Hey all, as the schedule clears up a bit or at least I get the time to scape the routine, I wanted to get a bit time to continue the SD-WAN Series, I know I still have lots of HW to do on this one but here are “My Findings”
The background story on how Cisco entered the SD-WAN Market
Viptela, now known as Cisco SD-WAN is one of the acquisitions Cisco entered to finally get into the SD-WAN market with a product that finally makes sense, as you remember Cisco introduced a flavor of SD-WAN in the market few moons ago with the introduction of IWAN, which is still in production in lots of customer networks. If you are curious as how some of the pieces in IWAN work and to get the foundation make sure you read –> DMVPN Design
But we are really here because we are most interested in how the product integrates, works and what is behind the curtains.
If you would like to read a bit more on the acquisition, I have collected a few pages that can help provide the overall picture of how everything happened:
What is Cisco’s SD-WAN?
Cisco SD-WAN is as Marketing calls it a Software-defined approach to manage Wide Area Networks. Sounds fun and all but let’s get deep into the conversation and the technical aspect of it all
This is the management controller, used to monitor, configure and maintain all SD-WAN devices. This controller also allows you to manage the Overlay and Underlay links of the solution
Cisco vSmart Controller
This is the software that connects all vEdges and Controllers together using Overlay Management Protocol (OMP) which is a routing protocol that acts as a route reflector in the network. This piece of software is responsible for establishing secure connectivity to each of the vEdge routers. The story doesn’t end here, as this is a bit more complicated to explain but hang in there, we will get to see this one in action
This software is the one in charge of creating the authentication of vEdge devices and is the one in charge to orchestrate the vSmart and vEdges connectivity. This one is vital for enabling communication of devices behind NAT
The device that is in charge of terminating all network traffic at the edge of an office, Datacenter or small branch. Think of these as the router, but in this case, the router receives its instructions and configuration from the Control Plane or Management components. QoS and routing protocols reside on this layer of the SD-WAN solution.
A simple SD-WAN Topology
If you are in for a nice reading and some of the technology behind Cisco SD-WAN make sure you take a look at this document –> Cisco SD-WAN Design Guide **You will not be disappointed at the level of technology that it is there.
Under the Hood
There are indeed some interesting concepts that will look familiar to you if you are in for the discovery, so I will do my very best to describe some of the ones I consider more important
Because The Color is important
Color attributes can be assigned in a vEdge device, to help you identify the transport that will be used (MPLS/INTERNET). The concept of “Private Color” covers colors that are intended for Private Transport, for example, MPLS, Metro-E and Private 1 –> 5. These are designed to be used by networks were no NAT is required or needed.
Overlay Management Protocol (OMP)
This is a protocol that is very similar in nature to BGP, OMP runs between vEdges and vSmart controllers – The information exchanged between them is limited to Control Plane information. For example:
- Route Prefixes
- Next-Hop Routes
- Crypto Keys
- Policy information
All of the previous information is exchanged over a DTLS or TLS Connection, pretty secure right?
OMP – Types of routes
These are routes learned from the local Site or Service site of the vEdge, these prefixes are originated from Static Routes or Dynamic routes (OSPF or BGP) then redistributed into OMP so they can be part of the Overlay network
The logical tunnel termination points that connect into a transport. The routes are represented by 3 particular items, IP address, Link Color and Encapsulation (GRE or IPSEC) ** Fun right?
These are represented by the services, such as Firewall, IPS, Application Optimization and more
Default VPN Information
This section matters because I know you were thinking about how to segment the traffic at the transport or Overlay layers. Cisco’s SD-WAN introduces the concept of VPN0 and VPN 512.
This is your MPLS or Internet transport, Static routes, or Dynamic routing peering happens at this VPN level. This is the one in charge of bringing connectivity to vSmart controllers
This VPN is dedicated to OOB Management, this VPN does not use the Transport VPN in case you were guessing
What to Look Forward to?
This post got very big, as I decided to document the most important pieces of information for my own benefit 🙂 – I hope this helps break down a bit of the complexity of Cisco’s SD-WAN solution
To be continued in the Next Post:
- TLOC extensions
- vEdge and Overlay Connectivity
- Zero-Touch Provisioning (ZTP)
- Templates (Device, Feature)
- Policies (Localized | Centralized)
- Quality of Service
What I’m leaving behind?
Maybe because it’s too obscure, or just will make me fill my brain with unnecessary things that I really don’t feel should be in this post. But it really helps with troubleshooting and design considerations.
- