Configuration Consistency across Cisco Catalyst SD-WAN Controllers
Information about Configuration Consistency across Cisco Catalyst SD-WAN Controllers
- Multi-stage Approach for Configuration Consistency across Cisco Catalyst SD-WAN Controllers
Supported Devices for Configuration Consistency across Cisco Catalyst SD-WAN Controllers
Restrictions for Configuration Consistency across Cisco Catalyst SD-WAN Controllers
Scenarios for Offline Cisco Catalyst SD-WAN Controllers
- Warning Messages for Offline Cisco SD-WAN Controllers
Verify Consistent Configuration across Cisco Catalyst SD-WAN Controllers

Configuration Consistency across Cisco Catalyst SD-WAN Controllers

Table 1. Feature History
Feature Name	Release Information	Description
Configuration Consistency across Cisco SD-WAN Controllers	Cisco Catalyst SD-WAN Control Components Release 20.18.1	This process ensures consistency in configuration across all Cisco SD-WAN Controllers using a multi-stage approach. The multi-stage approach includes the following stages: Validation: Cisco SD-WAN Manager instructs Cisco SD-WAN Controllers to validate the configuration. Application: Cisco SD-WAN Manager instructs Cisco SD-WAN Controllers to validate and apply the configuration. Rollback (Optional): Cisco SD-WAN Manager reverts changes if any issues arise during the application stage. This process prevents issues arising from Cisco SD-WAN Controllers operating on different configurations.

Information about Configuration Consistency across Cisco Catalyst SD-WAN Controllers

Minimum Supported Version: Cisco Catalyst SD-WAN Control Components Release 20.18.1

Configuration consistency across Cisco SD-WAN Controllers is a process that:

ensures configuration consistency across all Cisco SD-WAN Controllers in the cluster for single tenants,
ensures configuration consistency only for Cisco SD-WAN Controllers that are part of the tenant,
employs a multi-stage approach to implement configuration changes,
uses an error-handling mechanism to rollback changes when failures occur, and
prevents issues arising due to Cisco SD-WAN Controllers operating on different configurations.

This process applies to Cisco SD-WAN Controllers in both single tenant and multitenant deployments.

Multi-stage Approach for Configuration Consistency across Cisco Catalyst SD-WAN Controllers

Minimum Supported Version: Cisco Catalyst SD-WAN Control Components Release 20.18.1

The multi-stage approach is a two-stage process for validating and applying configuration changes across Cisco SD-WAN Controllers using Cisco SD-WAN Manager. This approach ensures uniformity in configuration across Cisco SD-WAN Controllers in a network.

The multi-stage approach includes the following stages:

Stage 1: Validate Configuration

During this stage, Cisco SD-WAN Manager instructs Cisco SD-WAN Controllers to perform various validation checks on the configuration.
- Resource validation
- Syntax validation
- Semantic validation
Stage 2: Apply Configuration
Upon successful completion of Stage 1, Cisco SD-WAN Manager instructs all Cisco SD-WAN Controllers to apply the configuration. The Cisco SD-WAN Controllers perform another resource validation check before committing the configuration.
Stage 3: Rollback Configuration
This is an optional stage. Cisco SD-WAN Manager initiates this stage only when Stage 2 fails. This stage involves rollback of configuration changes on all Cisco SD-WAN Controllers if one or more controllers are unable to accept or apply the configuration. Cisco SD-WAN Manager rolls back the configuration changes on all devices on which it is deployed successfully. Rollback prevents partial implementation of configurations and ensures uniformity in configuration across Cisco SD-WAN Controllers in a network.

Interim Acknowledgements(ACKs) and Handling Timeouts

During Stage 1 and Stage 2 in the multi-stage approach, Cisco SD-WAN Manager sends requests to validate and apply configuration changes to Cisco SD-WAN Controllers. To keep the communication open and active with Cisco SD-WAN Manager, Cisco SD-WAN Controllers send periodic interim ACKs back to the Cisco SD-WAN Manager. This communication serves two primary purposes:

Status display: It allows the Cisco SD-WAN Manager to display the ongoing status of validation and application of configuration through task logs.
Task or activity timer management: It helps in adjusting the task or activity timer for an operation and prevents Cisco SD-WAN Manager from timeout.

Rolling Timeouts

Rolling timeout is an important mechanism in the multi-stage approach. It is a dynamic timeout mechanism where the timeout period is continuously reset based on successful communication between Cisco SD-WAN Controller and Cisco SD-WAN Manager. The rolling timeout period of 25 minutes starts after Cisco SD-WAN Manager receives the last successful interim ACK from any Cisco SD-WAN Controller. If a timeout occurs, Cisco SD-WAN Manager terminates applying configuration changes to all the Cisco SD-WAN Controllers in the network. When applying configuration changes fails, Cisco SD-WAN Manager initiates a rollback. This mechanism ensures that there is no inconsistency in the configuration across Cisco SD-WAN Controllers.

Supported Devices for Configuration Consistency across Cisco Catalyst SD-WAN Controllers

Minimum Supported Version: Cisco Catalyst SD-WAN Control Components Release 20.18.1

All the devices operating in Cisco SD-WAN Controller version 20.17.1 and Cisco Catalyst SD-WAN Manager Release 20.18.1 support the process.

Restrictions for Configuration Consistency across Cisco Catalyst SD-WAN Controllers

Minimum Supported Version: Cisco Catalyst SD-WAN Control Components Release 20.18.1

These are the restrictions for maintaining configuration consistency across Cisco SD-WAN Controllers:

Cisco Catalyst SD-WAN Manager Release 20.18.1 supports the multi-stage approach for maintaining configuration consistency only for Cisco SD-WAN Controller version 20.18.1 and later. Cisco Catalyst SD-WAN Manager Release 20.18.1 does not support the multi-stage approach for Cisco SD-WAN Controller 20.16.1 and below. For Cisco SD-WAN Controller versions prior to 20.16.1, Cisco SD-WAN Manager implements configuration changes through the older one-step configuration deployment method.
The Cisco SD-WAN Controllers older than version 20.18.1 do not support the multi-stage approach. During the validation before configuration deployment, if Cisco SD-WAN Manager detects older version alongside Cisco SD-WAN Controllers with version 20.18.1 and later, it stops the configuration deployment.
Although the process is designed to maintain configuration consistency across Cisco SD-WAN Controllers, this process may occasionally be unsuccessful. If Cisco SD-WAN Manager fails to apply configuration changes and configuration rollback does not restore consistency, you may have to manually fix the validation issues.

Scenarios for Offline Cisco Catalyst SD-WAN Controllers

Minimum Supported Version: Cisco Catalyst SD-WAN Control Components Release 20.18.1

In a successful configuration deployment scenario, the Cisco SD-WAN Manager validates and applies the configuration changes across all Cisco SD-WAN Controllers without encountering any validation issues. If one or more Cisco SD-WAN Controllers are offline during validation checks, Cisco SD-WAN Manager displays warning message when you try to apply the configuration changes. In such scenarios, Cisco SD-WAN Manager schedules the multi-stage approach for configuration deployment to a time when the Cisco SD-WAN Controller or Cisco SD-WAN Controllers are back online.

Note

To avoid any validation errors, ensure that Cisco SD-WAN Controllers are online before implementing the configuration changes.

Offline Cisco SD-WAN Controllers During Validation

The following table lists the scenarios where a Cisco SD-WAN Controller or multiple Cisco SD-WAN Controllers connected to other Cisco SD-WAN Control Components are offline during the validation stage before applying configuration changes.

Table 2. Scenarios for Offline Cisco SD-WAN Controller During Validation
Connected to Cisco SD-WAN Manager	Connected to Cisco SD-WAN Validator	Connected to Peer Cisco SD-WAN Controller	Result
Yes	Yes There is no validation check as there is a connection between Cisco SD-WAN Controller and Cisco SD-WAN Manager.	Yes There is no validation check as there is a connection between Cisco SD-WAN Controller and Cisco SD-WAN Manager.	Cisco SD-WAN Manager allow configuration changes.
No	Yes	Yes There is no validation check as there is a connection between Cisco SD-WAN Controller and Cisco SD-WAN Validator.	Cisco SD-WAN Manager does not allow configuration changes.
No	No	Yes	Cisco SD-WAN Manager does not allow configuration changes.
No	No	No	For a single tenant or a multitenant provider, Cisco SD-WAN Manager allows configuration changes. You can proceed with configuration deployment. For more information, see the section following this table. We recommend not to proceed with offline Cisco SD-WAN Controllers.
No	No	No	For multitenant provider, Cisco SD-WAN Manager does not allow configuration changes unless the offline Cisco SD-WAN Controller is in valid mode.

For the last scenario in the preceding table, where an offline Cisco SD-WAN Controller is not connected to other Cisco SD-WAN Control Components, you can continue with configuration changes. If you agree to proceed with configuration deployment, and the offline Cisco SD-WAN Controller is in valid mode, then the offline Cisco SD-WAN Controller moves to configuration initialization mode (config-init mode). In this mode, the Cisco SD-WAN Controller is not active in the network.

Cisco SD-WAN Manager schedules the configuration deployment for the offline Cisco SD-WAN Controllers to a time when these Cisco SD-WAN Controllers are back online.

When the Cisco SD-WAN Controller is back online, it receives the configuration successfully, Cisco SD-WAN Manager changes the mode to valid mode.

Note

We recommend not to use config-init mode unless it is absolutely necessary. The Cisco SD-WAN Controllers in config-init mode in the network do not participate in the route distribution, which affects network functionality. Instead of using config-init mode when Cisco SD-WAN Controllers are offline, try to bring the Cisco SD-WAN Controller back online.

Rolling Timeout for Offline Cisco SD-WAN Controllers

If one or more Cisco SD-WAN Controllers are offline during the validation or application stage, a rolling timeout occurs 25 minutes after the last successful interim ACK from any of these Cisco SD-WAN Controllers.

Warning Messages for Offline Cisco SD-WAN Controllers

When deploying a configuration on Cisco SD-WAN Controllers, Cisco SD-WAN Manager displays a warning message during validation if it detects one or more offline Cisco SD-WAN Controllers. This message includes details of the validation issues. It appears during the validation stage in the following procedures:

When activating centralized policy. For more information about the procedure, see Activate a Centralized Policy.
When deploying a topology group to the Cisco SD-WAN Control Components. For more information about the procedure, see Activate the Topology.
After pushing the configuration to the devices. For more information about the procedure, see Attach a Device Template to Devices.
When saving an application-aware policy in the Cisco SD-WAN Controllers. For more information about the procedure, see Configure Applications for Cloud OnRamp for SaaS Using Cisco SD-WAN Manager.

Verify Consistent Configuration across Cisco Catalyst SD-WAN Controllers

Minimum Supported Version: Cisco Catalyst SD-WAN Control Components Release 20.18.1

Use the following commands to verify the configuration consistency across Cisco Catalyst SD-WAN Controller.

The following is a sample output from the command show config-pull transactions detail using the detail keyword:

Device# show config-pull transactions detail
config-pull transactions 1
 txn-id     vsmart-config%db680ce3-6d0e-4bff-8ec4-094b182ab523%357be208-e4d7-41e4-8cfb-b985ff46a497
 tenant     default
 start-time 2025-01-26T03:49:15
 activity 2025-01-26T03:49:20.124
  type    validate-in-progress
  message "Time elapsed: 5 secs"
 activity 2025-01-26T03:49:24.302
  type    validate-in-progress
  message "Time elapsed: 9 secs"
 activity 2025-01-26T03:49:32.461
  type    validate-in-progress
  message "Time elapsed: 17 secs"
 activity 2025-01-26T03:49:36.626
  type    validate-success
  message "Config validation success"
 activity 2025-01-26T03:49:41.752
  type    apply-in-progress
  message "Time elapsed: 4 secs"
 activity 2025-01-26T03:49:45.917
  type    apply-in-progress
  message "Time elapsed: 8 secs"
 activity 2025-01-26T03:49:54.094
  type    apply-in-progress
  message "Time elapsed: 17 secs"
 activity 2025-01-26T03:50:10.332
  type    apply-in-progress
  message "Time elapsed: 33 secs"
 activity 2025-01-26T03:50:18.521
  type    apply-success
  message "OMP readiness check progress 100%"

In this example, you can view the transaction details for a config-pull transaction. It provides information on each transaction, intermittent state status, and so on.

The following is a sample output from the show config-pull history command using the detail keyword:

Device# show config-pull history detail
config-pull history 1
 start-time 2025-01-26T03:49:15
 tenant     default
 txn-id     vsmart-config%db680ce3-6d0e-4bff-8ec4-094b182ab523%357be208-e4d7-41e4-8cfb-b985ff46a497
 stage      validate
 duration   21
 result     success
config-pull history 2
 start-time 2025-01-26T03:49:37
 tenant     default
 txn-id     vsmart-config%db680ce3-6d0e-4bff-8ec4-094b182ab523%357be208-e4d7-41e4-8cfb-b985ff46a497
 stage      apply
 duration   41
 result     success

In this example, you can view the history of validation and application of a configuration on a Cisco SD-WAN Controller.

Cisco Catalyst SD-WAN Monitor and Maintain Configuration Guide

Bias-Free Language

Book Title

Cisco Catalyst SD-WAN Monitor and Maintain Configuration Guide

Chapter Title