Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Manage a Site

 

Tenant administrator users can use the Site-Name page to view the details of a site and manage configurations of the site.

To view the details of a site or manage the site:

  1. Click Resources > Site Management.

    The Site Management page appears.

  2. Click the Site-Name link of the site that you want to manage.

    The Site-Name page appears.

On the Site-Name page, depending on the type of site or the service selected for the site, one or more of the following tabs are displayed:

  • Overview tab:

    View general information about the site and the devices associated with the site. You can also view information about the recent alarms and alerts generated in the site. See Table 1.

  • IPVPN tab:

    View and configure IP VPN (Layer 3) parameters to connect an existing Layer 3 VPN to a network managed by Contrail Service Orchestration (CSO) through a provider hub site. For more information on IP VPN parameters, see Table 2.

    You can add, edit, or delete IP VPN configuration for a provider hub site. For more information, see Add IP VPN Configuration to Provider Hubs, Edit IP VPN Configuration for Provider Hubs, and Delete IP VPN Configuration from Provider Hubs.

    Note
    • IP VPN can be configured only for provisioned provider hub sites with OAM_AND_DATA or DATA_ONLY capability for each tenant department VPN.

    • IP VPN configuration is not applicable for data center department VPNs.

  • WAN tab:

    View detailed information about the WAN links of the site. You can also add or delete a mesh tunnel between a source site and a destination site. See Table 3.

    Note

    This tab is available only for SD-WAN sites.

  • Policies tab:

    View the list of policies applied to a site (Firewall, NAT, SSL proxy, or SD-WAN policy). Click the policy name to view the rules or intents that are applied to the site.

    You can also view:

    • The name of the tenant user who last updated the policy.

    • The date and time at which the policy was updated.

    • Deployment status of the policy (deployed or undeployed).

      Note

      This tab is available for SD-WAN and NGFW sites.

    To edit a policy, click the edit icon (at the end of the row) and you are taken to:

  • Devices tab:

    View, manage, and delete the devices for the site.

    You can also:

    • Push licenses to a device

    • Activate a device

    • View and deploy stage-1 configuration to a device

    • Download the cloud info template

    For more information on the fields displayed and tasks you can perform on the Devices tab, see About the Devices Page and Activating a CPE Device.

  • LAN tab:

    View, create, deploy, and delete a LAN segment. For information on the fields displayed, see Adding LAN Segments.

    Additionally, you can:

    • Reassign a LAN segment to a different department.

    • View the devices in a LAN segment and deploy any of these devices.

    • View the status of the deployment.

    For more information on the fields displayed and tasks you can perform on the LAN tab, see Managing LAN Segments on a Tenant Site.

  • Services tab:

    View the network services allocated to the tenant.

    Additionally, you can:

    • Deploy network services to a site: Select the network service, and then select an attachment point in the topology graphic. Alternatively, you can drag and drop the network service to an attachment point in the topology graphic.

    • Start a network service. For more information, see Start a Network Service.

    • Disable a network service. For more information, see Disable a Network Service.

    • Delete a network service. For more information, see Delete a Network Service.

    Note

    This tab is available only for SD-WAN sites.

Table 1 describes the widgets displayed on the Overview tab of the Site-Name page.

Table 1: Widgets on the Overview tab

Widget

Description

General Info

View the following general information about the site:

  • Tenant name

  • Site Type (on-premise spoke, enterprise hub, provider hub, or cloud spoke)

  • Site Role (spoke or hub)

  • Geographical location of the site

  • Contact information of the tenant

  • VPN Authentication Type (using preshared key or public key infrastructure [PKI] certificate)

  • Encryption Type (By default, it is AES-256-GCM. See Encryption Type in View and Edit Tenant Settings.)

Recent Alarms

View the recent critical, major, and minor alarms generated in the site with the date and time of occurrence.

From the Period list, you can select one of the following values to filter the generated alarms based on their time of occurrence:

  • Previous one hour

  • Previous eight hours

  • Previous one day

  • Previous one week

  • Previous one month

You can click View All Alarms at the bottom-right corner of the Recent Alarms widget to view all the generated alarms in the Alarms page (Monitor > Alerts & Alarms > Alarms). For more information, see About the Alarms Page.

Recent Alerts

View the recent critical, major, and minor alerts generated in the site with the date and time of occurrence.

From the Period list, you can select one of the following values to filter the generated alerts based on their time of occurrence:

  • Previous one hour

  • Previous eight hours

  • Previous one day

  • Previous one week

  • Previous one month

You can click View All Alerts at the bottom-right corner of the Recent Alerts widget to view all the generated alerts in the Alerts page (Monitor > Alerts & Alarms > Alerts). For more information, see About the Generated Alerts Page.

Connectivity & Devices

View the following general information about all the provisioned devices in the site:

  • Device Name

  • Device Model

  • Device Serial Number

  • Device Status

Table 2: Fields on the IPVPN tab

Field

Description

Department VPN

Name of the department VPN associated with the IP VPN configuration.

Interface Name

Enter the name of the physical interface on which you want to enable eBGP between provider hub site and the PE router.

VLAN ID

VLAN ID of the interface.

Range: 1 through 4094.

Interface IP Prefix

IPv4 address with a prefix of the interface.

AS Loop Count

Maximum number of times the detection of local Autonomous System (AS) number is allowed in the AS path. If this count exceeds the specified AS loop count, the system discards this route. This helps in preventing routing loops. For example, if you configure AS Loop Count as 1, the route is discarded if the neighbor’s local AS is detected in the path more than once.

Range: 1 through 10.

eBGP Peer-AS-Number

Autonomous system (AS) number for the eBGP peer.

Range: 1 through 4294967295.

Neighbor Address

IPv4 address of the peer interface.

Status

Status of the IP VPN configuration (in progress or deployed).

Table 3 describes the widgets displayed on the WAN tab of the Site-Name page.

Table 3: Widgets on the WAN tab

Widget

Description

Overlay and Underlay topology of WAN links

Displays the WAN link topology of the site.

Links displayed in green are up (active) and red are down.

For all sites in full mesh topology, you can view all the connected WAN interfaces for each site. Click the site connection point to see all connections between its WAN interfaces. You can view general information about each WAN interface when you hover over it.

Time Range

Select the time range by clicking on one of the following options:

  • 2 hours (2h)

  • 4 hours (4h)

  • 8 hours (8h)

  • 16 hours (16h)

  • 24 hours (24h)

  • 1 week (1w)

You can select a custom time range by clicking Custom and selecting the To and From timing. You can also drag the Time Range slider (from either sides) to select a custom time range.

Note: All the information displayed on this tab is updated based on the time range you select.

Overall Network Statistics

Displays the following metrics for the selected WAN interface in the selected timeframe:

  • Number of active dynamic VPN (DVPN) tunnels

  • Throughput (in bps)

  • Latency (in ms)

  • Packet loss (in percentage)

  • E2E (end-to-end) delay (in ms)

  • Jitter (in ms)

  • Total bytes transmitted and received

Link Metrics

Displays a graphical representation of traffic on each WAN link for the selected time interval. You can update the graph based on any of following filters (drop-down list):

  • Site Traffic: Total bytes, Transmitted bytes, Received bytes, or Throughput (in bps)

  • Events: SLA not met, Switch events, or None

  • Profiles (SLA based steering profiles): CSO-AV, CSO-Sec, CSO-Email, CSO-Productive, or CSO-FileShare.

Top Applications

Displays a horizontal bar chart of the top applications that generate the maximum traffic in the spoke site or enterprise hub site.

You can select the Site traffic list to update the chart based on the total bytes, transmitted bytes, received bytes, or throughput (in bps).

Link Utilization

Displays the link utilization (in percentage) as a circular chart of the top 10 applications and other applications. You can also view the total link capacity consumed (in bytes). You can select the Site traffic list to update the chart based on total bytes, transmitted bytes, received bytes, or throughput (in bps).

On-Demand VPN Threshold Details

When you hover over On-Demand VPN Threshold Details, you can view the threshold for creating and deleting tunnels, device SKU, maximum number of tunnels allowed, and minimum number of tunnels required before deactivation.

Additionally, you can:

You also can view the following details of the dynamic mesh tunnels history for the selected site:

Note: A new row is added to this table when there is a change in the tunnels associated with the particular site and the table entries are grouped by the destination site.

  • Type of tunnel (DVPN or Static)

  • Operation (create, update, or delete tunnel) performed on the site

  • Time (date and time at which the operation was completed)

  • Reason for performing the operation. It can be one the following:

    • ZTP: Static tunnels were added during ZTP.

    • Traffic: Tunnels were added or deleted based on the site traffic (after crossing the configured on-demand VPN threshold value).

    • Admin: You manually add, update, or delete the tunnels.

    • RMA: Based on the Return Material Authorization (RMA) performed on a site, the on-demand tunnels are created or deleted.

  • No. of overlay WAN links between two sites (on-premise spoke sites or enterprise hub sites) on which the operation was performed.

    Note: A maximum of four links are allowed between two sites.