Flexible Tenant Placement on Multitenant Cisco Catalyst SD-WAN Controllers

Table 1. Feature History

Feature Name

Release Information

Description

Flexible Tenant Placement on Multitenant Cisco Catalyst SD-WAN Controllers Cisco vManage Release 20.9.1 With this feature, while onboarding a tenant to a multitenant deployment, you can choose the pair of multitenant Cisco SD-WAN Controllers that serve the tenant. After onboarding a tenant, you can migrate the tenant to a different pair of multitenant Cisco SD-WAN Controller, if necessary.

Information About Flexible Tenant Placement on Multitenant Cisco SD-WAN Controllers

Automatic Tenant Placement by Cisco SD-WAN Manager

In Cisco vManage Release 20.8.x and earlier releases, when you onboard a tenant, Cisco SD-WAN Manager assigns a pair of multitenant Cisco SD-WAN Controllers to the tenant based on an internal algorithm that considers factors such as the following:

  • number of tenant WAN edge devices that you forecast for the tenant

  • number of tenants served by a pair of multitenant Cisco SD-WAN Controllers

  • number of WAN edge devices connected to a pair of multitenant Cisco SD-WAN Controllers

After the tenant is onboarded, if the tenant needs to add more devices than you originally forecast, you can modify the forecast if the pair of multitenant Cisco SD-WAN Controllers serving the tenant can accommodate these additional WAN edge devices. If the Cisco SD-WAN Controllers cannot accommodate the additional WAN edge devices, you must delete the tenant and onboard the tenant again with the revised device forecast so that Cisco SD-WAN Manager assigns a suitable pair of Cisco SD-WAN Controllers. If none of the pairs of multitenant Cisco SD-WAN Controllers can accommodate the revised device forecast, add a new pair of Cisco SD-WAN Controllers and then onboard the tenant.

Flexible Tenant Placement by Provide Admin User

From Cisco vManage Release 20.9.1, while onboarding a tenant, you have the flexibility to choose the pair of multitenant Cisco SD-WAN Controllers that are assigned to the tenant. Automatic tenant placement by Cisco SD-WAN Manager continues to be the default behavior with flexible tenant placement as an optional configuration.

To help you with flexible tenant placement, Cisco SD-WAN Manager lists available multitenant Cisco SD-WAN Controllers and provides the following details, as a percentage, for each controller:

  • number of tenants assigned

  • number of tenant WAN edge devices connected

  • memory utilized

  • CPU utilized

A multitenant Cisco SD-WAN Controller can serve a maximum of 24 tenants and 1000 tenant WAN edge devices across all the tenants. While onboarding a tenant, choose a pair of controllers that can be assigned one more tenant and can also connect to the number of WAN edge devices forecast for the tenant.

After the tenant is onboarded, if the tenant needs to add more devices than you originally forecast and the assigned pair of multitenant Cisco SD-WAN Controllers cannot connect to these additional WAN edge devices, you can migrate the tenant to another pair of Cisco SD-WAN Controllers that can serve one more tenant and accommodate the revised WAN edge device forecast for the tenant. If none of the multitenant Cisco SD-WAN Controllers pairs can accommodate the revised device forecast, you can migrate other tenants to alternative Cisco SD-WAN Controllers so that the controller utilization is efficient and the tenant assignment is optimal. If the optimization doesn’t create the capacity required to accommodate the revised device forecast for the tenant, add a new pair of Cisco SD-WAN Controllers and then migrate the tenant.

Benefits of Flexible Tenant Placement on Multitenant Cisco SD-WAN Controllers

  • Choose Cisco SD-WAN Controllers deployed in different failure zones to reduce the probability of both the controllers failing simultaneously. In a cloud environment, choose controllers deployed in different regions.

  • Choose Cisco SD-WAN Controllers deployed in the same geographical region as the tenant WAN edge devices to reduce latency.

  • Choose Cisco SD-WAN Controllers based on the CPU, DRAM, and hard disk resources allocated, and the utilization of these resources.

