Tech Talk For 23rd July

SD-WAN Migration Tech-Talk
Instructor’s: Varun Mehta and Danny Gohain

Session Date’s: 23st July 20
SD-WAN Tech-Talk Session
Chapter 1
Content
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The goal of this SD-WAN Migration Tech Talk is to
discuss few “specific scenario’s“ of Migrating to
SD-WAN Fabric
Course
Goal
To fully utilize this training we recommend to have
prior knowledge of SD-WAN components and
functionalities; you can go through SD-WAN
fundamentals prior to this session.
To fully
utilize this
training
Agenda
• Chapter 2: Introduction to SD-WAN
• Chapter 3: SD-WAN Architecture
• Chapter 4: Sastre tool for creating Template and policies with Demo
• Chapter 5: Changing vSmart mode from CLI to vManage mode with Demo
• Chapter 6: Data center device bring up with Demo
• Chapter 7: Branch site bring up with Demo
• Chapter 8: DIA site bring up with Demo
• Chapter 9: cEdge device bring up with Demo
• Chapter 10:Application aware policy creation with Demo
Lab scenario
• LAB 1: TEMPLATE AND POLICY CREATION BY PYTHON SCRIPTS
• LAB 2: BRING VSMART TO VMANAGE MODE WITH TEMPLATE
CUSTOMIZATION
• LAB 3: BRING UP VEDGE DEVICE IN DC
• LAB 4: BRING UP SITE 1 DEVICES
• LAB 5: CONFIGURE DIA FOR SITE 2
• LAB 6: CONFIGURE CEDGES FOR SITE 3
• LAB 7: CREATING APPLICATION AWARE ROUTING
Chapter 2
Introduction to SD-WAN
2.0 Intro to SD-WAN
• Lesson 2.1: Why SD-WAN?

• Lesson 2.2: What are SD-WAN Features?
Lesson 2.1
Why SD-WAN?
Traditional WAN
Management Management
Station 1 Station 2
Internet
1 Mbps
CE1 CE2
WAN
X 10 Mbps Y
Traditional WAN Challenges
Complex to operate Difficult to secure Poor user experience
Insufficient Limited App

Bandwidth Awareness
Complex Security
Operations Challenges
Challenges
No Cloud App High

Readiness Cost
What is Software Defined ”Networking”?
SDN is an approach to physically abstract the

network control plane from the forwarding plane
and be able to manage all the physical
infrastructure centrally.
3 key aspects to SDN :

• Separation of control plane from data plane
• Centralizing control plane
• Making the control plane programmable
The Need for Software-Defined and Unified Networking
Reduce Deployment Time
Single Pane of Glass Management and Visibility
Reduce Network Complexity
Reduce Cost of WAN Circuits
Ease Integration
Cisco DNA
Cisco DNA Center
Multi-tenant Rich Network
Cloud-Delivered Analytics Automation
USERS
SDWAN
Cloud .… IoT
OnRamp
ACI
DC Fabric
DEVICES
SDA Fabric DC
APPs
(branch & campus) SDWAN Fabric
IaaS
THINGS SaaS
SD-WAN vs DNA vs SDN
SDN
Foundation Architecture Decouples Network Control / Forwarding Functions
Cisco DNA
Architecture for Digital Transformation
SD-WAN
Foundation of Enterprise WAN
Lesson 2.2
SD-WAN Features
Enterprise Grade Capabilities with Reduced Cost and
Complexity for Agile IT
Separation of management, Redundant Zero-touch provisioning in

control, data for scaling management—cloud or minutes, not days
on premises
Full segmentation Choice of topologies with Complete visibility from

support for fast app point-and-click single pane of glass
deployment
Comprehensive and Flexible to Fit Your Business

PHYSICAL CAPEX WITH ANNUAL
ON-PREM
SECURE ROUTERS SUBSCRIPTION
OR OR OR
VIRTUAL ENTERPRISE-BASED
SECURE ROUTERS CLOUD AGREEMENT
LOWER COSTS
Flexible Connectivity
Lower WAN costs
Private
Cloud
MPLS
3G/4G-LTE
Colocation
Branch
Internet
Public Cloud
• Leverage local Internet path for
public cloud and Internet access
• Secure VPN for private and virtual public
cloud access
APPLICATION VISIBILITY
Application Aware Routing
4G/LTE
DPI POLICY SLA

MPLS
Transport Type
SLA
# Cloud Broadband
Service Chain
Local/Remote Breakout
REDUCE RISK
Secure Segmentation
vEdge
Cloud Router VPN 1
Data Center
IPSec VPNVPN
3 2
Tunnel
VPN 3
VPN 4
Cloud Security
Internet MPLS
Corporate
Data Center
4G/LTE
Small Office End-to-end segmentation
Home Office
Local internet breakout

Campus Branch
Secure Cloud Gateway
Arbitrary VPN Topologies
Full-Mesh Hub-and-Spoke
• Each VPN can have it’s own topology
• Full-mesh, hub-and-spoke, partial-mesh, point-to-point, etc…

VPN1 VPN2
• VPN topology can be influenced by leveraging control policies
• Applications can benefit from shortest path, e.g. voice takes

full-mesh topology
Partial Mesh Point-to-Point
VPN3 VPN4
REDUCE COMPLEXITY
Service Based Traffic Engineering
Site A Virtual Fabric Data Center

Allow UDP/5001
Deny UDP/5002
UDP/5001
UDP/5002 MPLS • Wasted Bandwidth
User App Server

Internet
Allow UDP/5001
Regional DC
Deny UDP/5002
• Firewall service is inserted into the overlay topology
• Security policy is enforced
VNF (Firewall)
BETTER USER EXPERIENCE
Cloud Ready WAN
Cloud
Applications
Cloud
Data Center
Data Data
Center Center
Small Office Small Office
Home Office Secure Secure
Home Office
SD-WAN SD-WAN
Fabric Fabric
Branch Campus Branch Campus
Secure and resilient Optimized SaaS access and performance visibility from all branches (Cloud
IaaS cloud-networking onRamp)
Simplify WAN Management
Single Pane Of Glass Operations Rich Analytics
• Cloud-first management and orchestration
• Zero-touch provisioning
• Troubleshooting with simplified workflows
• Advanced analytics and assurance
Power Tools
REST NETCONF Syslog SNMP Flow Export CLI Linux Shell

Cisco SD-WAN Solution Overview
vManage
APIs
Management/
Orchestration Plane
3rd Party
vAnalytics
Automation
vBond
vSmart Controllers
Control Plane
MPLS 4G
INET
vEdge Routers
Data Plane
Cloud Data Center Campus Branch SOHO
Cisco SD-WAN Integration Plan
Phase 1 Phase 2 Phase 3
No Integration Platform Integration Management Integration
Deployment Scenarios
vManage vManage DNA Center

vSmart vSmart + SD-WAN
vEdge vEdge ISR4K + vEdge vEdge ISR4K + vEdge

Benefits
Support and Scale current customer Viptela SD-WAN on strategic Cisco Deliver end-to-end experience with
commitments platforms full DNA integration
Platform: Platform: Management:

• As-is • vEdge capabilities integrated into all IOS-XE • DNA Center integrates vManage capabilities
Details
Management: platforms (ISR, CSR, ENCS, ASR1K) • Full DNA Center capabilities (Assurance, Integrated
• vManage Management: workflows for SD-Access and SD-WAN)
• vManage for SD-WAN capabilities on IOS-XE
SD-WAN is sure the way
ahead
Chapter 3
SD-WAN Architecture
3.0 SD-WAN Architecture
• Lesson 3.1: What is the topology for Lab Pod?

