Workload VPN intent deployment
Deploying a workload VPN intent creates a functioning instance of the workload VPN intent as an overlay to your fabric.
The following circumstances can prevent you from deploying a workload VPN intent:
- If any of the fabric intents associated with this workload VPN intent are in the
process of being altered (implying a fabric intent alteration which began somewhere in the
interval after you created the workload VPN intent), you cannot deploy the workload VPN
intent. Any attempt to deploy the workload VPN intent from the deployment pipeline fails,
displaying an error message about the fabric underlays having been altered.
In such a case, the system requires you to delete the current candidate version of the fabric intents, thereby reverting to the previous version. You can then proceed with the deployment of your workload VPN intent.
Note: You can still deploy the workload VPN intent if the fabric intent alteration is under another workload VPN intent, but uses different nodes. - If any of the fabric intents associated with this workload VPN intent has undergone a
deployed topology change, you cannot deploy the workload VPN intent. Any attempt to deploy
the workload VPN intent from the deployment pipeline fails, displaying an error message
about the fabric underlays having been altered.
In such a case, the system requires you to discard or delete the workload.
- If any of the nodes within the associated fabric intent are unavailable (that is, not
in a Ready state), you cannot deploy the workload VPN intent.
In such a case, you must correct the node state. When all nodes are back in a Ready state, you can proceed with the deployment of your workload VPN intent.
-
If any of the nodes that belong to a workload VPN intent are already under deployment by another workload VPN intent, you must wait until the deployment of the previous workload VPN intent has completed.
Before you can deploy your workload VPN intent you must have saved the workload VPN intent and generated its configuration.
Deploying the workload VPN intent involves two procedures:
- From the workload VPN intent list or the Workload Design view for an individual workload VPN intent, add the workload VPN intent to the region's deployment pipeline.
- From the deployment pipeline, select the workload VPN intent and select Deploy from the actions menu.
Adding a workload VPN intent to the deployment pipeline
- From the main menu, select Workload VPN Intents.
- Locate the workload VPN intent that you want to deploy from the displayed list.
- Click the More actions icon ( ) at the right edge of the workload VPN intent's row, and select Open from the drop-down list.
- Click the Deploy icon ( ).
-
Click the ADD TO PIPELINE button.
The system adds the workload VPN intent to the deployment queue for the region and updates the status of the workload VPN intent to Queued for Deployment.
Deploying a workload VPN intent from the deployment pipeline
When you are ready to proceed with deployment, do the following:
- Click the menu.
- Select Workload VPN Intents.
- Select the row corresponding to the workload VPN intent you want to deploy.
- Click the icon at the far-right edge of the row and select Deployment Pipeline from the actions list.
- Find your workload VPN intent in the deployment pipeline list.
- At the right edge of the row, click the More actions icon ( ).
- From the resulting actions list, select Deploy.
If deployment fails, the failure is reported as follows:
-
Queue status: reports Error with detailed status reason
-
Fabric intent: reports Deployed and shows a new entry in the Event log showing that the Workload deployment failed
-
workload VPN intent: reports Failed
In the workload VPN intent Design view, the system also highlights them as deployment issues in the status bar by adding a red circle to the fabrics affected by the deployment error, and with entries in the events log.
-