Professional Documents
Culture Documents
Introducing Cisco SD-WAN: Brian Joanis Systems Engineer, Cisco Systems
Introducing Cisco SD-WAN: Brian Joanis Systems Engineer, Cisco Systems
WAN
Brian Joanis
Systems Engineer, Cisco Systems
Looking at things differently
Software Defined
WAN…..
2
Definition
USERS
Cloud IoT
SDWAN
OnRamp
.… Edge Computing
DC
DEVICES
APPLICATIONS
Cisco SD-WAN IaaS
Fabric
SaaS
THINGS
SECURE SCALE OPEN vDC
Cisco’s SD-WAN Solutions
Cisco SD-WAN
vManage
APIs
Management Plane
3rd Party
vAnalytics
Automation
vBond
MPLS 4G
INET
vEdge Routers
Data Plane
Cloud Data Center Campus Branch SOHO
Cisco SD-WAN Solution Elements
Orchestration Plane Orchestration Plane
Cisco vBond
vManage
• Orchestrates connectivity
APIs between management, control
and data plane
3rd Party
vAnalytics • First point of authentication
Automation
• Requires public IP Address
vBond • Facilitates NAT traversal
vSmart Controllers • All other components need to
know the vBond IP or DNS
information
MPLS 4G
• Authorizes all control
INET connections (white-list model)
vEdge Routers
• Distributes list of vSmarts to
all vEdges
•
Cloud Data Center Campus Branch SOHO
Cisco SD-WAN Solution Elements
Management Plane Management Plane
Cisco vManage
vManage
• Single pane of glass for Day0,
APIs Day1 and Day2 operations
• Real time alerting
3rd Party
vAnalytics
Automation • Centralized provisioning
• Configuration standardization
vBond • Simplicity of deploying
• Simplicity of change
vSmart Controllers
• Supports
• REST API
MPLS 4G • CLI
INET • Syslog
vEdge Routers • SNMP
• NETCONF
VS
vEdge vEdge
Fabric Operation
Fabric Walk-Through
OMP Update:
vSmart Reachability – IP Subnets, TLOCs
OMP
Security – Encryption Keys
DTLS/TLS Tunnel
Policy – Data/App-route Policies
IPSec Tunnel
OMP OMP
BFD Update Update
Policies
OMP OMP
Update Update
vEdge vEdge
Transport1
TLOCs TLOCs
Subnets Subnets
Policy Driven WAN Infrastructure
Policy Augmented Dynamic Routing
Data Policy:
Control Policy: App-Route Policy:
Extensive Policy-based Routing
Routing and Services App-Aware SLA-based Routing
and Services
3
vEdge
WAN Execute AAR and Data Policy as received
router Dynamic Routing and Policies Combine to dictate
behavior
Access Layer
Branch/DC
Cisco SD-WAN Security
vBond
• Router and Controller Identity
• Network Segmentation
• Application Firewall
vEdge
• Infrastructure DDoS Protection
vEdge
vEdge vEdge
Secure Segmentation
Security Zoning
Interface Compliance
VPN 1
IPSec
Tunnel VPN 2 Guest WiFi
VPN 3
VLAN Multi-Tenancy
Extranet
Per-VPN Topology
Regional
Internet
Exit
Small Office
Home Office Secure
SD-WAN
Fabric Regional
Internet
DIA
Branch ISP A Exit
ISP B
Campus
DIA Direct Internet Access Quality Probing
Operations
Simplicity and Visibility
DA
TA
Ce
nt e
r
SS
AC
CE FABRIC
WAN
Security
The Cisco SD Solution…..
Key Foundation Takeaways
Summary