Virtual Edge Groups

Introduction

Cloud Control Center version 16.1.0 brings a new feature for the management of Policy Infrastructure, Virtual Edge Groups. Virtual Edge (VE) Groups are an innovative feature designed to enhance the efficiency, reliability, and simplicity of managing Virtual Edges in enterprise environments. By organizing VEs into groups managed as a single unit, VE Groups offer significant benefits in manageability and redundancy in the event of a Virtual Edge outage.

Overview of Virtual Edge Groups

Some important concepts regarding Virtual Edge Groups are listed below. Each of these concepts are explained in more detail in this document.

  • Virtual Edge Groups are used to assign Site Labels and Distribution Zones to groups of VEs and VENs.
  • Virtual Edge Groups effectively provide redundancy in the event of a Virtual Edge outage.
  • Virtual Edge Nodes will inherit the Site Label and Distribution Zone of their Virtual Edge Group instead a specific Virtual Edge, unless the VEN is assigned to a standalone-VE or manually configured with different Site Labels and/or Distribution Zones.
  • Virtual Edge Nodes can be easily moved to a different VE Group using the "Change Group" function.
  • Virtual Edges need to be deleted from Cloud Control Center and onboarded to a different VE Group to change groups.
  • All Virtual Edges in a group must have connectivity to all Virtual Edge Nodes assigned to the group.

Key Benefits of Virtual Edge Groups

Enhanced Reliability and High Availability

  • Seamless Failover: Virtual Edge Nodes (VENs) are now assigned to VE Groups. In the event of a VE failure or a loss of connection to Cloud Control Center (CCC), the management of VENs is automatically transferred to another VE within the group. This ensures uninterrupted policy enforcement, system updates and analytics, maintaining network reliability without any manual intervention. 

Simplified VE Management

  • Centralized Configuration: VE Groups allow for centralized management by enabling administrators to assign Site Labels and Distribution Zone tags to the entire group instead of individual VEs. This reduces the likelihood of misconfiguration and simplifies the process, especially in large-scale environments with numerous VEs.
  • Consistent Policy Application: By managing VEs as a group, organizations can ensure that all VEs within a group adhere to the same configuration settings. This minimizes the risk of misconfiguration between Virtual Edges that can result in inconsistent policy application within a site.

Deployment Options

  • Standalone VEs: VE Groups are fully supported for VE 16.x hypervisor-hosted deployments. However, for VE 15.x deployments or scenarios requiring standalone VEs, such as 1:1 switch-hosted virtual edges, the original standalone model is still available, offering flexibility based on specific network needs.
  • Virtual Edge Node Deployment: Virtual Edge Nodes can be assigned to VE Groups or Standalone VEs during deployment with a single click. After onboarding, VENs can easily be transferred between VE Groups or Standalone VEs. 

 

Creating Virtual Edge Groups

When adding new Virtual Edges or Virtual Edge Nodes in Cloud Control Center, they can now be onboarded directly to Virtual Edge Groups. This allows for easy onboarding and management of VEs, ensuring they benefit from the group’s configuration and failover capabilities.

 

To create a Virtual Edge Group, go to Virtual Edges in Cloud Control Center and click + CREATE GROUP in the VE Groups section.

 

Virtual Edge Groups are assigned Site Labels and Distribution Zones during creation that can be modified at any time. Give your VE Group a logical name, and optionally a description. These attributes are core to the functionality of Virtual Edge Groups, as all VEs and VENs (by default) inherit Site Labels and Distribution Zones from the VE Group for consistent policy enforcement. Click Create to finish creating the VE Group.

 

As a reminder, Site Labels and Distribution Zones are core components of Policy Distribution and should be well understood by Administrators prior to creating and configuring your Virtual Edge Groups. See our in-depth guides on these topics below.
Distribution Zones

Policy Sets and Site Labels

 

Adding Virtual Edges to a VE Group

Once a VE Group has been created, new Virtual Edges can be onboarded to the VE Group. To onboard a new VE to a VE Group, select the appropriate VE Group in the left menu pane and click +Add Virtual Edge.

