Protocol Pack Management and Compliance

Protocol Pack Management and Compliance

Table 1. Feature History

Feature Name

Release Information

Feature Description

Protocol Pack Management and Compliance

Cisco IOS XE Catalyst SD-WAN Release 17.14.1a

Cisco Catalyst SD-WAN Manager Release 20.14.1

Cisco SD-WAN Manager management of Protocol Packs includes functions such as the following:

  • Upgrading Protocol Pack releases on routers in the network.

  • Flagging the status of routers using an older Protocol Pack release than the current reference release.

Pending requests for upgrading a device Protocol Pack

Cisco Catalyst SD-WAN Control Components Release 20.18.1

If you attempt to execute a Protocol Pack upgrade for a set of devices, it is possible that one or more of the devices are using a software version that does not support the Protocol Pack. In this case, the upgrade does not proceed for those devices.

You can choose an option for Cisco SD-WAN Manager to keep the pending request to upgrade the device’s Protocol Pack, to execute later. SD-WAN Manager checks the device when it receives a software upgrade, and if the new software version supports the Protocol Pack, SD-WAN Manager completes the upgrade.

Delete Protocol Packs

Cisco Catalyst SD-WAN Control Components Release 20.18.1

You can delete a Protocol Pack loaded into Cisco SD-WAN Manager. This is useful for removing Protocol Packs that are no longer in use in your network.

Information About Protocol Pack Management and Compliance

Cisco SD-WAN Manager includes a pre-installed Protocol Pack, which is a standard set of protocols for classifying network traffic according to the application producing the traffic. The protocols, also called applications, can be used for application-aware policy, security policy, and QoS policy, to match traffic based on the application producing the traffic. And they are used for tracking which applications are producing traffic within the network—called application visibility.

Protocol Pack Releases

Periodic Protocol Pack releases include updates to the application set, such as the following:

  • Expanding individual applications to a set of related applications to enable more granular classification of traffic

    For example, a Protocol Pack release may enable classifying the traffic produced by a multimedia application, and a subsequent release could distinguish with better granularity between the audio traffic and the video traffic that the multimedia application produces.

  • New applications

  • Renamed applications

Upgrading the Protocol Pack Installed on Devices

Devices running a long-lived Cisco IOS XE release support upgrading from the Protocol Pack built into the release to a later Protocol Pack release. This is supported from Cisco Catalyst SD-WAN Manager Release 20.15.1.

Uses for the Reference Protocol Pack Release

You can upload new Protocol Pack releases into Cisco SD-WAN Manager when they become available. For the procedure, see Upload a Protocol Pack to Cisco SD-WAN Manager. The latest release uploaded into Cisco SD-WAN Manager has a specific role. It functions as the reference Protocol Pack release. Cisco SD-WAN Manager displays the current reference release on the Configuration > Application Catalog > Application Source Settings page, in the Version field.

Cisco SD-WAN Manager uses the reference Protocol Pack release for the following functions:

  • Checking whether each router in the network is using the latest Protocol Pack available through Cisco SD-WAN Manager. If a router is using an earlier Protocol Pack, the table on the Configuration > Application Catalog > Application Source Settings page shows the status in the Compatibility Status column.

  • Checking whether policies that match traffic by application use applications that have been changed in a more recent Protocol Pack release. For information about policy compliance, see Protocol Pack Management and Compliance.

Upgrading when a device becomes compatible

If you attempt to execute a Protocol Pack upgrade for a set of devices, it is possible that one or more of the devices are using a Cisco IOS XE software version that does not support the new Protocol Pack. In this case, the upgrade does not proceed for those devices.

You can choose an option for SD-WAN Manager to save the upgrade request. SD-WAN Manager then checks the device when it receives a software upgrade, and if the new software version supports the Protocol Pack, SD-WAN Manager completes the upgrade.

Dropping the request

In unusual cases, SD-WAN Manager may drop the request to upgrade a device’s Protocol Pack. This occurs when the next software upgrade on the device also does not support the Protocol Pack that you tried to push to the device.

Here’s a scenario that demonstrates this:

  1. You try to push a Protocol Pack x to a device using a software version that does not support the Protocol Pack x.

    Result: SD-WAN Manager does not push the Protocol Pack. It saves the request and checks back later to determine when the device will be able to support Protocol Pack x.

  2. You upgrade the device’s software to another version that still does not support Protocol Pack x.

    Result: In this case, SD-WAN Manager still cannot push the Protocol Pack to the device, and it drops the pending request.

Restrictions for Protocol Pack Management and Compliance

  • Minimum Cisco SD-WAN Manager release for upgrading Protocol Packs: Cisco Catalyst SD-WAN Manager Release 20.15.1

  • We recommend upgrading the reference Protocol Pack on Cisco SD-WAN Manager to the latest version before upgrading the Protocol Pack on any devices in the network to that version.

  • We recommend using Cisco SD-WAN Manager to upgrade the Protocol Pack release on devices in the network, and not to do this individually on devices by CLI.

Upload a Protocol Pack to Cisco SD-WAN Manager

Before You Begin

For information about Protocol Pack releases, see the Cisco Protocol Pack documentation. A list of Protocol Packs appears on the NBAR2 Protocol Pack Library page.

Uploading a Protocol Pack that is a later release than previously uploaded Protocol Packs has two effects:

  • As with any upload, the Protocol Pack is available for upgrading compatible devices in the network.

  • If the uploaded Protocol Pack is a later release than previously uploaded Protocol Packs, it becomes the new reference release for Cisco SD-WAN Manager.

    Cisco SD-WAN Manager shows the current reference release on the Configuration > Application Catalog > Application Source Settings page, in the Version field.

    Cisco SD-WAN Manager uses the reference release as the basis for determining application compliance, policy compliance, and device Protocol Pack version compliance. For more information about compliance, see Protocol Pack Management and Compliance.

Upload a Protocol Pack to Cisco SD-WAN Manager

  1. Download a Protocol Pack from the Cisco Software Download site.

  2. From the Cisco SD-WAN Manager menu, choose Configuration > Application Catalog and click Application Source Settings.

  3. Locate the SD-WAN Manager Protocol Pack section of the page.

  4. Click Upload SDWAN Manager Protocol Packs to save the Protocol Pack to Cisco SD-WAN Manager.

    The uploaded Protocol Pack is available to upgrade any compatible devices in the network.

    As noted in Before You Begin, if the uploaded Protocol Pack is a later release than previously uploaded Protocol Packs then it becomes the new reference release. A pop-up window shows whether changing the reference Protocol Pack release would affect policy or device compliance.

    If any protocols in the Protocol Pack introduce name conflicts with existing custom applications, the upload does not proceed. See Information About Application Compliance in the Policy Groups Configuration Guide.

  5. Click Update or Ignore and Proceed to complete the upload.


    Note

    If you do not want to complete the upload, such as if you do not want to change the reference Protocol Pack release, click Cancel Update.

Upgrade a device Protocol Pack

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Application Catalog and click Application Source Settings.

  2. Locate the SD-WAN Manager Protocol Pack section of the page.

  3. Select one or more devices in the table by checking the check boxes for the devices.

  4. Click Upgrade Device Protocol Pack.

  5. In the pop-up window, choose a Protocol Pack release to install. Optionally, choose a scheduled upgrade.


    Note

    If you schedule an upgrade for a later time, you cannot perform additional upgrades until that upgrade is complete. Only one upgrade task can be active at a given time. In a multitenant scenario, it is one upgrade task per tenant.

  6. In case one or more selected devices have a software version that does not support the Protocol Pack, you can optionally select to upgrade the Protocol Pack later. Choose the Auto upgrade when device is compatible.

    SD-WAN Manager saves the request to upgrade the Protocol Pack on those devices. SD-WAN Manager monitors the devices when they receive a software upgrade, and if the new software version supports the Protocol Pack, SD-WAN Manager completes the intended upgrade, installing the Protocol Pack.

Cisco SD-WAN Manager upgrades the Protocol Pack on the device if the device software version allows the upgrade. See the Protocol Pack documentation for information about compatible Cisco IOS XE software versions.

Check Protocol Pack Compliance

Before You Begin

When you upload a new Protocol Pack, Cisco SD-WAN Manager automatically checks whether each device in the network is using the latest available Protocol Pack—called compliance. In addition, it checks policy and device Protocol Pack compliance at regular intervals. For more information about compliance, see Protocol Pack Management and Compliance.

You can trigger the compliance check manually using this procedure. This may be helpful, for example, to check compliance after upgrading the Protocol Pack on one or more devices.

Check Protocol Pack Compliance

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Application Catalog and click Application Source Settings.

  2. Locate the SD-WAN Manager Protocol Pack section of the page.

  3. Click Sync Compliance.

View Protocol Pack Status

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Application Catalog and click Application Source Settings.

  2. Locate the SD-WAN Manager Protocol Pack section of the page.

    At the top of the section, the Version field shows the latest Protocol Pack release uploaded to Cisco SD-WAN Manager.

    The table shows each router, the loaded Protocol Pack release, and related information, as described here:

    Field

    Description

    Hostname

    Device hostname.

    Site ID

    Device site ID.

    Device Model

    Device model name.

    Software Version

    Software release operating on the device.

    Protocol Pack Version

    Protocol Pack release loaded on the device.

    Reachability

    Reachability of the device by Cisco SD-WAN Manager.

    Compatibility Status

    • Green: The Protocol Pack loaded on the device matches the Protocol Pack loaded in Cisco SD-WAN Manager.

    • Red: The Protocol Pack loaded on the device does not match the Protocol Pack loaded in Cisco SD-WAN Manager.

    Upgrade Status

    Indicates whether a Protocol Pack upgrade has been performed on the device, and the status of the update:

    • No job history: No attempt to upgrade the Protocol Pack.

    • In-progress: Cisco SD-WAN Manager is currently upgrading the Protocol Pack on a device.

    • Success: Cisco SD-WAN Manager has upgraded the Protocol Pack.

    • Skipped: Cisco SD-WAN Manager did not find a compatible Protocol Pack.

    • Failure: Cisco SD-WAN Manager has tried unsuccessfully to upgrade a Protocol Pack.

    • Scheduled: Cisco SD-WAN Manager is scheduled to upgrade the Protocol Pack.

    • Canceled: Cisco SD-WAN Manager has canceled a scheduled upgrade.

Delete Protocol Packs

Procedure

Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Application Catalog.

Step 2

Open Application Source Settings.

Step 3

Click Delete Protocol Pack.

SD-WAN Manager shows a list of the loaded Protocol Packs. The list provides an option to delete Protocol Packs that are not in use in the network, and that don’t meet other conditions that require them to remain available. The conditions include, but are not limited to:

  • Protocol Packs that are currently deployed or scheduled for deployment

  • The Protocol Pack that SD-WAN Manager is using as its reference Protocol Pack

Step 4

From the list of loaded Protocol Packs, delete any desired Protocol Pack that has the delete option available.