1 Introduction To SDWAN Fabric

Introduction to SD-WAN Fabric
Waqas Daar
TECHNICAL CONSULTING ENGINEER
September 17, 2019
• What is SD-WAN?
• Why SD-WAN?
• Benefits of SD-WAN
• SD-WAN Solution Overview
• Orchestration Plane
Agenda • Management Plane
• Control Plane
• Data Plane
• Controller Deployment Architecture
• Control Plane Sessions
• Cisco SD-WAN Fabric Operations
• Cisco SD-WAN Platforms
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What is SD-WAN?
• The software-defined wide area network (SD-WAN) is a technology for configuring
and implementing an enterprise WAN — based on software-defined networking
(SDN) — to effectively route traffic to remote locations such as branch offices,
Internet.
• SD-WAN technology derives significant flexibility and agility benefits from removing
the burden of traffic management from physical devices and transferring it to
software.
What challenges SD-WAN is
addressing ?
• The traditional WAN lacks the agility and efficiency for today’s cloud-driven
networking requirements and bandwidth intensive applications
• Align business policy to the operational performance of applications doing
intelligent forwarding of application traffic across the enterprise WAN ensuring
that pre-defined, per-application performance metrics, or service level
agreements (SLA), are persistently met at the lowest achievable costs.
• Maximize the use of the internet connected link.
• Remove the complexity of the network topology
• Adapt and gain real visibility of my network
Benefits of SD-WAN
• Increased bandwidth at a lower cost
• Centralized management across branch networks
• Full visibility into the network
Things to remember…
vEdge – vEdge Router
i.e. an SDWAN router
cEdge – ISR/ASR Router
vSmart - controller vBond - orchestrator
vManage – Management Application
Cisco SD-WAN Solution Overview
Applying SDN Principles To The Wide Area Network
vManage
OrchestrationPlane vBond
vSmart
MANAGEMENT
vBond
ManagementPlane API vEdge

(Multi-tenant or Dedicated)
ORCHESTRATION ANALYTICS
Control Plane
(Containers or VMs)
CONTROL
Secure DTLS Control Channel

Secure IPSEC Data Channel INET MPLS 4G
Data Plane
(Physical or Virtual)
Data Center Campus Branch Home Office

Orchestration Plane
vBond Orchestrator
vBond
Main
MANAGEMENT Characteristics
API • Orchestrates control and
ORCHESTRATION ANALYTICS management plane
• First point of authentication
• Distributes list of vSmarts/
vManage to all vEdge routers
CONTROL
• Facilitates NAT traversal
• Requires public IP Address
Secure IPSEC Data Channel
INET MPLS 4G [could sit behind 1:1 NAT]
• Highly resilient
• Multitenant or single tenant
Management Plane
vManage
vBond Main
Characteristics
MANAGEMENT
• Single pane of glass for
API Day0, Day1 and Day2
ANALYTICS
operations
ORCHESTRATION
• Centralized provisioning
• Multitenant or single tenant
• Policies and Templates
CONTROL
• Troubleshooting and
Monitoring
INET MPLS 4G • Software upgrades
• GUI with RBAC
• Programmatic interfaces
(REST, NETCONF)
Data Center Campus Branch Home Office • Highly resilient
Control Plane
vSmart Controller
vBond
Main
MANAGEMENT Characteristics
API • Facilitates fabric discovery
ORCHESTRATION ANALYTICS • Disseminates control plane
information between vEdges
• Distributes data plane and app-
aware routing policies to the vEdge
CONTROL routers
• Implements control plane policies
INET MPLS 4G
• Dramatically reduces control
plane complexity
• Highly resilient
Data Plane
SD-WAN Router Main
Characteristics
vBond
• SD-WAN edge router
MANAGEMENT • Provides secure data plane with
remote Sd-WAN edge routers.
API
• Establishes secure control plane
ORCHESTRATION ANALYTICS with vSmart controllers (OMP)
• Implements data plane and
application aware routing
policies
CONTROL
• Exports performance statistics
• Leverages traditional routing
INET MPLS 4G protocols like OSPF, BGP, EIGRP
and VRRP
• Support Zero Touch
Deployment
Data Center Campus Branch Home Office • Physical or Virtual form factor
(100Mb, 1Gb, 10Gb, 20Gb+)
Controller Deployment
NIC0 NIC1 NIC0 NIC1
NIC0 NIC1 NIC2
▪ Minimal configuration for