• Lesson 3.2: What is the architecture?
Lesson 3.1
Topology
Topology
SD-WAN Fabric
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. For Channel Partner use only. Not for public distribution. 31
Lesson 3.2
Architecture
Cisco SD-WAN Architecture
vManage
MANAGEMENT
vSmart
vBond
Management Plane
(Multi-tenant or Dedicated) SD-WAN
ANALYTICS Router
Control Plane
(Containers or VMs)
CONTROL
INTERNET MPLS 4G
Data Plane
(Physical or Virtual)
Cloud Data Center Campus Branch Home Office
33
Sequence of Migration
Controllers Datacenter Branches
vManage
vSmart
vBond
Planning the Migration
Time & Effort Expended
On Existing Network
On SD-WAN Routers
Factors to consider before Migration
Controllers Datacenter Branch
• Deployment Model • New/existing circuits • New/existing circuits

• Design • Identify working
• On-Prem
Simplified Deployment and Migration
Cloud-hosted Templates & Zero Touch

Management Centralized Provisioning
Policy Definition
Controller Deployment Options
Cisco Hosted
• Mgmt-Plane : Customer • Mgmt-Plane : Cisco

• Control-plane : Customer • Control-plane : Cisco
• Customer managed WAN • Customer managed WAN
Nice!
Chapter 4
Tool to create policies and Template
4.0 Sastre tool to create policies and Templates
• Lesson 4.1: Why use tool?

• Lesson 4.2: How to use tool to build Template and policies?
Lesson 4.1
Automation Tool
Tool for Policy creation
Introduction
API driven Architecture
Lesson 4.2
How to use
The use of tool is very simple and it helps to save
time , let’s go to quick Lab exercise demo
Lab 1
Demo
Nice demo
Chapter 5
Changing Mode of SD-WAN components
5.0 Changing vSmart mode from CLI to vManage mode
• Lesson 5.1: How can we change the mode of SD-WAN components ?
• Lesson 5.2: Can we use fabric in two different modes?
Lesson 5.1
Different modes of SD-WAN components
We can configure SD-WAN components in CLI as well as in
vManage mode where we can use Templates and policies
Different Modes of SD-

WAN components
Lesson 5.2
How to configure different modes
We can change mode of the device with the help of
Templates association with Device. Lets see that in
Lab 2
Demo
Good to know!
Chapter 6
Data center device bring up
6.0 Data center device bring up
• Lesson 6.1: Where to place the DC devices with legacy Network ?
• Lesson 6.2: How to configure device ?
Lesson 6.1
DC /Hub Migration
Migrating at the Datacenter
Non-SDWAN Remote Office
Site
MPLS SD-WAN Internet
Fabric
DC/non-SDWAN SD-WAN
CE Router prefixes prefixes Perimeter Firewall
(OMP) (OMP)
Non-SDWAN prefixes
(OSPF/BGP)
VPN0 VPN0
• SD-WAN to non-SDWAN interoperability
DC/SDWAN OMP-to-
prefixes VPN1 VPN1 BGP/OSPF
(OSPF/BGP)
SD-WAN Traffic
Core Switches
Non-SDWAN Traffic
Routing at the Edge SD-WAN Fabric
• Plug new circuit into SD-WAN MPLS1 Internet

router
• Extend existing circuit into SD-
WAN router
• CE owns routing decision
• To Non-SDWAN/Legacy sites →
CE
Underlay
• To SD-WAN sites → SD-WAN
Fabric

router
WAN router Non-SDWAN/Legacy Local + non-
SDWAN prefixes
• CE owns routing decision prefixes
(BGP/OSPF) (OMP)
CE
Underlay
Non-SDWAN + Local
• To SD-WAN sites → SD-WAN prefixes (OSPF/BGP)
Fabric

router
WAN router SDWAN SD-WAN

prefixes prefixes
(BGP/OSPF) (OMP)
CE
Underlay
• To SD-WAN sites → SD-WAN SD-WAN
prefixes
Fabric (BGP/OSPF)

router
WAN router
CE
Underlay
• To SD-WAN sites → SD-WAN
Fabric
SD-WAN Traffic
Non-SDWAN Traffic
Lesson 6.2
How to configure device
Lets configure the Data center device in
Lab 3
Demo
Chapter 7
Branch site bring up
7.0 Branch site device bring up
• Lesson 7.1: Where to place devices with legacy Network at branch ?
• Lesson 7.2: How to configure device and add redundancy?
Lesson 7.1
Branch Migration options
Branch Migration – Replace CE
Traditional Branch Deployment
Internet MPLS
Existing CE
Active Path
Backup Path
SD-WAN to Legacy site communication via DC/Regional Hub
DC/Remote Office
• Replace CE Legacy Sites
• ZTP → Configuration Template

• LAN Routing
SD-WAN
• Policy : DIA, Services, etc. Internet Fabric MPLS
• Direct SD-WAN → SD-WAN

sites communication
SD-WAN/
• SD-WAN → Legacy Non-SDWAN prefixes
(OMP)
Local prefixes
(OMP)
communication via DC/hub
Existing CE
OMP-to-BGP/OSPF
BGP/OSPF-to-OMP
SD-WAN/ Local prefixes

Non-SDWAN prefixes (OSPF/BGP)
(OSPF/BGP)
SD-WAN Traffic
Non-SDWAN Traffic
SD-WAN to Legacy site communication via underlay
DC/Remote Office

• LAN Routing
SD-WAN

sites communication
VPN0 Use the same
• SD-WAN → Legacy VRF on LAN
as on WAN
communication direct via
underlay VPN1 VPN0
DC/Remote Office

• LAN Routing
SD-WAN

sites communication
SD-WAN prefixes Non-SDWAN prefixes
VPN0
• SD-WAN → Legacy (OMP) (BGP/OSPF)
communication direct via OMP-to-BGP/OSPF

underlay BGP/OSPF-to-OMP VPN1 VPN0
SD-WAN prefixes Non-SDWAN prefixes

(OSPF/BGP) (BGP/OSPF)
Learns routes via SD-WAN fabric as
well as via underlay/MPLS
DC/Remote Office

• LAN Routing
SD-WAN

sites communication
VPN0
• SD-WAN → Legacy SD-WAN prefixes
communication direct via Underlay prefixes into underlay
underlay into SD-WAN VPN1 VPN0
overlay
Learns routes via SD-WAN fabric as

well as via underlay/MPLS
DC/Remote Office

• LAN Routing
SD-WAN

sites communication
VPN0
• SD-WAN → Legacy
communication direct via
underlay VPN1 VPN0
Learns routes via SD-WAN fabric as SD-WAN Traffic

well as via underlay/MPLS Non-SDWAN Traffic
Branch Migration – Retain CE, Add SD-WAN
L2 : SD-WAN to Legacy site communicationDC/Remote
Return traffic from overlay
via DC/Regional
Office Hub
Is policy routed to Cisco
Router for symmetric flow to
services Legacy
Sites
Internet SD-WAN MPLS
Fabric

Non-SDWAN prefixes (OMP)
(OMP) No advertisement
VPN0
VPN0 CE
SD-WAN (WAAS, UC, T1/E1)
Router VPN1
VPN1 S SD-WAN/non-SDWAN A
prefixes (OSPF/BGP)
OMP-to-BGP/OSPF SD-WAN/non-SDWAN Traffic
VRRP Non-SDWAN Traffic
LAN
L2 : SD-WAN to Legacy site communicationDC/Remote
Return traffic from overlay
via underlay
Office
Is policy routed to Cisco
Router for symmetric flow to
services Legacy
Sites
Fabric

Non-SDWAN prefixes (OMP) SD-WAN prefixes
(OMP)
into underlay
VPN0
VPN0 CE
Router VPN1
VPN1 S SD-WAN/non-SDWAN A
prefixes (OSPF/BGP)
OMP-to-BGP/OSPF SD-WAN Traffic
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential LAN
L2 : SD-WAN to Legacy site communication via underlay
DC/Remote Office
Legacy
Sites
Fabric
Underlay prefixes Non-SDWAN prefixes

into SD-WAN (BGP/OSPF)
overlay VPN0
VPN0 CE
Router VPN1
VPN1 S Non-SDWAN A
prefixes (OSPF/BGP)
SD-WAN Traffic
L2 : SD-WAN to Legacy site communication via underlay
DC/Remote Office
Legacy
Sites
Fabric
VPN0
VPN0 CE
Router VPN1
VPN1 S A
SD-WAN Traffic
L3 : SD-WAN to Legacy site communication via DC/Regional Hub
SD-WAN
Fabric
INET MPLS
SD-WAN CE
Router
SD-WAN
Fabric
INET MPLS
SD-WAN +
Non-SDWAN prefixes
(OMP)
CE
OMP-to-BGP/OSPF
[SD-WAN & Non-SDWAN prefixes]

→ SD-WAN Router
SD-WAN
Fabric
INET MPLS
Non-SDWAN prefixes
(BGP/OSPF)
CE
PREFERRED
[SD-WAN & Non-SDWAN
prefixes] → SD-WAN Router [Non-SDWAN prefixes] → CE
DC/Remote Office
INET MPLS Legacy

Sites
SD-WAN CE
Router
SD-WAN Traffic
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Non-SDWAN Traffic
L3 : SD-WAN to Legacy site communication via Underlay
SD-WAN
Fabric
INET MPLS
SD-WAN prefixes ONLY

(OMP)
CE
OMP-to-BGP/OSPF
[SD-WAN prefixes] → SD-WAN

Router
SD-WAN
Fabric
INET MPLS
Non-SDWAN prefixes
(BGP/OSPF)
CE

Router [Non-SDWAN prefixes] → CE
SD-WAN
Fabric
INET MPLS
Underlay prefixes CE SD-WAN prefixes

into SD-WAN into underlay
overlay

Router [Non-SDWAN prefixes] → CE
DC/Remote Office
INET MPLS Legacy

Sites
SD-WAN CE
Router
[SD-WAN prefixes] → SD-WAN [Non-SDWAN prefixes] → CE

Router
SD-WAN Traffic
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Non-SDWAN Traffic
Extended Transports – TLOC Extensions
• Each vEdge router is connected to a • SD-WAN tunnels are built through
given transports local and remote transports
Circuit Failure Transport Failure Router Failure
Internet MPLS Internet MPLS Internet MPLS
Site Network Site Network Site Network
TLOC Extension Configuration Example
vpn 0 ip route 10.5.52.52/32 100.65.51.1 vpn 0
interface ge0/0 interface ge0/0
description MPLS tunnel description INET tunnel
ip address 100.65.51.1/30 Add route to reach
ip dhcp-client
tunnel-interface vedge-52 mpls
tunnel end-point nat
encapsulation ipsec !
color mpls restrict tunnel-interface
MPLS INET
! encapsulation ipsec
interface ge0/2 color biz-internet restrict
description INET tunnel !
ip address 10.5.51.51/24 interface ge0/2
! ip address 10.5.51.52/24
tunnel-interface ge0/0 ge0/0 tloc-extension ge0/0
encapsulation ipsec preference 100.65.51.1/24 dhcp
no shutdown
100 ge0/2 ge0/2 !
color biz-internet restrict 10.5.51.51/24 10.5.51.52/24 interface ge0/3
max-control-connections 1 description MPLS tunnel
! ip address 10.5.52.52/24
interface ge0/3 tunnel-interface
ip address 10.5.52.51/24 ge0/3 ge0/3
10.5.52.51/24 10.5.52.52/24 encapsulation ipsec
tloc-extension ge0/0 color mpls restrict
no shutdown vedge-51 vedge-52 max-control-connections 1
! !
ip route 0.0.0.0/0 100.65.51.2 ge0/1 ge0/1 ip route 0.0.0.0/0 10.5.52.51
ip route 0.0.0.0/0 10.5.51.52 100.5.5.51/24 100.5.5.52/24
vManage config
Lesson 7.2
Branch Migration device config
Lets configure the Branch device in
Lab 4
Demo
Chapter 8
Branch site bring up with DIA
8.0 Remote site bring up with DIA
• Lesson 8.1: What is cloud on Ramp for SaaS?
• Lesson 8.2: How to configure it?
Lesson 8.1
Cloud on Ramp
Cloud Adoption
Cloud Ready WAN
IaaS SaaS Cloud

