c

SD-WAN
KHAWAR BUTT
CCIE # 12353 [R/S, SECURITY, SP, DC, VOICE, STORAGE, WIRELESS]
CCDE#20110020
Overview
 SD-WAN Overview
 Initializing Controllers
c
 Initializing vEdges & cEdges
 Configuring Templates
 Configuring a Service VPN using Templates
 Configuring Centralized Policies
 Advanced Configurations
Software Defined – WAN (SD-WAN)
 Software Defined WAN is a technology based on SDN approach to centrally
provision, manage, monitor, report and troubleshoot your WAN network.
The main benefits are: c
o Operational Cost Reduction
o Enable Performance based Traffic Engineering across multiple
transports in your WAN
o Provides Security using built-in IPSec capabilities
o Traffic Analysis and simulation tools
o Easy change of topologies
SD–WAN Components
vManage Management Plane

vBond Orchestration Plane

c
vSmart Control Plane

MPLS Internet Cellular

vEdges/cEdges

Campus Remote Branches Data Center Cloud

SD–WAN Controllers Devices
vManage Management Plane Management Plane
vBond Orchestration Plane
vManage
c
vSmart Control Plane
o Single Management Pane
o Centralized provisioning
o Central Policies and
MPLS Internet Cellular
Templates
o Centralized Troubleshooting
and Monitoring
o Software upgrades
vEdges/cEdges

Campus Remote Branches Data Center Cloud

SD–WAN Controllers Devices
vManage Management Plane Orchestration Plane
vBond Orchestration Plane
vBond
c
vSmart Control Plane
o Authentication Device
o It is responsible for
distributing list of vSmarts
& vManage reachability to
MPLS Internet Cellular
all WAN Edge routers
o It requires Public IP
reachability
vEdges/cEdges

Campus Remote Branches Data Center Cloud

SD–WAN Controllers Devices
vManage Management Plane
Control Plane
vBond Orchestration Plane

c vSmart
vSmart Control Plane
o vSmart distributes control
plane information to the
WAN Edges using OMP
MPLS Internet Cellular o All the Policies for Data
flow are defined centrally
on vManage and
vEdges/cEdges distributed to WAN Edges
using vSmart
Campus Remote Branches Data Center Cloud
Controller Hosting Options
vManage Management Plane
vManage Management Plane

vBond Orchestration Plane

vBond Orchestration Plane
c
vSmart Control Plane
vSmart Control Plane

Cloud Hosted On-Premises

o Amazon AWS o ESXi
o Microsoft Azure o KVM
o Google Cloud Platform
o Cisco Controller as a Service
SD–WAN WAN Edge Devices
vManage Management Plane
Data Plane
vBond Orchestration Plane

c vEdge/cEdge
vSmart Control Plane
o The WAN Edge Device
Communicates to vSmart
controllers using OMP to
MPLS Internet Cellular setup the Data Flow
o Implements data plane
routing policies
vEdges/cEdges
o Available as a Physical or
Virtual device
Campus Remote Branches Data Center Cloud
SD–WAN WAN Edge Devices

vEdge/cEdge c

o ISR Routers
o ASR Routers
o ENCS 5XXX
o CSR Routers VMs
o vEdge Devices (Physical/VMs)
SD-WAN Technologies –
Infrastructure & VPNs
Management Transport
Network – Network –
VPN 512 VPN 0 o Controllers have 2 VPNs by
default, VPN 0 & VPN 512
c
o VPN are like VRFs

o VPN 512 is the Out-of-Band

Management VPN

o VPN 0 is the Transport /

Control VPN
SD-WAN Technologies –
Service VPNs

c
SD-WAN Technologies –
Service VPNs
o Service VPNs are Data VPNs

o They connect the branch offices

c to the Headquarters,
Data Centers and Cloud Services

o Service VPNs are VPNs between VPN 1 – 65535 – (minus 0

& 512)
SD-WAN Technologies –
Overlay Management Protocol (OMP)
o OMP is the control protocol used to communicate
between the controllers and the WAN Edge devices
c
o It is responsible for distributing reachability information,
control policies and security policies in the WAN
SD-WAN Technologies –
Organization

o Identifier that is common to all the devices in the SD-

WAN setup
c

o Configured on each device

SD-WAN Technologies –
Site ID
o Site ID is a numerical Identifier that allows SD-WAN to
group devices to each other
c
o It is used in policies to classify characteristics associated
with a location
SD-WAN Technologies –
System IP
o System IP is a like a Router-ID

o It uniquely identifies each cdevice (Controllers and WAN

Edges)

o Although it is the form of an IP, it is only used to Identity

devices

o It is one of the components in the Transport Locator

(TLOC)
SD-WAN Technologies –
Color
o It allows you to identity transport tunnels

o It is more like a Tag c

o For example, if your router has 2 WAN transports, Interet

Connection and a MPLS Connection, you need to classify
them by using a color.

o It is one of the components in the Transport Locator

(TLOC)
SD-WAN Technologies –
Transport Locator (TLOC)
o It is an identifier that is used as the Next-Hop in a OMP
Route
c
o It is made up of 3 components:
o System IP of the device
o The Tunnel Color
o Encapsulation (IPSec or GRE, generally IPSec)
Initializing the Controllers
Transport Locator (TLOC)
o It is an identifier that is used as the Next-Hop in a OMP
Route
c
o It is made up of 3 components:
o System IP of the device
o The Tunnel Color
o Encapsulation (IPSec or GRE, generally IPSec)
Whiteboard