![APIs
vSmart Controllers
vAnalytics
3rd Party
Automation
vManage
Data Center Campus Branch SOHO
Cloud
vBond
WAN Edge Routers
4G
MPLS
INET
• Orchestrates control and
management plane
• First point of authentication
(white-list model)
• Distributes list of vSmarts/
vManage to all WAN Edge routers
• Facilitates NAT traversal
• Requires public IP Address [could
sit behind 1:1 NAT]
• Highly resilient
Orchestration Plane
Cisco vBond
Orchestration Plane
19](https://image.slidesharecdn.com/presentacionwebinar-240201154607-b5582621/85/SD-WAN-Catalyst-a-brief-Presentation-of-solution-7-320.jpg)
SD-WAN Catalyst a brief Presentation of solution
- 2. The WAN Has Changed Data Center Multi- Cloud SaaS Internet SAAS Branch WAN Users Devices Things INET MPLS Users Internet MPLS Branch WAN Data Center 9
- 3. Cisco SD-WAN Solution … 3rd Party X86 (or) MSX NSO vManage vSmart vBond 1 End-point flexibility Transport independent WAN Fabric 0 SaaS Cloud Apps 4 5 IaaS VPC/VNET Gateways 2 Cloud Delivered Multi-tenant: Control, Management, Orchestration with vManage, vAnalytics and MSX/NSO Business VPN Internet 4G/LTE 3 SD-WAN Gateway CoLo NFVI 13 13
- 5. vAnalytics 3rd Party Automation vManage Data Center Campus Branch SOHO Cloud vBond WAN Edge Routers 4G MPLS INET APIs Cisco SD-WAN Architecture Management/ Orchestration Plane Control Plane Data Plane 17 vSmart Controllers
- 6. Management Plane Cisco vManage • Single pane of glass for Day0, Day1 and Day2 operations • Multitenant with web scale • Centralized provisioning • Policies and Templates • Troubleshooting and Monitoring • Software upgrades • GUI with RBAC and per VPN visibility • Programmatic interfaces (REST, NETCONF) • Highly resilient vSmart Controllers vAnalytics 3rd Party Automation vManage Data Center Campus Branch SOHO Cloud vBond WAN Edge Routers 4G MPLS INET APIs Management Plane 18
- 7. APIs vSmart Controllers vAnalytics 3rd Party Automation vManage Data Center Campus Branch SOHO Cloud vBond WAN Edge Routers 4G MPLS INET • Orchestrates control and management plane • First point of authentication (white-list model) • Distributes list of vSmarts/ vManage to all WAN Edge routers • Facilitates NAT traversal • Requires public IP Address [could sit behind 1:1 NAT] • Highly resilient Orchestration Plane Cisco vBond Orchestration Plane 19
- 8. Control Plane Cisco vSmart • Facilitates fabric discovery • Disseminates control plane information between WAN Edges • Distributes data plane and app-aware routing policies to the WAN Edge routers • Implements control plane policies, such as service chaining, multi- topology and multi-hop • Dramatically reduces control plane complexity • Highly resilient vSmart Controllers vAnalytics 3rd Party Automation vManage Data Center Campus Branch SOHO Cloud vBond WAN Edge Routers 4G MPLS INET APIs Control Plane 20
- 9. Data Plane Physical/Virtual WAN Edge • WAN edge router • Provides secure data plane with remote WAN Edge routers • Establishes secure control plane with vSmart controllers (OMP) • Implements data plane and application aware routing policies • Exports performance statistics • Leverages traditional routing protocols like OSPF, BGP, EIGRP and VRRP • Support Zero Touch Deployment • Physical or Virtual form factor APIs vSmart Controllers vAnalytics 3rd Party Automation vManage Data Center Campus Branch SOHO Cloud vBond WAN Edge Routers 4G MPLS INET Data Plane 21
- 10. vSmart Controllers vAnalytics 3rd Party Automation vManage Data Center Campus Branch SOHO Cloud vBond WAN Edge Routers 4G MPLS INET Programmatic API APIs 22 • Programmatic control over all aspects of vManage administration • Secure HTTPS interface • GET, PUT, POST, DELETE methods • Authentication and authorization • Bulk API calls • Python scripting REST
- 11. vAnalytics vSmart Controllers vAnalytics vManage Data Center Campus Branch SOHO Cloud vBond WAN Edge Routers 4G MPLS INET APIs 3rd Party Automation vAnalytics • Cloud-based analytics engine • Optional solution element • Opt-in customer model • Analyze fabric telemetry • Capacity projections • SLA violation trends • Utilization anomaly detection • Application QoE • Carrier grading • Data anonymization 23
- 12. Cisco SD-WAN Terminology and Key Functions
- 13. Cisco SD-WAN Terminology • Transport Side – Controller or vEdge Interface connected to the underlay/WAN network • Always VPN 0 • Traffic typically tunneled/encrypted, unless split-tunneling is used • Service Side – vEdge interface attaching to the LAN • VPN 1-511 (512 Reserved) • Traffic forwarded as is from original source INET MPLS vSmart Connected Static Dynamic (OSPF/EIGRP/BGP) WAN Edge Service Side 29 Transport Side
- 14. 30 Cisco SD-WAN Terminology (Cont.) • Site-ID – Identifies the Source Location of an advertised prefix • Configured on every WAN Edge • Does not have to be unique, but then assumes same location • System-IP – Unique identifier of an OMP Endpoint • 32 Bit dot decimal notation (an IPv4 Address) • Logically a VPN 0 Loopback Interface, referred to as “system” • The system interface is the termination point for OMP • Organization-Name – Defines the OU to match in the Cert Auth Process • OU carried in both directions for authentication between control and WAN Edge nodes
- 15. Overlay Management Protocol (OMP) • TCP based extensible control plane protocol • Runs between WAN Edge routers and vSmart controllers and between the vSmart controllers - Inside TLS/DTLS connections • Leverages address families to advertise reachability for TLOCs, unicast/multicast destinations and service routes. • Distributes IPSec encryption keys, and data and app- aware policies vSmart vSmart vSmart WAN Edge WAN Edge 31
- 16. Transport Locator (TLOC) OMP IPSec Tunnel WAN Edge WAN Edge WAN Edge WAN Edge WAN Edge vSmart Local TLOCs (System IP, Color, Encap.) 32 TLOCs advertised to vSmarts vSmarts advertise TLOCs to all WAN Edges* (Default) Full Mesh SD-WAN Fabric (Default) * Can be influenced by the control policies Transport Locators (TLOCs)
- 18. 96 Cisco SD-WAN Portfolio • Hardware and software redundancy • High-performance service with hardware assist vEdge 5000 ISR 4000 • WAN and voice module flexibility • Compute with UCS E • Integrated Security stack • WAN Optimization ISR 1000 access • PoE/PoE+ Aggregation ASR 1000 Virtual and Cloud • Service chaining virtual functions • Optionsfor WAN connectivity • Open for 3rd party services & apps Cisco ENCS CSR 1000V • Cisco DNA virtualization • Extend enterprise routing, security & management to cloud Branch ISR1120 / 1160 XE-SDWA VEDGE O ISR1100-6G • 6 WAN ports (4GE and 2 SFP) • ~1 Gbps perf. vEdge 2000 • 4 GE WAN ports • ~200 Mbps perf. vEdge 100M • 4G LTE (CAT3) • ~200 Mbps perf. ISR1100-4GLTE • 4G LTE (CAT4) • ~ 200 Mbps perf. • FCS in December 2019 • Integrated wired and wireles•s Smallest form-factor • PIM: 4G LTE CAT4/6/18 • Upto 30% higher perf. • ~2 Gbps perf. • Modular and RPS • ~5 Gbps perf. • Modular and RPS NEW ISR1100-4G NEW NEW (New 25 SKUs) NEW
- 19. 98 vEdge 1000 vEdge 100B ISR 1100-4G (Orderable Now) vEdge Platform Evolution Powered by Viptela OS 19.2 vEdge Series ISR 1100-6G (Orderable Now) Next Gen vEdge • 4 Ethernet WAN ports • 6 WAN ports (4GE and 2 SFP) ■ Best in Class ISR Platform ■ Day 1 Full Feature Parity with vEdge ■ Field upgradable to XE-SDWAN (Roadmap) vEdge 100M ISR 1100-4GLTE (January 2020) • 4 Ethernet WAN ports • Integrated LTE (CAT4)
- 20. Cisco SD-WAN Data Plane Bring-up
- 22. 130 Device template System VPN0 VPN i/f VPN512 VPN i/f Service VPNs banner …. VPN0 template number / name route services VPN Interface Ethernet shut interface name IPv4 address tunnel color VPN512 template number / name route services System template site ID system IP overlay ID Level 1: Device Template Level 2: Feature Templates Device Configuration Template Overview
- 24. Policy Configuration Overview • Clear separation exists between control plane and data plane policies • Clear separation exists between centralized and localized functions Centralized Localized Centralized Localized Policy Control Data Affects Control Plane 162 Affects Data Plane Affects network-wide routing Route policy in site-local network Affects network-wide data traffic Access lists affects a single interface on a single router