SD-WAN Benefits

SD-WAN Benefits

SD-WAN Benefits

What are the SD-WAN benefits? The core of the SD-WAN is SDN which stands for Software Defined Networking. SDN logically separates the control layer and the data layer within the underlying infrastructure abstracting control.

So the infrastructure can be automated and programmed from a common controller via software. SD-WAN takes the principles of SDN and applies them to the wide area network. The WAN is the highway that interconnects enterprise resources to each other.

Now when we talk about the land we talk about transports or methods of connectivity some examples are broadband, Metro Ethernet, T1, MPLS and LTE. Usually we verbalize the LAN as a single entity but many organizations have more than one WAN, because connectivity will vary based on location and availability.

Each site could have combinations of MPLS, LTE or broadband and each transport is viewed as a separate WAN which is managed separately as unique addressing and may even have different providers. SD-WAN simplifies this and makes it easier to manage.

Plus, it takes all these different LANs and converts what used to be separate disparate networks into one common encrypted network managed by software. So why does SDN matter?

Achieve higher network performance and dramatically improve availability and application user experience by intelligently leveraging multiple paths. Gain visibility and active monitoring for the network and the applications running on it.

So the network becomes a single entity controlled from a single point increasing agility. You can quickly deploy new sites services or just more bandwidth with no truck rolls or on-site expertise. So  Cisco SD-WAN is a revolutionary technology.

it’s designed to streamline processes saving time and money, but more importantly turn a network into an application intelligent and fully automated software-defined infrastructure.

Cisco SD-WAN

Cisco as an industry leader company, can provide the robust SD-WAN solution. Cisco SD-WAN is a secure, cloud-scale architecture that is open, programmable, and scalable. Through the Cisco vManage console, you can quickly establish an SD-WAN overlay fabric to connect data centers, branches, campuses, and colocation facilities to improve network speed, security, and efficiency.

Essentially, the Cisco SD-WAN solution is made of separate orchestration, management, control and data plane. In this innovative architecture vBond plays as orchestrator, vManage as manager, vSmart as the controller and Cisco edge routers take part as data plane.

In this technology the WAN Edge device is uniquely identified by the chassis ID and certificate serial number. Hardware-based vEdge device certificate is stored in the on-board Tamper Proof Module (TPM) chip installed during manufacturing. Hardware-based Cisco IOS-XE SD-WAN device certificate is stored in the on-board SUDI chip installed during manufacturing. Finally, virtual platforms will be identified using a One-Time Password (OTP) provided by vManage to authenticate the device with the SD-WAN controllers.

Cisco SD-WAN Terminology

You can find the terminology meaning of the terminology used to describe a Cisco SD-WAN overlay network in the following:

  • Domain ID: A unique integer which is a logical grouping of edge routers and Cisco vSmart Controllers. You can configure only one domain in a Cisco SD-WAN overlay network.
  • TLOC: A transport location which identifies the physical interface where an edge router connects to the WAN transport network or to a NAT gateway.
  • OMP Routes: Overlay Management Protocol (OMP) advertises to its peers the routes and services that it has learned from its local site, along with their corresponding transport location mappings, which are called Transport Locations (TLOCs). These routes are called OMP routes. Cisco SD-WAN​ control plane uses three types of OMP routes:
    • OMP routes: Prefixes that establish reachability between end points.
    • TLOCs: Identifiers that tie an OMP route to a physical location.
    • Service routes: Identifiers that tie an OMP route to a service in the network.
  • Site ID: A site is a particular physical location within the Cisco SD-WAN overlay network.
  • System IP Address: This address is similar to the router ID on a regular router.

SD-WAN Edge Platforms Onboarding

The SD-WAN controllers and vEdge/cEdge platforms need to mutually authenticate and trust each other before establishing the secure control connections. As soon as, the SD-WAN controllers authenticate each other and WAN Edge devices, they will validate the root of trust for the certificate root CA, compare the organization name and check the certificate serial number authority. You can find the SD WAN onboarding steps in the following figure:

Cisco SD WAN Benefits

There are several options available to securely onboard SD-WAN Edge devices. Generally, customers should use the PnP provisioning for their IOS-XE-based devices (cEdge) and ZTP for Viptela Edge (vEdge) devices. Also, Bootstrap config is only supported on the IOS-XE SD-WAN. All these features makes it easier to deploy new devices in the branch edges.

Cisco SD-WAN

Cisco Plug and Play Process

The cEdge device on boot up, obtains IP address, default gateway and DNS information via DHCP on the PnP interface that is connected to the WAN transport which is typically connected to the Internet. Then, the Cisco edge platforms try to reach PnP server at devicehelper.cisco.com and uses an HTTPS connection to get the required information about the vBond, including the organization-name.

After that, the vBond authenticates the device using its chassis/serial number and root certificate and provides the device with the vManage and vSmart controller information to the edge platform. Finally, the cEdge initiates and establishes secure connections with the vManage and vSmart controllers and downloads the configuration using NETCONF from vManage and joins the SD-WAN overlay network.

SD-WAN

Zero-Touch Provisioning process

ZTP is as same as PnP provisioning process, though, it is for vEdge devices. In this process, vEdge devices try to connect to the ZTP server at ztp.viptela.com and uses an HTTPS connection to gather information about vBond orchestrator.

IOS XE SD WAN Bootstrap Deployment

This option is available only for IOS-XE SD-WAN WAN Edge platforms and not for vEdge devices. Leveraging bootstrap deployment requires the device template configuration to be built and attached to the WAN Edge device in vManage, after which the configuration file is built and shared with the WAN Edge device.

Plus, the template file should be placed on the device flash memory with the ciscosdwan.cfg name on the ASR1K, ISR1K and ISR4K and ciscosdwan_cloud_init.cfg on the ASR1002-X devices. Then, on the boot up, the cEdge device learns the vBond and organization name from the system template embedded in the configuration and initiates a secure control connection to the vBond orchestrator.

After successful authentication, the WAN Edge device receives information regarding the vManage and vSmart controllers and establishes secure connections with vManage and vSmart and downloads the entire configuration and joins the SD-WAN overlay network.

SD WAN Manual Deployment

For manual deployment, customers need to manually enter the whole configuration, such as System-IP, Site-ID, organization-name and vBond information and configure the transport VPN (VPN 0) interface with IP address, route and tunnel configuration.

 

Leave a Reply

Related Post