Managing SD-WAN instances

An SD-WAN instance is the Kaspersky SD-WAN solution deployed on multiple physical and/or virtual devices for a single

Centralized configuration of SD-WAN instances is achieved using SD-WAN instance templates. You can specify all settings in an SD-WAN instance template and then use it when deploying instances for individual tenants, thus avoiding the need to configure them individually. To use an SD-WAN instance template when deploying an instance for a tenant, the tenant must be added to the template.

When you deploy Kaspersky SD-WAN for the first time, a default SD-WAN instance template is automatically created in the orchestrator web interface. It cannot be deleted, but you can select a different default template.

If you deploy the solution for a tenant that is not added to any SD-WAN instance template, the default template is applied to that tenant.

If the settings specified in the SD-WAN instance template do not match the actual settings of the tenant's instance, the solution is not deployed. For example, you may encounter an error when deploying the solution for a tenant if the SD-WAN instance template that is being used specifies the number of SD-WAN Controller nodes that differs from the actual number of nodes that the tenant has.

You can pool SD-WAN instances for scalability and fault tolerance, especially if a great number of devices is used.

Each SD-WAN instance pool is a load balancer with CPE devices as the load. When creating a CPE device, you can assign it to a pool of SD-WAN instances or to individual instances from that pool. If you assign a device to a pool of SD-WAN instances, the orchestrator automatically selects from this pool the SD-WAN instance with the least number of devices and assigns the device to that instance. If the quantities of devices are the same, the SD-WAN instance is selected randomly.

Creating an SD-WAN instance template

To create an SD-WAN instance template:

1. In the menu, go to the SD-WAN section.

   By default, the CPE subsection is displayed with a table of CPE devices.

2. In the upper part of the page, click + SD-WAN instance template.

This opens the SD-WAN instance templates subsection, which contains the table of SD-WAN instance templates. The template is created and displayed in the table. By default, the template is assigned a name in the "Template <template sequential number>" format.

Setting the default SD-WAN instance template

To set the default SD-WAN instance template:

1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

   A table of SD-WAN instance templates is displayed.

2. Click the SD-WAN Instance template.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. In the upper part of the settings area, under Actions, click Set as default template.

Deleting an SD-WAN instance template

You cannot delete the default SD-WAN instance template. Deleted templates cannot be restored.

To delete an SD-WAN instance template:

1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

   A table of SD-WAN instance templates is displayed.

2. Click the SD-WAN Instance template.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. In the upper part of the settings area, under Actions click Delete.
4. In the confirmation window, click Delete.

The SD-WAN instance template is deleted and is no longer displayed in the table.

Adding a tenant to an SD-WAN instance template

Before you can add a tenant to an SD-WAN instance template, you must create a tenant and an SD-WAN instance template.

To add a tenant to an SD-WAN instance template:

1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

   A table of SD-WAN instance templates is displayed.

2. Click the SD-WAN Instance template.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. Select the Tenants tab.

   A table of tenants is displayed.

4. Click + Tenant.
5. This opens a window; in that window, select a tenant and click Add.
6. Click Save in the upper part to save the configuration of the SD-WAN instance template.

The tenant is added to the SD-WAN instance template and is displayed in the table.

Removing a tenant from an SD-WAN instance template

To remove a tenant from an SD-WAN instance template:

1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

   A table of SD-WAN instance templates is displayed.

2. Click the SD-WAN Instance template.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. Select the Tenants tab.

   A table of tenants is displayed.

4. Click Delete next to the tenant.
5. Click Save in the upper part to save the configuration of the SD-WAN instance template.

The tenant is deleted from the SD-WAN instance template and is no longer displayed in the table.

Configuring high availability

The solution architecture allows maintaining high availability of SD-WAN instances in the event of shutdown or overload of virtual machines, CPE devices, and SD-WAN Controllers. High availability of these components is achieved by installing redundant devices and connections between them.

We recommend that you take into account the need for high availability of solution components when deploying an SD-WAN instance.

To configure high availability:

1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

   A table of SD-WAN instance templates is displayed.

2. Click the SD-WAN Instance template.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. Select the High availability tab.

   The high availability settings are displayed.

4. Select the number of SD-WAN Controller nodes to use when deploying an SD-WAN instance.
5. Click Save in the upper part to save the configuration of the SD-WAN instance template.

Choosing a transport strategy

A transport strategy is a transport service encapsulation mechanism that includes the algorithm for adding a stack of traffic packet header tags and the type of these tags. Kaspersky SD-WAN temporarily supports one transport strategy, Generic VNI Swapping Transport.

To select a transport strategy:

1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

   A table of SD-WAN instance templates is displayed.

2. Click the SD-WAN Instance template.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. Select the Transport/service strategy tab.

   The selected transport strategy is displayed.

4. Make sure the Generic VNI swapping transport transport strategy is selected in the drop-down list.

Adding a tenant to an SD-WAN instance

By default, an SD-WAN instance is deployed for one tenant, but you can add other tenants to an already deployed instance. In this case, the instance provides connectivity between CPE devices assigned to the tenants added to the instance. When adding a tenant, you can also limit the number of devices available to the tenant.

Before adding a tenant to an SD-WAN instance, you must create the tenant.

To add a tenant to an SD-WAN instance:

1. In the menu, go to the SD-WAN → SD-WAN instances subsection.

   A table of SD-WAN instances is displayed.

2. Click the relevant SD-WAN instance.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. Select the Tenant self-service tab.

   A table of tenants is displayed.

4. Click + Add.
5. This opens a window; in that window, select a tenant.
6. In the Maximum CPEs field, enter the maximum number of devices available for the tenant.
7. Click Add.

The tenant is added to the SD-WAN instance and is displayed in the table.

Removing a tenant from an SD-WAN instance

To remove a tenant from an SD-WAN instance:

1. In the menu, go to the SD-WAN → SD-WAN instances subsection.

   A table of SD-WAN instances is displayed.

2. Click the relevant SD-WAN instance.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. Select the Tenant self-service tab.

   A table of tenants is displayed.

4. Click Delete next to the tenant.
5. In the confirmation window, click Delete.

The tenant is deleted from the SD-WAN instance and is no longer displayed in the table.

Viewing devices assigned to an SD-WAN Instance

To view devices assigned to an SD-WAN instance:

1. In the menu, go to the SD-WAN → SD-WAN instances subsection.

   A table of SD-WAN instances is displayed.

2. Click the relevant SD-WAN instance.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. In the upper part of the settings area, under Actions click Show associated CPEs.

The CPE subsection is displayed with a table of CPE devices. The table displays only those devices that are assigned to the SD-WAN instance.

Deleting an SD-WAN instance

Deleting an instance also deletes all CPE devices assigned to the template as well as the network service in which the instance was deployed.

An alternative method of deleting an instance is to delete the network service in which it is deployed. Deleted SD-WAN instances cannot be restored.

To delete an SD-WAN instance:

1. In the menu, go to the SD-WAN → SD-WAN instances subsection.

   A table of SD-WAN instances is displayed.

2. Click the relevant SD-WAN instance.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. In the upper part of the settings area, under Actions click Delete.
4. In the confirmation window, click Delete.

The SD-WAN instance is deleted and is no longer displayed in the table.

Creating a pool of SD-WAN instances

To create a pool of SD-WAN instances:

1. In the menu, go to the SD-WAN section.

   By default, the CPE subsection is displayed with a table of CPE devices.

2. In the upper part of the page, click + SD-WAN instance pool.
3. This opens a window; in that window, enter the name of the SD-WAN instance pool.
4. Click Create.

This opens the SD-WAN instance pools subsection, which contains the table of SD-WAN instance pools. The SD-WAN instance pool is created and displayed in the table. Now you can add SD-WAN instances to the pool.

Adding an SD-WAN instance to a pool

Before adding an SD-WAN instance to a pool, you must create a pool of SD-WAN instances.

To add an SD-WAN instance to the pool:

1. In the menu, go to the SD-WAN → SD-WAN instance pools subsection.

   A table of SD-WAN instance pools is displayed.

2. Click the SD-WAN instance pool.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. Select the SD-WAN instances tab.

   A table of SD-WAN instances is displayed.

4. Click + SD-WAN instance.
5. This opens a window; in that window, select the SD-WAN instance that you want to add to the pool.
6. Click Add.
7. Click Save in the upper part to save the configuration of the SD-WAN instance pool.

The SD-WAN instance is added to the pool and displayed in the table.

Removing an SD-WAN instance from a pool

To remove an SD-WAN instance from a pool:

1. In the menu, go to the SD-WAN → SD-WAN instance pools subsection.

   A table of SD-WAN instance pools is displayed.

2. Click the SD-WAN instance pool.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. Select the SD-WAN instances tab.

   A table of SD-WAN instances is displayed.

4. Click Delete next to the SD-WAN instance.

   The SD-WAN instance is removed from the pool and is no longer displayed in the table.

5. Click Save in the upper part to save the configuration of the SD-WAN instance pool.

Deleting a pool of SD-WAN instances

Deleted SD-WAN pools cannot be restored.

To create an SD-WAN instance pool:

1. In the menu, go to the SD-WAN → SD-WAN instance pools subsection.

   A table of SD-WAN instance pools is displayed.

2. Click the SD-WAN instance pool.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. In the upper part of the settings area, under Actions click Delete.
4. In the confirmation window, click Delete.

The SD-WAN instance pool is deleted and is no longer displayed in the table.