAN Manager has canceled a scheduled upgrade.