Incoming thread about #Cisco #SDWAN.
Will try to keep it short and to the point.
๐—–๐—ผ๐—ป๐˜๐—ฒ๐˜…๐˜: What SD-WAN is?
Centred around the idea of how we connect our remote sites to our central office.

But, with the perks of being smarter, faster and better than other solutions.
๐—ง๐—ฟ๐—ฎ๐—ฑ๐—ถ๐˜๐—ถ๐—ผ๐—ป๐—ฎ๐—น๐—น๐˜†; When you have remote sites and you wanna connect them back to the central office, you would rely on maybe an #MPLS connection or the fancier MPLS cloud with your ISP.

It works but is crazy ๐™š๐™ญ๐™ฅ๐™š๐™ฃ๐™จ๐™ž๐™ซ๐™š when you consider expanding the network.
Another approach is going with good old internet cable connection using ๐—œ๐—ฃ cloud. So rather than relying on MPLS now, we fall back on ๐——๐— -๐—ฉ๐—ฃ๐—ก.

Complexities with DM-VPN: Securely connecting all the sites over a WAN. Reliability issues, lot of time troubleshooting, QoS.
Comes an intermittent solution: ๐—ถ๐—ช๐—”๐—ก
Intelligent WAN was pretty much a fancy DM-VPN with some advanced features such as QoS, per tunnel QoS, performance monitoring, application visibility and control (AVC), NBAR2 etc.
๐—–๐—ถ๐˜€๐—ฐ๐—ผ goes on a hunt for SD-WAN solution and acquires ๐—ฉ๐—ถ๐—ฝ๐˜๐—ฒ๐—น๐—ฎ. An SD-WAN vendor that delivers a cloud-first, software-defined wide-area networking (SD-WAN) solution.

With their powers combined, we got something, very killer now.
Question: Why do we need something else right now when we've other than SD-WAN solutions available?

Because:
*What we're dong is changed a lot
*Site-to-HQ connectivity is transformed to cloud
*Cloud services: Office365, DropBox, GDrive
*Infrastructure in the cloud: AWS, Azure
We had to make sure all these things work amazing too.

Hence, we needed something smarter to work with our WAN. Like giving our network a brain with the help of Intent-Based Networking and Network Programmability.

That's what SD-WAN is; extending intent-based networking to WAN.
There are four key pieces within the ๐—ฆ๐——-๐—ช๐—”๐—ก infrastructure:

1. Data Plane
2. Control Plane (vSmart)
3. Mgmt Plane(vManage)
4. vBond
๐Ÿญ. ๐——๐—ฎ๐˜๐—ฎ ๐—ฃ๐—น๐—ฎ๐—ป๐—ฒ:
We are already familiar with DP. It's our routers. Within the SD-WAN solution, we can use ISR 4k routers, ASR routers and even ISR 1k series routers. In addition, we can use Viptela's own specific hardware.

โˆด The data plane is pretty much our routers.
๐Ÿฎ. ๐—–๐—ผ๐—ป๐˜๐—ฟ๐—ผ๐—น ๐—ฃ๐—น๐—ฎ๐—ป๐—ฒ:
With SD-WAN soln, we are ripping the control plan out of the router.

Data plane is still there, but all the intelligence, all the routing decisions and everything that happens in CP; we are taking it out.
...Continued:
๐——๐—ฒ๐—–๐—ผ๐˜‚๐—ฝ๐—น๐—ถ๐—ป๐—ด some of CP, Mgmt Plane and orchestration plane capabilities from routers, such as CPU intensive tasks like #VPN building, routing decisions, IP protocols, and all kinds of stuff.

Hence, routers have little bit more throughput, more scalability.
The brains of the operations are no longer in the router, it's in the controller; the ๐˜ƒ๐—ฆ๐—บ๐—ฎ๐—ฟ๐˜ ๐—–๐—ผ๐—ป๐˜๐—ฟ๐—ผ๐—น๐—น๐—ฒ๐—ฟ.

