INTERVIEW QUESTIONS

TOPIC- SD WAN

1
 SDWAN
1.What is SD-WAN?
Answer:
Software-Defined WAN (SD-WAN) is an overlay architecture that builds a secure, unified connectivity over
any transport (MPLS, Broadband, LTE, VSAT etc.) and provides simplified operations with centralized
management, policy control and application visibility across the enterprise network.

2.What is the Cisco SD-WAN Solution?

Answer:
It started as a Viptela SD-WAN solution Cisco bought where a proprietary overlay protocol is managing
connectivity between Edge devices using mostly TLS connections unless Symmetric NAT is in place, hence
the DTLS/TLS communication with controllers like the vBond, acting as an orchestrator, a vManage server
where policies are created plus templates and stuff, then a vSmart controller that centralizes Control
Plane signalling and communications.

3.What are the various components of Cisco SDWAN?

Answer:
Controllers: vSmart, vBond and vManage
Edge: vEdge or cEdge

4.How do we manage Data Plane and Control Plane in the Cisco SDWAN solution?
Answer:
Data plane is on to the devices itself, but Control plane is now decoupled from the devices and are
controlled by vSmart. The decision of data plane traffic is done by vSmart using the protocol OMP. While
the real data plane traffic between the vEdges are using IPSEC tunnels.

5.What is TLOC and What attributes are configured to uniquely identify and represent a
TLOC route?
Answer:
TLOC defines as transport locator and defines a specific interface in the overlay network. Each TLOC
consists of a set of attributes that are exchanged in OMP updates among the Viptela devices.
Attributes are: System IP address, Link color and encapsulation.

6.We are facing an issue of DCONFAIL (DTLS connection failure), what is the problem?
Answer:
Connectivity issues between vEdge and the controllers.

7.What is the default interval of BFD packets and VRRP in Cisco SDWAN?
Answer:
1 second

2
 8.Which protocol is used to check the loss, latency and Jitter of the tunnel between the
vEdge peers?
Answer:
BFD: Bidirectional forwarding detection

9.When troubleshooting the certificate issues in the Cisco SDWAN environment, which
command is used to verify the validity of the certificates?
Answer:
Show control local-properties

10.As the deployment of the controllers on the cloud and the connectivity of vEdge with
the controller, how security is maintained between them?
Answer:
The privacy and encryption in the control plane offered by DTLS and TLS provide a safe and secure
foundation for the other two security components, authentication and integrity. To perform
authentication, the Cisco SD-WAN devices exchange digital certificates.
These certificates, which are either installed by the software or hard coded into the hardware, depending
on the device, identify the device and allow the devices themselves to automatically determine which
ones belong in the network and which are imposters. For integrity, the DTLS or TLS connections run AES-
256-GCM, a cryptographic secure hash algorithm which ensures that all control and data traffic sent over
the connections has not been tampered with.

-Public keys— These keys are generally known.

-Private keys— These keys are private. They reside on each Cisco SD-WAN router and cannot be retrieved
from the router.
-Certificates signed by a root certification authority (CA)— The trust chain associated with the root CA
needs to be present on all Cisco SD-WAN router.

11.What are key benefits of Cisco SD-WAN?

Answer:
-Better user application: Deploy applications in minutes on any platform and with consistent user
application.
-Greater Agility- Simplify deployment and operation of your WAN and get faster performance using less
bandwidth. Deploy your Wan over any type of connections like MPLS, Internet or 4G LTE.

12.Which problem can a CISCO SD-WAN overcome?

Answer:
-Establish a transport independent WAN for high diversity and low cost.
-Meet Service Level Agreements (SLAs) for business critical and real time applications.
-Provide end to end segmentation for protecting critical enterprise compute resources.

3
 -Extend seamlessly into Public Cloud provide Optimal user experience for SaaS and IaaS applications.

13.Which sectors and Industries have deployed the Cisco SD-WAN solutions?
Answer:
Cisco has one of the most widely deployed enterprise-grade SD-WAN solutions within the industry. Large
deployments have made in sectors like retail, healthcare, financial services, energy, and many more. The
solution is deployed across fortune 2000 enterprises with thousands of production sites in major
industries including manufacturing retails, oil and gas, insurance, finance, government, logistics, and
distribution as some examples.

14.How do you manage and operate cisco SD-WAN?

