SD-WAN Components:

Viptela solution has four main components. Each of these components have a very specific role.
vSmart is the Controller in Viptela solution and manages the Control Plane. The vManage is the
GUI based Network Management System that handles the Management Plane. vEdge routers at
the branches form a Data Plane.

vManage:
Cisco vManage is a centralized dashboard that facilitates automatic configuration,
management, and monitoring of the overlay network. Users log in to vManage to centrally
manage all aspects of the network lifecycle from initial deployment, ongoing monitoring, and
troubleshooting to change control and software upgrades. Cisco vManage is the Management
Plane of the SD-WAN system. It runs the user interface of the system and is the dashboard
network administrators interact. It is also the tool that admins use to create device templates,
push configurations, and perform overlay traffic engineering. All the SD-WAN edge devices will
be managed through this centralized manager. It provides GUI (Graphical User Interface) & CLI
access of the SD-WAN edge devices. We can manage approx. 2000 edge devices from a single
vManage appliance. We can also create a cluster of vManage and 6 vManage can be added in a
single cluster. Network administrators and operators perform configuration, provisioning,
troubleshooting, and monitoring activity here. vManage provides single pane of glass for
management of all the SD-WAN components

1 | P a g e Created by Avinash M Patil

vSmart:
Cisco vSmart is the Control Plane of the SD-WAN system. vSmart controllers are the brain of the
overlay fabric. As policies are created on vManage, vSmart is the component responsible for
enforcing these policies centrally. They advertise routing, policies, and security. They are
positioned as hub routers in the control plane topology and all vEdge routers peer with all
vSmart controllers. For experienced network engineers, vSmart controllers are like BGP Route-
Reflectors or DMVPN NHRP routers. However, it is important to understand these appliances
are not part of the Data Plane and do not participate in packet forwarding. It is a virtual
appliance. It distributes control plane information (Route) to our SD-WAN edge devices using
OMP (Overlay Management Protocol). It also acts as route reflector and reflects the route to
other branches. Centralized policy engine in the vSmart controllers provides policy constructs to
manipulate routing information, access control, segmentation, extranets, and service chaining.

vBond:
Cisco vBond resides in Orchestration Plane. It facilitates the initial bring-up by performing
authentication and authorization of all elements into the network. The vBond orchestrator also
provides information on how each of the components connects to other components. The
orchestrator plays an important role in facilitating communication with devices that sit behind
the Network Address Translation (NAT). Cisco vBond is the Orchestration Plane of the SD-WAN
system. Its job is to orchestrate the process of onboarding new un-configured devices to the
SD-WAN fabric. It is responsible for the authentication and whitelisting of vEdge routers and
control/management information distribution. It tells our vEdges where and how to connect to
our organizations vManage and vSmart controllers, while also advising our vSmart controllers
as new vEdges join the SD-WAN fabric. It also serves the role of informing our vEdges if they are
behind a NAT device which facilitates IPsec NAT traversal and allows Authentication Header
security to be applied to our data plane tunnels. It includes the orchestration plane/security
plane. It is also a virtual appliance. It is used to authenticate our SD-WAN edge devices using
certificate and white-list. It creates a DTLS tunnel to the vEdge/cEdge devices and share the
information of vManage & vSmart. The session establishment occurs for a temporary basis and
once the VManage and vSmart information are shared to vEdges/cEdges, the tunnel gets
vanished. vBond is responsible for onboarding the device into the SD-WAN fabric.

vEdge:
WAN Edge comes under the Data Plane and used for forwarding. Cisco vEdge Routers are full-
featured IP routers that perform standard functions such as Border Gateway Protocol (BGP),
Open Shortest Path First (OSPF), Access Control Lists (ACLs), QoS, and various routing policies in
addition to the overlay communication. These routers establish secure connectivity to all of the
control components and also connect IPsec sessions with other vEdge routers in the WAN
network. It includes the data plane. It communicates to vSmart controller using OMP protocol
to setup the data flow. It could the physical device or virtual appliance.

2 | P a g e Created by Avinash M Patil