Scribd
Upload
34 views28 pages

CISCOU-1768 - Mini Boot-Camp

The document discusses Cisco SD-WAN and Catalyst SD-WAN. It provides an overview of traditional WAN architecture versus today's WAN. It also describes the features and components of the Cisco Catalyst SD-WAN solution including the SD-WAN Validator, Controller, Manager and Edge routers.

Uploaded by

Alexis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
34 views28 pages

CISCOU-1768 - Mini Boot-Camp

The document discusses Cisco SD-WAN and Catalyst SD-WAN. It provides an overview of traditional WAN architecture versus today's WAN. It also describes the features and components of the Cisco Catalyst SD-WAN solution including the SD-WAN Validator, Controller, Manager and Edge routers.

Uploaded by

Alexis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

Cisco SD-WAN Mini

Bootcamp

Patrick Gargano, Lead Content Advocate, Learning & Certifications


@PatrickGargano

CISCOU-1768
• Cisco Catalyst SD-WAN
Overview
Free SD-WAN Training
Agenda

CISCOU-1768 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Catalyst SD-WAN
Overview
Traditional WAN Architecture

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Traditional WAN Architecture vs Today’s WAN

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Cisco Catalyst SD-WAN
On-Premises

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Cisco Catalyst SD-WAN Features
Physical or virtual secured Redundant management Zero-touch provisioning in
routers in cloud or on premises minutes, not days

Separation of Flexible connectivity with


Choice of topologies with
management, control, any WAN Technology –
point-and-click
data for scaling MPLS, 5G, Internet

Secure segmentation Complete visibility from Application Aware


support with single pane of glass Routing
VPNs/VRFs

Data and Control plane Multilayer security with


IaaS Multicloud optimization for
security with IPsec and firewall, IPS, URL filtering,
O365, Dropbox, SAP,
DTLS tunnels AMP, Umbrella, SSL
SaaS AWS, Azure, GCP, SDCI
decryption

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Cisco Catalyst SD-WAN Solution Overview

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
SD-WAN Validator
Orchestration Plane
• Virtual machine
• First point of authentication
• Distributes list of Controllers,
Managers to all WAN Edges
• Assists with NAT traversal

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
SD-WAN Controller

Control Plane
• Virtual machine
• Distributes data plane policies
• Implements control plane policies
• “Brain” of the solution
• Like BGP route reflector
• Manages secure data plane
between WAN Edge routers

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
SD-WAN Manager

Management Plane
• Virtual machine
• Single pane of glass GUI
• Centralized provisioning,
troubleshooting and monitoring
• Configuration standardization
• Policies and templates
• REST, NETCONF

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
SD-WAN Edge Router

Data Plane
• Physical or virtual
• Viptela or IOS XE
• Zero Touch Provisioning
• Establishes secure fabric
• Implements data plane
policies
• Exports performance
statistics
• Supports BGP, OSPF, RIP
EIGRP, Static routing,
VRRP

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Overlay Management Protocol (OMP)

• Overlay Management Protocol


(OMP)
• Control plane protocol
• Runs inside authenticated
TLS/DTLS connections
• Advertises routing context and
policies
• Advertises OMP routes, TLOC
routes, service routes

Note: WAN Edge routers need not connect to all Controllers

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Transport Locators (TLOCs)
Controller

Wan
Edge

Wan Edge Wan Edge Local TLOCs


(System IP, Color,
Encap)

Transport Locator (TLOC)

Wan Edge Wan Edge

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Transport Locators (TLOCs)
Controller

Wan TLOCs Advertised


Edge to Controllers

Wan Edge Wan Edge Local TLOCs


(System IP, Color,
Encap)

Transport Locator (TLOC)


OMP
Wan Edge Wan Edge
*Can be influenced by the control policies

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Transport Locators (TLOCs)
Controllers advertise
Controller TLOCs to all WAN
Edges* (default)

Wan TLOCs Advertised


Edge to Controllers

Wan Edge Wan Edge Local TLOCs


(System IP, Color,
Encap)

Transport Locator (TLOC)


OMP
Wan Edge Wan Edge IPsec

*Can be influenced by the control policies

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Transport Locators (TLOCs)
Controllers advertise
Controller TLOCs to all WAN
Edges* (default)
Full-Mesh SD-WAN
Fabric (default)

Wan TLOCs Advertised


Edge to Controllers

Wan Edge Wan Edge Local TLOCs


(System IP, Color,
Encap)

Transport Locator (TLOC)


OMP
Wan Edge Wan Edge IPsec

*Can be influenced by the control policies

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Fabric Operation Walkthrough
OMP Update:
OMP
Controller ▪ Reachability – IP Subnets, TLOCs
▪ Security – Encryption Keys
DTLS/TLS Tunnel
▪ Policy – Control/Data/AAR Policies
IPSec Tunnel
OMP OMP
BFD Update Update
Policies
OMP OMP
Update Update

WAN Edge1 WAN Edge 2


Internet
System IP: 10.255.255.11 System IP: 10.255.255.21
Site ID: 10 Site ID: 20
TLOCs TLOCs

VPN1 VPN2 MPLS VPN1 VPN2


BGP, OSPF, BGP, OSPF,
EIGRP, RIP EIGRP,RIP
Connected, A B C D Connected,
Static Static
Subnets Subnets
CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Application Aware Routing

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud OnRamp for SaaS – DIA and Gateway
• Cloud OnRamp for SaaS continuously
monitors “edge to SaaS” performance
on both DIA and backhaul paths
• Picks best performing path based on
performance metrics (loss & delay)
ISP2
Loss/
• Automatic failover in case of
Latency
Best Performing performance degradation
Regional Hub • Fully automated
!
ISP1 • Supports 14 apps + custom application
option with NBAR
SD-WAN
MPLS
Fabric
Remote Site

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public
SD-WAN Tunnel

Unifying Multicloud Connectivity


Cloud-Native Connections
Cat8kv hosted in CSP

SD-WAN Manager

VPC
VPC vNet

=
Site to Site Site to Site
=
SD-WAN Tunnels SD-WAN Tunnels
Cloud Hub Cloud Hub Cloud Hub

Site to Cloud Site to Cloud


SDCI PoP

SD-WAN Tunnels
Enterprise site
Enterprise site

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Catalyst SD-WAN Integrated Security

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public
SD-WAN Cloud Security with Umbrella SIG
DNS/Web-layer Security
Cisco
Cisco
Umbrella
Umbrella Secure Web Gateway

Cloud-delivered Firewall

DIA
Cloud Access Security
Cisco SD-WAN DIA
Fabric Broker (CASB)

MPLS Data Loss Prevention


Branch office HQ

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public
Learn More
Rev Up to Recert with Cisco U. For Free
SDWFND

Cisco SD-WAN Fundamentals

• Solution Components
• Network Deployment
• Configuration Deployment
• Overlay Routing
• Policies and QoS

5 labs, 22 videos
Promo runs until 16/02 IOS XE – 20.9.1

CISCOU-1768 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Thank you

You might also like