Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introducing Cisco SD-WAN

Published byUlf Lindgren Modified over 5 years ago

Similar presentations

Presentation on theme: "Introducing Cisco SD-WAN"— Presentation transcript:

1 Introducing Cisco SD-WAN
Brian Joanis Systems Engineer, Cisco Systems

2 Looking at things differently
The way ZK puts it: Today's networks are extremely manually intensive to operate. Engineers must be familiar with a cryptic command line interface and repeat many tasks, box after box, to implement a change. Software-defined networks (SDNs) have made networks easier to manage by automating certain tasks, but engineers still need to identify all the tasks. With an IBN, the administrator determines the "what," and the system then figures out the "how." A good analogy to help understand this is the difference between an automated car feature and an autonomous car. Parallel-park assist automates the task of parking, but the driver still needs to drive to the destination, look for parking spots, and determine which is the best one. With an autonomous vehicle, the driver would issue the command "go home," and the car would figure out the least-congested route and determine the best parking spot, which may or may not include parallel parking. Automation makes the parking process itself easier, whereas the self-driving car would transform the entire experience. IBN lets network administrators issue commands like "put all my IoT devices in a single zone" or "prioritize bandwidth for the top 10% of my UC customer base" and rely on the network for all the behind-the-scenes magic that makes it happen. If devices move or things change, the network automatically reconfigures to adapt. Cisco's IBN is a closed-loop system that continually gathers contextually relevant data from a number of different sources, including network devices and IoT endpoints. Using machine learning, the system delivers insights that can help enterprises make better business decisions. Software Defined WAN…..

3 Definition An SD-WAN simplifies the management and operation of a WAN by decoupling the networking hardware from its control mechanism.

4 Cisco SD-WAN Platform for Digital Transformation
Analytics Cloud Delivered Automation Virtualization USERS SDWAN Cloud OnRamp IoT Edge Computing .… DC DEVICES APPLICATIONS Cisco SD-WAN Fabric IaaS At the heart of the digital transformation is Cisco SD-WAN, which lays foundation for connecting users, devices and things to the applications residing in private, public and hybrid cloud environments. Powered by Viptela technology, it is secure, scalable and open fabric, which caters to the variety of use cases around SD-WAN, cloud onRamp, IoT etc… It’s cloud delivered control, management and analytics elements can be easily consumed by the enterprises and they can also be offered as-a-service by the service providers. The high degree of automation allows zero touch operation without compromising on security or feature richness. SaaS SECURE SCALE OPEN THINGS vDC

5 Cisco’s SD-WAN Solutions
Cisco SD-WAN Cloud and OnRamp More than two active transports or active LTE Comprehensive WAN connectivity & services Complex topologies Custom policies at scale Advanced routing & segmentation Advanced SD-WAN Hybrid WAN L3 overlay for deployments Dynamic path selection Cloud-managed Zero touch deployment with templates and easy to use dashboard SD-WAN ESSENTIALS Discover Listening Consensus Breakthrough 4D Insight Single pane-of-glass management for full stack infrastructure across the branch Existing Meraki customers evaluating SD-WAN Integrated branch security and network connectivity solution Single Dashboard

6 Cisco SD-WAN Architecture The Power of Abstraction
vManage APIs Management Plane 3rd Party Automation vAnalytics vBond Control Plane vSmart Controllers Orchestration Plane 4G MPLS INET Cisco SD-WAN architecture applies the principles of SDN onto the wide area network environment. By clearly separating control plane, data plane and management plane functions, Cisco SD-WAN fabric achieves high degree of modularity. Lets review in more detail the key elements of the Cisco SD-WAN solution. vEdge Routers Data Plane Cloud Data Center Campus Branch SOHO

7 Cisco SD-WAN Solution Elements Orchestration Plane
Cisco vBond vManage Orchestrates connectivity between management, control and data plane First point of authentication Requires public IP Address Facilitates NAT traversal All other components need to know the vBond IP or DNS information Authorizes all control connections (white-list model) Distributes list of vSmarts to all vEdges APIs 3rd Party Automation vAnalytics vBond vSmart Controllers MPLS 4G INET vEdge Routers Cloud Data Center Campus Branch SOHO

8 Cisco SD-WAN Solution Elements Management Plane
Cisco vManage vManage Single pane of glass for Day0, Day1 and Day2 operations Real time alerting Centralized provisioning Configuration standardization Simplicity of deploying Simplicity of change Supports REST API CLI Syslog SNMP NETCONF APIs 3rd Party Automation vAnalytics vBond vSmart Controllers MPLS 4G INET vEdge Routers Cloud Data Center Campus Branch SOHO

9 Cisco SD-WAN Solution Elements Control Plane
Cisco vSmart vManage Centralized brain of the solution Facilitates fabric discovery Establishes OMP peering with all vEdges Implements control plane policies, such as service chaining, traffic engineering and per VPN topology Dramatically reduces complexity of the entire network Distributes connectivity information between vEdge Orchestrates secure data plane connectivity between vEdges APIs 3rd Party Automation vAnalytics vBond vSmart Controllers MPLS 4G INET vEdge Routers Cloud Data Center Campus Branch SOHO

10 Cisco SD-WAN Solution Elements Data Plane
Physical/Virtual Cisco vEdge WAN edge router Provides secure data plane with remote vEdge routers Establishes secure control plane with vSmart controllers (OMP) Implements data plane and application aware routing policies Exports performance statistics Leverages traditional routing protocols like OSPF, BGP and VRRP Support Zero Touch Deployment Physical or Virtual form factor (100Mb, 1Gb, 10Gb) vManage APIs 3rd Party Automation vAnalytics vBond vSmart Controllers MPLS 4G INET vEdge Routers Cloud Data Center Campus Branch SOHO

11 Overlay Management Protocol (OMP) Unified Control Plane
vSmart vEdge Runs on top of TCP, extensible control plane protocol Runs between vEdge routers and vSmart controllers and between the vSmart controllers Inside TLS/DTLS connections Advertises control plane context VS

12 Fabric Operation Fabric Walk-Through
OMP Update: Reachability – IP Subnets, TLOCs Security – Encryption Keys Policy – Data/App-route Policies vSmart OMP DTLS/TLS Tunnel Policies IPSec Tunnel OMP Update OMP Update BFD OMP Update OMP Update vEdge vEdge Transport1 To understand the basic Cisco SD-WAN fabric operation, lets look at this simple example. Lets consider a starting point where vSmart controllers had been brought online and two vEdge routers, one at each remote site, are trying to connect as part of a zero touch bring-up process. As described earlier, a bi-directional certificate exchange will happen between the vEdge routers and the vSmart controller where both parties will authenticate and authorize each other. vEdge identity is based on the signed certificate inside the on-board TMP module inserted during the time of manufacturing, vSmart identity is based on the Enterprise or public PKI signed certificate loaded during the vSmart controller deployment phase. Subsequent to the successful bi-directional authentication and authorization, a TLS or DTLS connection will come up between the vEdge routers and the vSmart controller. OMP protocol will establish peering across the TLS/DTLS connections between the vEdge routers and the vSmart controller and following the OMP advertisements, IPSec connection will automatically come up. Once IPSec connections are established each vEdge router will initiate BFD probing mechanism across the IPSec connection to determine up/down state, loss, latency, jitter and maximum path MTU. The next step is to determine reachability for the local service side networks behind each vEdhge router. Each vEdge router will use local mechanisms to determine its local networks, which can be directly connected subnets, statically defined subnets or dynamically learned subnets through OSPF or BGP. vEdge router will place the learnt subnets into the relevant VPN based on the inbound service (LAN) side interface or sub-interface (in case of 802.1q tags) and advertise the reachability to the vSmart controller using OMP update message. vSmart controller will in turn pass this advertisement to the other vEdge router in the topology. Same process will occur for the other vEdge router and bi-directional connectivity between service (LAN) side subnets will be established. As new subnets or new VPNs become part of the fabric, the same process will continue. If implementation includes data or application aware routing policies, such policies will be communicated to the relevant vEdge routers in OMP updates for distributed enforcement. In case of control polices, they will be enforced on the vSmart controller and will not be communicated to the vEdge routers. TLOCs TLOCs Transport2 VPN1 A VPN2 B VPN1 C VPN2 D BGP, OSPF, Connected, Static BGP, OSPF, Connected, Static Subnets Subnets

