This lab was developed with our partner, Cisco. Your personal information may be shared with Cisco, the lab sponsor, if you have opted-in to receive product updates, announcements, and offers in your Account Profile.

GSP772

Overview

This lab illustrates a scenario for the Cisco SD-WAN Cloud Hub with Google Cloud solution, the application-centric multi-cloud networking fabric developed in partnership by Cisco and Google. In this scenario, a video is streamed from an application hosted in Google Cloud across a Wide Area Network (WAN).

The lab shows how to leverage Google Service Directory and Cisco SD-WAN to optimize the performance of the video streaming application. You will learn how to use Google Service Directory to configure a *traffic profile* associated with the video streaming application, and (optionally) you will use Cisco SD-WAN vManage to better understand how SD-WAN optimizes the applications associated with that *traffic profile*.

Objectives

In this lab, you will:

• Create a Compute Engine instance that hosts a streaming video service, using a pre-built Docker container, and connect it to an SD-WAN edge router
• Log on to a Windows client VM and use the VLC application to start streaming a video clip from the video service created above
• Set up bandwidth monitoring on the client VM in order to observe the traffic optimization offered by the Cloud Hub solution
• Associate traffic profile service metadata to the video streaming application via Service Directory, and observe how Cisco SD-WAN optimizes in real time the quality of the received video clip
• (Optional) Explore the Cisco SD-WAN management web UI (Cisco vManage) to better understand what's happening behind the scenes

Prerequisites

This is an advanced level lab. While experience with Cisco SD-WAN is not required, you should be familiar with the general concept of an SD-WAN. Some familiarity with Google Service Directory is also assumed, taking the Service Directory: Qwik Start lab is highly recommended. Additionally, familiarity with Cloud Shell and gcloud is assumed. If you need a refresher, Getting Started with Cloud Shell & gcloud is a good place to start. You will also be using VLC, a media player application on a Windows VM. The Compute Engine: Qwik Start - Windows lab can help you get up to speed with using Windows on Google Cloud.

RDP requirements

In this lab, you will need to use RDP to log into a Windows VM. You can either use the Chrome RDP for Google Cloud extension or Microsoft Remote Desktop. If you are on a Windows machine, it is highly recommended to use Microsoft Remote Desktop as it will be a much better user experience.

Note: If you choose to use the Chrome extension, using an Incognito or Guest window will not work. Please make sure you are logged in to your project with a regular Chrome window and proceed with the lab.

Setup and requirements

Before you click the Start Lab button

Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.

This hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.

To complete this lab, you need:

• Access to a standard internet browser (Chrome browser recommended).

Note: Use an Incognito or private browser window to run this lab. This prevents any conflicts between your personal account and the Student account, which may cause extra charges incurred to your personal account.

• Time to complete the lab---remember, once you start, you cannot pause a lab.

Note: If you already have your own personal Google Cloud account or project, do not use it for this lab to avoid extra charges to your account.

How to start your lab and sign in to the Google Cloud console

1. Click the Start Lab button. If you need to pay for the lab, a pop-up opens for you to select your payment method. On the left is the Lab Details panel with the following:

   • The Open Google Cloud console button
   • Time remaining
   • The temporary credentials that you must use for this lab
   • Other information, if needed, to step through this lab

2. Click Open Google Cloud console (or right-click and select Open Link in Incognito Window if you are running the Chrome browser).

   The lab spins up resources, and then opens another tab that shows the Sign in page.

   Tip: Arrange the tabs in separate windows, side-by-side.

   Note: If you see the Choose an account dialog, click Use Another Account.

3. If necessary, copy the Username below and paste it into the Sign in dialog.

   {{{user_0.username | "Username"}}}

   You can also find the Username in the Lab Details panel.

4. Click Next.

5. Copy the Password below and paste it into the Welcome dialog.

   {{{user_0.password | "Password"}}}

   You can also find the Password in the Lab Details panel.

6. Click Next.

   Important: You must use the credentials the lab provides you. Do not use your Google Cloud account credentials. Note: Using your own Google Cloud account for this lab may incur extra charges.

7. Click through the subsequent pages:

   • Accept the terms and conditions.
   • Do not add recovery options or two-factor authentication (because this is a temporary account).
   • Do not sign up for free trials.

After a few moments, the Google Cloud console opens in this tab.

Note: To view a menu with a list of Google Cloud products and services, click the Navigation menu at the top-left.

Activate Cloud Shell

Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Cloud Shell provides command-line access to your Google Cloud resources.

1. Click Activate Cloud Shell at the top of the Google Cloud console.

When you are connected, you are already authenticated, and the project is set to your Project_ID, . The output contains a line that declares the Project_ID for this session:

Your Cloud Platform project in this session is set to {{{project_0.project_id | "PROJECT_ID"}}}

gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.

2. (Optional) You can list the active account name with this command:

gcloud auth list

3. Click Authorize.

Output:

ACTIVE: * ACCOUNT: {{{user_0.username | "ACCOUNT"}}} To set the active account, run: $ gcloud config set account `ACCOUNT`

4. (Optional) You can list the project ID with this command:

gcloud config list project

Output:

[core] project = {{{project_0.project_id | "PROJECT_ID"}}} Note: For full documentation of gcloud, in Google Cloud, refer to the gcloud CLI overview guide.

Cisco SD-WAN Deployment

This lab creates a full Cisco SD-WAN setup which takes about 15 minutes to complete. Please note that this is independent of the time estimated under the “Start Lab” button after it’s clicked (in the box “Provisioning lab resources”). We highly recommend clicking “Start Lab” as soon as possible, so you can quickly get to a functional SD-WAN deployment. While some of the early steps in this lab can be done before the SD-WAN, the later steps (video streaming) will require to have the SD-WAN deployed.

Lab network setup

The lab creates five VMs when deployed, and the user will manually create one more VM for a total of six. The network topology is shown in the figure below:

The streaming-video-vm, as the name suggests, hosts a streaming video service in the cloud, and will be created in the next step. The VM is connected to the service-network VPC, which connects using a virtual edge router (sdwan-vedge-streaming-service) to the Cisco SD-WAN. This is a "site" from the SD-WAN perspective, with site ID 111. The virtual edge router has two uplinks: a lower cost sdwan-public-internet with "best effort" traffic characteristics and a premium sdwan-biz-internet connection that offers guaranteed high throughput.

While the whole lab is created on Google Cloud, we simulate an enterprise with SD-WAN site ID 100 on the left side of the diagram. The enterprise deploying the Cisco SD-WAN has its own edge router (sdwan-vedge-client), using the same connectivity. A Windows PC in the enterprise (streaming-client) connects to the edge router over the client-network.

Finally, the Cisco SD-WAN control plane is contained in the sdwan-in-a-box VM.

A monitoring Compute Engine VM vm-monitor is used for evaluation of the lab tasks.

Note: Do not DELETE/STOP this VM because that will affect your scoring.

Task 1. Creating the streaming video service

To demonstrate how Cisco SD-WAN configuration optimizes network traffic, you will observe the streaming of a video over the network. A pre-built container uses VLC to stream a ~15 minute variable bitrate video clip, reaching an average data rate of ~7 Mbps.

Set up Cloud Shell

You will use the gcloud CLI utility to set up the streaming video service, which is packaged as a Docker container. The easiest way to run gcloud commands is by using Cloud Shell on the Cloud Console. The first time you execute a gcloud command, you will be asked to authorize its execution.

Cloud Shell is configured with the lab project, but there is no default compute zone.

1. To determine the zone where the lab is running, run the following command Cloud Shell:

gcloud compute project-info describe | grep -A1 google-compute-default-zone

2. Next, use the value in the output to configure it as the default zone:

gcloud config set compute/zone <ZONE_VALUE_FROM_PREVIOUS_STEP>

Start the streaming VM

To start the streaming video service, you will use a container based VM, running the gcr.io/qwiklabs-resources/streaming-video-service container. The container concatenates a ~1 minute public domain HD video 15 times and, using VLC in CLI mode over HTTP on port 8080, streams it for a total duration of ~15 minutes.

• To instantiate a container optimized VM running the video streaming service container, run the following command:

gcloud compute instances create-with-container streaming-video-vm --machine-type=e2-medium --container-image gcr.io/qwiklabs-resources/streaming-video-service --network-interface subnet=service-network-111,private-network-ip=10.111.1.111 Note: The IP address assigned to the streaming video service, 10.111.1.111 and port 8080 mentioned above, as that IP will be used in Service Directory to set up the service metadata, and by the client VM to stream the Video.

Click Check my progress to verify the objective. Start the Streaming VM

Task 2. Creating the Service Directory entry for the streaming video service

Service Directory is a single place to publish, discover and connect services. The Cloud Hub solution uses Service Directory to publish metadata associated with those cloud services that want to benefit from Cisco SD-WAN network optimizations.

In a typical Cloud Hub workflow, two teams are collaborating to offer improved end-to-end application experience: the NetOps configure and maintain the SD-WAN, the DevOps deploy the applications. The two teams agree on a set of metadata (called traffic profiles) that reflects the network needs for the services that are labeled with that specific traffic profile. The example used in this lab will show that:

• NetOps and DevOps agree to use two traffic profiles: standard and video
• DevOps associate the traffic profile to the application(s)
• The traffic profile is added as service metadata for the video streaming application via Service Directory. Note that the the metadata key used is traffic-profile, while the metadata value is either standard or video
• NetOps create appropriate SD-WAN policies for each of the different profiles agreed upon
• standard traffic is transported with a "best effort" policy
• video traffic is steered towards a high bandwidth link

1. In the Cloud Console, use the Navigation Menu to browse to Network services > Service Directory.

First, you may need to enable the Service Directory API.

2. Once the API is enabled, you will be able to click Register Service.
3. For Service Type choose Standard and click Next. Services are defined in namespaces, and namespaces are associated with regions.
4. Choose the region corresponding to the zone that was determined at the creation of the video streaming VM.
5. You can’t choose an existing Namespace, so click Create Namespace and enter cloud-hub-lab for the Namespace name.
6. Click Create
7. For the Service name use streaming-video.
8. Click Add Annotation, for the Key use traffic-profile and the Value use standard. You will be using the standard traffic profile here to make sure that the traffic flows through the best effort link initially.
9. Click Create.
10. Finally, click on the newly created service and click Add Endpoint.
11. For the Endpoint name use streaming-video-vm, and use the IP (10.111.1.111) and port (8080) of the streaming video service.
12. Click Create.

Note: The annotation is associated with the service, not the endpoints.

Click Check my progress to verify the objective. Configuring Service Directory namespace

Task 3. Preparing the client VM

In this section, you will log into the Windows VM that is used for streaming the video clip using the VLC media player and set up the network bandwidth monitoring. You will use an RDP client to log into the Windows VM. If you want to RDP directly from the browser, you can use the Chrome RDP for Google Cloud extension, but if you are using a Windows machine, it is highly recommended to use Microsoft Remote Desktop, as other solutions are very slow for a video streaming media player application.

1. In the Cloud Console, navigate to the compute instances by going to Compute Engine > VM instances.

2. Click on the streaming-client Windows machine.

3. Choose Set Windows Password.

4. Leave the default user and click Set.

5. Copy the password and close the message.

6. Click RDP to connect with either the Chrome extension or Microsoft Remote Desktop.

7. Once you are logged in, click "Yes" in the Networks dialog box, and close the "Server Manager" application that is automatically started.

8. Start monitoring the network throughput usage with Task Manager: Click Start > Task Manager > More details > Performance > Ethernet.

9. Locate the VLC media player icon on the desktop. Double click on the VLC icon to get it started, accept the Privacy and Network Access Policy, and then click once on the two arrows shaped as a circle to configure the loop video playing feature.

If you've started the lab more than 15 minutes ago, the SD-WAN connectivity required for streaming the video should be working.

10. You can check for basic connectivity using the ping CLI command in PowerShell.

11. To start streaming the video from the service configured in the previous steps, choose: Media > Open Network Stream. For the URL, enter http://10.111.1.111:8080 (not https!) and click Play.

Note: The RDP session (especially if used via the Chrome Extension) can become very slow to respond once the video starts streaming, and you won't be able to appreciate the differences in video quality between the two demonstrated SD-WAN links.

To prevent that, hover over Video in the menu bar without opening the menu until the video starts to play, then quickly click and choose Zoom > 1:4 Quarter. You may still experience significant lag via RDP—especially if you are using the Chrome Extension.

You should now have the video playing in VLC with the occasional hiccup (corrupted or dropped frames, the video freezing for short amounts of time). In the Task Manager window monitoring the network performance, the received throughput should be around 5 Mbps.

Task 4. Changing traffic profile annotations

It is now time to annotate your streaming application with the video traffic profile, which is more appropriate, and allows the Cisco SD-WAN to optimize accordingly.

1. In the Cloud Console, use the Navigation Menu to browse to Network services > Service Directory.

2. Click on the cloud-hub-lab namespace, then click on the streaming-video service.

3. Next to the Service Details, click Edit.

4. Replace the value standard with the value video for the traffic-profile metadata key.

5. Now, switch back to the Windows client VM and watch how after a few seconds the video quality improves as the Ethernet throughput changes from a flat ~5Mbps to a variable bitrate around 7.7Mbps!

Click Check my progress to verify the objective. Changing Traffic Profile Annotations

Task 5. (Optional) Exploring the Cisco SD-WAN user interface

1. To understand what's happening at the SD-WAN level, open the Cisco vMange UI in a new browser tab. You can find the link in the Connection Details panel, under the "Start/Stop Lab" button.
2. Log in with username admin, password cloudHub-lab.

After a successful login, you are greeted with the Viptela dashboard, showing the number of connected control and data plane elements, and the health of the SD-WAN connectivity.

Note: Due to using a self-signing certificate, Google Chrome may not allow a connection to the Cisco vManage UI. If you encounter this error, you may need to use another browser for this section.

3. Click on the left-hand navigation menu and navigate to Monitor > Network > sdwan-vedge-client.

4. Once on the sdwan-vedge-client page, click Interface, then click on Real Time on the top right of the graph.

You can keep changing the metadata labels to observe how the traffic is shifted from one interface to the other (corresponding to WAN links), depending on the traffic profile associated with the video streaming service.

Congratulations!

In this lab you learned how the Cisco SD-WAN Cloud Hub with Google Cloud solution can optimize application traffic, by simply adding metadata to Google Service Directory entries.

Next steps / Learn more

Be sure to check out the following resources to learn more:

• Cisco on the Google Cloud Marketplace!
• Cisco DevNet SD-WAN resources. This is a good starting point to explore Cisco SD-WAN REST APIs, code examples, labs, and long-running sandboxes

Google Cloud training and certification

...helps you make the most of Google Cloud technologies. Our classes include technical skills and best practices to help you get up to speed quickly and continue your learning journey. We offer fundamental to advanced level training, with on-demand, live, and virtual options to suit your busy schedule. Certifications help you validate and prove your skill and expertise in Google Cloud technologies.

Manual Last Updated August 4, 2023

Lab Last Tested August 4, 2023

Copyright 2024 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.