VPN0 VPN512 VPN0 bring-up
VPN512
vBond vSmart
- Connectivity, System IP,
Site ID, Org-Name,
Control VPN0 Management VPN512 Control vBond IP
Management
Interface Interface
vManage Interface Interface
Control Mgmt
Interface
ESXi, KVM, AWS, MS Azure Interface ESXi, KVM, AWS, MS Azure
Cluster
Interface
(vManage
Only)
ESXi, KVM, AWS, MS Azure
SDWAN Fabric Terminology
• Overlay Management Protocol (OMP) – Control plane protocol distributing
reachability, security and policies throughout the fabric
• Transport Locator (TLOC) – Transport attachment point and next hop route attribute
• Color – Control plane tag used for IPSec tunnel establishment logic
• Site ID – Unique per-site numeric identifier used in policy application
• System IP – Unique per-device (vEdge and controllers) IPv4 notation identifier. Also
used as Router ID for BGP and OSPF.
• Organization Name – Overlay identifier common to all elements of the fabric
• VPN – Device-level and network-level segmentation
Control Plane Sessions
o Secure Channel to SD-WAN Controllers DTLS only
operates over DTLS/TLS authentic ated and • Viptela Primitives
secured tunnels. vManage • Permanent
• Multiple Sessions
o OMP between vEdge routers and vSmart
controllers and between the vSmart controllers vBond
o NETCONF – Provisioning from vManage. vSmart vSmart

Access via admin credentials over
authenticated tunnel.
DTLS or TLS
DTLS or TLS
• Viptela Primitives
• Viptela Primitives • OMP
• NETCONF • Permanent
• Permanent • 1 session / vSmart /
• Single Session TLOC
DTLS Only
• Viptela
Primitives
• Temporary
vEdge
Cisco SD-WAN Fabric Operations
Policies
OMP vSmart
DTLS/TLS Tunnel
vManage vBond
IPSec Tunnel
BFD
OMP OMP
VPN1 MPLS VPN1
VPN2 INET VPN2
Typical SDWAN Deployment Architecture
Private Cloud Site Enterprise Controllers Virtual Private Cloud SaaS
App
Se rvers
SDWAN Servers
VPC VPC
Headend
VPC VPC
Distro
Switch
V V
CE
Routers
MPLS1 I NET
V = Virtual Router
Dual Router Single

Legacy Router
Branch Branch
Branch
Cisco SD-WAN Platform Options
Virtual (x86) Platforms Public Cloud
ENCS 5100 ENCS 5400 Generic

A B A B C A B C
• Services • More Services • Flexible
Physical Platforms
ISR 1000 vEdge 100 ISR 4000 vEdge 1000 ASR 1000 vEdge 2000 vEdge 5000
• Small Branch • Branch • Campus

• Campus • Data Center
SD-WAN Software (Viptela OS, Cisco IOS XE-SDWAN)


1 Introduction To SDWAN Fabric

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1 Introduction To SDWAN Fabric

Uploaded by

Copyright:

Available Formats

Introduction to SD-WAN Fabric

vSmart - controller vBond - orchestrator

vManage – Management Application

ManagementPlane API vEdge

Secure DTLS Control Channel

Data Center Campus Branch Home Office

Data Center Campus Branch Home Office

Data Center Campus Branch Home Office

NIC0 NIC1 NIC2

▪ Minimal configuration for

ESXi, KVM, AWS, MS Azure

• Site ID – Unique per-site numeric identifier used in policy application

• VPN – Device-level and network-level segmentation

o NETCONF – Provisioning from vManage. vSmart vSmart

VPN1 MPLS VPN1

VPN2 INET VPN2

Dual Router Single

ENCS 5100 ENCS 5400 Generic

• Services • More Services • Flexible

• Small Branch • Branch • Campus

SD-WAN Software (Viptela OS, Cisco IOS XE-SDWAN)

You might also like