Introducing Cisco SDWAN Brian Joanis Systems Engineer Cisco
Introducing Cisco SD-WAN Brian Joanis Systems Engineer, Cisco Systems
Looking at things differently Software Defined WAN…. . 2
Definition An SD-WAN simplifies the management and operation of a WAN by decoupling the networking hardware from its control mechanism.
Cisco SD-WAN Platform for Digital Transformation Cloud Delivered Analytics Automation Virtualization USERS SDWAN Cloud On. Ramp . … Io. T Edge Computing DC DEVICES Cisco SD-WAN Fabric Iaa. S Saa. S THINGS SECURE SCALE OPEN v. DC APPLICATIONS
Cisco’s SD-WAN Solutions Cisco SD-WAN ugh o r h akt Bre 4 D Advanced SD-WAN • Cloud and On. Ramp • More than two active transports or active LTE • Comprehensive WAN connectivity & services • Complex topologies • Custom policies at scale • Advanced routing & segmentation SD-WAN ESSENTIALS • • • Hybrid WAN L 3 overlay for deployments Dynamic path selection Cloud-managed Zero touch deployment with templates and easy to use dashboard Single Dashboard • Single pane-of-glass management for full stack infrastructure across the branch • Existing Meraki customers evaluating SD-WAN • Integrated branch security and network connectivity solution
Cisco SD-WAN Architecture The Power of Abstraction v. Manage APIs Management Plane 3 rd Party Automation v. Analytics v. Bond Orchestration Plane Control Plane v. Smart Controllers 4 G MPLS INET v. Edge Routers Data Plane Cloud Data Center Campus Branch SOHO
Cisco SD-WAN Solution Elements Orchestration Plane Cisco v. Bond v. Manage • Orchestrates connectivity between management, control and data plane • First point of authentication • Requires public IP Address • Facilitates NAT traversal • All other components need to know the v. Bond IP or DNS information • Authorizes all control connections (white-list model) • Distributes list of v. Smarts to all v. Edges APIs 3 rd Party Automation v. Analytics v. Bond v. Smart Controllers 4 G MPLS INET v. Edge Routers • Cloud Data Center Campus Branch SOHO
Cisco SD-WAN Solution Elements Management Plane Cisco v. Manage • Single pane of glass for Day 0, Day 1 and Day 2 operations Real time alerting • • • Centralized provisioning Configuration standardization Simplicity of deploying Simplicity of change Supports • APIs 3 rd Party Automation v. Analytics v. Bond v. Smart Controllers 4 G MPLS INET Cloud Data Center Campus v. Edge Routers Branch SOHO • • • REST API CLI Syslog SNMP NETCONF
Cisco SD-WAN Solution Elements Control Plane Cisco v. Smart APIs • • • 3 rd Party Automation • v. Manage v. Analytics v. Bond • v. Smart Controllers • 4 G MPLS INET Cloud Data Center Campus v. Edge Routers Branch SOHO • Centralized brain of the solution Facilitates fabric discovery Establishes OMP peering with all v. Edges Implements control plane policies, such as service chaining, traffic engineering and per VPN topology Dramatically reduces complexity of the entire network Distributes connectivity information between v. Edge Orchestrates secure data plane connectivity between v. Edges
Cisco SD-WAN Solution Elements Data Plane Physical/Virtual Cisco v. Edge • • v. Manage APIs • 3 rd Party Automation v. Analytics • v. Bond • • v. Smart Controllers 4 G MPLS INET Cloud Data Center Campus v. Edge Routers Branch SOHO • • WAN edge router Provides secure data plane with remote v. Edge routers Establishes secure control plane with v. Smart controllers (OMP) Implements data plane and application aware routing policies Exports performance statistics Leverages traditional routing protocols like OSPF, BGP and VRRP Support Zero Touch Deployment Physical or Virtual form factor (100 Mb, 1 Gb, 10 Gb)
Overlay Management Protocol (OMP) Unified Control Plane v. Smart • • Runs on top of TCP, extensible control plane protocol Runs between v. Edge routers and v. Smart controllers and between the v. Smart controllers - v. Smart v. Edge • Inside TLS/DTLS connections Advertises control plane context VS
Fabric Operation Fabric Walk-Through OMP Update: § Reachability – IP Subnets, TLOCs § Security – Encryption Keys § Policy – Data/App-route Policies v. Smart OMP DTLS/TLS Tunnel IPSec Tunnel OMP Update BFD OMP Update v. Edge Policies v. Edge Transport 1 TLOCs BGP, OSPF, Connected, Static OMP Update VPN 1 VPN 2 A B Subnets TLOCs Transport 2 VPN 1 VPN 2 C D Subnets BGP, OSPF, Connected, Static
Policy Driven WAN Infrastructure Policy Augmented Dynamic Routing 1 v. Manage GUI – Policy Orchestration Control Policy: App-Route Policy: Routing and Services App-Aware SLA-based Routing Data Policy: Extensive Policy-based Routing and Services Combine and Apply per Site 2 v. Smart controller – Policy Enforcement/Advertisement Execute Control Policy Advertise AAR/Data Policies to Sites 3 v. Edge WAN router Access Layer Branch/DC Execute AAR and Data Policy as received Dynamic Routing and Policies Combine to dictate behavior
Cisco SD-WAN Security v. Bond • Router and Controller Identity • Zero Trust Security Model v. Manage v. Smart • Strong Encryption • Network Segmentation • Application Firewall v. Edge • Infrastructure DDo. S Protection
Secure Segmentation § Security Zoning Interface § Compliance VPN 1 IPSec Tunnel § Guest Wi. Fi VPN 2 VPN 3 VLAN § Multi-Tenancy § Extranet Per-VPN Topology Full-Mesh Hub-and-Spoke Partial Mesh Point-to-Point
Cloud On. Ramp: Software as a Service (Saa. S) Best Performing Path Regional Internet Exit Small Office Home Office Branch Secure SD-WAN Fabric DIA Campus ISP A Regional Internet Exit ISP B DIA Direct Internet Access Quality Probing
Operations Simplicity and Visibility Single Pane Of Glass Operations Rich Analytics
The Intuitive Network Foundation AC CE SS r nte Ce TA DA FABRIC WAN Security
The Cisco SD Solution…. .
Key Foundation Takeaways Summary • Power of abstraction provides network agility • Automated provisioning accelerates time to market and reduces costs • Automatic and adaptive configuration preserves a consistent application experience • Insight into application health • Simplified operations
THANK YOU. • Brian Joanis – WI Select Systems Engineer brjoanis@cisco. com
- Slides: 21