This lab was developed with our partner, Cisco. Your personal information may be shared with Cisco, the lab sponsor, if you have opted-in to receive product updates, announcements, and offers in your Account Profile.

GSP1113

Overview

This integration is between Cisco's Catalyst Software-Defined Wide Area Network (SD-WAN) solution and Google Cloud's Virtual Private Cloud (VPC). It allows the customers to use Cisco Cloud onRamp for Multicloud to connect their branch sites to the workloads deployed in Google Cloud and leverage the bandwidth of the Google Cloud backbone for mission critical traffic. Additionally, Cisco Cloud onRamp for Multicloud provides an audit mechanism that verifies whether the Google Cloud state and Cisco vManage state are in sync. If out of sync, Cisco vManage takes corrective action to resolve the issue(s) and bring parity in the states. With Cloud onRamp for Multicloud being the single pane of glass management to orchestrate both Cisco Catalyst SD-WAN components and Google Cloud VPC, the entire process is simplified and automated. There are four key components of this integration:

1. Cisco Cloud OnRamp for Multicloud: Cloud OnRamp for Multicloud extends the fabric of the Cisco Catalyst SD-WAN overlay network into public cloud instances, allowing branches with Cisco Catalyst SD-WAN routers to connect directly to public-cloud application providers.
2. Cisco Catalyst SD-WAN virtual router: The Cisco Catalyst 8000V Edge Software is a virtual-form-factor router that delivers comprehensive WAN gateway and network services functions into virtual and cloud environments. It enables enterprises to transparently extend their WANs into provider-hosted clouds.
3. Google Cloud VPC: A VPC network is a global resource which consists of a list of regional virtual subnetworks (subnets) in data centers, all connected by a global WAN. VPC networks are logically isolated from each other in Google Cloud.
4. Google Cloud NCC: Network Connectivity Center (NCC) offers the unique ability to easily connect your on-premises, Google Cloud, and other cloud enterprise networks and manage them as spokes through a single, centralized logical hub on Google Cloud.

What you'll learn

• How to create a site-to-site cloud VPN with Cisco SD-WAN

Use Case

Cisco Cloud onRamp for Multicloud brings automation for Infrastructure as a Service (IaaS) use cases on Google Cloud. Starting with 17.5/20.5 IOS XE SD-WAN software, Cisco Cloud onRamp for Multicloud helps with the following two use cases:

• Site-to-cloud: A branch location needs to access an application running in a VPC on Google Cloud.
• Site-to-site: Two branches located in different regions must be connected via a Google Cloud global network.

This lab will focus on the site-to-cloud use case. If you want to learn more about the site-to-site use case, please contact your Cisco or Google representative and they will guide you to a dedicated lab for this use case.

High-level Design

The following building blocks are important for the Cisco Cloud onRamp for Multicloud design:

• Cisco Catalyst 8000V virtual SD-WAN router
• Google Cloud Network Connectivity Center (NCC)
• Google Cloud Router and VPC Peering

Cisco vManage will use built-in automation to do the following:

1. Create WAN-VPC and spin up two Cisco Catalyst 8000V SD-WAN virtual routers
2. Create site-to-cloud VPC
3. Create site-to-site VPC
4. Bring up Google Cloud Routers (GCR)
5. Automate VPC peering and BGP routing between GCR and Cisco C8000V routers

The following technical diagram summarizes the design for both use cases:

The following technical diagram summarizes the design for the site-to-cloud (in the same region) use case:

Note about rebranding

Starting with 17.12/20.12 IOS XE SD-WAN software, Cisco Viptela SD-WAN has been rebranded to Cisco Catalyst SD-WAN. With this rebranding, several components of the SD-WAN solution have been renamed as well. Please see the following table for the name changes:

Former Name	New Name	Name in Documentation	Name Displayed on Screen	API/CLI
Cisco SD-WAN	Cisco Catalyst SD-WAN	Cisco Catalyst SD-WAN	Cisco Catalyst SD-WAN	Cisco Catalyst SD-WAN
vManage	Cisco Catalyst SD-WAN Manager	SD-WAN Manager	Manager	vManage
vAnalytics	Cisco Catalyst SD-WAN Analytics	SD-WAN Analytics	Analytics	vAnalytics
vBond	Cisco Catalyst SD-WAN Validator	SD-WAN Validator	Validator	vBond
vSmart	Cisco Catalyst SD-WAN Controller	SD-WAN Controller	Controller	vSmart
Self Service Portal	Cisco Catalyst SD-WAN Portal	Cisco Catalyst SD-WAN Portal	Cisco Catalyst SD-WAN Portal	SD-WAN Portal
Cloud-Delivered Cisco SD-WAN	Cloud-Delivered Cisco Catalyst SD-WAN	Cloud-Delivered Cisco Catalyst SD-WAN	Cloud-Delivered Cisco Catalyst SD-WAN	N/A

This lab however uses 17.6/20.6 IOS XE SD-WAN software so the old naming conventions will be used, but please take note and be aware of the new rebranding of Cisco Catalyst SD-WAN going forward.

Setup and requirements

How to start your lab and sign in to the Google Cloud console

1. Click the Start Lab button. If you need to pay for the lab, a dialog opens for you to select your payment method. On the left is the Lab Details pane with the following:

   • The Open Google Cloud console button
   • Time remaining
   • The temporary credentials that you must use for this lab
   • Other information, if needed, to step through this lab

2. Click Open Google Cloud console (or right-click and select Open Link in Incognito Window if you are running the Chrome browser).

   The lab spins up resources, and then opens another tab that shows the Sign in page.

   Tip: Arrange the tabs in separate windows, side-by-side.

   Note: If you see the Choose an account dialog, click Use Another Account.

3. If necessary, copy the Username below and paste it into the Sign in dialog.

   {{{user_0.username | "Username"}}}

   You can also find the Username in the Lab Details pane.

4. Click Next.

5. Copy the Password below and paste it into the Welcome dialog.

   {{{user_0.password | "Password"}}}

   You can also find the Password in the Lab Details pane.

6. Click Next.

   Important: You must use the credentials the lab provides you. Do not use your Google Cloud account credentials. Note: Using your own Google Cloud account for this lab may incur extra charges.

7. Click through the subsequent pages:

   • Accept the terms and conditions.
   • Do not add recovery options or two-factor authentication (because this is a temporary account).
   • Do not sign up for free trials.

After a few moments, the Google Cloud console opens in this tab.

Note: To access Google Cloud products and services, click the Navigation menu or type the service or product name in the Search field.

Task 1. Prepare Google Cloud Accounts

Cisco vManage can take up to 8 minutes to become available after the lab has been started and the resources have been provisioned. While we wait, let’s prepare the Google Cloud accounts so that they are ready for our Cloud onRamp for Multicloud workflow later on.

Step 1: Create service account in Google Cloud for Project 1

1. Go to the Google Console of the first project by clicking the Google Console Project 1 button on the Qwiklab. Log in using the Username and Password provided in the left panel of the Qwiklab.

2. Once logged in, click on the navigation menu in the top right to expand the navigation menu. Hover over IAM & Admin from the list of options and then select IAM.

3. To create a service account, click on Service Accounts from the menu on the left and then select + CREATE SERVICE ACCOUNT near the top.

4. On the Create service account page, fill in the following details:

   1. Service account details

      • Service account name: vManage

      • Service account ID: vmanage

      • Click CREATE AND CONTINUE.

   2. Grant this service account access to project

      • Role: Owner

        Note: You need to hover on Basic in the Quick access section to find the Owner role.

      • Click Done.

5. Locate your new service account in the list - click on the ellipsis and select Manage keys from the dropdown menu.

6. On the new page, select ADD KEY and then select Create new key from the dropdown.

7. In the pop-up window, select the JSON radio button option and then click Create. This will download a JSON file with the private key to your local computer. In addition, you will see a pop-up window warning you that a private key has been saved to your computer - click CLOSE to exit.

Step 2: Create service account in Google Cloud for Project 2

We will repeat the same step for the second project.

1. In another tab, go to the Google Console of the second project by clicking the Google Console Project 2 button on the Qwiklab. Log in using the Username and Password provided in the left panel of the Qwiklab.

2. Once logged in, click on the navigation menu in the top right to expand the navigation menu. Hover over IAM & Admin from the list of options and then select IAM.

3. To create a service account, click on Service Accounts from the menu on the left and then select + CREATE SERVICE ACCOUNT near the top.

4. On the Create service account page, fill in the following details:

   1. Service account details

      • Service account name: vManage

      • Service account ID: vmanage

      • Click CREATE AND CONTINUE.

   2. Grant this service account access to project

      • Role: Owner

      Note: You need to hover on Basic in the Quick access section to find the Owner role.

      • Click Done.

5. Locate your new service account in the list - click on the ellipsis and select Manage keys from the dropdown menu.

6. On the new page, select ADD KEY and then select Create new key from the dropdown.

7. In the pop-up window, select the JSON radio button option and then click Create. This will download a JSON file with the private key to your local computer. In addition, you will see a pop-up window warning you that a private key has been saved to your computer - click CLOSE to exit.

Be sure to make note of which JSON file belongs to which Google project. We will use these files later on when associating the Google accounts with Cisco vManage.

Task 2. Verify Catalyst 8000V Edges are Licensed in Cisco vManage

Step 1: Log into Cisco vManage and explore the GUI

1. Cisco vManage should be ready now. Log in using the URL provided in the left panel and the following credentials:

• Username: admin
• Password: pass

Note: Wait a few minutes before trying to access the vManage URL again if it says vManage is unavailable. You may get a page saying “Your connection is not private”, but this does not affect the lab. Please proceed.

2. Once logged in, you will be taken to the main Overview page.

3. To get a feel for the Cisco vManage GUI, click the hamburger menu icon in the top left corner and explore the various options. However - please do not make any changes unless specifically asked to do so in this lab. Once done exploring, click Cisco SD-WAN in the top left to go back to the main page.

Step 2: View and select available devices

For this Cloud onRamp for Multicloud with Google Cloud integration lab, you will need at least two Catalyst 8000V Edge devices.

1. Click the hamburger menu icon once again to expand the list of options. To find the available devices and their respective license information, click Configuration and then Devices. Devices that have "Token – ..." in the Serial No./Token column have been licensed and are ready to be selected. Notice the green icon in the Certificate State column illustrates that these devices are available and ready as well.

Note: You may need to scroll horizontally in the table to view all columns of the device table.

The devices shown in the screenshot may differ from the ones you see.

2. Select two of the available Catalyst 8000V edge devices and take note of their Chassis Numbers.

Example Chassis Number: C8K-30484B1A-566D-116A-5B99-1ABFA78E274B

We will use these Chassis Numbers later when we attach the devices to a template and create our cloud gateway.

Note: You may need to expand the Chassis Number column to view the whole Chassis Number.

Task 3. Discover Templates and Add Catalyst 8000V Edges to Template

Step 1: Navigate to the device templates

A template is a reusable set of configuration objects that can be applied to devices. Some of these objects have global configurations that can be pre-populated into the template. Unique device variables are entered when we attach these devices to the template. In this lab, we will be entering 4 variables - Color, Hostname, System IP, and Site ID. Before configuring Cloud onRamp for Multicloud for Google Cloud, you need to first attach two of the available devices previously selected to a Device Template.

1. Click the hamburger menu icon in the top left to review the menu again. Click on Configuration then click Templates. Once on the Configuration – Templates page, select Device Templates at the top.

Please do not modify any of the templates!

In the list of device templates, you will see a pre-configured template with the following name: GCP_C8000V_Template_V01. This will be the template we use to configure the Catalyst 8000V cloud gateway routers created in Google Cloud.

Step 2: Attach two Catalyst 8000V edges to device template

1. Click on the ellipsis (three dots) on the right and select Attach Devices from the dropdown.

2. Select two of the available devices picked in the previous step by clicking on them in the Available Devices list on the left and then clicking the right arrow in the middle to add them to the Selected Devices list on the right. Then click Attach.

3. Now you need to assign values for the variables defined in the Device Template. Click on the ellipsis on the right for the first device and click on Edit Device Template. Fill in the variable values with the values provided in the table below. Once the variable values are assigned, click Update.

Config Variable	Device 1	Device 2
Color	public-internet	public-internet
Hostname	sdwan--cgw-r1	sdwan--cgw-r2
System IP	1.1.100.1	1.1.100.2
Site-ID	100	100

4. Update device template for first device:

5. Repeat the same process to assign values to the variables for the second device using the values provided in the table above.

6. Update device template for second device:

7. Once finished with both devices, click Next located at the bottom of the screen.

Step 3: Confirm and configure Catalyst 8000V edges

1. Cisco vManage generated a configuration for each device based on the device template. Click on each device from the device list on the left to review the configuration created.

2. Once ready, click on Configure Devices. Check the checkbox to confirm the configuration changes once asked and click OK.

Cisco vManage will take a moment to configure the devices. Once finished, you will see the status Done – Scheduled. You will also see the message Device became unreachable. This is normal and expected as we have not created the cloud gateway yet and the devices have not been initialized. When the devices are created, they will check in and receive these configurations.

Task 4. Prepare Cloud onRamp for Multicloud

Step 1: Navigate to Cloud onRamp for Multicloud in Cisco vManage

The Cloud onRamp for Multicloud page is where we will configure many of our settings for this lab. To navigate to the Cloud onRamp for Multicloud page, click on the icon in the top right and then click Cloud onRamp for Multicloud.

Step 2: Review cloud accounts

In the Workflows section, under SETUP, click on Account Management.

We see that there are no cloud accounts currently associated with Cisco vManage.

In the next few steps, we will associate the Project 1 and Project 2 Google Cloud accounts so Cisco vManage can have the correct access to create Google Cloud resources.

Step 3: Associate Project 1 Google Cloud account with Cisco vManage

1. Click on Associate Cloud Account.

2. On the Provide Cloud Account Details page, fill in the following details:

   • Cloud Provider: Google Cloud

   Note: You will not see some of the following fields until you select Google Cloud as the Cloud Provider.

   • Cloud Account Name: DevOps
   • Use for Cloud Gateway: No
   • Service Directory Lookup: Enabled
   • Private Key ID: Click Upload Credential File, select the JSON file downloaded in Task 1 for Project 1, and then click Upload.

3. Once finished, click Add.

Step 4: Associate Project 2 Google Cloud account with Cisco vManage

We will repeat the previous step for Project 2. Click on Associate Cloud Account again

1. Go back to Cisco vManage and click Associate Cloud Account again.

2. On the Provide Cloud Account Details page, fill in the following details:

   • Cloud Provider: Google Cloud

   Note: You will not see some of the following fields until you select Google Cloud as the Cloud Provider.

   • Cloud Account Name: NetOps
   • Use for Cloud Gateway: Yes

   Note: You MUST enable the ‘Yes' radio button in order for Cloud Gateway creation to be successful.

   • Service Directory Lookup: Enabled
   • Private Key ID: Click Upload Credential File, select the JSON file downloaded in Task 1 for Project 2, and then click Upload.

3. Once finished, click Add.

Step 5: Add Cloud Global Settings

1. After the previous step, you will see a Success! message on the Cloud Account Management page. Click on the Cloud Global Settings link in the Success! message to proceed. You can also get to the Cloud Global Settings page by navigating back to the main Cloud onRamp for Multicloud page and selecting Cloud Global Settings under SETUP in the Workflows section.

In this step, we will set the cloud global settings. Cloud global settings are used by all cloud gateway instantiations for a specific cloud provider (unless customized otherwise when creating the cloud gateway).

2. To create the Cloud Global Settings, click + Add on the top right.

3. Fill in the following details:

   • Cloud Provider: Google Cloud
   • Software Image: Marketplace C8000v 17-06-05
   • Instance Size: n1-standard-4 (4 vCPU)
   • IP Subnet Pool: 10.76.0.0/16
   • Cloud Gateway BGP ASN Offset: 64520
   • Intra Tag Communication: Enabled
   • Site-to-site Communication: Disabled
   • Service Directory Lookup Capable: Enabled
   • Network Service Tier: STANDARD
   • Enables Periodic Audit: Enabled
   • Enable Auto Correct: Disabled

4. Once finished, click Save at the bottom right.

Task 5. Discover and Tag Host VPCs

Step 1: Discover Host Private Networks

1. After the previous step, you will see a Success! message on the Cloud Global Settings page. Click on the Discover Host Private Networks link in the Success! message to proceed. You can also get to the Discover Host Private Networks page by navigating back to the main Cloud onRamp for Multicloud page and selecting Host Private Networks under DISCOVER in the Workflows section.

This page displays all Host Private Networks (host VPCs) across all of the regions associated with the Google Cloud account. From here, you are also able to add, modify, and delete tags to different VPCs for better management. Cloud onRamp for Multicloud will sync with Google Cloud to add these tags to the VPCs. If you would like to use Cloud onRamp for Multicloud to manage service-side VPN-to-VPC and/or VPC-to-VPC communication later, tags must be added for the VPC(s).

Step 2: Add tags to Host VPCs

Now we will tag the host VPCs so we are able to easily manage connectivity between the VPCs and SD-WAN branch VPNs later on.

1. Select the host VPC that has the name hostvpc1 and is associated with the DevOps account. Click Tag Actions and then Add Tag from the dropdown.

2. Fill in the Tag Name as the following:

Host VPC Name	Tag Name
hostvpc1	-cloudapp1

3. Click Add. If the tagging is successful, you will see a Success message under Status.

4. Next tag the second Host VPC. Navigate back to the main Cloud onRamp for Multicloud page. Once again, click Host Private Networks under DISCOVER in the Workflows section.

5. This time select the host VPC that has the name default and is associated with the NetOps account. Click Tag Actions and then Add Tag from the dropdown.

Note: We are using the default VPC in place of a hostvpc2 solely for demonstration purposes. In a production environment, -cloudapp2 would be a dedicated host VPC. In order to follow best practice recommendations, we will not map the default VPC to the SD-WAN network in a later step.

6. Fill in the Tag Name as the following:

Host VPC Name	Tag Name
default	-cloudapp2

7. Click Add. If the tagging is successful, you will see a Success message under Status again.

8. Once complete – navigate back to the Host Private Networks page and you will see that the two Host VPCs (hostvpc1 and default) now have Host VPC Tag Names (-cloudapp1 and -cloudapp2).

Task 6. Create Cloud Gateway in Region

In Cisco vManage, go back to the main Cloud onRamp for Multicloud page.

We will now create a cloud gateway in the region.

1. In the Workflows section, under MANAGE, click on Create Cloud Gateway.

2. On the Create Cloud Gateway page, fill out the fields with the following values:

Field	Value
Cloud Provider:	Google Cloud
Cloud Gateway Name:	-cgw (This must be all lowercase)
Description (optional):	CoR Sandbox
Account Name:	NetOps
Region:
Site to Site:	No
Software Image:	Marketplace C8000v 17-06-05
Image size:	n1-standard-4 (4 vCPU)
Subnet Pool:	10.76.0.0/16
Network Service Tier:	STANDARD
UUID:	Select the two Catalyst 8000V edge devices configured earlier.

3. Once complete, click Add.

This step may take approximately 5-7 minutes.

While we wait, let's explore what is going on in the background:

1. Cloud onRamp is using APIs to configure services with the authenticated Google Cloud account.
2. We create a new Site-to-Cloud Network Connectivity Center (NCC) Hub.
3. We create a WAN-VPC.
4. We create a Site-to-Cloud VPC.
5. We create a Site-to-Site VPC (not used in this use case).
6. We create a WAN subnet.
7. We create a Site-to-Cloud subnet and 2 cloud routers.
8. We instantiate 2 Catalyst 8000V Edge devices in Google Cloud and give them a basic bootstrap configuration.
9. Once up, the devices register and authenticate with the SD-WAN control plane using a secure DTLS tunnel.
10. We collect variables related to the cloud gateway and create a configuration.
11. This configuration is pushed to the Catalyst 8000V Edge devices in Google Cloud.
12. We then establish a BGP peering relationship with the cloud gateway routers and learn routes.
13. These routes are then ready to be redistributed to OMP and reflected to all the branches should we declare intent.

Note: Click the in the table to expand the messages field to view all of the creation messages.

While waiting for the cloud gateway creation, feel free to proceed to the next step in a new tab.

Once the creation is successful, you will see a Success message under Status.

Check cloud gateway

Task 7. Create VPC Network Peering

Step 1: Create VPC network peering connection

We will now create a VPC network peering connection between the two Google Cloud projects.

In a real production environment, SD-WAN controllers will most likely have public IP addresses and will be reachable for all SD-WAN routers. In this lab environment however, the SD-WAN controllers are in one Google Cloud project and the SD-WAN routers are in another without direct connectivity. Therefore, VPC network peering is required to create a connection between the two Google Cloud projects. Please note that this VPC peering would most likely not be necessary in a production environment, and therefore you would not need to visit the Google Console throughout this entire workflow.

1. Go back to Google Cloud Console and be sure you are in the second project: .

2. Click the Navigation Menu icon on the top left to expand the menu options. Select VPC network and then click VPC network peering.

3. On the VPC network peering page, click CREATE CONNECTION and then click CONTINUE.

4. Fill in the peering connection fields with the following values:

   • Name: wan-transport
   • Your VPC network: wan-cisco-sd-wan-gcp
   • Peered VPC network: In another project
   • Project ID: (your Google Cloud Project 1 ID)
   • VPC network name: transport-vpc

5. Leave IPv4 selected, check the remaining boxes, and then click Create.

6. Go to the first project () and repeat the same steps to complete the peering connection.

7. Click the Navigation Menu icon on the top left to expand the menu options. Select VPC network and then click VPC network peering. On the VPC network peering page, click CREATE CONNECTION and then click CONTINUE.

8. Fill in the peering connection fields with the following values:

• Name: transport-wan
• Your VPC network: transport-vpc
• Peered VPC network: In another project
• Project ID: (your Google Cloud Project 2 ID)
• VPC network name: wan-cisco-sd-wan-gcp

9. Leave IPv4 selected, check the remaining boxes, and then click Create.

Step 2: Verify VPC network peering connection and cloud gateway health

1. Once created, verify that the peering connection was successful by confirming that the Status is green and active for each peering connection in each project.

2. Once you've verified the peering connections, go back to Cisco vManage and navigate to the main Cloud onRamp for Multicloud page. Wait for both Health and Devices to be in Green state and reachable before moving to the next step. You may need to refresh the table using the refresh icon on the right.

3. Click the next to Network Snapshot to expand the Network Snapshot section. The Network Snapshot now shows 1 Cloud Gateway and 2 WAN Edges that are up for Google Cloud.

Task 8. Map VPN and Host VPC

In this task, we will declare our intent to have -cloudapp1 (Google Cloud host VPC) available to the SD-WAN branch VPN 10 network.

This is the key step where we map SD-WAN networks (in this case VPN 10) to Google Cloud infrastructure (host VPCs in region). This simple mapping table is the main benefit of Cisco Cloud onRamp automation, where the connectivity between SD-WAN and Cloud Infrastructure can be done with one click in a simple table. All is done within Cisco vManage – there is no need to jump between cloud console and vManage.

Step 1: Define mapping intent

1. In Cisco vManage, go to the Cloud onRamp for Multicloud main page. In the Workflows section, under INTENT MANAGEMENT, click Cloud Connectivity.

2. You will start with empty boxes and no arrows indicating that none of the Host VPCs are allowed to communicate with the VPNs. Select Edit to make changes.

Note: Cloud onRamp for Google Cloud doesn't allow mapping of more than one SD-WAN service VPN to Google Cloud VPC. For example, if a VPN10 mapping already exists for a host VPC, another VPN mapping (ex: VPN11) cannot be done for that host VPC.

3. Click on the box indicating -cloudapp1 to enable communication between it and VPN10. The blue boxes with arrows indicate those are newly defined rules. In order for these new rules to become effective, press Save.

Note: Do not attempt to map -cloudapp2 and VPN10. We only tagged the default VPC (-cloudapp2) for demonstration purposes.

4. Cisco vManage now configures the segmentation. This step may take 1-2 minutes. Click the to expand the messages field. Once the configuration is successful, you will see a Success message under Status.

Step 2: Verify mapping intent

1. Go back to the Intent Management – Cloud Connectivity page (navigate back to the main Cloud onRamp for Multicloud screen and then click Cloud Connectivity under INTENT MANAGEMENT). You should now see that the blue boxes have now changed to green indicating that the intents have been realized. If the intent definition changes were not successful, the boxes will be red.

Check peering connections

Task 9. Cloud Audit

Step 1: Run Cloud Audit in Cisco vManage

1. In Cisco vManage, go back to the Cloud onRamp for Multicloud main page. In the Workflows section, under INTENT MANAGEMENT, click Audit.

2. Once on the Audit page, select Google Cloud from the dropdown for the Cloud Provider.

3. Wait a moment while Cisco vManage performs the audit. Once the audit is complete, you should see a Status of green and In Sync – this indicates that the Google Cloud state is in sync with the Cisco vManage state.

Step 2: Simulate a cloud error in Google Cloud

Now let's simulate a cloud error so we can demonstrate the power of the Cloud Audit in Cisco vManage.

1. Go back to Google Cloud and be sure you are in the second project: ().

2. If you are still on the VPC network peering page, click REFRESH. Otherwise, navigate back to the VPC network peering page by either searching ‘VPC network peering' in the search bar above or using the Navigation Menu as demonstrated previously.

Once back to the VPC network peering page, we will simulate a cloud error by killing the VPC peering with hostvpc1.

3. Select the connection with hostvpc1 as the Peered VPC Network and click DELETE.

4. Confirm that you want to delete the peering connection by clicking DELETE on the confirmation window.

Once deleted, only the peering connection we manually created earlier remains.

Step 3: Re-run Cloud Audit in Cisco vManage

1. Now we will re-run the cloud audit. Go back to Cisco vManage and the Cloud onRamp for Multicloud main page. Once again, click Audit under INTENT MANAGEMENT in the Workflows section.

2. Once on the Audit page, select Google Cloud as the Cloud Provider and wait a moment while the audit runs.

3. Once the audit is complete, we now see that the Status is red and Out of Sync.

Step 4: Resolve cloud error in Cisco vManage

1. Now let's fix the sync issue that we created. Click the Fix Sync Issues button on the Audit page.

2. Click the to expand the messages field and watch as Cisco vManage fixes the cloud problem in less than a few minutes.

Once the fix is successful and complete, you will see a Success message under Status.

Step 5: Verify that the cloud error has been resolved

1. To confirm that our problem is fixed, let's re-run the cloud audit one last time. Go back to Cisco vManage and the Cloud onRamp for Multicloud main page. Again, click Audit under INTENT MANAGEMENT in the Workflows section.

2. Once on the Audit page, select Google Cloud as the Cloud Provider and wait a moment while the audit runs.

When the audit is complete, we see that the Status is now green and In Sync once again!

3. Now let's check the peering connection in Google Cloud too. Go back to Google Cloud and the second project. Click REFRESH on the VPC network peering page.

We see the second peering connection is back again, all thanks to Cisco vManage.

Congratulations!

You have successfully completed the lab!

In this lab, we saw the simplified workflow that Cisco Cloud onRamp for Multicloud provides within Cisco vManage’s single pane of glass. Cisco Cloud onRamp for Multicloud automates and seamlessly connects enterprise networks to public cloud providers with site-to-cloud connectivity, allowing SD-WAN policy to be extended into the cloud infrastructure. We saw this solution with Google Cloud today, however other cloud providers (e.g., AWS and Microsoft Azure) are also supported. This workflow normalizes the user experience across different cloud provider networks and accelerates reachability to multicloud workloads – all from Cisco vManage.

Take your next lab

Continue your quest with Cisco: SD-WAN Cloud Hub with Google Cloud.

Next steps / Learn more

Be sure to check out the following resources to learn more:

• Cisco on the Google Cloud Marketplace
• Solution Overview of Cisco SD-WAN Cloud OnRamp
• Cisco SD-WAN and Cloud Networking YouTube Channel

Google Cloud training and certification

...helps you make the most of Google Cloud technologies. Our classes include technical skills and best practices to help you get up to speed quickly and continue your learning journey. We offer fundamental to advanced level training, with on-demand, live, and virtual options to suit your busy schedule. Certifications help you validate and prove your skill and expertise in Google Cloud technologies.

Manual Last Updated October 4, 2024

Lab Last Tested April 9, 2024

Copyright 2025 Google LLC. All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.