Software Defined –

Wide Area Networking

(SD-WAN)
Some of the material, including pictures, have been
sourced from publicly available resources. They are
used only for ease of understanding/representative
purpose only and not to recommend only that particular
vendor/solution. All respective sources and their copy
rights are hereby acknowledged
Motivation for SD-WAN
• Traditional WAN consists of routers which have both control and data
plane in the same box
• Since 2012, Network Function Virtualisation(NFV) and Software Defined
Networking(SDN) have been proposed to make the networks more agile.
• SDN breaks the control and data planes and centralizes the control plane
(ala MSC-S/MGW) whereas the data plane will be near to the customer
• Brings more flexibility in introducing new features, upgrades etc. and is
more scalable
• Marry these features of the SDN in the traditional WAN => Voila, SD-
WAN
Changing Traffic profile
• Traditionally, enterprise networks are from branch to the core site
• Typically hub and spoke and now a days, mesh connected
• Traffic is mostly enterprise one with Internet also passing through the central
site
• Increased latencies and failure of a link breaks down all communication
• Traffic pattern is now changing to
• Branch to core for the enterprise applications
• Branch to cloud for the Cloud based services(AWS, Dropbox, Office365 etc.)
• Internet (possibly local break out)
• Instead of multiple connections to meet the above, a single
controllable connection that does above all securely is SD-WAN
 The WAN has changed

© Cisco
Goals of SD-WAN
• Increasing bandwidth through the activation of idle backup links and
dynamic load-balancing
• Prioritize network connection by application type or work load
• Delivering faster cloud access by enabling direct internet access at the
branch
• Reducing operational and management costs through centralized
management that was commonly cloud-based
• Lowering WAN costs through the use of cheaper internet or LTE
connectivity as an alternative to MPLS
• Have a predictable, secure network that can have end-end policies
SDN and SD-WAN
SDN
Mainly used in data centers
Centralized orchestration and control
Separation of control and data forwarding plane Separation of control and data forwarding plane
Technology has taken a long time to mature
Variations of commodity and specialized
switching hardware
Savings come from improved operational
efficiencies
SD-WAN
Deployed in branch offices and data centers
Centralized orchestration, control and zero-
touch provisioning
Recent technology but maturing very rapidly
Off-the-shelf x86 appliances – physical, virtual,
cloud
Savings come from leveraging lower WAN
transport and infrastructure costs and improved
operational efficiencies
SD-WAN Service Components
• Having three layers :
Management/Orchestration,
Control and Data
• Customer Self service portal
• REST API to third party
orchestration tools
• Controller
• CPE/uCPE/vCPE
Demarcation of the three layers in Cisco
 SD-WAN Fabric components of Cisco

©Cisco
Management plane
Programmable policy and analytics engine that provides:
•Flexible and hierarchical network policy framework that enables administrators to
define and enforce resource policies in a user friendly manner.
•Network configuration including moves, adds and changes are centrally managed
via an intuitive graphical user interface
•Open northbound ReSTful API interface to send and receive all information
•Centralized Analytics Engine collects and stores network statistics from the overlay
networks it has provisioned. Statistics are aggregated over hours, days and months
•Certificate Authority that issues and verifies digital certificates
•Manages and distributes the keys used by SDWAN edge devices for
data-plane communication encryption
•Single pane of glass for Day 0, Day 1, Day 2
Control Plane
Controller is managed by Policy Engine and serves below mentioned
functions:
• Resilient SDN controllers.
• Full view of the network topology
• Utilizes open, standard and scalable BGP peering and federation for
scaling wherever required.This includes REST/BGP/XMPP.
• Auto-discovery of CPEs, vCPE’s & uCPE’s
• Programs the data-plane forwarding on the CPEs, vCPE’s & uCPE’s
SD-WAN edge device
Three types:
• CPE – dedicated HW and SW
• uCPE – x86 based HW
• vCPE – VNF running on a public/private cloud
CPE performs below mentioned functions:-
• Network services demarcation and data forwarding from the branch
• Securely deployed via bootstrapping process
• Programmed via OpenFlow/Netconf/REST API/XMPP by the Controller
• L2-L4 switching and routing with advanced network functions
• Encryption services
• Encapsulates traffic to/from the network (VXLAN/ VXLAN over IPsec/ GRE/ IPSec/
MPLS over UDP)
Customer Self Service Portal
• Application on the SDN Controller platform which provides self-service
management of VPNs and branches along with value added features such as
analytics, reports and CPE ordering
• Self Service Portal is a web-based application enabling self-service
management by the end-customers
• Allows the end user to:
• Add more branch CPEs, or more connections
• Provides visibility in the state of the services through the dashboard
• Access service and application level trends and define reporting schedule and
Threshold Crossing Alerts(TCAs) per user basis.
Application Identification and Appln. Aware Routing
• Deep Packet Inspection for prioritization
• ERP/VoIP/O365/SIP/Web etc. or any custom
categorization
• Intelligent path selection and QoS
• Policy based routing amongst multiple links
• SLA aware routing
Option 1 – On prem
• An SD-WAN box (essentially a plug ‘n play router), performing real-time
traffic shaping at each site; Only connects to the company’s other sites
• Best for:
• Companies hosting all their applications in-house (without any cloud applications).
• A common configuration is keeping a (much smaller), MPLS network for real-time
apps (i.e. voice, video etc. ), and utilizing the public Internet (controlled by the SD-
WAN), for everything else.
• Benefits:
• Lower or zero monthly SD-WAN cloud-enablement bandwidth costs.
• Multi-circuit/ISP load-balancing.
• Real-Time traffic shaping, improving the performance of all WAN apps.
• Improved disaster recovery (DR), by having better connectivity backup.
Option 2 – Cloud enabled
• An onsite SD-WAN box connecting to a cloud (virtual) gateway.
• Cloud gateway is networked directly to the major cloud providers (i.e. Office 365, AWS etc.)
which results in an overall improvement in the performance of your cloud apps.
• In addition, if any Internet circuit fails while using a cloud application, the gateway can keep a
cloud session active (while the circuit flaps) and can reroute on an alternate route, if available.
• Best For:
• Companies running big-name cloud applications, such as Office 365, AWS, Drop Box, Azure, Salesforce,
etc. A common configuration is to have in-house real-time apps running on a small MPLS network and
have cloud apps (and everything else), running over the public Internet, controlled by an SD-WAN.
• Benefits:
• Cloud gateways, improving the performance and reliability of cloud applications.
• Multi-circuit/ISP load-balancing.
• Real-Time traffic shaping, improving the performance of all WAN apps.
• Improved DR by having better connectivity backup.
Option 3 – Cloud enabled plus backbone
• An on-site SD-WAN box connecting customer site to the SD-WAN provider’s nearest network PoP,
where the traffic hops on the SD-WAN provider’s private, fiber optic, network backbone.
• While the WAN traffic is traversing the SD-WAN provider’s private backbone, it is guaranteed to
maintain low levels of latency, packet loss and jitter.
• Improves real time traffic performance; Backbone is also directly connected with major cloud ASPs.
• Best for:
• A company running a lot of real-time network applications, wanting to completely scrap their MPLS network (to
reduce costs), but does not want their real-time traffic going 100% over the public Internet, (for fear of high
latency, packet loss and jitter).
• Benefits:
• WAN traffic primarily rides on a private backbone, improving the performance of all network applications,
especially real-time apps.
• Cloud gateways, improving the performance and reliability of cloud applications.
• Multi-circuit/ISP load-balancing; Real-Time traffic shaping, improving the performance of all WAN apps.
• Improved DR by having better connectivity backup.
 Zero Touch Provisioning

©Grandmetric
Policy Driven WAN Infrastructure
Policy Augmented Dynamic Routing

1 vManage GUI – Policy Orchestration

Control Policy:
Routing and Services
Data Policy:
App-Route Policy:
Extensive Policy-based Routing
App-Aware SLA-based Routing
and Services

Combine and Apply per Site

2 vSmart controller – Policy

Enforcement/Advertisement
Execute Control Policy
Advertise AAR/Data Policies to Sites

3
vEdge
WAN Execute AAR and Data Policy as received
router Dynamic Routing and Policies Combine to dictate
behavior

Access Layer

Branch/DC
©Cisco
Secure Segmentation
 Security Zoning
Interface  Compliance
VPN 1
IPSec
Tunnel VPN 2  Guest WiFi
VPN 3
VLAN  Multi-Tenancy
 Extranet
Per-VPN Topology

Full-Mesh Hub-and-Spoke Partial Mesh Point-to-Point

©Cisco
Operations
Simplicity and Visibility

Single Pane Of Glass Operations Rich Analytics

©Cisco
Scalability(as per TEC GR)
• SDWAN solution shall support
• at least 100 Tenants/ Enterprises
• at least 10K SDWAN CPEs
• at least 15K VRFs
• 10 VRFs (Micro-VPNs) per SDWAN CPE
• 1K SDWAN CPEs in a single VRF
• SDWAN CPE shall support
• at least 1K IPSec tunnels simultaneously
• shall support at least 10K Routes
• SDWAN Gateway shall
• be multi-tenant and support at least 50 Tenants /Enterprises
• support at least 5K SDWAN CPEs simultaneously
• support at least 32K Routes
• be available as a software function with throughout upto 1Gbps
• Support individual real-time dashboards for respective enterprise customers
Types of CPEs as per TEC GR
Item Type I Type II Type III Type IV
Interfaces 4x100/1000 4x100/1000 4x100/1000 2x SFP+ 10GbE,
Ethernet interface Ethernet Ethernet interface 4 x1G
(RJ45) Interface(RJ45) + (RJ45) + 2x1G SFP/Electrical
2x1G SFP port SFP port ports

Throughput 10Mbps - 100Mbps 50Mbps - 500Mbps 100Mbps 500Mbps -

Range(Full with IPSec with IPSec -1000Mbps with 5000Mbps with
Duplex) IPSec IPSec

# AC PSU 1 1 2 2
LTE UPLink 1 LTE support – On board SIM (with inbuilt omni directional Not Available
antenna) or USB for LTE dongle (Optional to the purchaser)
Thank you
ZTP in detail