SD-WAN
🌎

SD-WAN

notion image
 
Meraki SD-WAN

Cisco SD-WAN (Viptela)

Cloud-delivered overlay for WAN
vManage NMS
Single pane of glass
Controller
HTTP GUI for confguration
Uses NETCONF to push to vSmart
notion image
vSmart
DTLS tunnels to SD-WAN routers, establish Overlay Management Protocol (OMP) neighbourships
Control Plane, Policy
notion image
WAN Edge Routers (vEdge, cEdge) - Cisco IOS XE
VXLAN tunnels
cEdge - ISR functionality, no IOS
vBond Orchestrator
notion image
  • Authenticates vSmart and vEdge
  • Orchestrates connectivity between them
  • Only device requiring public IP address
  • NAT transversal
  • SD-WAN router that only provided vBond functions
vAnalytics
notion image
notion image
notion image
 
https://sandboxsdwan.cisco.com:8443
Username: devenetuser
Password: Cisco123!

Data Plane

vEdge - physical or virtual cloud router, connected to WAN provider
VXLAN tunnels to other routers
Receives configuration from vSmart using Overlay Management Protocol (OMP)
Uses VRRP, OSPF, BGP
cEdge - adds ISR/ASR features, based on IOSxe but no traditional IOS, needs SD-WAN > 18.3.0, supports EIGRP. Can upgrade existing routers.
vEdge 100 - basic, wifi, mobile (100mbps total throughput), 5 x RJ45
vEdge 1000 1gbps total throughput, 8x SFP
vEdge 2000 10gbps total throughput, 8 x SFP 2 x PIM
vEdge 5000 20 gbps total throughput, 4 x NIM

Control Plane

vSmart - only virtual
NETCONF from vManage to vSmart
OMP (TCP TLS) from vSmart to vEdge/cEdge

Orchestration Plane

vBond - OOB
only virtual, must have public IP, only NAT 1:1
vEdges register with vBond when come online, adds to vManage
VXLAN tunnels with NAT Traversal

Management Plane

vManage
All configuration done
GUI or REST APIs
 
Public Model (Cisco AWS 2 regions) 2 vSmarts, 2vBonds Active /Active. 2 vMange Active/Standby. NAT public IPs. Cisco manages appliances.
Hybrid Model - VMs, public IPs advertise on both WAN links
Hybrid Model with private IP - NATed to public IPs
 
VPN 0 - underlay network
VPN 512 - out of band
VP 1-511, 513-65530 can be used

Zero Touch Provisioning

  1. Create template with configuration
  1. Whitelist router
Connect network and power, connects to Cisco ZTP cloud server, responds with vBond address
ID Certificate installed on device at manufactor
Default on WAN interface only allows DHCP, DNS, ICMP

Edge Redundancy

  1. Both routers connected to both WAN providers
  1. WAN 1 to router 1 and WAN 2 to router 2, routers connected to each other (TLDC Extension)

Cloud OnRamp

IaaS - virtual vEdge (AWS, Azure)
SaaS - select best internet circuit, HTTP probes (VQoE 0-10)

vAnalytics

Optional module, requires licence, accessed from vManage
Utilization, Capacity, App VQoE
Â