Embed Size (px)
Citation preview
SOFTWARE DEFINED WAN
28 YEARS LEADER
IN INFORMATION TECHNOLOGIES
Presentation by Grigor Yorgov
AGENDA
CURRENT WAN CHALLENGES
WHAT IS SD-WAN?
CISCO SD-WAN ADVANTAGES
CISCO SD-WAN ARCHITECTURE
CISCO SD-WAN LICENSING
CISCO SD-WAN PORTFOLIO
CISCO SD-WAN DEPLOYMENT
CISCO SD-WAN DEMO
Q&A
CURRENT WAN CHALLENGES THE HARDWARE BASED WAN OF YESTERDAY
CURRENT WAN CHALLENGES THE HARDWARE BASED WAN OF YESTERDAY
DOESN’T KEEP UP WITH THE NEEDS OF TODAY
CURRENT WAN CHALLENGES SD-WAN SOLUTION
Employee
Company SD-WAN Branch
Company SD-WAN Data Center
Applications
HQ Destined Traffic
Employee Internet TrafficDirect Internet Access
Direct Cloud Access Employee SAAS Traffic
SaaS
Internet
DNS/web layer security
Ent. FW App Aware
IPSURL filtering
WHAT IS SD-WAN?
CISCO SD-WAN ADVANTAGES
Automatic routing between SD-WAN sites Automatic encrypted tunnels between SD-WAN sites
Building flexible topologies (full-mesh, hub-and-spoke, partial
mesh)
Embedded network monitoring system Centralized console for configuration with embedded
templates for each router model
Security features (IPS, URL filtering, certificates)
CISCO SD-WAN ARCHITECTUREOVERVIEW
Data Center Campus Branch SOHO
4G/LTE
MPLS
Internet
Control Plane = vSmart(VMs)
Data Plane = Edge(Cisco ISR/ASR/ENCS)
Management = vManage(VMs)
Orchestration = vBond(VMs)
vManage
vSmart
WAN Edge
Orchestrator ZTP/PnP
APIs
Cloud
vAnalytics
APIs
vSmart Controllers
vAnalytics3rd Party
Automation
vManage
Data Center Campus Branch SOHOCloud
vBond
Edge Routers
4GMPLS
INET
• Orchestrates control and management plane
• First point of authentication (white-list model)
• Distributes list of vSmarts/ vManage to all Edge routers
• Facilitates NAT traversal
• Requires public IP Address [could sit behind 1:1 NAT]
• Highly resilient
Orchestration Plane
Cisco vBond
CISCO SD-WAN ARCHITECTUREORCHESTRATION PLANE
Control Plane
Cisco vSmart
• Facilitates fabric discovery
• Dissimilates control plane information between Edges
• Distributes data plane and app-aware routing policies to the Edge routers
• Implements control plane policies• Dramatically reduces control plane
complexity
• Highly resilient
vSmart Controllers
vAnalytics3rd Party
Automation
vManage
Data Center Campus Branch SOHOCloud
vBond
4GMPLS
INET
APIs
CISCO SD-WAN ARCHITECTURECONTROL PLANE
Edge Routers
Data PlanePhysical/Virtual
Cisco vEdge or cEdge
• WAN edge router
• Provides secure data plane with remote Edge routers
• Establishes secure control plane with vSmart controllers (OMP)
• Implements data plane and application aware routing policies
• Exports performance statistics
• Leverages traditional routing protocols like EIGRP, OSPF, BGP and VRRP
• Support Zero Touch Deployment or Plug and Play
• Physical or Virtual form factor (100Mb, 1Gb, 10Gb)
APIs
vSmart Controllers
vAnalytics3rd Party
Automation
vManage
Data Center Campus Branch SOHOCloud
vBond
4GMPLS
INET
CISCO SD-WAN ARCHITECTUREDATA PLANE
Edge Routers
Management Plane
Cisco vManage
• Single pane of glass for Day0, Day1 and Day2 operations
• Multitenant with web scale
• Centralized provisioning
• Policies and Templates
• Troubleshooting and Monitoring
• Software upgrades
• GUI with RBAC
• Programmatic interfaces (REST, NETCONF)
• Highly resilient
vSmart Controllers
vAnalytics3rd Party
Automation
vManage
Data Center Campus Branch SOHOCloud
vBond
4GMPLS
INET
APIs
CISCO SD-WAN ARCHITECTUREMANAGEMENT PLANE
Edge Routers
• TCP based, extensible control plane protocol
• Runs between Edge routers and vSmart controllers and between the vSmart controllers
- Inside TLS/DTLS connections
• Leverages address families to advertise reachability for TLOCs, unicast/multicast destinations (statically/dynamically learnt service side routes), service routes (L4-L7), BFD stats (TE and H-SDWAN) and Cloud onRamp for SaaS probe stats (gateway)
- Uses attributes
• Distributes IPSec encryption keys, and data and app-aware policies (embedded NETCONF)
vSmart vSmart
vSmart
Edge Edge
Note: vEdge/cEdge routers need not connect to all vSmart Controllers
CISCO SD-WAN ARCHITECTUREOVERLAY MANAGEMENT PROTOCOL (OMP)
Transport Locator (TLOC) OMP IPSec Tunnel
Edge
EdgeEdge
Edge
Edge
vSmart
Local TLOCs(System IP, Color, Encap)
TLOCs advertised to vSmarts
vSmarts advertise TLOCs to all Edges*
(Default)
Full Mesh SD-WAN Fabric
(Default)
* Can be influenced by the control policies
CISCO SD-WAN ARCHITECTURETRANSPORT LOCATORS (TLOCS)
OMP Update:
Reachability – IP Subnets, TLOCs
Security – Encryption Keys
Policy – Data/App-route Policies
BGP, OSPF,
EIGRP
Connected,
Static
BFD
IPSec Tunnel
OMP
DTLS/TLS Tunnel
Transport1
Transport2VPN1
A
VPN2
B
VPN1
C
VPN2
D
BGP, OSPF,
EIGRP
Connected,
Static
vSmart
OMP
Update
OMP
Update
Edge Edge
Subnets Subnets
TLOCs TLOCs
PoliciesOMP
UpdateOMP
Update
CISCO SD-WAN ARCHITECTUREFABRIC OPERATION
CISCO SD-WAN LICENSINGCOMPONENTS
DNA Essential
DNA Advantage
DNA Premier
Term:Bandwidth:
10M
20M
50M
100M
500M
1G
2.5G
10G
3y
5y
Feature License License TermBandwidth License
BandwidthCisco DNA Essentials Cisco DNA Advantage Cisco DNA Premier
20M, 3Y or 5Y• <= 50 routers
• SMB focus
• Centralized management
• Firewall
• IPS
• No limitation for routers
• Includes DNA Essentials
• URL Filtering
• Cisco AMP
• Enterprise focus
• No limitation for routers
• Includes DNA Advantage
• Cisco Umbrella™ Insights
• Cisco® Threat grid sandboxing
40M, 3Y or 5Y
50M, 3Y or 5Y
100M, 3Y or 5Y
200M, 3Y or 5Y
500M, 3Y or 5Y
1G, 3Y or 5Y
2G, 3Y or 5Y
CISCO SD-WAN LICENSINGFEATURES
MPLS LTE Internet
1 2 3
3Mbps Up
3Mbps Down
20Mbps Up
75Mbps Down
6Mbps Up
15Mbps Down
With Cisco DNA subscription, bandwidth entitlement is the sum of total bandwidth utilization (either
upstream or downstream) across all WAN circuits.
Examples:
Aligned with how service providers sell WAN bandwidth
In the example, bandwidth utilization adds to 3+15+75= 93 Mbps (downstream) and to
3+6+20= 29 Mbps (upstream). Considering the maximum utilization, you will need a 100 Mbps
license.
For a 100 Mbps license, utilization can be up to
100 Mbps upstream and 100 Mbps downstream
CISCO SD-WAN LICENSINGBANDWIDTH EXAMPLE
ASR 1000
• 2.5-200Gbps
• High-performance service with hardware assist
• Hardware and software redundancy
ISR 4000
• Up to 10 Gbps
• Modular
• Integrated container applications
• Compute with UCS E
ISR 1000
• Up to 1.5 Gbps
• Fixed and fanless
• Integrated wired and wireless access
ISRv • 50 Mbps to 2.5 Gbps
• Virtual enterprise-class networking
• Run on x86 compute platform
• ENFV orchestration & management
Cisco ENCS • Service chaining virtual functions
• Modular WAN connectivity
• Open for 3rd party services & apps
CSR 1000V
• 10 Mbps to 10 Gbps
• DNA Virtualization
• Extend enterprise routing, security and management to cloud
• VMware
• KVM
• AWS
Cloud Branch WAN Edge
Virtual
CISCO SD-WAN PORTFOLIO
CISCO SD-WAN DEPLOYMENTPREPARATION
Time & Effort Expended
On Existing Network
On SD-WAN Routers
vManage
vSmartvBond
Controllers Datacenter Branches
CISCO SD-WAN DEPLOYMENTSEQUENCE OF MIGRATION
CISCO SD-WAN DEPLOYMENTCONTROLLERS
ESXi or KVM
Physical Server
vManage vSmart vSmart
VM
vBond
Cisco
vManage vSmart vSmartvBond
On-Premise Hosted
VM
CISCO SD-WAN DEPLOYMENTSTRATEGY
Internet MPLSSD-WAN
Overlay
BGP/
OSPF/
EIGRP
OMP
Identify the gateway/DC sites that will provide bridge between the SD-WAN sites and the Legacy sites
Deploy the vEdge in the Gateway/DC sites with L3 peering with existing router providing connectivity to legacy sites.
Start replacing the legacy routers in remotes with SD-WAN routers.
During migration, traffic between the SD-WAN goes direct over hybrid transports over IPSec tunnels between sites.
During migration traffic between SD-WAN and Legacy sites is routed through the Gateway/DC sites.
Once the migration is complete, the legacy routers could be removed from the gateway/legacy sites
DC/Gateway Site
SD-WAN Sites Legacy/MPLS Sites
CISCO SD-WAN DEMOTOPOLOGY
THANK YOU!
ENGINEERINGYOUR THOUGHTS