Cisco SD-WAN is a centrally managed, orchestrated, and operated solutions with a cloud hosted Cisco
vManage GUI management and provisioning platform, vSmart controller, and vBond orchestration layer
at the heart of the solution.
-vSmart controllers are the centralized brain of the solutions that implements policies and connectivity
between SD-WAN branches
-Cisco vManage manages the entire solution. Cisco’s GUI based centralized management and provisioning
platform day 0, day1 and day n+ for the entire Cisco SD-WAN infrastructure.

15. What are vSmart Controllers?

Answer:
vSmart Controllers are the centralized brain of the solution that implements policies and connectivity
between SD-WAN branches. The centralized policy engine in Cisco vSmart Controllers provides policy
constructs to manipulate routing information, access control, segmentation and service chaining.

16. What are vBond Orchestrators?

Answer:
The vBond Orchestrator facilitates the initial bring-up by performing authentication and authorization of
all elements into the network. Cisco vBond Orchestrator also provides the information on how each of
the components connect to other components. Cisco vBond Orchestrator plays an important role in
facilitating Cisco SDWAN devices that sit behind the Network Address Translation (NAT) to communicate
with the network.

17. What is Cisco vManage?

Answer:
Cisco vManage maintains the entire solution. Cisco’s GUI based centralized management and provisioning
platform for day0, day1 and day n+ for the entire Cisco SDWAN infrastructure. You can login to the Cisco
vManage dashboard to centrally manage the WAN. Cisco vManage provides the ability to manage all
aspects of the WAN from provisioning, monitoring, and upgrading routers to application visibility and
troubleshooting the WAN.

4
 18. How is Cisco SDWAN deployed at branch offices and data center network or regional
hub?
Answer:
Branch office and regional data center hub sites can be deployed and connected using either virtual or
physical secure routers. Enterprise customers and service providers can gain rich services like WAN
optimization and firewall or basic WAN connectivity for physical or virtual platforms across the branch,
WAN, or cloud as follows:
Physical:
• Branch- Cisco vEdge Service Routers.
• Branch- Cisco 1000 series Integrated Services Routers (ISR).
• Branch 4000 Series ISR.
• Branch/ Regional Hub/ Data Center- Cisco ASR 1000 Series Aggregation Services Routers (ASR).
Virtual:
• SD- Branch- Cisco
• 5000 Series Enterprise Network Compute System (ENCS) and integrated Services Virtual Router
(ISRv).
• Network-Hub/ Colocation/ Data center- Cisco Cloud Services Platform 5000 and Cloud Services
Router 1000V (CSR 1000V).
Public Cloud
• Amazon Web Series.
• Google Cloud Services.
• Microsoft Azure.

19. How does Global SD-WAN replace MPLS connectivity?

Answer:
SD-WAN technology does not necessarily replace MPLS services, but rather can augment MPLS services
in a Hybrid WAN configuration. Our customers can utilize our SD-WAN service to combine MPLS circuits
with public broadband or LTE circuits to increase the reliability of their wide area networks. For small
branch deployments SD-WAN can replace MPLS services by using only public broadband connections,
however, in these cases multiple broadband connections are recommended to increase reliability. Syringa
Networks' Global SD-WAN is also comprised of multiple gateways located in strategic datacenters
throughout the world. In creating a global backbone fabric, we have engineered a cloud environment that
allows for a higher level of flexibility and reliability for our customer’s wide area networks. Leveraging a
combination of last mile services via public broadband and MPLS connectivity to our distributed cloud
gateways, our customers have the flexibility to craft a solution that best suits their networking
requirements.

20. How is SD-WAN performance ensured over broadband links?

Answer:
If network performance is a top customer priority and you are using public broadband connections,
Syringa Networks can implement an SD-WAN solution using Forward Error Correction and Dynamic Path

5
 Optimization technologies to ensure the quality of your network. Also, our Network Operations Center
(NOC) proactively monitors the performance of all network links and interfaces across our global network.
Parameters such as capacity, congestion, latency, packet loss, and jitter are closely surveilled to comply
with our service level agreements.

21. Can you still use existing firewall with SD-WAN?

Answer:
Customers can utilize their existing firewall or they can utilize Syringa Networks’ managed firewall service
that is integrated with our Global SD-WAN service. If a customer chooses to use their own firewall, Syringa
Networks can provision our SD-WAN appliance behind the firewall to ensure the service is secure. If the
customer chooses to utilize Syringa Networks’ managed firewall service, we will provision our SD-WAN
appliance with an integrated next-generation firewall.

22. How reliable is Global SD-WAN if only Internet circuits are used?
Answer:
Global SD-WAN can be extremely resilient. However, it is important to understand that SD-WAN reliability
increases only with the use of multiple public Internet connections together. While lower cost Internet
access such as DSL, Cable Modem, and some types of wireless delivery methods may seem attractive due
to the price, these are generally asymmetrical and highly oversubscribed. While this may work for a
smaller office with low data requirements, it is best to select the appropriate network connection for the
application. Doing this will ensure that your Global SD-WAN deployment is as reliable as possible. Our
expert Sales and Sales Engineering team can greatly assist in vetting the right Internet delivery method
for your applications and requirements.

23. How easy is it to upgrade bandwidth or add locations to an existing deployment?

Answer:
Bandwidth upgrades and adding new locations can be quick and easy with our Global SD-WAN service.
Since SD-WAN typically utilizes public broadband connections, which usually install in days or weeks
instead of months like fiber-based services, upgrades and new installations can turn up very quickly. If a
new site needs to turn-up extremely fast, wireless LTE can be used to get the site up in a few days instead
of months. Our Sales team can assist you with turning up new locations or adding bandwidth.

24. What is a Zero-Touch Provisioning (ZTP) Process?

Answer:
Zero-touch provisioning (ZTP) is a method of setting up devices that automatically configures the device
using a switch feature. ZTP helps IT teams quickly deploy network devices in a large-scale environment,
eliminating most of the manual labor involved with adding them to a network.

25. What are the requirements for ZTP Provisioning?

Answer:

6
 The zero-touch provisioning process may vary from setup to setup; however, the basic requirements
include the following: a network device with ZTP; a Dynamic Host Configuration Protocol (DHCP) or Trivial
File Transfer Protocol (TFTP) server; and. a file server.

26. What are Controller Connections?

Answer:
The SD-WAN controller maintains connections to all SD-WAN Edges to identify the operational state of
SD-WAN tunnels across different WANs and retrieve QoS performance metrics for each SD-WAN tunnel.
These metrics are used by the Service Orchestrator.

27. What is difference between SDN and SDWAN?

Answer:
Software Defined Networking (SDN):
SDN was built for supporting computer needs to found in Local Area Networks (LANs) also as in
commission Provider networks. The goal was to develop dynamic, flexible, scalable connectivity to
support changing demands within the DC (data center) and on core networks. SDNs are directly
programmable, providing an agile centrally managed platform that decouples the Control Plane –
decisions about where traffic is routed – from the info Plane – which determines how traffic is
forwarded. Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts
for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.

Software Defined- Wide Area Network:

SD-WAN may be a commonly used alternative solution which allows organizations to link together
numerous distributed locations through the utilization of broadband and MPLS. The most difference
between SDN and SD-WAN is that SD-WAN focuses on delivering a good Area Network (WAN) which
connects multiple sites together.

SDN SDWAN
Software Defined Network. Software Defined Wide Area Network.
Operates a LAN or a service provider’s Enables connections between
core network. networks and users across
geographies.
Programmable by the user to deliver It is programmed to give operational
bandwidth on-demand. simplification, integrated security and
traffic prioritization.
Offers visibility into the real-time analytics Offers visibility into the real-time
and also in the core network analytics and also in the WAN
performance. environment.
Provides a centralized view for automation Focuses on software- defined
of network services. application routing capabilities.

7
 Designed by the user. Configured by the vendor.
Variations of commodity and specialised Off-the-shelf x86 appliances- physical,
switching hardware. virtual, cloud.
Technology has taken a long time to Recent technology but maturing very
mature. rapidly.

29. What is Zero Touch Provisioning (ZTP) process?

Answer:
Zero Touch Provisioning is an automatic provisioning process which starts when the vEdge router is
powered up for the first time. The vEdge will attempt to connect to a ZTP Server with the hostname
ztp.viptela.com, where it will get its vBond orchestrator information. Once the vBond orchestrator
information is obtained, it can then subsequently make connections to the vManage and vSmart
controllers in order to get its full configuration and join overlay network.

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24