Introducing Cisco SD-

WAN
Brian Joanis
Systems Engineer, Cisco Systems
Looking at things differently

Software Defined
WAN…..

2
 Definition

An SD-WAN simplifies the management and operation of a WAN by

decoupling the networking hardware from its control mechanism.
Cisco SD-WAN
Platform for Digital Transformation
Cloud Delivered Analytics Automation Virtualization

USERS

Cloud IoT
SDWAN
OnRamp
.… Edge Computing

DC

DEVICES
APPLICATIONS
Cisco SD-WAN IaaS

Fabric
SaaS

THINGS
SECURE SCALE OPEN vDC
 Cisco’s SD-WAN Solutions
Cisco SD-WAN
Advanced SD-WAN
• Cloud and OnRamp
• More than two active transports
or active LTE
• Comprehensive WAN connectivity
& services
• Complex topologies
• Custom policies at scale
• Advanced routing & segmentation
SD-WAN ESSENTIALS
• Hybrid WAN
• L3 overlay for deployments
• Dynamic path selection
• Cloud-managed
• Zero touch deployment with templates
and easy to use dashboard
Single Dashboard
• Single pane-of-glass management
for full stack infrastructure across
the branch
• Existing Meraki customers
evaluating SD-WAN
• Integrated branch security and
network connectivity solution
 Cisco SD-WAN Architecture
The Power of Abstraction

vManage

APIs
Management Plane
3rd Party
vAnalytics
Automation

vBond

vSmart Controllers Control Plane

Orchestration Plane

MPLS 4G

INET
vEdge Routers

Data Plane
Cloud Data Center Campus Branch SOHO
 Cisco SD-WAN Solution Elements
Orchestration Plane Orchestration Plane

Cisco vBond
vManage
• Orchestrates connectivity
APIs between management, control
and data plane
3rd Party
vAnalytics • First point of authentication
Automation
• Requires public IP Address
vBond • Facilitates NAT traversal
vSmart Controllers • All other components need to
know the vBond IP or DNS
information
MPLS 4G
• Authorizes all control
INET connections (white-list model)
vEdge Routers
• Distributes list of vSmarts to
all vEdges
•
Cloud Data Center Campus Branch SOHO
 Cisco SD-WAN Solution Elements
Management Plane Management Plane
Cisco vManage
vManage
• Single pane of glass for Day0,
APIs Day1 and Day2 operations
• Real time alerting
3rd Party
vAnalytics
Automation • Centralized provisioning
• Configuration standardization
vBond • Simplicity of deploying
• Simplicity of change
vSmart Controllers
• Supports
• REST API
MPLS 4G • CLI
INET • Syslog
vEdge Routers • SNMP
• NETCONF

Cloud Data Center Campus Branch SOHO

 Cisco SD-WAN Solution Elements
Control Plane
Control Plane
Cisco vSmart

vManage • Centralized brain of the solution

• Facilitates fabric discovery
APIs • Establishes OMP peering with all
3rd Party vEdges
vAnalytics •
Automation Implements control plane policies,
such as service chaining, traffic
vBond engineering and per VPN topology
• Dramatically reduces complexity of
vSmart Controllers the entire network
• Distributes connectivity information
MPLS 4G between vEdge
INET • Orchestrates secure data plane
vEdge Routers connectivity between vEdges

Cloud Data Center Campus Branch SOHO

 Cisco SD-WAN Solution Elements
Data Plane
Data Plane Physical/Virtual
Cisco vEdge

vManage • WAN edge router

• Provides secure data plane with
APIs remote vEdge routers
• Establishes secure control plane
3rd Party
vAnalytics with vSmart controllers (OMP)
Automation
• Implements data plane and
vBond application aware routing policies
• Exports performance statistics
vSmart Controllers
• Leverages traditional routing
protocols like OSPF, BGP and
MPLS 4G
VRRP
INET
vEdge Routers • Support Zero Touch Deployment
• Physical or Virtual form factor
(100Mb, 1Gb, 10Gb)
Cloud Data Center Campus Branch SOHO
 Overlay Management Protocol (OMP)
Unified Control Plane
vSmart
• Runs on top of TCP, extensible control plane
protocol
• Runs between vEdge routers and vSmart
controllers and between the vSmart
controllers
- Inside TLS/DTLS connections
vSmart vSmart • Advertises control plane context

VS
vEdge vEdge
 Fabric Operation
Fabric Walk-Through
OMP Update:
vSmart  Reachability – IP Subnets, TLOCs
OMP
 Security – Encryption Keys
DTLS/TLS Tunnel
 Policy – Data/App-route Policies
IPSec Tunnel
OMP OMP
BFD Update Update
Policies
OMP OMP
Update Update

vEdge vEdge
Transport1
TLOCs TLOCs

VPN1 VPN2 Transport2 VPN1 VPN2

BGP, OSPF, BGP, OSPF,
Connected, Connected,
Static A B C D Static

Subnets Subnets
Policy Driven WAN Infrastructure
Policy Augmented Dynamic Routing

1 vManage GUI – Policy Orchestration

Control Policy:
Routing and Services
Data Policy:
App-Route Policy:
Extensive Policy-based Routing
App-Aware SLA-based Routing
and Services

Combine and Apply per Site

2 vSmart controller – Policy

Enforcement/Advertisement
Execute Control Policy
Advertise AAR/Data Policies to Sites

3
vEdge
WAN Execute AAR and Data Policy as received
router Dynamic Routing and Policies Combine to dictate
behavior

Access Layer

Branch/DC
Cisco SD-WAN Security

vBond
• Router and Controller Identity

• Zero Trust Security Model

vSmart vManage
• Strong Encryption

• Network Segmentation

• Application Firewall
vEdge
• Infrastructure DDoS Protection
vEdge

vEdge vEdge
Secure Segmentation
 Security Zoning
Interface  Compliance
VPN 1
IPSec
Tunnel VPN 2  Guest WiFi
VPN 3
VLAN  Multi-Tenancy
 Extranet
Per-VPN Topology

Full-Mesh Hub-and-Spoke Partial Mesh Point-to-Point

 Cloud OnRamp: Software as a Service (SaaS)

Best Performing Path

Regional
Internet
Exit

Small Office
Home Office Secure
SD-WAN
Fabric Regional
Internet
DIA
Branch ISP A Exit

ISP B
Campus
DIA Direct Internet Access Quality Probing
Operations
Simplicity and Visibility

Single Pane Of Glass Operations Rich Analytics

The Intuitive Network Foundation

DA
TA
Ce
nt e
r
SS
AC
CE FABRIC

WAN

Security
The Cisco SD Solution…..
 Key Foundation Takeaways
Summary

• Power of abstraction provides network agility

• Automated provisioning accelerates time to market and reduces costs
• Automatic and adaptive configuration preserves a consistent application experience
• Insight into application health
• Simplified operations
 THANK YOU.

• Brian Joanis – WI Select Systems Engineer

brjoanis@cisco.com