X

Lumen help

Lumen SD‑WAN with Versa Networks support

Lumen® SD‑WAN with Versa Networks is designed to improve resource usage for multi‑site deployments. Versa provides centralized, cloud management that helps you efficiently manage bandwidth and ensure high‑level performance for your critical applications.

Managing Lumen SD‑WAN with Versa Networks (v20.2)

Learn more about software version 20.2 and the new features available to you.

Making changes to Lumen SD‑WAN with Versa Networks

For these changes, create a repair ticket in Control Center:

  • changing the security package
  • upgrading software
  • adding CSSP on existing service
  • adding, removing, or changing:
    • LAN IPs
    • LAN VLANs or routing not requiring provider edge (PE) router changes
    • routing an appliance outside of an order
    • firewall rules
    • NAT rules
    • QoS profiles/rules
    • forwarding profiles/rules
    • IPSec/GRE tunnel to non‑SD‑WAN sites
    • BGP or other routing protocols
    • DHCP rules
    • SNMP
    • Syslog
    • NetFlow export
    • custom objects
    • application template
    • WAN IPs for "bring your own transport"
    • bandwidth/shaping for "bring your own transport"
    • split tunneling

For these changes, create a change request in Control Center:

  • changing WAN circuit and IPs for non-"bring your own transport" services
  • adding or removing a service:
    • voice (existing)
    • Wireless Backup
  • network design changes
    • topology changes (e.g., full-mesh to hub-and-spoke)
    • Zscaler
    • split tunneling affecting overall design or gateway
    • adding or changing a gateway site
  • adding CSSP as a new service/template

Lumen SD‑WAN with Versa Networks support

Need help? Contact us: 877‑453‑8353, option 1, then 2, then 4, then 2

Lumen SD‑WAN with Versa Networks use cases

The selection of use cases for Lumen® SD-WAN with Versa Networks describes how your organization can optimize the connection of your networks to get the most from your service.

 

Controlling voice traffic flow using SD-WAN SLA profiles and policies

This voice traffic flow use case shows you how to create a rule for a voice traffic flow based on network service level agreement (SLA) parameters such as latency, jitter, and packet loss on the WAN connectivity of your branch location. It describes the three steps (SLA profiles, forwarding profiles, then policies and rules) you need to complete a configuration.

 

Controlling web traffic flow using SD-WAN SLA profiles and policies

This web traffic flow use case shows you how to create a rule for web traffic flow based on network SLA parameters such as latency, jitter, and packet loss on the WAN connectivity of your branch location. It describes the three steps (SLA profiles, forwarding profiles, then policies and rules) you need to  complete a configuration.

 

Setting up URL filtering in the SD-WAN firewall

This firewall use case shows you how to create a rule for URL filtering on an SD-WAN branch template.

 

Controlling your SD-WAN traffic using QoS

This quality of service use case reviews the standard traffic classes (called QoS profiles) and recommends the default mapping into those classes. Plus, it shows you how to edit a QoS policy (and rule) to define application level matching within these standard classes.

Frequently asked questions for Lumen SD‑WAN with Versa Networks

How do I change the appliance configuration?

On the appliance service monitoring page, click the configuration tab to see the configuration on the appliance that was built from the templates and the bind data. We recommend changes to the appliance be made only as a temporary method of testing or debugging. Before changes are made, take a picture of the appliance configuration to facilitate an easy rollback.
 

How can I check what template is used on a device?

On the appliance service monitoring page, click the template tab to see the associated templates.
 

How do templates get assigned to appliances?

An appliance is assigned to a device group, which defines the device template to use for that group of appliances. The device template defines the service templates that are used with the device template. The object you want to share across templates (i.e. application definitions) can be defined in common objects. The appliance attributes (device bind data) are the values needed for the variables in the templates (i.e. LAN IP, WAN IP).
 

How do I deploy a change to a template?

Click the commit button to deploy the changes. You must select the device template and then select the appliances you wish to deploy the updates to. Click on the eye icon to see the differences in the configurations. After you start the template deployment, you can check on the status from the tasks icon at the top of the Director.
 

How do I make a change to just one appliance and not all of them in a device group?

It is possible to just deploy a change to a single device in a device group for testing or staging of rollouts. If the topology of just one of the devices in the device group changes, then it needs to be moved to a device template (new or existing).

How do I access the appliance?

Configuration, monitoring, and reporting for the appliances is done through the SD‑WAN portal. If you need it, Lumen can provide read only CLI access to the appliances. The appliance CLI is available through the Director, local console port, or local management interface.

How do I see the status and use of the interfaces on the appliance?

On the appliance monitor page look for the CPE interfaces section to see the realtime interface use from the appliance. If you want to see historical data for your WAN circuits, click on the access circuit tab from the appliance analytics page.

How do I see the bandwidth for an SD‑WAN policy at a site?

In the SD‑WAN traffic section of the appliance monitor page you can filter the traffic by the SD‑WAN policy name or by remote site. If you want to see historical data, click on the rules tab on the appliance analytics page.

How do I see bandwidth use by an SD‑WAN application?

On the appliance service monitoring page you can see the active sessions and filter them by application. If you want to see historical data, click on the application tab on the appliance analytics page.

How do I see bandwidth use by user or device?

On the appliance service monitoring page you can see the active sessions and filter the active sessions by application. If you want to see historical data, click on the user tab on the appliance analytics page.

How do I see active sessions for a site?

On the appliance service monitoring page you can filter the active sessions by application. On the SD‑WAN appliance service monitoring page, select the SD‑WAN service, and then the sessions. Click on the eyeball icon in the session count field to filter for session by criteria such as source/destination or application. You’ll see fields from the column filter icon.

How can I see which path is being used for an SD‑WAN policy at a site?

On the SD‑WAN traffic section of the appliance monitor page you can filter the traffic by the SD‑WAN policy name as well as remote site. For detail on the status of individual paths, go to the appliance service monitoring page, select the SD‑WAN service polices item, then click on the eyeball icon to view the status of the policy. Click on the path, then remote appliance, and then detail to see the details about the paths in that policy. The path with the lowest priority will be used. If a path has a SLA violation it will show SLA violated in the priority.

How do I see the settings for an interface of an appliance?

On the appliance service monitoring page, select interfaces, then click the eyeball icon next to the interface. This provides more detail on the CPE interface section of the appliance monitor page.

How do I know the status of my network?

When an appliance has an outage or if a circuit is down, an auto‑ticket will be opened in Control Center. The operations guide will list the auto‑ticketed events and threshold.

‑ Circuit with high utilization

‑ Path down (but not whole circuit)

‑ Path experiencing SLA violation

How do I look at the status of a site?

On the appliance service monitoring page, the CPE interface section shows the interface status and current realtime use for all interfaces. Under the services tab, the SLA paths will show the status of the paths on the SD‑WAN overlay network to another site. It will show the number of FLAPS (state change) and the time of the last flap. Under the services tab, the SLA metrics will show the last measurement for the quality of the path (packet loss/jitter/latency).

How do I test connectivity from a site (i.e. ping)?

On the appliance service monitoring page, click the services tab to see the ARP tables for any interface. On that same page, the tools tab allows you to perform ping, trace routes, and packet captures on any routing instance.

How do look at the routes on the SD‑WAN appliance?

On the appliance service monitoring page, click the services tab to see the routes for any routing instance on the appliance. If there are multiple routes, the active route will be identified with a plus sign. If the route is to another routing instance on the appliance (typically a split tunnel) it will be a 169.x.x.x target. The peering between routing instances can be seen in the interface configuration on the tunnels tab. If a route is across the overlay network to another SD‑WAN appliance, then the next hop will be the management IP of the SD‑WAN appliance. The management IPs can be seen on the appliance list.

How do I reboot a device or restart services?

On the appliance service monitoring page, click the Administration tab, then select Operations.

How do I check the classification for a URL?

On the appliance service monitoring page, click the configuration tab, then click objects, then pre-defined objects, then URL categories, and then click on the lookup icon.

How do I check the security package update history on an appliance?

On the appliance service monitoring page, click the services tab, click NGFW, and then click security packages.

How do I request SD-WAN training?

You’ll need to open a support ticket and complete the form to request training.

How do I make a change to my SD-WAN service?

You’ll need to open a change request ticket and complete the form to make changes.

How will I know when a ticket is created and updated?

You will receive an email from Lumen letting you know that a ticket has been created. And you will receive additional emails when updates have been made.

After a ticket is opened, what are the next steps for the support team?

You will receive an email from Lumen confirming we have received your request.

Lumen SD‑WAN with Versa Networks glossary

Too many acronyms and terms for you to keep track of? Use this glossary of commonly used terms to help you manage your service.

Term Description
Analytics Provides visibility into the SD‑WAN topology by gathering IPFIX data from the controller, hub, and branch sites. The data is displayed in readily accessible formats.
Autonomous system (AS) An AS is a network or a collection of networks that are all managed and supervised by a single entity or organization. AS has different subnetworks with combined routing logic and common routing policies.
BFD Bidirectional forwarding detection and provides fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols.
BGP Border gateway protocol manages how packets are routed across the internet through the exchange of routing and reachability information between edge routers.
Branch A branch is used to distribute information to, from, and among remote sites, stores, branch offices, and data centers.
CMS The cloud management system uses software and technologies designed for operating and monitoring applications, data and services residing in the cloud.
CSN Control and service node may be a public or private computer providing an intelligent network.
DSCP Differentiated services code point is a way of classifying and managing network traffic and providing quality of service (QoS) in layer 3 IP networks.
EBGP External border gateway protocol is a BGP extension that is used for communication between distinct AS.
ESP Encapsulating security payload provides data confidentiality, data origin authentication, data integrity checking, and replay protection.
FlexVNF branch Branch is the distributed routing and service node in an SD‑WAN topology.
FlexVNF hub The FlexVNF hub is a uniquely named FlexVNF branch node, running the same FlexVNF software as a branch node, but potentially running multiple tenant organizations, additional scalable centralized services, and may run on elastic cloud and data‑center based server resources. The FlexVNF hub may also act as a traffic exchange site in a distributed star topology, and may also assist in hosting IPsec connectivity for sites with restrictive NAT traversal requirements.
Hub A hub serves as a central connection for all of network equipment and handles a data type known as frames.
IETF The internet engineering task force is an open standards organization that develops and promotes voluntary internet standards that comprise the internet protocol suite.
IKE Internet key exchange is the protocol used to set up a security association in the IPsec protocol suite. IKE builds on the Oakley protocol and ISAKMP.
Intelligent network Enables a phone call to be located separately from the switching facilities, allowing services to be added or changed without having to redesign switching equipment.
IPFIX Internet protocol flow information export is the name of the IETF working group defining the protocol.
ISAKMP Internet security association and key management protocol is defined by RFC 2408 for establishing security associations and cryptographic keys in an internet environment.
LAN A local area network is a computer network that interconnects computers within a limited area such as a school or office building.
LEF Logging and export function
MPLS Multiprotocol label switching is a technique, not a service, that insures reliable connections for real‑time applications.
MTU The maximum transmission unit is the size of the largest protocol data unit that can be communicated in a single network layer transaction.
NAT Network address translation is where a network device, usually a firewall, assigns a public address to a group of computers inside a private network. NATs limit the number of public IP addresses a company must use, for both economy and security purposes.
NAPT Network address port translation is a technique in which port numbers and private IP addresses are mapped from multiple internal hosts to one public IP address.
NLRI Network layer reachability information is exchanged between BGP routers using update messages.
OSI model Open systems interconnection model is a conceptual model that standardizes the communications of a computing system without regard to its underlying internal structure and technology.
OSPF Open shortest path first is a routing protocol for IP networks. It uses a link state routing algorithm and falls into the group of interior gateway protocols, operating within a single AS.
Post‑staging After the staging phase, the branch goes into the post‑staging phase. During this phase, the branch is configured for communication with Versa Director.
Router A router is a device that forwards data packets along networks. A router is connected to at least two networks and is located at gateways, the places where two or more networks connect.
SD‑WAN Software defined‑WAN simplifies the management and operation of a WAN by decoupling the networking hardware from its control mechanism.
SD‑WAN controller Controller acts as the primary control node for SD‑WAN routing and IPSec connectivity. Rather than creating a full mesh of IPsec IKE and security associations, the controller manages the distribution of SD‑WAN topology using BGP.
SD‑WAN portal A zero‑based provisioning website at one or more data centers with connectivity to manage and control networks for SD‑WAN.
Staging During a branches initial attachment to your network, it goes through a staging phase. During this configuration process a controller address, IPsec, and authentication information is connected to the controller(s) hosting the site‑specific SD‑WAN.
Switch A device that filters and forwards packets between LAN segments. Switches operate at the data link layer (layer 2) and sometimes the network layer (layer 3) of the OSI Reference Model.
Tenant organizations Tenant organizations are logical containers that enable grouping and partitioning between enterprise organizations (for example, HR, Finance) or customers (for example, Coca Cola, Pepsi). One or more parent organizations are created (for example, Service Provider), along with tenant organizations that are be defined within SD‑WAN controllers, hubs and branch nodes.
TTL Time to live, also known as hop limit, is a mechanism that limits the lifespan or lifetime of data in a computer or network.
VCSN Versa control and service node
VNF Virtualized network function is responsible for handling network functions that run in one or more virtual machines on top of the hardware networking infrastructure, which can include routers, switches, servers, and cloud computing systems.
VNI Virtual network interface is is an abstract virtualized representation of a computer network interface that may or may not correspond directly to a network interface controller.
VPN A virtual private network is a technology that creates an encrypted connection over a less secure network. 
VRRP Virtual routing and forwarding is a technology that allows multiple instances of a routing table to co‑exist within the same router at the same time.
VXLAN Virtual extensible LAN is a network virtualization technology that addresses the scalability problems associated with large cloud computing deployments.
Versa Director VNF Manager for all controllers, SD‑WAN hubs, and branch nodes. Versa Director is provisioned at one or more data centers with connectivity to management and control networks for the SD‑WAN.
Versa Analytics The Versa analytics node provides a pre‑integrated solution to a full operational visibility into the SD‑WAN topology. The analytics node gathers IPFIX data from the controller, hub, and branch sites and archives and displays this data in readily accessible formats.