It handles almost everything including the routing. The vSmart controllers have their very own routing protocol called Overlay Management Protocol (OMP).
๐—ข๐— ๐—ฃ is the heart of the Cisco SD-WAN overlay routing solution. It runs inside of control plane connections and forms a peering relationship between WAN Edges and vSmart Controllers.
Why is this even cool or why do we even care about this?

First thing; it's not as complex as to is used be. When we have a couple hundred or maybe even a couple thousands of sites, routing can become quite complex.

But our control plane, the vSmart, simplifies this for us.
What if we had to ๐—ฆ๐—ฐ๐—ฎ๐—น๐—ฒ-๐˜‚๐—ฝ? vSmart can scale up like wow!

Like we've a merger or we brought a hundred more sites, we need more vSmart controllers, we simply spin up more VMs to handle that load. vSmart can scale out horizontally.
vSmart can have ๐—”๐—ฝ๐—ฝ-๐—”๐˜„๐—ฎ๐—ฟ๐—ฒ routing policies.

Application-aware routing tracks network and path characteristics of the data plane tunnels between vEdge routers and uses the collected information to compute optimal paths for data traffic.
๐—”๐—ฝ๐—ฝ-๐—”๐˜„๐—ฎ๐—ฟ๐—ฒ characteristics include packet loss, latency, and jitter, and the load, cost and bandwidth of a link. The ability to consider factors in path selection other than those used by standard routing protocolsโ€”offers a number of advantages to an enterprise.
Here comes the biggest concern with WAN, that is ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†. especially when we are talking all about ๐—ฐ๐—น๐—ผ๐˜‚๐—ฑ.

How do protect your traffic when you are putting everything out in the wild?

The answer is in the next tweet.
SD-WAN and most VPNs use #IPSec to keep our traffic nice and safely tucked in. On top of that, SD-WAN has another killer feature of segmenting traffic with #VPN.

We can segment traffic on the base of an application like it has its own network & it doesn't touch anything else.
๐—š๐˜‚๐—ฒ๐˜€๐˜€ ๐˜„๐—ต๐—ฎ๐˜!

Next-gen firewall capabilities are baked right into the SD-WAN.

Advanced Security Features in SD-WAN are:
1. App Aware Enterprise Firewall
2. IPS
3. DNS layer enforcement with
@CiscoUmbrella

4. URL filtering

and so on.
๐Ÿฏ. ๐— ๐—ด๐—บ๐˜ ๐—ฃ๐—น๐—ฎ๐—ป๐—ฒ (๐˜ƒ๐— ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ):
And we can manage all of this, every element of SD-WAN that we talked about from one single GUI and that is vManage console.

Deployment, mgmt and security, all in one place under @Cisco vAnalytics.
Aaaannnndd you can still access the ๐—–๐—Ÿ๐—œ (pretty much a #CCIE thing) from vManage if you want to and if you happen to be feeling pretty nostalgic. IKR!

But, it is recommended to configure through vManage (^_^).
๐Ÿฐ. ๐˜ƒ๐—•๐—ผ๐—ป๐—ฑ Orchestrator:
The vBond Orchestrator facilitates the initial bring-up by
performing authentication and authorization of all elements into the network. @Cisco vBond Orchestrator also provides information on how each of the components connects to other components.
We are basically getting the best what @Cisco has to offer with their security, routing and WAN portfolios baked into the SD-WAN solution.
๐—–๐—น๐—ผ๐˜€๐—ถ๐—ป๐—ด ๐—ก๐—ผ๐˜๐—ฒ:
It is like we are taking the WAN; which is wide open and unsecured and making it look and smell more like a LAN. We're able to segment traffic, secure traffic with ENT-FW features, maximize network performance, uptime and efficiency.
๐—˜๐˜…๐—ฎ๐—บ๐—ฝ๐—น๐—ฒ ๐˜๐—ถ๐—บ๐—ฒ:
vSmart can dig deeper into @Office365 and analyze which connection is best for EACH app. @Skype might be doing very well on the primary link but @Outlook maybe suffering packet loss on secondary link, vSmart will step in & it will route best accordingly.
You can follow @Hashuumi.
Tip: mention @twtextapp on a Twitter thread with the keyword โ€œunrollโ€ to get a link to it.

Latest Threads Unrolled: