Professional Documents
Culture Documents
Cisco SD-WAN as a
Managed Service
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKRST-2558
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco SD-WAN as a Managed Service
• Introduction
• SD-WAN as a Service – Benefits
• Cisco SD-WAN Technology Quick Overview
• MSP SD-WAN Controllers Deployment Options
• WAN Edge On-Boarding – Appliances, Universal CPE, VNFs
• SD-WAN gateways, Large Scale, Multiple Domains
• Orchestration for MSPs
• Conclusion
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Introduction
BRKRST-2558
Network Transformation
Hardware Centric Software Driven
Manual Automated
Closed Programmable
Reactive Predictive
CLOUD & ON-PREM AUTOMATION & SCALE SECURITY & COMPLIANCE ASSURANCE & ANALYTICS
Hosted, delivered, managed Speed, flexible, zero-touch, Segmentation, Users, applications, devices
policy driven threat mitigation
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Applications Moving to Not One Cloud, But Many
DC/Private Cloud
WAN
Campus & Branch Users Internet connectivity
becomes
business critical SaaS
Mobile Users
IaaS
NSO MSP
DC
SaaS
4
Business VPN Cloud Apps
Apps
1 End-point flexibility
Gray, White or Black box
Internet
3rd
… IaaS
Party (or) 4G/LTE
5 VPC/VNET
Gateways
X86
0 Transport Independent
WAN Fabric
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Deployed Use Cases - Sample
Critical Applications SLA Bandwidth Augmentation Secure Segmentation
• Each vEdge router vManage • Augment MPLS with vManage • Complete isolation in the control vManage
continuously monitors path Internet bandwidth and data plane
App Aware Routing Policy
performance and adjusts • Create traffic engineering Traffic Engineering Policy • Not all VPNs have to be present
App A path must have: Configuration Templates
forwarding Latency ≤ 150ms policy to steer application (data policy) everywhere Assign interfaces and sub-
• Loss ≤ 2% App A - > MPLS TLOC
Configurable probing traffic • Policies are VPN- aware interfaces to respective VPNs
Jitter ≤ 10ms App B - > Internet TLOC
intervals - Active/Active if no policy
Internet
Remote Site Remote Site Remote Site 1 Data Center
Internet VPN1
Internet
MPLS A VPN1 VPN2
Data Center Data Center
MPLS
App A Path 2
VPN2 VPN3
B
4G LTE MPLS Remote Site 2
VPN3 ge0/2.1 - > VPN1
Path1: 10ms, 0% loss, 5ms jitter App A - > MPLS TLOC ge0/2 - > VPN1 VPN1 ge0/2.2 - > VPN2
ge0/3.2 - > VPN2 ge0/2.1 - > VPN1
Path2: 200ms, 3% loss, 10ms jitter App B - > Internet TLOC ge0/3.2 - > VPN2 ge0/2.3 - > VPN3
ge0/3.3 - > VPN3 VPN2
Path3: 140ms, 1% loss, 10ms jitter
SDWAN Tunnel SDWAN Fabric SDWAN Tunnel SDWAN Fabric
© 2017 Cisco and/ or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/ or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/ or its affiliates. All rights reserved. Cisco Confidential
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Connectivity and Overlay
End-to-end SD-WAN
Business VPN Extension over Last Mile
with APP level SLA
End-to-end SD-WAN Hosted MPLS Extension
with APP level SLA Services over last mile
MPLS
MPLS
Transports Managed by SD-WAN MSP Expand Business VPN service over the last mile
But some/all could also be from another SP(s) MSP may not own the transport
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Managed Security
Hosted On-Prem or Cloud Security Features
Hosted in the SP Core/CNF
(Managed Firewall, IPS/IDS, etc)
Private IP Data
Center
Private IP
Data Center
Managed
Data Firewall
Center (On-Prem or
Site Internet Cloud/CNF)
Site
Cloud Internet
Cloud
Cisco Umbrella
Hosted On-Premise
Hosted in the SP Core/CNF
(Managed Firewall, IPS/IDS, etc)
(Managed Firewall, IPS/IDS, etc)
Cloud Security for DIA with Cisco Umbrella
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Cloud Networking-aaS with SLA (IaaS and SaaS)
One Click Cloud Networking (IaaS)
Branch to Public Cloud SD-WAN Optimized access to SaaS
Hosted Network
Services Private
(MSP Cloud Platform)
Gateway
Secure Cloud
Interconnect
Internet Private IP
Critical 0r
NetBond
Internet
Direct
Internet
Access
Internet (with SaaS
Non- Application VPC
(owned & managed by
optimization) Hybrid access to
critical
customer)
Local Netbond/Secure
Breakout Cloud
• E2E SD-WAN connectivity to business applications in public cloud Interconnect
• Transport diversity & app aware routing (PIP & Inet) at branch & • Enabling optimal Cloud OnRamp for optimal user experience
public cloud • SP provided interconnect
• Secure private connection to public cloud • Direct peering with SaaS/Cloud providers
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Cisco SD-WAN
Technology Overview
Cisco SD-WAN Solution Roles and
Responsibilities
Orchestration Plane Management Plane
• First point of authentication vManage • Single pane of glass for Day0, Day1
• Distributes list of vSmarts/ and Day2 operations
vManage to all vEdge routers APIs • Multitenant or single-tenant
• Facilitates NAT traversal 3rd Party • Centralized provisioning,
vBond troubleshooting and monitoring
Automation
• RBAC and APIs
vAnalytics
Data Plane Control Plane
vSmart Controllers
• Physical or virtual • Dissimilates control plane
• Zero Touch Provisioning information between vEdges
• Establishes secure fabric 4G • Distributes data plane policies
MPLS
• Implements data plane policies • Implements control plane policies
INET
• Exports performance statistics vEdge Routers
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Control Plane Sessions - Summary
DTLS only
• Secure Channel to SD-WAN • Permanent
• Multiple Sessions
Controllers (vSmart, vBond, vManage
vManage) vBond
• Single extensible control plane
• Operates over DTLS/TLS vSmart1 vSmart2
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Control Plane - Overlay Management Protocol
(OMP)
Site-ID
System-IP
Encap-Auth
Public IP/Port
vSmart Private IP/Port
Tag
Preference
Weight
TLOC Routes
OMP Routes MPLS INET Service Routes
TLOC TLOCs VPN-ID
Label Service-ID
VPN-ID Label
Tag vEdge
TLOC
Preference
Origin
Protocol Connected
Origin Metric Service Network
Side Static Service
Dynamic (OSPF/BGP)
L4-L7 Node
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Data Plane Establishment
A 1 2 WAN Local TLOCs
EdgeA (System IP, Color, Encap
B 1 2 Pub IP/Port, Priv IP/Port)
1 2 OMP Policies
C 1 2 Update
vSmart Control Plane channel to vSmarts
OMP
Update TLOCs advertised to vSmarts in
INET MPLS
A 1 2 TLOC routes
OMP B 1 2
Update
C 1 2 vSmarts advertise TLOCs to vEdges
1 2 1 2 in TLOC routes
WAN WAN
EdgeB EdgeC
A 1 2 A 1 2 SD-WAN Fabric with
VPN1 VPN2 VPN1 VPN2 TLOCs as tunnel
B 1 2 B 1 2 endpoints
A B C 1 2 C D C 1 2
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Data Plane - Color Influence
MSP datacenter
• Colors influence the data plane NAT
vEdge
Q0 y
Cop
Egress Interface
Ingress Interface
Egress Interface
Ingress Interface
Q1
Egress Interface
Q2
Ingress Interface
DSCP
DSCP
DSCP
Q7
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Device Configuration
DTLS
NETCONF
vManage
Yang
vSmart
Device Configuration
DTLS
NETCONF
Device Configuration Yang
WAN Edge
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Policy Framework
DTLS
NETCONF
vManage
Yang
Centralized
Policies vSmart
Localized
Centralized Control Policy
Policies DTLS (Fabric Routing)
Local Control Policy
NETCONF Centralized Data Policy
(OSPF/BGP) Yang
(Fabric Data Plane)
Local Data Policy
Centralized App-Aware Policy
(QoS/Mirror/ACL)
(Application SLA)
WAN Edge
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
MSP SD-WAN
Controllers Deployment
MSP Deploying Controllers – Options
On-Premise/SP Hosted Cloud Hosted
VM VM
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Multi Tenancy
A B A+B
Dedicated VPN
(No) Tenancy Tenancy
Enterprise
Tenancy
Tenant Tenant
B A © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
vManage, vBond, vSmart
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Scaling and High Availability
vBond vSmart vManage
Active Cluster
Active
Active Active
Standby Cluster
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
OPTION 1
Control Plane
Data Plane
MPLS INET MPLS INET
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
OPTION 2
Option2 - SP Hosted Deployment
Control on MPLS/INET – Public IP Addresses
Public IP/Port Public color BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
OPTION 2
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
OPTION 3
Option3 - SP Hosted Deployment
Control on MPLS Only – Not Recommended
STUN vBond Private vBond
• Controllers accessible via Private Transport
Only - Controllers intentionally restricted to
private access only
• Control Plane on MPLS only (loose HA)
• Internet attached vBond allows for NAT
DMZ (NAT 1:1) Datacenter Segment
Traversal on public
- vBond-as-Stun-Server
• Encryption keys for public exchanged
across private only
INET MPLS
vpn 0
Private IPs interface ge0/0
tunnel-interface
vbond-as-stun-server Private IP/Port Private color
color public-internet Public IP/Port Public color
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
vBond Discovery
• (1) WAN Edge queries PnP Servers to get vBond IP or
vBond FQDN
Cisco PnP • (2) WAN Edge will try vBond one-by-one on every TLOC
Servers (by default, unless configured differently)
• Controllers and WAN Edge find vBond in the same way:
2 • Locally configured IP-address (for a single vBond) or FQDN
(for multiple vBonds). FQDN can be resolved via DNS or
INET MPLS
locally (host statements)
1 • In case of ZTP and need for local resolution, an IP-address
can be pushed initially and host statements put in place
when template configuration is applied
NAT
Box
• vBond discovers router public IP address and port, even if
traverses NAT and communicates (public IP, public port)
to the router
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
WAN Edge On-Boarding
Appliances,
Universal CPE, VNFs
Cisco SD-WAN Platform Options
Virtual Platforms
Physical Platforms
ISR 1000 vEdge 100 ISR 4000 vEdge 1000 ASR 1000 vEdge 2000 vEdge 5000
vManage
Cisco Commerce
Workspace org-name
vBond
If on-prem, controllers
instantiated by Provisioning
2 Customers, controllers File
details added to PnP Power up
Connect WAN Edge
Customer Customer
Service Provider Service Provider
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Connecting WAN Edge
Direct Connection Behind CPEs Using Universal CPE
ISP Provider
Box CPE
x86 runs
WAN Edge NFVIS OS
ENCS / NFVIS
Universal CPE
WAN Edge
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
1. On-Boarding on INET Using Global PnP
NSO
PnP
MPLS INET Servers
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
3. On Boarding Universal CPE (uCPE)
MPLS INET
Enterprise Networking Compute Platform
x86 runs Virtualization Layer WAN1 WAN2
VNFM
NFVIS
LAN
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
SD-WAN Service on Universal CPE
Orchestration and Management (MANO)
NSO with vBranch/SDWAN Core Function Pack
Virtual WAN
Virtual Router Virtual Router Virtual Firewall Virtual Wireless LAN
Optimization 3 rd Party VNFs
(ISRv) (vEdge) (ASAv) Controller (vWLC)
(vWAAS)
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Secure Overlay to NFVIS
• Secure access to uCPE from NSO
IPSec
Tunnel Public IP
NAT
NFVIS 3.10.1
NVFIS
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Single IP Address for WAN
MSP Data Center MSP Data Center
Public IP Gi0/0
ISRv
WAN IP ISRv
NFVIS
Cisco Router WAN IP NFVIS MGMT IP
NVFIS
Private IP Private IP
space space
• Service Provider management of legacy MPLS-VPN CPE • Service Providers to manage uCPE as a traditional CPE with a
using to the Public IP address assigned to the WAN interface. single IP address
• NFVIS - The two interfaces that connect the user to the system are
• Most OSS/BSS provisioning systems based on the
the WAN interface and the management interface. By default, the
assumption that CPE has only one IP address used for the
WAN interface has the DHCP configuration and the management
WAN
interface is configured with the static IP address 192.168.1.1
• VNF - requires IP address to be WAN connected
• At least 2 IP Addresses are required
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
VNF Performance
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
SD-WAN Service on Universal CPE (ENCS)
NSO w SD-WAN
Core Function
Pack
3 PnP Request
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
NSO with the SDWAN
Function Pack
7
3 Full Registration and
Configuration
6
4
VNFs instantiated and loaded with vEdge
Bootstrap Configuration cloud-init file.
