Configure Service Chaining
Here is the workflow for configuring service chaining for a device managed by Cisco Catalyst SD-WAN:
-
Service devices are accessed through a specific VRF. In the VPN template that corresponds to the VRF for a service device, configure service chaining, specifying the service type and device addresses. By default, the tracking feature adds each service device status update to the service log. You can disable this in the VPN template.
-
Attach the VPN template to the device template for the device managed by Cisco Catalyst SD-WAN.
-
Apply the device template to the device.
Configure Service Chaining Using Cisco SD-WAN Manager
To configure service chaining for a device.
-
In Cisco SD-WAN Manager, create a VPN template.
-
ClickService.
-
In the Service section, click New Service and configure the following:
-
Service Type: Select the type of service that the service device is providing.
-
IP Address: IP Address is the only working option.
-
IPv4 Address: Enter between one and four addresses for the device.
-
Tracking: Determines whether the periodic health updates of the service device are recorded in the system log. Default: On
Note
Maximum number of services: 8
-
-
Click Add. The service appears in the table of configured services.
CLI Equivalent for Cisco IOS XE Catalyst SD-WAN Devices
The following table shows how configuration of service chaining by CLI corresponds to configuration in Cisco SD-WAN Manager. CLI configuration differs between Cisco IOS XE Catalyst SD-WAN devices and Cisco vEdge devices. The CLI example below is for a Cisco IOS XE Catalyst SD-WAN device.
CLI (Cisco IOS XE Catalyst SD-WAN device) |
Cisco SD-WAN Manager |
||
---|---|---|---|
|
In Cisco SD-WAN Manager, configure service insertion in the VPN template for a specific VRF—VRF 10 in this example. Select the service type from the drop-down —firewall in this example. |
||
|
When adding a service in the VPN template Service, select On or Off for Tracking. |
||
|
In the VRF template Service, enter one or more IP addresses for the service device providing a specific service. |
CLI Example
sdwan
service firewall vrf 10
ipv4 address 10.0.2.1 10.0.2.2
commit
CLI Equivalent for Cisco vEdge Devices
The following table shows how configuration of service chaining by CLI corresponds to configuration in Cisco SD-WAN Manager. CLI configuration differs between Cisco IOS XE Catalyst SD-WAN devices and Cisco vEdge devices. The CLI example below is for a Cisco vEdge device.
CLI (Cisco vEdge device) |
Cisco SD-WAN Manager |
||
---|---|---|---|
|
In Cisco SD-WAN Manager, configure service insertion in the VPN template—VPN 10 in this example. Select the service type from the drop-down—firewall in this example. |
||
|
Select the service type from the drop-down—firewall in this example. Provide one or more addresses for the service device. |
||
|
When adding a service in the VPN template Service, select On or Off for Tracking. |
CLI Example
vpn 10
service FW address 10.0.2.1
commit