Applications
Cloud
Data Center
Data Data
Center Center
Small Office Small Office

Home Office Secure Home Office Secure
SD-WAN SD-WAN
Fabric Fabric
Branch Campus Branch Campus
Cloud On-Ramp IaaS Cloud On-Ramp SaaS

© 2017 Cisco and/or its affiliates. All rights reserved
Cloud Adoption
Cloud onRamp for SaaS
Loss/ Loss/ ISP2

Latency Latency
Regional Regional
! Hub
! Hub
ISP1 ISP1
SD-WAN SD-WAN
ISP2 Fabric MPLS Fabric
Data Center Data Center
Remote Site Remote Site
Internet DIA Hybrid DIA

Application Quality Probing
© 2017 Cisco and/or its affiliates. All rights reserved
Cloud Adoption
Cloud onRamp for IaaS … End-to-End SD-WAN
1. Direct branch to cloud connectivity

2. Homogenous solution and policy
IaaS
instances
management across branch & cloud
IaaS
instances
vEdge GW
Branch
P ublic Cloud P rovider 1

Region 1
MPLS
IaaS
instances Branch
IaaS
instances
vEdge GW
Internet
5. Multi-cloud Region 2
solution
DC
IaaS
instances 3. Resilient & hybrid access from
cloud
IaaS
instances 4. Application steering
vEdge GW
DC

Region 1 © 2017 Cisco and/or its affiliates. All rights reserved
Cloud Adoption
Cloud Security
GRE/IPSEC Tunnels
DNS Redirection Best suited for cloud SaaS applications
Interoperates with Cloud onRamp for SaaS
Augments native fabric security
Cloud
SOHO Data Center Can co-exist with on-premise L4-L7
MPLS 4G
security modes
INET
• VPN segmentation
Branch Data Center
Campus © 2017 Cisco and/or its affiliates. All rights reserved

Lesson 8.2
DIA configuration
Lets configure the DIA in
Lab 5
Demo
Yehaa!
Chapter 9
cEdge Device bring up
9.0 cEdge configuration
• Lesson 9.1: How cEdge is configured via CLI?
Lesson 9.1
cEdge configuration
Lets configure cEdge devices via CLI
Lab 6
Demo
Good to know!
Chapter 10
Application aware policy
10.0 Application aware policy configuration
• Lesson 10.1: Can we manipulate any application traffic?
• Lesson 10.2: How to configure it ?
Lesson 10.1
App aware policy
Application-Aware Routing Policy
- Identify the applications of interest

- To determine which applications are running on vEdge routers, you enable application visibility on these devices.
- Configure an application-aware routing policy on the vSmart controller, which defines the applications of interest and the
data plane tunnel performance characteristics required to transmit an application's data traffic.
- Threshold characteristics are called a service-level agreement (SLA). The controller automatically pushes the policy to the
appropriate vEdge routers.
- Monitor and measure data plane tunnel performance
- Done automatically and continuously by the vEdge routers, by tracking BFD Hello packets.
- Application-aware routing periodically polls the performance statistics to calculate the packet jitter and latency and packet
loss information for each tunnel.
- Map application traffic to a specific data plane tunnel
- Done on the vEdge routers, based on the SLA requirements defined in application-aware routing policy and based on the
real-time performance of the vEdge routers' data plane tunnels.
- You can modify how often a vEdge router calculates each tunnel's SLA and determines a tunnel's SLA classification.
Application-Aware Routing Policy Configuration
Step 1: Create a list of sites to which the application-
aware routing policy is to be applied
policy
lists
site-list mySites
Step 3: Create lists of applications, IP prefixes, and
site-id 100-200 VPNs to use in identifying application traffic of interest
! (in the match section of the policy definition
policy
lists
Step 2: Create SLA classes and traffic characteristics vpn-list myVPN
vpn 10
to apply to matching application data traffic. !
data-prefix-list approute-Prefixes
policy ip-prefix 10.1.0.0/16
sla-class bulk-data-sla !
latency 150 app-list myApps
! app office365
sla-class critical-data-sla app salesforce
loss 5 !
latency 150 !
! !
sla-class voice-sla
loss 1
latency 100
jitter 5
!
Application-Aware Routing Policy Configuration
Step 4: Within the policy, create one or more Step 5: Apply the policy to a site list:
numbered sequence of match–action pairs
apply-policy
policy
site-list mySites
app-route-policy myApproutePolicy
app-route-policy myApproutePolicy
vpn-list myVPN
!
sequence 10
!
match
app-list myApps
!
action
sla-class critical-data-sla preferred-color mpls
!
!
sequence 20
match
dscp 46
!
action
sla-class voice-sla preferred-color gold
!
!
sequence 30
match
destination-data-prefix-list approute-Prefixes
!
action
sla-class bulk-data-sla preferred-color biz-internet
backup-sla-preferred-color public-internet
!
default-action sla-class bulk-data-sla
Lesson 10.2
App Aware Policy Configuration
Lets configure Application aware policy in
Lab 7
Demo
Way to go!