  • Migrate a tenant to a different Cisco SD-WAN Controller to accommodate changes in the tenant device forecast.

Restrictions for Flexible Tenant Placement on Multitenant Cisco SD-WAN Controllers

If you wish to migrate a tenant to different pair of Cisco SD-WAN Controllers, you must change the Cisco SD-WAN Controllers assigned to the tenant one at a time. Doing so ensures that one of the Cisco SD-WAN Controllers is available to the tenant WAN edge devices during the migration and prevents disruptions in traffic.

Assign Cisco SD-WAN Controllers to Tenants During Onboarding

Prerequisites

  • At least two Cisco SD-WAN Controllers must be operational and in Cisco SD-WAN Manager before you can add new tenants.

    A Cisco SD-WAN Controller enters the Manager mode when you push a template to the controller from Cisco SD-WAN Manager. A Cisco SD-WAN Controller in the CLI mode cannot serve multiple tenants.

  • Each pair of Cisco SD-WAN Controllers can serve a maximum of 24 tenants and a maximum of 1000 tenant devices. Ensure that there are at least two Cisco SD-WAN Controllers that can serve a new tenant. If no pair of Cisco SD-WAN Controllers in the deployment can serve a new tenant, add two Cisco SD-WAN Controllers and change their mode to Manager.

  • Add up to 16 tenants in a single operation. If you add more than one tenant, during the Add Tenant task, Cisco SD-WAN Manager adds the tenants one after another and not in parallel.

    While an Add Tenant task is in progress, do not perform a second tenant addition operation. If you do so, the second Add Tenant task fails.

  • Each tenant must have a unique Virtual Account (VA) on Plug and Play Connect on Cisco Software Central. The tenant VA should belong to the same Smart Account (SA) as the provider VA.

  • For an on-premises deployment, create a Cisco SD-WAN Validator controller profile for the tenant on Plug and Play Connect. The fields in the following table are mandatory.

    Field Description
    Profile Name Enter a name for the controller profile.
    Multi-Tenancy From the drop-down list, select Yes.
    SP Organization Name Enter the provider organization name.
    Organization Name Enter the tenant organization name in the format <SP Org Name>-<Tenant Org Name>. The organization name can be up to 64 characters.
    Primary Controller Enter the host details for the primary Cisco SD-WAN Validator.

    For a cloud deployment, the Cisco SD-WAN Validator controller profile is created automatically as part of the tenant creation process.

  1. Log in to Cisco SD-WAN Manager as the provider admin user.

  2. From the Cisco SD-WAN Manager menu, choose Administration > Tenant Management.

  3. Click Add Tenant.

  4. In the Add Tenant slide-in pane, click New Tenant.

  5. Configure the following tenant details:

    Field Description
    Name Enter a name for the tenant.

    For a cloud deployment, the tenant name should be same as the tenant VA name on Plug and Play Connect.

    Description

    Enter a description for the tenant.

    The description can have up to 256 characters and can contain only alphanumeric characters.

    Organization Name

    Enter the name of the tenant organization. The organization name can have up to 64 characters.

    The organization name is case-sensitive. Each tenant or customer must have a unique organization name.

    Enter the organization name in the following format:

    <SP Org Name>-<Tenant Org Name>

    For example, if the provider organization name is ‘managed-sp’ and the tenant organization name is 'customer1', while adding the tenant, enter the organization name as ‘managed-sp-customer1’.

    URL Subdomain

    Enter the fully qualified subdomain name of the tenant.

    • The subdomain name must include the domain name of the service provider. For example, for the managed-sp.com service provider, a valid domain name for customer1 is customer1.managed-sp.com.

      Note

       

      The service provider name is shared amongst all tenants. Ensure that the URL naming convention follows the same domain name convention that was followed while enabling multitenancy using Administration > Settings > Tenancy Mode.

    • For an on-premises deployment, add the fully qualified subdomain name of the tenant to the DNS. Map the fully qualified subdomain name to the IP addresses of the three Cisco SD-WAN Manager instances in the Cisco SD-WAN Manager cluster.

