SDWAN Notes-
In recent years, businesses are embracing digital transformation more rapidly than ever expected.
Many applications are moved to the public cloud and many services are now available over the Internet.
Companies want to reduce costs and manage their infrastructure more effectively.
The traditional wide-area network (WAN) was designed to connect users at remote sites to applications hosted in the
company's data center. Dedicated leased lines and MPLS circuits were used to provide secure and reliable connectivity
to the DC.
Although some applications are now in public clouds and the Internet, the traffic from the remote sites must come to
the DC first and then be routed to the Public Cloud and back.
This WAN design no longer works well in a digital world where applications are out of the data center, and the users
consuming those applications are using a diverse set of mobile devices.
As businesses are rapidly adopting Software-as-a-service (SaaS) and Infrastructure-as-a-service (IaaS) models, it is
pretty common to have ERP applications hosted in AWS, office applications such as Office 365 being used over the
Internet, company-specific apps hosted in the HQ data center, and 3rd party applications hosted in another datacenter.
In this scenario, the traditional WAN connectivity between the branches and the DC is not the most effective way to
connect to all applications and creates the following inefficiencies
With the adoption of Public Cloud, companies started rethinking their WAN designs.
it is a natural consequence that companies started exploring ways to rely less on Private WAN and take advantage of
the Internet circuits.
�Software-defined WAN (SD-WAN) solutions have been designed to address these challenges.
SD-WAN is part of the broader technology trend called software-defined networking (SDN).
Software-Defined WAN (SD-WAN) is a centralized approach to managing and operating large-scale WAN networks
through a single centralized management plane, and the system itself to manage the underlying network devices.
This would provide many benefits, business opportunities, and a better overall user experience.
Cisco's SD-WAN solutions
Cisco offers two different SD-WAN products through its acquisitions of Meraki and Viptela.
Both products are full-fledged SD-WAN solutions and have several overlapping features.
Cisco has made it clear that Meraki and Viptela are geared toward two different markets.
• Meraki is designed for small and mid-sized companies that want simplicity and ease of use above everything
else. Deploying the Meraki SD-WAN solution is easier than Viptela and if the organization does not have any
specific niche requirements, it would definitely be the right choice.
• Viptela has more advanced features available and requires a sophisticated network design and
architecture. The product is designed for large-scale enterprise-level networks and has a high degree of
customization.
Cisco SD-WAN is a Wide Area Network (WAN) overlay architecture that applies the principles of Software-Defined
Networking (SDN) into the traditional WAN.
It is designed to meet the needs of modern enterprise applications and the rapidly growing security requirements.
Cisco Viptela SD-WAN solution provides the following improvements over the traditional WAN design:
• Connecting any location in a fast, secure, and highly available manner using Zero-Touch Provisioning (ZTP).
• Establishing a transport-independent WAN using any type of underlying transport.
• Abstracting the underlying WAN infrastructure away from the services and applications that run over
the network such as WAN Routing, Segmentations, Analytics, IaaS, and Multitenancy.
• Providing end-to-end security from remote sites to the Internet, Cloud, and SaaS applications.
• Providing a single pane of glass (SPOG) for management, analytics, and configuration policy across the
enterprise WAN.
• Providing southbound REST APIs that enable enterprises to create their own unique services and meet any
niche requirements.
SD-WAN Components
Cisco Viptela SD-WAN solution is made up of four segregated planes - Orchestration plane, Management Plane,
Control Plane, and Data Plane.
Each plane has its own functions and responsibilities and is abstracted away from the other planes. For example, if you
replace a device in the data plane, that does not affect the control/management or orchestration plane.
Compare this to the Tradition WAN design where each device participates in the data plane (forwarding actual
packets),
�But in SDWAN the control plane (for example running OSPF, BGP, PIM and participate in the topology formation), and
in the management plane (is actively managed via CLI).
Cisco vManage
Cisco vMange is the Management Plane of the SD-WAN system.
It runs the user interface of the system and is the dashboard network administrators interact with daily.
It is responsible for collecting network telemetry data, run analytics, and alert on events in the SD-WAN
fabric.
It is also the tool that admins use to create device templates, push configurations, and perform overlay
traffic engineering.
Cisco vManage can be deployed on-prem, in the public cloud, or in the Cisco cloud-hosted environment.
Cisco vBond
Cisco vBond is the Orchestration Plane of the SD-WAN system.
Its job is to orchestrate the process of onboarding new unconfigured devices to the SD-WAN fabric.
It is responsible for the authentication and whitelisting of vEdge routers and control/management information
distribution.
Cisco vSmart
Cisco vSmart is the Control Plane of the SD-WAN system.
vSmart controllers are the brain of the overlay fabric.
They advertise routing, policies, and security.
They are positioned all vEdge routers peer with all vSmart controllers.
vSmart controllers are like BGP Route-reflectors or DMVPN NHRP routers. However, it is important to understand
these appliances are not part of the Data Plane and do not participate in packet forwarding.
Cisco vEdge
Cisco vEdge devices represent the Data Plane of the SD-WAN system.
They sit at the WAN edge and establish the network fabric and join the SD-WAN overlay.
vEdge routers exchange routing information with the vSmart controllers over the Overlay Management Protocol
(OMP). WAN Edge routers could be Viptela platforms or Cisco IOS-XE devices
for example, we have a campus network running OSPF. At the vEdge devices, the OSPF routes are redistributed into
the SD-WAN fabric to the vSmart controllers via OMP and then the vSmart controllers populate this routing
information to other vEdge devices if it is required by the WAN topology.
�Overlay Management Protocol (OMP)
The Cisco vSmart controllers use the Overlay Management Protocol (OMP) to manage the overlay network
fabric.
After joining the SD-WAN fabric, each vEdge router establishes one permanent secure connection to the vSmart
controller.
These connections, usually DTLS, are then used by the vEdges to exchange control plane information to the controller
such as prefixes, crypto keys, and policy information.
OMP peering is never made between the vEdge routers onsite. This is due to the separation of control and data plane
in the SD-WAN architecture.
Three types of routes are advertised with OMP:
1. OMP routes (vRouter) are prefixes at the local site that are redistributed into OMP and advertised towards
the controllers. These might be OSPF or BGP routes, or any other routing information present on the site.
2. TLOC routes (Transport locations) are the tunnel endpoints on the WAN Edge routers that connect to
the transport networks. These routes are represented by three components- the system IP address, link color,
and encapsulation type.
3. Service routes are used to exchange services such as firewall, IPS, application-specific optimizations, and
load-balancers.
