Test Drive - SDWAN

Cisco SD-WAN Test Drive
Supporting the Digitization journey

Agenda Day 1
Scalability
Digital Enterprise Networks Security
5 reason why Cisco SDWAN Multi-Cloud
Multidomain Integration AVC
DNA Licensing Programmability
Architecture Details
Day 1 Lab
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Digital Enterprise Network
Network as a Platform Considerations
Where to Start?
Digital Transformation
Requires Network Evolution
Human Scale IoT Scale (People, Devices, Things)
Physical Appliances Virtualized Services
Manual Management Automation, Zero Touch, DevOps
Centralized Enterprise and Web Apps Distributed SaaS, Mobile, & M2M Apps
Cross Architecture Focus
Developing for the Digital Network
Reinvent Enable a Unlock Enrich the Deploy

Networking Multi-Cloud the Power Employee/Customer Security
World of Data Experience Everywhere
Digital Readiness Model
Framework Needed
Networks Have Multiple Operational Challenges
95%* 70%* 75%*
Network Changes Policy Violations OpEx spent on Network

Performed Manually Due to Human Error Visibility & Troubleshooting
Source: 2016 Cisco Study
Traditional Networking CANNOT Keep Pace with the Demands of Digital Business
*2016 Internal Customer Study

Common Business & IT Trends
Evolving WAN Situation
App Content
Applications are moving to the Cloud (private and public)
Rich, Dynamic, Web-Based
Internet edge is moving to the remote site

App Delivery
Cloud, SaaS, Virtualized

Business mobile devices, BYOD and Guest Access
Expected to strain both the corporate LAN (WiFi) and WAN
App Consumption
High Bandwidth Apps Mobile, Diverse Devices
Common IT Challenges
WAN Challenges
Pressure on the WAN
Cost optimization
Poor user and application experience
Lack of visibility, control and security
Organizational structure and governance
Common Desired Benefits
Designing and Deploying for Impact
Augment or replace premium WAN bandwidth
Reduce costs and lower operational complexity $

Ensure remote site uptime
Provide a consistent high quality experience
Prioritize and secure with granular control
Offload guest and public cloud
Traditional and Legacy Architectures
Cannot Scale to Address Changing Needs
EXPENSIVE
Hardware-centric
Fixed capacity
POORLY INTEGRATED DIFFICULT TO SUPPORT

Conflicting policies Discrete device-by-device
and configurations configurations
Inflexible and static Complex management silos
Risk from accidental interactions and Require slow truck
vulnerabilities
rolls for changes
CONNECTIVITY-CENTRIC INFLEXIBLE
Fragmented, incomplete user experience Tightly controlled, client server model
Not application-centric Historical vs predictive management
Customer Challenges
Cannot Scale to Address Changing Needs
Challenges
Workgroups IoT devices
Mobile Applications
Mergers
Multi-Cloud
of network changes are Policy violations by human Opex spent on network

95% performed manually 70% errors 75% Visibility and Troubleshooting
BRKCRS-2186
Network Transformation
The Era of Digital Transformation
Hardware Centric Software Driven
Manual Automated
Closed Programmable
Reactive Predictive
Network Intent Business Intent
CLOUD & ON-PREM AUTOMATION & SCALE SECURITY & COMPLIANCE ASSURANCE & ANALYTICS
Hosted, delivered, managed Speed, flexible, zero-touch, Segmentation, Users, applications, devices
policy driven threat mitigation
SD-WAN Enterprise Grade Capabilities
Reducing Cost and Complexity for Agile IT
Separation of management, Redundant Zero-touch provisioning in
control, data for scaling management—cloud or minutes, not days
on premises
Full segmentation Choice of topologies with Complete visibility from

support for fast app point-and-click single pane of glass
deployment
Comprehensive and Flexible to Fit Your Business

PHYSICAL CAPEX WITH ANNUAL
IN-HOUSE IT
SECURE ROUTERS SUBSCRIPTION
OR OR OR
VIRTUAL ENTERPRISE-BASED
SECURE ROUTERS MANAGED SERVICE AGREEMENT
Business Driven WAN Infrastructure
Design and Deploy for Impact Objectives
Analytics
Application Traffic Per-Segment Secure Cloud Path Cloud Accel Transport
SLA Engineering Topologies Perimeter (IaaS) (SaaS) Hub
APPLICATION POLICIES
Monitoring
Routing Security Segmentation QoS Multicast Svc Insertion Survivability
SERVICES DELIVERY PLATFORM
Operations Broadband MPLS Cellular
ZERO TOUCH ZERO TRUST
TRANSPORT INDEPENDENT FABRIC

SD-WAN
Business Case
• Substitute lower cost links or devices for higher cost
Cost •
•
Lower cost of management, troubleshooting
Leverage Complete Communications for financial analysis
• Focus on how automation and policy abstraction empower the

Agility organization to innovate faster while transforming the customer and
workforce experience
• Provide quantifiable metrics associated with expedited mean time to

Focus detection, mean time to innocence and mean time to repair
• Quantify frequency and cost associated with outages

Performance •
•
Reduce number of outages affecting user performance
Improve application performance
• Application relevant topologies

Security • Segmented virtual WANs and security service chains
Lead to Quantifiable ROI
Current State vs. Future State
50% Lower Cost
• Circuit costs •
•
Reduced CapEx & OpEx
Simplified Management
• Time to enable new services • Rapid troubleshooting
• Bandwidth
• Security and Compliance
10X More Bandwidth
• Change Control • No capacity restraints
• No Choke points
• Instantly add bandwidth anytime, anywhere
based on application requirements
5X Cloud Performance
• Cloud Aware architectures and SLA-based traffic
steering deliver blazing performance for
applications like O365, AWS, SFDC, and more
Scalability
Overlay Management Protocol (OMP) Scalability
Unified Control Plane
vSmart
• TCP based extensible control plane protocol
• Runs between vEdge routers and vSmart
controllers and between the vSmart controllers
- Inside TLS/DTLS connections
• Advertises control plane context
vSmart vSmart • Dramatically lowers control plane complexity and
raises overall solution scale
vEdge vEdge
VS
Note: vEdge routers need not connect to all vSmart Controllers
Scalability
Data Plane Privacy
vSmart
§ Each vEdge advertises its local Controllers § Symmetric encryption keys
IPsec encryption keys used asymmetrically
§ Encryption key is per-transport
OMP OMP
Update Update Local
Local
Transport1
2y
1
Ke
y
Ke
Transport2
1
vEdge vEdge
y
2
Ke
y
Ke
Remote
Remote Traffic Encrypted with
Keys 2
Traffic Encrypted with AES256-GCM
Keys 1 Control Plane
Security and Segmentation
Security
Segmentation across the Stack
End-to-end segmentation across public and private Data Centers
UC VPN1
VNET
HR
Finance
Finance Gateway Resources
Finance VPN2 VNET VPN2
VPN3 VNET
HR VPN3 HR HR
Finance Resources
SD-WAN
UC Data Center
UC VPN1 HR
VPN3
Resources
Finance VPN2
Security
Combining Best of Breed in Security
Enterprise Firewall
+1400 layer 7 apps classified
Intrusion Protection System

Most widely deployed IPS engine in the world
Cisco URL-Filtering
Web reputation score using 82+ web categories
Security
Simplified Cloud Security
Easy Deployment for Cisco Umbrella
Adv. Malware Protection*

With File Reputation and Sandboxing
(ThreatGrid)
Cisco SD-WAN
Hours instead of weeks and months

*Roadmap Mar ‘19
Secure SD-WAN Use-cases Security
Direct Internet Access Guest Wifi Compliance
vManage Firewall IPS AMP+TG

URL
Filtering
Cisco
Umbrella
Firewall URL
Filtering
Firewall IPS AMP+TG
Direct Internet Access SD-WAN

Internet
Internet VPN1 VPN3

Data Center
Applications VPN2 Applications
Employees Contractors Guests

Cloud-Scale SD-WAN
Multi-Cloud
Previously, Connecting Users to
Data Center was the Priority
Internet
Best
Users Applications Effort
WAN
Branch/Campus
Data Center
Today, things have changed Multi-Cloud
completely
Devices and Things
DC/Private Cloud
Campus and Branch Users WAN

SaaS
Mobile Users
IaaS
SD-WAN provided flexible Multi-Cloud
connectivity and ease-of-management
Campus
X2-5
DC/Private Cloud
Branches X100+
Intelligent connectivity
becomes
business critical SaaS
Mobile
Users
X1000s
IaaS
SD-WAN Was All About Flexible Connectivity

SD-WAN has now expanded Multi-Cloud
beyond that…
Campus
X2-5
Optimal Application DC/Private Cloud

Branches X100+ Experience
WAN @scale
Security Edge
SaaS
Basic SD-WAN
Mobile
Users
X1000s
IaaS
Every WAN device becomes Automated, Secure and Application-Optimized

Business Value of Cisco Multi-Cloud
SD-WAN
Top Line 38% Lower 5 year cost of WAN
Metrics Operations
Operational
51% Faster completion of software
Efficiency
updates
Business
94% Less unplanned downtime
Agility
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Full IDC report to be published on cisco.com
Cisco SD-WAN provides Multi-Cloud
differentiated innovations
Proven Scale, Performance,
Best of Breed
Diversity Of HW Platforms
Platforms Interface Diversity – T1/E1/T3/E3/DSL
Multi-Domain SD-WAN, SDA, ACI Integration
Differentiating Innovations Best in class Voice, Video delivery

App Experience Caching, DRE, AppNav, Pkt Dup
Integrated Voice Interfaces
Unlimited Segmentation
AMP, Threat Grid, App FW, SSL
Security proxy, Umbrella Automation, SIG
Integration
On-Prem or Cloud, Multi-Tenant
Mgmt
Voice Optimization (FEC) Flexibility Analytics, Visibility
Standard SD- Transport Independence IPv4 and IPv6 Endpoints
WAN* Circuit Cost Savings App aware Routing Policy
Centralized Orchestration
Voice Optimization (FEC)
Standard SD- Transport Independence
WAN* Circuit Cost savings,
Centralized Orchestration
*Based on Gartner Critical Capabilities
A new SD-WAN Architecture Multi-Cloud
Flexible yet simple at Cloud-scale
Management &
Analytics
On-premise | Cloud | Multi-tenant
Automation | Network Insights | Machine Learning | AI

Any Deployment
Open | Programmable | Scalable
Any Service
Branch Cloud Application Quality Voice and Cloud
Security Security of Experience Collaboration OnRamp
5G/LTE
Satellite
Any Transport Internet
MPLS
Any Location Branch Colocation Cloud

Differentiated Use-Cases for Cloud-Scale SD-
WAN
Security & Application Multi-Domain
Segmentation Optimization IBN Policy
Cisco
Umbrella
Branch | Colo
Segmentation across Voice Optimization for End-to-End policy from

the entire network stack Collab Applications Campus/Branch to
DC/Cloud
App FW, IPS, URL- Multi-Cloud OnRamp for
Filtering; AMP and IaaS, SaaS and Colo SD-Access /Cisco DNA
Umbrella integration Center and ACI
One user interface across Branch, Cloud and Colocation

Multi-Cloud
Cloud Ready
Considerations
IaaS SaaS Cloud
Applications
Cloud
Data Center
Data Data
Center Center
Small Office Small Office

Home Office Secure Home Office Secure
SD-WAN SD-WAN
Fabric Fabric
Branch Campus Branch Campus

Application Visibility and
Control
AVC
Flexible Connectivity
Application-aware Routing with any Topology
Critical Application SLA Bandwidth
Bandwidth Augmentation
Augmentation
vManage • Augment MPLS with vManage

Internet bandwidth
App Aware Routing Policy
• Latency ≤ 150ms Traffic Engineering
• Loss ≤ 2% Policy
• Jitter ≤ 10ms
Internet
Remote Site
Remote Site
Path 1 Internet
MPLS
A
Data Center
Path 2 Data Center
App A
B
Path
MPLS
3 4G LTE
SD-WAN Tunnel
SD-WAN Tunnel
Voice Optimization AVC
Improve reliability with FEC and Packet Duplication
Forward Error Correction Packet Duplication
• FEC guarantees vManage
voice/critical traffic • Packets sent on
preferred path and a vManage
across unreliable WAN
secondary path is
links chosen to duplicate
• Reduces retransmissions packets
Say P3 and P5 is lost on
Transport1
and improves throughput • Packet duplication helps

Receiver voice, video to work well
Sender
over unreliable WAN
P P P P P
1 2 3 4 5
If packet P3 is lost
links
Parit
P P P P y
1 2 3 4
Parit
P P P P y
during transit
1 2 3 4
Remote Site Internet

Parity packet based on P P P P
Parit
Packet P3 is reconstructed Data Center
using Parity packet
y
Path 1
1 2 3 4
block size of 4 packets P

ar
ity
VPN1 Internet VPN1 Path 2

MPLS P
1
P
2
P
3
P
4
P
5
Data Center Packets are

Path reconstructed at the
Remote Site 3 4G LTE receiver end
MPLS App A (VPN1)

P P P P P
1 2 3 4 5
App A (VPN1) Say P2 is lost on Transport3
AVC
SD-WAN vAnalytics
Circuit Forecasting
Real-time information
Future planning
and what-if scenarios
Recommendations for Application Forecasting

predictable app performance
Programmability
Programmability
Simplified Management
Single Pane Of Glass Operations Rich Analytics
Power Tools
REST NETCONF Syslog SNMP Flow Export CLI Linux Shell

Programmability
SDWAN API helping automation
Geo-Fencing
REST API
vBond vManage
NETCONF
Hub&Spoke API engine
OMP Policy Scheduling
mpls biz-internet
Inventory
Partial Mesh
SDWAN Fabric Use Cases
Multi-Domain Integration
The End-Game
Interconnecting Multi-Domain Networks
Data
Center
SDA Campus / Public Cloud

Branch SD-WAN (IaaS)
Users
1
1
1 11
11
1
1
SaaS
Devices
Internet
Direct Internet Access
Automation and Policy

Telemetry, Analytics and Assurance
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Security and Segmentation
Cisco SD-WAN Interconnects Multi-Domain
Networks
End-to-end Experiences
Pervasive Security
Automation and Policy
Telemetry, Analytics and Assurance
Security and Segmentation
Normalized APIs
Vertically API API

Integration Integration
Integrated
vManage APIC
Solutions Cisco DNA Center
Users Applications
(Consumers) (Providers)
SD-Access SD-WAN ACI
DNA Licensing for SD-WAN
Cisco DNA Licensing for SD-WAN
Simplified Packaging
DNA Premier
DNA Advantage Advanced Cloud Security
Cloud-Scale SD-WAN Use-Cases
DNA Essentials Use-Cases Comprehensive Malware
Standard SD-WAN Malware Protection and URL-Filtering2 Protection with Sandboxing
Use-Cases (<50 Sites)
Application-based SLA Application Optimization for Multi-Cloud SIG Essentials
Multi-Domain End-End Policy and
Branch Security with Firewall and IPS
Segmentation3
Includes Advantage
Rich Services - Integrated Voice and Wan
WAN Automation and Ease of Management
Opt4
Voice Optimization Analytics for Performance and
Troubleshooting
Full Mesh FEC, Basic Automated

Unlimited Single
Hub Spoke, Packet Dup Telemetry AMP, Service
Segmentation, Orchestration
Dynamic Application Visibility URL Stitching for
Fabric Multicast for Cloud,
Routing FW, IPS1 (vManage) Filter Cisco and 3rd
Support Branch & Colo
Party VNFs
(1) (2) (3)(4) Capabilities supported only on ISR and CSR Includes Essentials
Why Cisco?
Application experience for any cloud
No matter where you applications are hosted Cisco SD-WAN
delivers the best user experience, securely across any cloud.
Right security, right place

Protect all users, devices and applications by deploying consistent
security, on-premise or cloud delivered, everywhere, quickly.
Single policy across multiple network domains

Central management of networking and security policies simplifies
deployment and helps make protection more pervasive.
Designed for Intent-Based Networking end-to-end


Test Drive - SDWAN

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Test Drive - SDWAN

Uploaded by

Copyright:

Available Formats

Cisco SD-WAN Test Drive

Supporting the Digitization journey

Human Scale IoT Scale (People, Devices, Things)

Physical Appliances Virtualized Services

Manual Management Automation, Zero Touch, DevOps

Reinvent Enable a Unlock Enrich the Deploy

95%* 70%* 75%*

Network Changes Policy Violations OpEx spent on Network

*2016 Internal Customer Study

Internet edge is moving to the remote site

Cloud, SaaS, Virtualized

High Bandwidth Apps Mobile, Diverse Devices

Poor user and application experience

Lack of visibility, control and security

Organizational structure and governance

Reduce costs and lower operational complexity $

Provide a consistent high quality experience

Prioritize and secure with granular control

Offload guest and public cloud

POORLY INTEGRATED DIFFICULT TO SUPPORT

Workgroups IoT devices

of network changes are Policy violations by human Opex spent on network

Network Intent Business Intent

Full segmentation Choice of topologies with Complete visibility from

Comprehensive and Flexible to Fit Your Business

SERVICES DELIVERY PLATFORM

Operations Broadband MPLS Cellular

ZERO TOUCH ZERO TRUST

TRANSPORT INDEPENDENT FABRIC

• Focus on how automation and policy abstraction empower the

• Provide quantifiable metrics associated with expedited mean time to

• Quantify frequency and cost associated with outages

• Application relevant topologies

Intrusion Protection System

Adv. Malware Protection*

Hours instead of weeks and months

Direct Internet Access Guest Wifi Compliance

vManage Firewall IPS AMP+TG

Direct Internet Access SD-WAN

Internet VPN1 VPN3

Employees Contractors Guests

Devices and Things

Campus and Branch Users WAN

SD-WAN Was All About Flexible Connectivity

Optimal Application DC/Private Cloud

Every WAN device becomes Automated, Secure and Application-Optimized

Multi-Domain SD-WAN, SDA, ACI Integration

Differentiating Innovations Best in class Voice, Video delivery

Automation | Network Insights | Machine Learning | AI

Any Location Branch Colocation Cloud

Segmentation across Voice Optimization for End-to-End policy from

One user interface across Branch, Cloud and Colocation

Small Office Small Office

Branch Campus Branch Campus

vManage • Augment MPLS with vManage

and improves throughput • Packet duplication helps

Remote Site Internet

block size of 4 packets P

VPN1 Internet VPN1 Path 2

Data Center Packets are

MPLS App A (VPN1)

App A (VPN1) Say P2 is lost on Transport3

Recommendations for Application Forecasting

REST NETCONF Syslog SNMP Flow Export CLI Linux Shell