SD WAN Cisco Router


What Is SD-WAN?

Cisco SD-WAN is a safe, scalable, open, and programmable cloud-scale architecture. Administrators may quickly set up an SD-WAN overlay fabric to connect data centers, branches, campuses, and other facilities to increase network speed, security, and effectiveness through the Cisco vManage console. Cisco SD-WAN is an open, software-based, adaptable, and simple-to-use option. Customers can deploy it as an on-premises workload or in the cloud, giving them access to a straightforward, cloud-managed Cisco SD-WAN solution that uses pre-existing gear.

The main elements of the Cisco SD-WAN architecture are as follows:

  1. The routing, policy, security, segmentation, and authentication of devices are all managed centrally by the vSmart Controller.
  2. vManage is a centralized dashboard for management and configuration.
  3. vEdge Routers – Full-featured IP routers that, in addition to overlay communication, carry out common tasks such as Open Shortest Path First, Access Control Lists, Quality of Service, and several routing policies.
  4. Initial authentication and permission of each element into the network is handled by the vBond Orchestrator, which details how each unit relates to other elements.

The vEdge router can be either a physical Cisco SD-WAN equipment or software that operates in a virtual machine; the other three components are software-only. The software for vEdge routers, Cisco vManage, and Cisco vSmart Controller is run on servers, whereas the software for vBond Orchestrator is run on vEdge routers as a process (daemon).

The Cisco SD-WAN product is a segmented network overlay that enforces regulations locally and from a central location, leverages encryption for security, and is simple to integrate with third-party services.

What advantages does SD-WAN offer?

Enterprise, branch, and data centers were the only architectures supported by the conventional WAN. An organization’s WAN architecture will see a traffic explosion as more applications with global distribution are accessed once it embraces cloud-based services in the form of SaaS and IaaS.

There are numerous effects on IT from these changes. SaaS-application performance issues could have an impact on employee productivity. When dedicated and backup circuits are used inefficiently, WAN costs may increase. Connecting various user types with various device kinds to various cloud environments is a daily, challenging battle that IT faces.

With SD-WAN, IT can provide routing, threat prevention, effective offloading of pricey circuits, and simplifying WAN network management. Benefits to businesses could include the following:

Improved app experience

  1. All important enterprise applications will have high availability and predictable service.
  2. For all network circumstances, several hybrid active-active links.
  3. Application-aware routing and dynamic application routing for effective delivery and enhanced user experience
  4. improved OpEx, using more affordable and adaptable internet services in place of pricey Multiprotocol Label Switching (MPLS) offerings (including secure VPN connections)

More protection

Application-aware policies with real-time access control, end-to-end segmentation, and Integrated threat protection deployed where it is needed

  1. Secure Internet access through broadband and to the cloud
  2. Use NGFW, DNS security, and NGAV to distribute security to remote and branch endpoints.
  3. improved connectivity to the cloud
  4. seamless WAN expansion to numerous public clouds
  5. Salesforce, Microsoft Office 365, and other key SaaS applications’ real-time optimized performance
  6. streamlined processes for cloud computing platforms like Microsoft Azure and Amazon Web Services (AWS)

Reduced management

  1. a single, centralized management dashboard for WAN, cloud, and security configuration and Administration
  2. Template-based, touchless provisioning across all environments, including the branch, campus, and cloud
  3. Application and WAN performance reports in great detail for business analytics and capacity forecasting.

SD-WAN Implementation

Deploying the controllers is always the first step when a business switches from a traditional WAN architecture to a Software-Defined WAN architecture. The primary data centers and hub sites will be moved next, followed by the outlying sites, such as campuses and branches.

The major purpose of performing these tasks in this order is to allow the hub sites to act as a traffic center for both SD-WAN and non-SD-WAN sites during the migration. Of course, the order is less important if the deployment is fresh new, and from scratch.

Options for deploying controllers

The ability to deploy the controllers in the public cloud is one of the Software-Defined WAN’s key benefits. This can increase the overall availability and redundancy of the management plane/control plane while drastically lowering the CAPEX/OPEX expenditures. Compare this model to the case where all controllers are installed on-site. Rack space, electricity, cooling, real servers, hypervisors, and virtual machines or containers must all be considered. Backups and redundancy must be handled independently. The management/control plane can be used as IaaS (Infrastructure-as-a-Service) or SaaS using cloud possibilities (Software-as-a-Service).

Customers can select from the following choices from Cisco:

Cisco-hosted cloud: This is the preferred option for most customers (more than 90%) based on the information I’ve gleaned about current deployments. Due to Cisco’s responsibility for provisioning all controllers, backup and disaster recovery is also the vendor’s recommended model. 

When customers use vManage to design unique configuration templates for their device and manage the overlay fabric, they are leveraging the SD-WAN control plane as a Software-as-a-Service (SaaS) offering.

