Introducing Cisco

SD-WAN
 Definition

An SD-WAN simplifies the management and operation of a WAN by

decoupling the networking hardware from its control mechanism.
Cisco SD-WAN
Platform for Digital Transformation
Cloud Delivered Analytics Automation Virtualization

USERS

Cloud IoT
SDWAN
OnRamp
.… Edge Computing

DC

DEVICES
APPLICATIONS
Cisco SD-WAN IaaS

Fabric
SaaS

THINGS
SECURE SCALE OPEN vDC
 Cisco’s SD-WAN Solutions

Cisco SD-WAN
h
ro ug
th
re ak D
B 4
Advanced SD-WAN Single Dashboard

• Cloud and OnRamp • Single pane-of-glass management

• More than two active transports SD-WAN for full stack infrastructure across
or active LTE
•
ESSENTIALS
Hybrid WAN
the branch
• Comprehensive WAN connectivity • Existing Meraki customers
• L3 overlay for deployments
& services evaluating SD-WAN
• Dynamic path selection
• Complex topologies • Integrated branch security and
• Cloud-managed
• Custom policies at scale • Zero touch deployment with templates
network connectivity solution
• Advanced routing & segmentation and easy to use dashboard
 Cisco SD-WAN Architecture
The Power of Abstraction

vManage

APIs
Management Plane
3rd Party
vAnalytics
Automation

vBond

vSmart Controllers Control Plane

Orchestration Plane

MPLS 4G

INET
vEdge Routers

Data Plane
Cloud Data Center Campus Branch SOHO
Cisco SD-WAN Solution Elements
Orchestration Plane Orchestration Plane

Cisco vBond
vManage
• Orchestrates connectivity
APIs between management, control
and data plane
3rd Party
vAnalytics • First point of authentication
Automation
• Requires public IP Address
vBond • Facilitates NAT traversal
vSmart Controllers • All other components need to
know the vBond IP or DNS
information
MPLS 4G
• Authorizes all control
INET connections (white-list model)
vEdge Routers
• Distributes list of vSmarts to
all vEdges
•
Cloud Data Center Campus Branch SOHO
Cisco SD-WAN Solution Elements
Management Plane Management Plane
Cisco vManage
vManage
• Single pane of glass for
APIs Day0, Day1 and Day2
operations
3rd Party
vAnalytics • Real time alerting
Automation
• Centralized provisioning
vBond • Configuration
standardization
vSmart Controllers
• Simplicity of deploying
• Simplicity of change
MPLS 4G • Supports
INET • REST API
vEdge Routers
• CLI
• Syslog
• SNMP
Campus Branch • NETCONF
Cloud Data Center SOHO
Cisco SD-WAN Solution Elements
Control Plane Control Plane

Cisco vSmart

vManage • Centralized brain of the solution

• Facilitates fabric discovery
APIs • Establishes OMP peering with all
3rd Party vEdges
vAnalytics •
Automation Implements control plane policies,
such as service chaining, traffic
vBond engineering and per VPN topology
• Dramatically reduces complexity of
vSmart Controllers the entire network
• Distributes connectivity information
MPLS 4G between vEdge
INET • Orchestrates secure data plane
vEdge Routers connectivity between vEdges

Cloud Data Center Campus Branch SOHO

Cisco SD-WAN Solution Elements
Data Plane Data Plane
Physical/Virtual
Cisco vEdge

vManage • WAN edge router

• Provides secure data plane with
APIs remote vEdge routers
• Establishes secure control plane
3rd Party
vAnalytics with vSmart controllers (OMP)
Automation
• Implements data plane and
vBond application aware routing policies
• Exports performance statistics
vSmart Controllers
• Leverages traditional routing
protocols like OSPF, BGP and
MPLS 4G
VRRP
INET
vEdge Routers • Support Zero Touch Deployment
• Physical or Virtual form factor
(100Mb, 1Gb, 10Gb)
Cloud Data Center Campus Branch SOHO
Overlay Management Protocol (OMP)
Unified Control Plane
vSmart
• Runs on top of TCP, extensible control plane
protocol
• Runs between vEdge routers and vSmart
controllers and between the vSmart
controllers
- Inside TLS/DTLS connections
vSmart vSmart • Advertises control plane context

VS
vEdge vEdge
 Fabric Operation
Fabric Walk-Through
OMP Update:
OMP
vSmart  Reachability – IP Subnets, TLOCs
 Security – Encryption Keys
DTLS/TLS Tunnel
 Policy – Data/App-route Policies
IPSec Tunnel
OMP OMP
BFD Update Update
Policies
OMP OMP
Update Update

vEdge vEdge
Transport1
TLOCs TLOCs

VPN1 VPN2 Transport2 VPN1 VPN2

BGP, OSPF, BGP, OSPF,
Connected, Connected,
Static A B C D Static

Subnets Subnets
Policy Driven WAN Infrastructure
Policy Augmented Dynamic Routing

1 vManage GUI – Policy Orchestration

Data Policy:
Control Policy: App-Route Policy:
Extensive Policy-based Routing
Routing and Services App-Aware SLA-based Routing
and Services

Combine and Apply per Site

2 vSmart controller – Policy

Enforcement/Advertisement
Execute Control Policy
Advertise AAR/Data Policies to Sites

3
vEdge
WAN Execute AAR and Data Policy as received
router Dynamic Routing and Policies Combine to dictate
behavior

Access Layer

Branch/DC
Cisco SD-WAN Security

vBond
• Router and Controller Identity

• Zero Trust Security Model

vSmart vManage
• Strong Encryption

• Network Segmentation

• Application Firewall
vEdge
• Infrastructure DDoS Protection
vEdge

vEdge vEdge
Secure Segmentation
 Security Zoning
Interface  Compliance
VPN 1
IPSec
Tunnel VPN 2  Guest WiFi
VPN 3
VLAN  Multi-Tenancy
 Extranet
Per-VPN Topology

Full-Mesh Hub-and-Spoke Partial Mesh Point-to-Point

 Cloud OnRamp: Software as a Service (SaaS)

Best Performing Path

Regional
Internet
Exit

Small Office
Home Office Secure
SD-WAN
Fabric Regional
Internet
DIA
Branch ISP A Exit

ISP B
Campus
DIA Direct Internet Access Quality Probing
Operations
Simplicity and Visibility

Single Pane Of Glass Operations Rich Analytics

The Intuitive Network Foundation

DA
TA
Ce
nt e
r
SS
AC
CE FABRIC

WAN

Security
The Cisco SD Solution…..
 Key Foundation Takeaways
Summary

• Power of abstraction provides network agility

• Automated provisioning accelerates time to market and reduces costs
• Automatic and adaptive configuration preserves a consistent application experience
• Insight into application health
• Simplified operations