      • Provider DNS: Create a DNS A record and map it to the IP addresses of the Cisco SD-WAN Manager instances running in the Cisco SD-WAN Manager cluster. The A record is derived from the provider’s domain name and the cluster ID that was created while enabling multitenancy on Cisco SD-WAN Manager. For example, if the provider’s domain name is sdwan.cisco.com and the cluster ID is vmanage123, configure the A record as vmanage123.sdwan.cisco.com.

        Note

         

        If you fail to add the DNS A record, you will experience authentication errors when logging in to Cisco SD-WAN Manager.

        Validate that the DNS is configured correctly by using the nslookup command. Example: nslookup vmanage123.sdwan.cisco.com .

      • Tenant DNS: Create DNS CNAME records for each tenant that you created and map them to the provider FQDN. For example, if the provider’s domain name is sdwan.cisco.com and tenant name is customer1, configure the CNAME record as customer1.sdwan.cisco.com.

        Cluster ID is not required in the CNAME record.

        Validate that the DNS is configured correctly by using the nslookup command. Example: nslookup customer1.sdwan.cisco.com.

    • For a cloud deployment, the fully qualified subdomain name of the tenant is automatically added to the DNS as part of the tenant creation process. After you add a tenant, it could take up to an hour before the fully qualified subdomain name of the tenant can be resolved by the DNS.

    Forecasted Devices

    Enter the number of WAN edge devices that the tenant can add to the overlay.

    If the tenant tries to add WAN edge devices beyond this number, Cisco SD-WAN Manager reports an error and the device addition fails.

    Select two Controllers
    • Automatic tenant placement: Ensure that the Select two Controllers field has the value Autoplacement. This is the default configuration.

    • Flexible tenant placement:

      1. Click the Select two Controllers drop-down list.

        Cisco SD-WAN Manager lists the hostnames of the available Cisco SD-WAN Controllers. For each Cisco SD-WAN Controller, Cisco SD-WAN Manager shows whether the controller is reachable and reports the following utilization details:

        Tenant hosting capacity Each Cisco SD-WAN Controller can serve a maximum of 24 tenants. Tenant hosting capacity represents the number of tenants to which the Cisco SD-WAN Controller is assigned in the form of a percentage. This value indicates whether you can assign another tenant to this controller.
        Used device capacity Each Cisco SD-WAN Controller can support a maximum of 1000 tenant WAN edge devices. Used device capacity represents the number of tenant WAN edge devices connected to the Cisco SD-WAN Controller in the form of a percentage of the maximum capacity (1000 WAN edge devices). This value indicates whether the Cisco SD-WAN Controller can support the number of devices forecast for the tenant that you are onboarding.
        Memory utilized This value represents memory consumption as a percentage.
        CPU utilized This value represents CPU usage as a percentage.
      2. Select two Cisco SD-WAN Controllers to assign to the tenant based on the utilization details.

        To select a Cisco SD-WAN Controller, check the check box adjacent to its hostname.

  6. To save the tenant configuration, click Save.

  7. To add another tenant, repeat Step 4 to Step 6.

  8. To onboard tenants to the deployment, click Add.

Cisco SD-WAN Manager initiates the Create Tenant Bulk task to onboard the tenants.

As part of this task, Cisco SD-WAN Manager performs the following activities:

  • creates the tenant

  • assigns two Cisco SD-WAN Controllers to serve the tenant and pushes a CLI template to these controllers to configure tenant information

  • sends the tenant and Cisco SD-WAN Controller information to Cisco SD-WAN Validator

When the task is successfully completed, you can view the tenant information, including the Cisco SD-WAN Controller and Cisco SD-WAN Validators assigned to the tenant, on the Administration > Tenant Management page.

Update Cisco SD-WAN Controllers Placement For a Tenant

You can migrate a tenant to a different pair of Cisco SD-WAN Controllers from the controllers that are currently assigned to the tenant. For instance, if you need to increase the tenant WAN edge device forecast and the controllers assigned to the tenant cannot connect to these revised number of tenant WAN edge devices, you can migrate the tenant to a pair of controllers that can accommodate the revised forecast.

If you wish to migrate a tenant to different pair of Cisco SD-WAN Controllers, you must change the Cisco SD-WAN Controllers that are assigned to the tenant one at a time. Doing so ensures that one of the Cisco SD-WAN Controllers is available to the tenant WAN edge devices during the migration and prevents disruptions in traffic.

  1. Log in to Cisco SD-WAN Manager as the provider admin user.

  2. From the Cisco SD-WAN Manager menu, choose Administration > Tenant Management.

  3. For the tenant you wish to migrate to a different controller, click adjacent to the tenant organization name.

  4. Click Update Controller Placement.

  5. In the Update Controller Placement slide-in pane, configure the following:

    Field Description
    Source Controller (currently applied)
    1. Click the Source Controller (currently applied) drop-down list.

      Cisco SD-WAN Manager lists the hostnames of the Cisco SD-WAN Controllers assigned to the tenant. For each Cisco SD-WAN Controller, Cisco SD-WAN Manager shows whether the controller is reachable and reports the following utilization details:

      Tenant hosting capacity Each Cisco SD-WAN Controller can serve a maximum of 24 tenants. Tenant hosting capacity represents the number of tenants to which the Cisco SD-WAN Controller is assigned in the form of a percentage. This value indicates whether you can assign another tenant to this controller.
      Used device capacity Each Cisco SD-WAN Controller can support a maximum of 1000 tenant WAN edge devices. Used device capacity represents the number of tenant WAN edge devices connected to the Cisco SD-WAN Controller in the form of a percentage of the maximum capacity (1000 devices). This value indicates whether the Cisco SD-WAN Controller can support the number of devices forecast for the tenant that you are onboarding.
      Memory utilized This value represents memory consumption as a percentage.
      CPU utilized This value represents CPU usage as a percentage.
    2. Check the check box adjacent to the hostname of one of the Cisco SD-WAN Controllers assigned to the tenant.

    Destination Controller
    1. Click the Destination Controller drop-down list.

      Cisco SD-WAN Manager lists the hostnames of the available Cisco SD-WAN Controllers that are not assigned to the tenant. For each Cisco SD-WAN Controller, Cisco SD-WAN Manager shows whether the controller is reachable and reports the following utilization details:

      Tenant hosting capacity Each Cisco SD-WAN Controller can serve a maximum of 24 tenants. Tenant hosting capacity represents the number of tenants to which the Cisco SD-WAN Controller is assigned in the form of a percentage. This value indicates whether you can assign another tenant to this controller.
      Used device capacity Each Cisco SD-WAN Controller can support a maximum of 1000 tenant WAN edge devices. Used device capacity represents the number of tenant WAN edge devices connected to the Cisco SD-WAN Controller in the form of a percentage of the maximum capacity (1000 devices). This value indicates whether the Cisco SD-WAN Controller can support the number of devices forecast for the tenant that you are onboarding.
      Memory utilized This value represents memory consumption as a percentage.
      CPU utilized This value represents CPU usage as a percentage.
    2. Check the check box adjacent to the hostname of the Cisco SD-WAN Controller you want to assign to the tenant.

      If you select a Cisco SD-WAN Controller that does not have the required capacity to serve the tenant devices, the update operation fails.

  6. Click Update.

  7. To change the other Cisco SD-WAN Controller that is assigned to the tenant, repeat Step 3 to Step 6.

Cisco SD-WAN Manager initiates the Tenant Controller Update task to assign the selected Cisco SD-WAN Controller to the tenant, migrating the tenant details from the Cisco SD-WAN Controller that was previously assigned. When the task is successfully completed, you can view the tenant information, including the Cisco SD-WAN Controllers assigned to the tenant, on the Administration > Tenant Management page.