Question ID : 602/279023 Page 1 of 3

Which of the following Cisco SD-WAN components must be configured

with a public IP address? (Select the best answer.)
A. vBond orchestrator
B. vEdge router
C. vManage NMS
D. vSmart controller

Correct

Explanation:
The vBond orchestrator is a Cisco Software-Defined WAN (SD-WAN)
component that must be configured with a public IP address. Cisco SD-
WAN is an overlay network architecture that uses cloud technology to
create and manage an IP fabric. The four fundamental components of
the Cisco SD-WAN architecture are the following:

l vBond orchestrator
l vSmart controller
l vEdge router
l vManage network management system (NMS)

The vBond orchestrator authenticates vEdge routers and vSmart

controllers over a Datagram Transport Layer Security (DTLS) tunnel
connection as they perform their initial startup sequences. The vBond
orchestrator is the only SD-WAN component that is required to have a
publicly routable IP address. Because the vBond orchestrator has a
public IP address, it can be accessed by other SD-WAN components
even if they reside behind Network Address Translation (NAT) devices
such as firewalls or routers. This accessibility enables the vBond
orchestrator to facilitate connections among all other SD-WAN
components. In addition, the vBond orchestrator uses load-balancing
mechanisms to ensure that vEdge routers are efficiently distributed
between available vSmart controllers when the vEdge routers are

about:blank 6/17/2020
Question ID : 602/279023 Page 2 of 3

initially configured.

The vSmart controller manages the control plane of the SD-WAN

overlay network architecture. The vBond orchestrator and vEdge
routers must maintain DTLS connections to at least one vSmart
controller. Control plane traffic passes through DTLS tunnels between
the vSmart controller and the other SD-WAN components. For
example, the vSmart controller uses Overlay Management Protocol
(OMP) to distribute routing information, security keys, and policy
configurations through DTLS tunnels to vEdge routers. The vEdge
routers can then use this information to determine the appropriate
next hop for data plane traffic, to create IP Security (IPSec) tunnels to
other vEdge routers for data plane traffic, and to ensure that Service
Level Agreements (SLAs) are met and that traffic policies are enforced.

The vEdge routers manage the data plane of the SD-WAN overlay
network. The IP fabric of the SD-WAN overlay network consists of
vEdge routers interconnected by IPSec tunnels. Routing information
for the IP fabric is reflected by using OMP to each vEdge router over a
DTLS tunnel to its associated vSmart controller. Routes reflected from
the vSmart controller are redistributed into the routing table at each
associated vEdge router so that all routing decisions can be handled
locally by the vEdge routers.

The vManage NMS is a software solution that provides a single GUI to

configure and manage the components of the SD-WAN architecture.
Additional software services can be added to vManage NMS to provide
capabilities specific to Software as a Service (SaaS) application
performance monitoring or to network performance data analysis. The
CloudExpress service integrates with vManage NMS and can be used to
optimize SaaS application performance in real time by using metrics
and monitoring data gathered from the IP fabric. The vAnalytics
platform is a network-monitoring service that enables the analysis of
network and application performance over time. The vAnalytics
interface provides an initial overview of the network and enables an

about:blank 6/17/2020
Question ID : 602/279023 Page 3 of 3

administrator to delve into detailed, time-based data.

Reference:
CCNP and CCIE Enterprise Core ENCOR 350-401 Official Cert Guide,
Chapter 23: Fabric Technologies, vBond Orchestrator

Cisco: The Cisco SD-WAN Solution: Primary SEN Components

CiscoLive: Serviceability of SD-WAN: SDWAN Components overview

(PDF)

Category:
1. Architecture

about:blank 6/17/2020