Note: This workflow also applies to deploying Standalone Virtual Edges, just select "Standalone Virtual Edges" from the left pane instead of selecting a VE Group.

After clicking + ADD VIRTUAL EDGE the Virtual Edge deployment pane will appear, with the appropriate options pre-selected. In this case, we elected to add a Virtual Edge to IND-VE-GROUP-2, so we can see that VE 16.0+ (hypervisor-hosted) has been selected for us in the Virtual Edge Type category, along with the appropriate VE Group in the Virtual Edge Configurations section. Virtual Edge Type and Group can be easily changed during the deployment process, simplifying the deployment workflow if you attempted to add a VE to the wrong Group, for example.

NOTE: For the purposes of graceful migration to Virtual Edge 16.0+, only existing customers will have the option to deploy older Virtual Edge versions.

After filling out the required fields, click ADD to begin deploying the new Virtual Edge.

Different types of Virtual Edges (switch-hosted vs. hypervisor-hosted) have different configuration fields that need to be populated. Due to this, the Virtual Edge Configuration section will change depending on the type of Virtual Edge selected initially. Be sure to select the correct Virtual Edge type before filling out the required configurations.

For more information on possible deployment models or for more information on deploying Virtual Edges, please see these articles.
Virtual Edge and Virtual Edge Node Design Guide

Virtual Edge Deployment Guide (Virtual Edge 16.0+) Switch Hosted

Virtual Edge Deployment Guide (Virtual Edge 16.0+) Hypervisor Hosted

 

Onboarding Virtual Edge Nodes to a VE Group

When deploying new Virtual Edge Nodes, you can select standalone Virtual Edges or VE Groups to manage the Nodes you are onboarding. Click + Add Virtual Edge Node as normal.

After clicking either the single or multiple Add Virtual Edge Node option, a selection pane will appear with options for selecting a VE Group, Standalone VE, Switch-hosted VE, or Cloud-hosted VE (ie. Juniper VE) for managing the VEN or VENs that you are attempting to deploy. Note that Standalone Virtual Edges are not currently supported when onboarding multiple VENs.

 

After selecting your VE or VE Group and clicking save, you can finish filling out the required fields for deploying your VEN. For more information on this process, see relevant articles linked below.

Onboarding Catalyst 9000/3850/3650 as a Virtual Edge Node

Bulk Onboarding Virtual Edges and Virtual Edge Nodes

 

Reassigning Virtual Edges and Virtual Edge Nodes to New VE Groups

Virtual Edges

Deletion and Reassignment Process: If there is a need to move a VE to a different group, the VE must be deleted from Cloud Control Center and redeployed in the new group. This process ensures that the VE is properly integrated into the new group with the appropriate configurations and settings. Reassignment of Virtual Edges to new VE Groups will be enhanced in a future release to eliminate the need to delete VEs during the group migration process.

 

Virtual Edge Nodes

Reassigning Virtual Edge Nodes to new VE Groups can be accomplished by selecting the actions button to the right of a Virtual Edge Node and selecting Change Group

 

After clicking Change Group, You can select a different VE group to manage the selected VEN. Click save to move the VEN to a different group.

 

Note: Site Label and Distribution Zone will be inherited from the new VE Group unless manually configured. 

As a reminder, Site Label and Distribution Zone can be configured independently of the parent Virtual Edge or VE Group. To make configuration changes to these attributes on a VEN, simply edit the VEN and check the Assign Manually button, where you can then create or assign Site Labels and Distribution Zones for the selected VEN. The VEN will no longer inherit these attributes from the parent VE or VE Group.

 

Conclusion

Virtual Edge Groups offer a powerful tool for simplifying the management of Virtual Edges while enhancing network reliability. By leveraging VE Groups, organizations can achieve higher availability, consistent policy enforcement, and streamlined management, making it an essential feature for modern enterprise networks.

Was this article helpful?
0 out of 0 found this helpful