Chaining of VNFs occurred if Virtual Networks
requested. (ENCS)
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
SD-WAN Gateways –
Large Scale, Multiple
Domains
SD-WAN Gateway - Deployment and Migration
SD-WAN Fabric
SDWAN MPLS-VPN
Gateways PEs
BGP
OMP
MPLS
Legacy
INET CPE
SD-WAN CPEs
OMP
• Identify Gateway/DC Sites providing connectivity between SD-WAN and legacy sites
• Legacy sites talk to each other directly
• SD-WAN sites talk to each other directly
• Legacy router/connectivity is dropped in the DC/Gateway sites once migration is complete
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
INET WAN Edge Only to MPLS WAN Edge Only
?
MPLS INET
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
INET WAN Edge Only to MPLS WAN Edge Only
Option1 - Multihomed Gateway Option2 - End to end Data Plane
GATEWAY GATEWAY
OMP OMP
DEFAULT DEFAULT
SUMMARY SUMMARY
NAT
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Overall MSP Deployment Public MSP
Internet Cloud
• Support Regional Meshing for optimal
connectivity MSP
• Support remote region connectivity through
MSP MPLS VPN Datacenters
Gateways Legacy CPEs
MPLS
• Provide Redundant Gateway Connectivity VPN
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Control Policy Case Study – Site Definitions
• Site-ID assignment allowing for Site identification – 32 bits
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Control Policy Principles – US Region
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Protecting workers wherever they are…
Datacenter/
Multi-factor Private Cloud
SDWAN and
Authentication Firewall/IPS/
URL Filtering
Branch/Campus
• Cisco Umbrella
- Router intercepts client DNS queries
Cisco
IaaS
- DNS queries are forwarded to Cisco Umbrella
Umbrella DNS servers either
unconditionally or based on the policies
- Cisco Umbrella enforces security policy
compliance based on DNS resolution
- Cisco Umbrella can act as proxy for
application traffic with full Unified
Threat Management capabilities Internet/SaaS
Home/Mobile
Secure Internet GW
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
FCS Q4CY18
SD-WAN Security Committed 1HCY19
Only App Aware FW and DNS/web-layer security Only FW and DNS/web-layer security
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
SD-WAN Overall Service Management
SP Data Center 1 SP Data Center 2
• WAN Edge – Management VPN
- VPN 511 for example ORCHESTRATION LiveSP
3rd Party
EMS
PLATFORM
- Management VPN
VPN VPN
- Appliance or VNF Mgmt 511 SD-WAN
Gateway
511 SD-WAN
Gateway
Hub
VPN VPN
511 511
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
SD-WAN Overall Service Management
SP Data Center 1 SP Data Center 2
• ENCS/NFVIS – Secure Channel
- ENCS Bootstrap ORCHESTRATION LiveSP
3rd Party
EMS
PLATFORM
- IPSec tunnel
VPN VPN
- NSO can access NFVIS Mgmt 511 SD-WAN
Gateway
511 SD-WAN
Gateway
Hub
- Outside/Inside of SD-WAN
Fabric
- Management VPN 511
VPN511 dedicated
Secure for Management
- Used to access WAN Edge Channel INET
for management
- Used to access NFVIS
- Used to access VNFs running
on NFVIS
VPN VPN
NVFIS 511 NVFIS 511 VPN VPN
511 511
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
vBranch Management
- Management VPN 511 Fabric
Data Tunnel
- Used to access WAN Edge for
management
- Used to access NFVIS
ENCS
- Used to access VNFs running WAN Edge
on NFVIS VPN
511
MGMT net
NVFIS
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Orchestration for MSPs
MSP Orchestration
3 SP Data Center
5
SP Data Center
Cloud
1 2 4 Services
SP Data Center
vBranch (ENCS) vEdge/cEdge Appliance
Internet
Security and Cloud Services
3rd Party ASAv vEdge
VNFs FTDv Cloud
SP
Services
Hosted Collaboration,
Security, Storage…
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Cisco SD-WAN Automation Stack for MSPs
1
Cisco vManage
vManage
Target customer customer
has vEdge appliances
1
without a need for virtual
CPE, service orchestration
SP Datacenter
NFVI Cisco Router
ENCS
NFVIS
vEdge cEdge
and OSS/BSS from Cisco
(OpenStack, VMware
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Single Pane of Glass Operations
vManage GUI
• Intuitive GUI driven operations
- Management, monitoring and
troubleshooting
• Cloud Delivered
- Private, hosted or managed
• Single or Multi-tenant
• Role-based Access Control
• Clustered for scale and high
availability