13 Policy Driven WAN Infrastructure Policy Augmented Dynamic Routing
1 vManage GUI – Policy Orchestration Control Policy: Routing and Services App-Route Policy: App-Aware SLA-based Routing Data Policy: Extensive Policy-based Routing and Services Combine and Apply per Site 2 vSmart controller – Policy Enforcement/Advertisement Execute Control Policy Advertise AAR/Data Policies to Sites 3 vEdge WAN router Execute AAR and Data Policy as received Dynamic Routing and Policies Combine to dictate behavior Access Layer Branch/DC

14 Cisco SD-WAN Security Router and Controller Identity
vBond vSmart vManage vEdge Router and Controller Identity Zero Trust Security Model Strong Encryption Network Segmentation Application Firewall Infrastructure DDoS Protection

15 Secure Segmentation Security Zoning Compliance Guest WiFi
Multi-Tenancy Extranet VPN 2 VPN 3 VPN 1 IPSec Tunnel Interface VLAN Per-VPN Topology Full-Mesh Hub-and-Spoke Partial Mesh Point-to-Point

16 Cloud OnRamp: Software as a Service (SaaS)
Best Performing Path Regional Internet Exit Small Office Home Office Secure SD-WAN Fabric Regional Internet Exit DIA ISP A Branch ISP B Campus Quality Probing DIA Direct Internet Access

17 Operations Simplicity and Visibility
Rich Analytics Single Pane Of Glass Operations Finally, as motioned earlier in this chapter, vManage system provides a single pane of glass for all operational tasks performed on the fabric. It’s GUI is built upon the REST APIs exposed by the vManage server. vManage can be deployed as a single server solution or as a clustered solution for higher scale and redundancy. An optional layer of analytics can be added to provide deeper insight into the fabric utilization trends, capacity projections, applications quality of experience and a variety of other data.

18 The Intuitive Network Foundation
Security FABRIC DATA Center ACCESS WAN

19 The Cisco SD Solution…..

20 Key Foundation Takeaways Summary
Power of abstraction provides network agility Automated provisioning accelerates time to market and reduces costs Automatic and adaptive configuration preserves a consistent application experience Insight into application health Simplified operations In this module you learned to: Explain and whiteboard the fundamental components that make up the Cisco SD-WAN solution Explain and whiteboard the role associated with each Cisco SD-WAN component including the devices that make up the fabric Explain and whiteboard how the Cisco SD-WAN solution addresses transport independent fabric, services delivery and application policies

21 THANK YOU. Brian Joanis – WI Select Systems Engineer

Download ppt "Introducing Cisco SD-WAN"

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Module 1: Microsoft Windows 2000 Networking Services Infrastructure Overview.

Module 1: Microsoft Windows 2000 Networking Services Infrastructure Overview.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
Chapter 1: Hierarchical Network Design

Chapter 1: Hierarchical Network Design
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Your Business Challenges

Your Business Challenges
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.

Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.
Zentera Guardia Fabric ™ Securely Connects Client-Server Apps between Microsoft Azure, Enterprise Datacenters & Other Public Clouds MICROSOFT AZURE ISV.

Zentera Guardia Fabric ™ Securely Connects Client-Server Apps between Microsoft Azure, Enterprise Datacenters & Other Public Clouds MICROSOFT AZURE ISV.
SD-WAN at Gap Inc. Snehal Patel Network Architect, Gap Inc.

SD-WAN at Gap Inc. Snehal Patel Network Architect, Gap Inc.
Introduction to Avaya’s SDN Architecture February 2015.

Introduction to Avaya’s SDN Architecture February 2015.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT375-01 Introduction to Network Security Instructor.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.

Similar presentations

Ads by Google