Public clouds, like Azure and AWS, are options for the customer to host the controllers in. In this case, the customer or a service provider could be in charge of the controllers.

On-premise – The controllers can be set up in the business’s private clouds or data centers. In this case, backups and disaster recovery are the customer’s responsibility. When it comes to governmental and financial institutions, compliance with local regulators is typically required.

Once operational, the controllers must create safe links among themselves. The underlying secure protocol has two options available as of 2020-2021: DTLS, which utilizes UDP transport, or TLS, which uses TCP transport. All controllers use the DTLS option by default.

Operating, Managing, and Administrating SD-WAN

The Software-Defined WAN’s advantage over conventional box-to-box networking is that it is managed as a System. When it comes to the solution’s operation, Administration, and Management (OAM), this opens up a whole new universe of opportunities. Among the key advantages are:

Reduced change and deployment times result from centralized Administration and operational simplicity.

Transport-independent overlay: Any combination of transports can be employed in an active/active manner since the underlay transport is abstracted away from the overlay fabric. The business’s bandwidth expenses are dramatically decreased as a result.

Advanced security: The control plane encryption of the SD-WAN is more complete when compared to the traditional control plane security of OSPF and BGP since it uses certificate identification and a zero-trust security paradigm.

Application visibility: A key component of the system is real-time analysis and application visibility. This makes it possible to enforce service-level agreements (SLAs) and track particular performance metrics.

Tips You Should Know Before Implementing Cisco SD-WAN edges.

In the next section, I’ll go over a couple of the modifications that come with Cisco SD-WAN.

Tip #1: The Commit Command IOS versions 

Before 17 were divided into two trains called IOS-XE and IOS-XE SD-WAN. Configure terminal can enter configuration mode using the standard IOS-XE code. However, the IOS-XE SD-WAN train enables config-transaction rather than “configure terminal,” which you should be aware of.

Since version 17, standard IOS-XE and SD-WAN XE have been integrated, and as a result, the configure terminal command has been replaced by the config-transaction command.

Before exiting configuration mode, you must use the commit command to save your modifications instead of the write mem command to save your configuration.

Tip #2: Use VPNs for management, service, and transport

A VRF and a VPN are equivalent in Cisco SD-WAN (virtual routing and forwarding).

Always use VPN 0 as the transport VPN. The controllers establish the interfaces connected to the Internet through tunnels, and other routers are considered part of this VPN. Control connections are VPNs formed using DTLS or TLS to the controllers. VPNs are IPsec tunnels used to transport user data to other routers.

Your user data originates from a service VPN with a number range of 1 through 511. A firewall, your internal switch, and other devices will be connected through a service VPN’s interfaces.

The management VPN is always VPN 512, as the last point. With this VPN, out-of-band management is possible.

#3: Compare the IOS and Controller versions

It is advised that the versions of your controllers (vManage, vSmart, and vBond) match. Your router must be running an IOS version compatible with your vManage version. Why? Because the IOS version on your cEdges must support the CLI commands that configuration templates on vManage produce. Look at the compatibility matrix in any SD-WAN IOS XE release notes.

Cisco SD-WAN Alternatives for Service Providers

Alternatives to Cisco Meraki and Cisco Viptela’s SD-WAN Silver Peak SD-WAN vs. Cisco SD-WAN

Like Cisco, Silver Peak’s SD-WAN software features excellent WAN and real-time traffic optimization application management. Similar to Cisco, Silver Peak’s core nodes are not multi-tenanted, making it difficult to scale infrastructure expenses effectively.

Although Cisco Meraki has native advanced security capability, Silver Peak does not. Instead, Silver Peak uses third-party firewalls or cloud security services to protect its platform.

Additionally, lacking cloud gateways, Silver Peak’s WAN edge offering forces businesses or MSPs to build them from scratch. Additionally, Silver Peak demands a closed customer-premises equipment environment (CPE). This means that it is impossible to install several containers on edge devices and that Silver Peak is the only provider available to clients.

Alternative 2 pits Cisco SD-WAN against Turnium SD-WAN

Both Viptela and Meraki are offered hardware-driven solutions through Cisco’s broad sales channels because the company has always been a hardware seller. Due to the intense local rivalry that results, it is difficult for service providers to distinguish their Cisco SD-WAN offerings other than by pricing.

Cisco’s products are difficult to price, configure, and sell, particularly for service providers. Many consumers must be educated about their licensing arrangements, and some customers find it annoying to be forced to purchase term-based software support and maintenance agreements.

Instead of simply reselling a brand like Cisco, Turnium enables service providers to advertise their own privately branded SD-WAN service. Turnium SD-WAN is a more partner-friendly SD-WAN solution because it only focuses on partner sales and is typically white-labeled.

Leave a Reply

Your email address will not be published. Required fields are marked *