• REST APIs based
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Current Orchestration and APIs
REST
vManage Management
Netconf Monitoring
Provisioning
Syslog Troubleshootin
g
vSmart
SNMP * http://tools.ietf.org/html/rfc7011
cFlowd*
CLI
Secure
Internet Control Plane
4G/LTE
MPLS
Secure
Data Plane
vEdge Routers
Cisco MSX
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
NSO System Overview
Network Engineering Ops and Provisioning Service Developers
• Model-driven end-to-end service
lifecycle and customer experience
in focus
NSO
• Seamless integration
Service Manager with existing and future OSS/BSS
Package environment
CDB Manager
Device Manager • Loosely-coupled and modular
architecture leveraging open APIs
Device Abstraction ESC (VNFM)
and standard protocols
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
SD-WAN Core Function Pack Architecture
Network Service Orchestrator
SD-WAN Core Function Pack
VNF VNF
Manager Manager vManage
(ESC-Lite) (ESC)
vAnalytics vManage
SD-WAN
Data Export Telemetry
Fabric
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Key Takeaways
BRKRST-2558
Journey to Intent-based Networking
The Network. Intuitive.
Powered by intent. Informed by context. Intent-based
Networking
Machine Constantly Learning
Learning & AI Constantly Adapting
Analytics & Policy Validation Constantly Protecting
Policy-Based Assurance Predictive
Digital—Ready Automation Everything as a sensor Self-healing
Infrastructure Business Policy Telemetry
Secure foundation Translation Historical & Real-time
Programmability Segmentation
Virtualization
We are here
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Your SD-WAN learning map at CLEUR
Monday Tuesday Wednesday Thursday Friday
TECCRS-2014 BRKRST-2560
Deep Dive BRKRST-2559
Analytics / ML
On-prem
Deployment BRKCRS-2117
BRKCRS-2112
Serviceability Design
Deployment
TECCRS-2191 BRKCRS-2114
Deployment / BCP BRKCRS-2111 Security
Migration
TECSEC-2355
Security BRKRST-2558 BRKCRS-2113
BRKCRS-2110 SD-WAN as a Cloud onRamp
The foundation Managed Service
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
More Information
• BRKCRS-2110 – SD-WAN Overview
• SD-WAN CVD:
• https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/CVD-SD-WAN-
Deployment-2018OCT.pdf
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKRST-2558
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Continue Your Education
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Thank you
BACKUP SLIDES
Certificates vBond vManage vSmart
through Symantec
- Symantec Root Cert chain in the Signed Signed Signed
software by default
- Certificates automatically sent to
controllers from Symantec
- Symantec manual also available
• Can use Enterprise/MSP CA
- Install Enterprise Root CA cert
chain in all controllers
- Install certificates on all controllers
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Public and Private Colors
Public IP/Port Private IP/Port
• TLOC Color used as static identifier for interface and • Color setting applies to:
underlay network attachment. Color is categorized as - WAN Edge to WAN Edge Communication
Private or Public - WAN Edge to Controller Communication
- Private Colors [mpls, private1-6, metro-ethernet]
- All other colors are public [red, blue,…, public-internet,…]
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
For Your
Information
Certificate – Devices
• Each physical WAN Edge router is uniquely
identified by the chassis ID and certificate serial
TMP
Signed
Device Certificate number
Chip (Manufacturing)
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
NSO with the vBranch
Function Pack
On Boarding - ENCS/NFVIS
Network Service Orchestrator (NSO) Network Service Orchestrator (NSO)
1
NFVIS 5
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
On-Boarding – vEdge Cloud, ISRv
vManage Control and Policy
Elements
#cloud-config
vinitparam: 1
- otp : 139a24ccd4add6bc0278fde0cb366f60
- vbond : 10.60.19.45
- uuid : 0a4a4c78-35a8-4c1c-bbd2-e02516606fd7
- org : Cisco Sy1 - 19968
Cloud-Init
VM
NSO
Provisioning 3
(SDWAN-SITE FP) Tool
5
Full Registration and
2
Configuration
vEdge Cloud
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKRST-2558
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Continue Your Education
BRKRST-2558 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Thank you