Professional Documents
Culture Documents
IaaS
WAN SaaS
DC/Private Cloud
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
A Hybrid Multi-Cloud environment is the new norm
Enterprises are adopting cloud; forecasts show that investments will increase
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
…But….there are multiple challenges with cloud
deployments
Complex connectivity,
Lack of QoS, reliability Lack of a common Traditional consumption
inconsistent experience with
and optimizations for policy framework models for on-prem do
and lack of governance across
cloud application across on-prem and not align with cloud
multi-cloud and SaaS
experience cloud that provides full products and
expensive
visibility marketplaces
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp extends SD-WAN to Cloud to address these
challenges
3
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp for IaaS
Key Benefits
Automated Infra in Policy Control Management Plane Reduce OPEX Enhanced Visibility
Public Cloud
BGP to OMP
IGW
AZ1
Cisco Cloud Edge
VPC VPC
TGW Gateway
AZ2 VGW vManage VPC/VNET
SDWAN Cisco Cloud Edge Platform
Transit VPC
Device and Circuit
Transit VPC
Availability
Extends a common Tunnel Perf (Loss,
Extends full SD-WAN policy framework Managed via Cost effective by Latency, Jitter)
capabilities into the across SD-WAN fabric vManage just like any utilizing Transit Top Apps
cloud and cloud other router VPC/VNET BW Utilization
App QoE
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp for IaaS - Azure
Standard IPSec + BGP
(2x) SD-WAN • VPN GW for host VNETs
VNET
BGP <-> OMP
AS1 • VNET Gateway per-region
- Multiple for scale
VNET
VPN
AS2 GW • Standard based IPSec
INET - Connectivity redundancy
Host VNET WAN Edge
AS
MPLS
• BGP across IPSec tunnels for route
Express advertisement
VNET WAN Edge Route - Active/active forwarding
GW
AS1 - BGP into OMP redistribution
VNET Gateway
Advertise default route to host
VPN
GW VNETs
AS2
• Optional Express Route
Host VNET
Azure Region
vManage
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WAN integration with Microsoft vWAN
Native integration of SD-WAN endpoint inside Azure Virtual WAN
17.4
Security/Policy
Create policies in vManage and
push them to vWAN Hub Branch Branch Branch
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automation, Visibility and Segmentation
Cloud onRamp for Multicloud - Azure 2H CY20
Cisco Cloud
Controllers
west-us1 east-us1
vHub vHub
INET
INET DC
Site 1 Azure Backbone
SDWAN Cloud Network SDWAN
MPLS
MPLS
Site 3
SDWAN SDWAN
Site 2 Region Region
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Mapping of SD-WAN branch networks to VNets
Difference to AWS: vWAN currently does not support segmentation.
Unidimensional mapping:
• select a set of VNETs in one or multiple regions and define a tag
• select a set of service VPNs (SD-WAN branch networks)
Result: all selected VNets will be visible to all selected VPNs.
Caveat: IP addresses of the selected VPNs cannot overlap (since no
segmentation support).
Mapping types:
• 1:1 mapping: one VPN to one tag, which can contain multiple VNets.
• N:1 mapping: mapping several VPNs to one tag
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential