Read on Twitter
๐๐ผ๐ป๐๐ฒ๐
๐: What SD-WAN is?
Centred around the idea of how we connect our remote sites to our central office.
But, with the perks of being smarter, faster and better than other solutions.
Centred around the idea of how we connect our remote sites to our central office.
But, with the perks of being smarter, faster and better than other solutions.
๐ง๐ฟ๐ฎ๐ฑ๐ถ๐๐ถ๐ผ๐ป๐ฎ๐น๐น๐; When you have remote sites and you wanna connect them back to the central office, you would rely on maybe an #MPLS connection or the fancier MPLS cloud with your ISP.
It works but is crazy ๐๐ญ๐ฅ๐๐ฃ๐จ๐๐ซ๐ when you consider expanding the network.
It works but is crazy ๐๐ญ๐ฅ๐๐ฃ๐จ๐๐ซ๐ when you consider expanding the network.
Another approach is going with good old internet cable connection using ๐๐ฃ cloud. So rather than relying on MPLS now, we fall back on ๐๐ -๐ฉ๐ฃ๐ก.
Complexities with DM-VPN: Securely connecting all the sites over a WAN. Reliability issues, lot of time troubleshooting, QoS.
Complexities with DM-VPN: Securely connecting all the sites over a WAN. Reliability issues, lot of time troubleshooting, QoS.
Comes an intermittent solution: ๐ถ๐ช๐๐ก
Intelligent WAN was pretty much a fancy DM-VPN with some advanced features such as QoS, per tunnel QoS, performance monitoring, application visibility and control (AVC), NBAR2 etc.
Intelligent WAN was pretty much a fancy DM-VPN with some advanced features such as QoS, per tunnel QoS, performance monitoring, application visibility and control (AVC), NBAR2 etc.
๐๐ถ๐๐ฐ๐ผ goes on a hunt for SD-WAN solution and acquires ๐ฉ๐ถ๐ฝ๐๐ฒ๐น๐ฎ. An SD-WAN vendor that delivers a cloud-first, software-defined wide-area networking (SD-WAN) solution.
With their powers combined, we got something, very killer now.
With their powers combined, we got something, very killer now.
Question: Why do we need something else right now when we& #39;ve other than SD-WAN solutions available?
Because:
*What we& #39;re dong is changed a lot
*Site-to-HQ connectivity is transformed to cloud
*Cloud services: Office365, DropBox, GDrive
*Infrastructure in the cloud: AWS, Azure
Because:
*What we& #39;re dong is changed a lot
*Site-to-HQ connectivity is transformed to cloud
*Cloud services: Office365, DropBox, GDrive
*Infrastructure in the cloud: AWS, Azure
We had to make sure all these things work amazing too.
Hence, we needed something smarter to work with our WAN. Like giving our network a brain with the help of Intent-Based Networking and Network Programmability.
That& #39;s what SD-WAN is; extending intent-based networking to WAN.
Hence, we needed something smarter to work with our WAN. Like giving our network a brain with the help of Intent-Based Networking and Network Programmability.
That& #39;s what SD-WAN is; extending intent-based networking to WAN.
There are four key pieces within the ๐ฆ๐-๐ช๐๐ก infrastructure:
1. Data Plane
2. Control Plane (vSmart)
3. Mgmt Plane(vManage)
4. vBond
1. Data Plane
2. Control Plane (vSmart)
3. Mgmt Plane(vManage)
4. vBond
๐ญ. ๐๐ฎ๐๐ฎ ๐ฃ๐น๐ฎ๐ป๐ฒ:
We are already familiar with DP. It& #39;s our routers. Within the SD-WAN solution, we can use ISR 4k routers, ASR routers and even ISR 1k series routers. In addition, we can use Viptela& #39;s own specific hardware.
โด The data plane is pretty much our routers.
We are already familiar with DP. It& #39;s our routers. Within the SD-WAN solution, we can use ISR 4k routers, ASR routers and even ISR 1k series routers. In addition, we can use Viptela& #39;s own specific hardware.
โด The data plane is pretty much our routers.
๐ฎ. ๐๐ผ๐ป๐๐ฟ๐ผ๐น ๐ฃ๐น๐ฎ๐ป๐ฒ:
With SD-WAN soln, we are ripping the control plan out of the router.
Data plane is still there, but all the intelligence, all the routing decisions and everything that happens in CP; we are taking it out.
With SD-WAN soln, we are ripping the control plan out of the router.
Data plane is still there, but all the intelligence, all the routing decisions and everything that happens in CP; we are taking it out.
...Continued:
๐๐ฒ๐๐ผ๐๐ฝ๐น๐ถ๐ป๐ด some of CP, Mgmt Plane and orchestration plane capabilities from routers, such as CPU intensive tasks like #VPN building, routing decisions, IP protocols, and all kinds of stuff.
Hence, routers have little bit more throughput, more scalability.
๐๐ฒ๐๐ผ๐๐ฝ๐น๐ถ๐ป๐ด some of CP, Mgmt Plane and orchestration plane capabilities from routers, such as CPU intensive tasks like #VPN building, routing decisions, IP protocols, and all kinds of stuff.
Hence, routers have little bit more throughput, more scalability.
The brains of the operations are no longer in the router, it& #39;s in the controller; the ๐๐ฆ๐บ๐ฎ๐ฟ๐ ๐๐ผ๐ป๐๐ฟ๐ผ๐น๐น๐ฒ๐ฟ.
It handles almost everything including the routing. The vSmart controllers have their very own routing protocol called Overlay Management Protocol (OMP).
It handles almost everything including the routing. The vSmart controllers have their very own routing protocol called Overlay Management Protocol (OMP).
๐ข๐ ๐ฃ is the heart of the Cisco SD-WAN overlay routing solution. It runs inside of control plane connections and forms a peering relationship between WAN Edges and vSmart Controllers.
Why is this even cool or why do we even care about this?
First thing; it& #39;s not as complex as to is used be. When we have a couple hundred or maybe even a couple thousands of sites, routing can become quite complex.
But our control plane, the vSmart, simplifies this for us.
First thing; it& #39;s not as complex as to is used be. When we have a couple hundred or maybe even a couple thousands of sites, routing can become quite complex.
But our control plane, the vSmart, simplifies this for us.
What if we had to ๐ฆ๐ฐ๐ฎ๐น๐ฒ-๐๐ฝ? vSmart can scale up like wow!
Like we& #39;ve a merger or we brought a hundred more sites, we need more vSmart controllers, we simply spin up more VMs to handle that load. vSmart can scale out horizontally.
Like we& #39;ve a merger or we brought a hundred more sites, we need more vSmart controllers, we simply spin up more VMs to handle that load. vSmart can scale out horizontally.
vSmart can have ๐๐ฝ๐ฝ-๐๐๐ฎ๐ฟ๐ฒ routing policies.
Application-aware routing tracks network and path characteristics of the data plane tunnels between vEdge routers and uses the collected information to compute optimal paths for data traffic.
Application-aware routing tracks network and path characteristics of the data plane tunnels between vEdge routers and uses the collected information to compute optimal paths for data traffic.
๐๐ฝ๐ฝ-๐๐๐ฎ๐ฟ๐ฒ characteristics include packet loss, latency, and jitter, and the load, cost and bandwidth of a link. The ability to consider factors in path selection other than those used by standard routing protocolsโoffers a number of advantages to an enterprise.
Here comes the biggest concern with WAN, that is ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐. especially when we are talking all about ๐ฐ๐น๐ผ๐๐ฑ.
How do protect your traffic when you are putting everything out in the wild?
The answer is in the next tweet.
How do protect your traffic when you are putting everything out in the wild?
The answer is in the next tweet.
SD-WAN and most VPNs use #IPSec to keep our traffic nice and safely tucked in. On top of that, SD-WAN has another killer feature of segmenting traffic with #VPN.
We can segment traffic on the base of an application like it has its own network & it doesn& #39;t touch anything else.
We can segment traffic on the base of an application like it has its own network & it doesn& #39;t touch anything else.
๐๐๐ฒ๐๐ ๐๐ต๐ฎ๐!
Next-gen firewall capabilities are baked right into the SD-WAN.
Advanced Security Features in SD-WAN are:
1. App Aware Enterprise Firewall
2. IPS
3. DNS layer enforcement with
@CiscoUmbrella
4. URL filtering
and so on.
Next-gen firewall capabilities are baked right into the SD-WAN.
Advanced Security Features in SD-WAN are:
1. App Aware Enterprise Firewall
2. IPS
3. DNS layer enforcement with
@CiscoUmbrella
4. URL filtering
and so on.
๐ฏ. ๐ ๐ด๐บ๐ ๐ฃ๐น๐ฎ๐ป๐ฒ (๐๐ ๐ฎ๐ป๐ฎ๐ด๐ฒ):
And we can manage all of this, every element of SD-WAN that we talked about from one single GUI and that is vManage console.
Deployment, mgmt and security, all in one place under @Cisco vAnalytics.
And we can manage all of this, every element of SD-WAN that we talked about from one single GUI and that is vManage console.
Deployment, mgmt and security, all in one place under @Cisco vAnalytics.
Aaaannnndd you can still access the ๐๐๐ (pretty much a #CCIE thing) from vManage if you want to and if you happen to be feeling pretty nostalgic. IKR!
But, it is recommended to configure through vManage (^_^).
But, it is recommended to configure through vManage (^_^).
๐ฐ. ๐๐๐ผ๐ป๐ฑ Orchestrator:
The vBond Orchestrator facilitates the initial bring-up by
performing authentication and authorization of all elements into the network. @Cisco vBond Orchestrator also provides information on how each of the components connects to other components.
The vBond Orchestrator facilitates the initial bring-up by
performing authentication and authorization of all elements into the network. @Cisco vBond Orchestrator also provides information on how each of the components connects to other components.
We are basically getting the best what @Cisco has to offer with their security, routing and WAN portfolios baked into the SD-WAN solution.
๐๐น๐ผ๐๐ถ๐ป๐ด ๐ก๐ผ๐๐ฒ:
It is like we are taking the WAN; which is wide open and unsecured and making it look and smell more like a LAN. We& #39;re able to segment traffic, secure traffic with ENT-FW features, maximize network performance, uptime and efficiency.
It is like we are taking the WAN; which is wide open and unsecured and making it look and smell more like a LAN. We& #39;re able to segment traffic, secure traffic with ENT-FW features, maximize network performance, uptime and efficiency.
๐๐
๐ฎ๐บ๐ฝ๐น๐ฒ ๐๐ถ๐บ๐ฒ:
vSmart can dig deeper into @Office365 and analyze which connection is best for EACH app. @Skype might be doing very well on the primary link but @Outlook maybe suffering packet loss on secondary link, vSmart will step in & it will route best accordingly.
vSmart can dig deeper into @Office365 and analyze which connection is best for EACH app. @Skype might be doing very well on the primary link but @Outlook maybe suffering packet loss on secondary link, vSmart will step in & it will route best accordingly.