Tech Talk For 23rd July

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tech Talk For 23rd July

Uploaded by

Copyright:

Available Formats

SD-WAN Migration Tech-Talk

Instructor’s: Varun Mehta and Danny Gohain

• Lesson 2.1: Why SD-WAN?

Complex to operate Difficult to secure Poor user experience

Insufficient Limited App

No Cloud App High

SDN is an approach to physically abstract the

3 key aspects to SDN :

Reduce Deployment Time

Single Pane of Glass Management and Visibility

Reduce Network Complexity

Reduce Cost of WAN Circuits

(branch & campus) SDWAN Fabric

Separation of management, Redundant Zero-touch provisioning in

Full segmentation Choice of topologies with Complete visibility from

Comprehensive and Flexible to Fit Your Business

Application Aware Routing

DPI POLICY SLA

Local internet breakout

• Full-mesh, hub-and-spoke, partial-mesh, point-to-point, etc…

• Applications can benefit from shortest path, e.g. voice takes

Partial Mesh Point-to-Point

Site A Virtual Fabric Data Center

User App Server

Cloud Ready WAN

Branch Campus Branch Campus

• Troubleshooting with simplified workflows

• Advanced analytics and assurance

REST NETCONF Syslog SNMP Flow Export CLI Linux Shell

vManage vManage DNA Center

vEdge vEdge ISR4K + vEdge vEdge ISR4K + vEdge

Platform: Platform: Management:

• Lesson 3.1: What is the topology for Lab Pod?

Controllers Datacenter Branches

Controllers Datacenter Branch

• Deployment Model • New/existing circuits • New/existing circuits

Cloud-hosted Templates & Zero Touch

• Mgmt-Plane : Customer • Mgmt-Plane : Cisco

• Lesson 4.1: Why use tool?

• Lesson 5.1: How can we change the mode of SD-WAN components ?

• Lesson 5.2: Can we use fabric in two different modes?

Different Modes of SD-

• Lesson 6.1: Where to place the DC devices with legacy Network ?

• Lesson 6.2: How to configure device ?

• Plug new circuit into SD-WAN MPLS1 Internet

• Plug new circuit into SD-WAN MPLS1 Internet

• Plug new circuit into SD-WAN MPLS1 Internet

• CE owns routing decision

• Plug new circuit into SD-WAN MPLS1 Internet

• Lesson 7.1: Where to place devices with legacy Network at branch ?

• Lesson 7.2: How to configure device and add redundancy?

• ZTP → Configuration Template

• Direct SD-WAN → SD-WAN

SD-WAN/ Local prefixes

• ZTP → Configuration Template

• Direct SD-WAN → SD-WAN

• ZTP → Configuration Template

• Direct SD-WAN → SD-WAN

communication direct via OMP-to-BGP/OSPF

SD-WAN prefixes Non-SDWAN prefixes

• ZTP → Configuration Template

• Direct SD-WAN → SD-WAN

Learns routes via SD-WAN fabric as