Professional Documents
Culture Documents
Test Drive - SDWAN
Test Drive - SDWAN
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Digital Enterprise Network
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Network as a Platform Considerations
Where to Start?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Digital Transformation
Requires Network Evolution
Centralized Enterprise and Web Apps Distributed SaaS, Mobile, & M2M Apps
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cross Architecture Focus
Developing for the Digital Network
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Digital Readiness Model
Framework Needed
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Networks Have Multiple Operational Challenges
Traditional Networking CANNOT Keep Pace with the Demands of Digital Business
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Common IT Challenges
WAN Challenges
Pressure on the WAN
Cost optimization
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Common Desired Benefits
Designing and Deploying for Impact
Augment or replace premium WAN bandwidth
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Traditional and Legacy Architectures
Cannot Scale to Address Changing Needs
EXPENSIVE
Hardware-centric
Fixed capacity
CONNECTIVITY-CENTRIC INFLEXIBLE
Fragmented, incomplete user experience Tightly controlled, client server model
Not application-centric Historical vs predictive management
Customer Challenges
Cannot Scale to Address Changing Needs
Challenges
Mobile Applications
Mergers
Multi-Cloud
BRKCRS-2186
Network Transformation
The Era of Digital Transformation
Hardware Centric Software Driven
Manual Automated
Closed Programmable
Reactive Predictive
CLOUD & ON-PREM AUTOMATION & SCALE SECURITY & COMPLIANCE ASSURANCE & ANALYTICS
Hosted, delivered, managed Speed, flexible, zero-touch, Segmentation, Users, applications, devices
policy driven threat mitigation
SD-WAN Enterprise Grade Capabilities
Reducing Cost and Complexity for Agile IT
Separation of management, Redundant Zero-touch provisioning in
control, data for scaling management—cloud or minutes, not days
on premises
Analytics
Application Traffic Per-Segment Secure Cloud Path Cloud Accel Transport
SLA Engineering Topologies Perimeter (IaaS) (SaaS) Hub
APPLICATION POLICIES
Monitoring
Routing Security Segmentation QoS Multicast Svc Insertion Survivability
• Bandwidth
• Security and Compliance
10X More Bandwidth
• Change Control • No capacity restraints
• No Choke points
• Instantly add bandwidth anytime, anywhere
based on application requirements
5X Cloud Performance
• Cloud Aware architectures and SLA-based traffic
steering deliver blazing performance for
applications like O365, AWS, SFDC, and more
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Scalability
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Overlay Management Protocol (OMP) Scalability
Unified Control Plane
vSmart
• TCP based extensible control plane protocol
• Runs between vEdge routers and vSmart
controllers and between the vSmart controllers
- Inside TLS/DTLS connections
• Advertises control plane context
vSmart vSmart • Dramatically lowers control plane complexity and
raises overall solution scale
vEdge vEdge
VS
Note: vEdge routers need not connect to all vSmart Controllers
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Scalability
Data Plane Privacy
vSmart
§ Each vEdge advertises its local Controllers § Symmetric encryption keys
IPsec encryption keys used asymmetrically
§ Encryption key is per-transport
OMP OMP
Update Update Local
Local
Transport1
2y
1
Ke
y
Ke
Transport2
1
vEdge vEdge
y
2
Ke
y
Ke
Remote
Remote Traffic Encrypted with
Keys 2
Traffic Encrypted with AES256-GCM
Keys 1 Control Plane
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security and Segmentation
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security
Segmentation across the Stack
End-to-end segmentation across public and private Data Centers
UC VPN1
VNET
HR
Finance
Finance Gateway Resources
Finance VPN2 VNET VPN2
VPN3 VNET
HR VPN3 HR HR
Finance Resources
SD-WAN
UC Data Center
UC VPN1 HR
VPN3
Resources
Finance VPN2
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security
Combining Best of Breed in Security
Enterprise Firewall
+1400 layer 7 apps classified
Cisco URL-Filtering
Web reputation score using 82+ web categories
Security
Simplified Cloud Security
Easy Deployment for Cisco Umbrella
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multi-Cloud
Previously, Connecting Users to
Data Center was the Priority
Internet
Best
Users Applications Effort
WAN
Branch/Campus
Data Center
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Today, things have changed Multi-Cloud
completely
DC/Private Cloud
Mobile Users
IaaS
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-WAN provided flexible Multi-Cloud
connectivity and ease-of-management
Campus
X2-5
DC/Private Cloud
Branches X100+
Intelligent connectivity
becomes
business critical SaaS
Mobile
Users
X1000s
IaaS
WAN @scale
Security Edge
SaaS
Basic SD-WAN
Mobile
Users
X1000s
IaaS
Operational
51% Faster completion of software
Efficiency
updates
Business
94% Less unplanned downtime
Agility
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Full IDC report to be published on cisco.com
Cisco SD-WAN provides Multi-Cloud
differentiated innovations
Proven Scale, Performance,
Best of Breed
Diversity Of HW Platforms
Platforms Interface Diversity – T1/E1/T3/E3/DSL
Any Service
Branch Cloud Application Quality Voice and Cloud
Security Security of Experience Collaboration OnRamp
5G/LTE
Satellite
Any Transport Internet
MPLS
Cisco
Umbrella
Branch | Colo
Cloud
Data Center
Data Data
Center Center
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
AVC
Flexible Connectivity
Application-aware Routing with any Topology
Critical Application SLA Bandwidth
Bandwidth Augmentation
Augmentation
Internet
Remote Site
Remote Site
Path 1 Internet
MPLS
A
Data Center
Path 2 Data Center
App A
B
Path
MPLS
3 4G LTE
SD-WAN Tunnel
SD-WAN Tunnel
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Voice Optimization AVC
Improve reliability with FEC and Packet Duplication
Forward Error Correction Packet Duplication
• FEC guarantees vManage
voice/critical traffic • Packets sent on
preferred path and a vManage
across unreliable WAN
secondary path is
links chosen to duplicate
• Reduces retransmissions packets
Say P3 and P5 is lost on
Transport1
If packet P3 is lost
links
Parit
P P P P y
1 2 3 4
Parit
P P P P y
during transit
1 2 3 4
Path 1
1 2 3 4
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
AVC
SD-WAN vAnalytics
Circuit Forecasting
Real-time information
Future planning
and what-if scenarios
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Programmability
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Programmability
Simplified Management
Single Pane Of Glass Operations Rich Analytics
Power Tools
Geo-Fencing
REST API
vBond vManage
NETCONF
Hub&Spoke API engine
mpls biz-internet
Inventory
Partial Mesh
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multi-Domain Integration
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The End-Game
Interconnecting Multi-Domain Networks
Data
Center
Users
1
1
1 11
11
1
1
SaaS
Devices
Internet
Normalized APIs
Users Applications
(Consumers) (Providers)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DNA Licensing for SD-WAN
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco DNA Licensing for SD-WAN
Simplified Packaging
DNA Premier
DNA Advantage Advanced Cloud Security
Cloud-Scale SD-WAN Use-Cases
DNA Essentials Use-Cases Comprehensive Malware
Standard SD-WAN Malware Protection and URL-Filtering2 Protection with Sandboxing
Use-Cases (<50 Sites)
Application-based SLA Application Optimization for Multi-Cloud SIG Essentials
Multi-Domain End-End Policy and
Branch Security with Firewall and IPS
Segmentation3
Includes Advantage
Rich Services - Integrated Voice and Wan
WAN Automation and Ease of Management
Opt4
Voice Optimization Analytics for Performance and
Troubleshooting
(1) (2) (3)(4) Capabilities supported only on ISR and CSR Includes Essentials
Why Cisco?
Application experience for any cloud
No matter where you applications are hosted Cisco SD-WAN
delivers the best user experience, securely across any cloud.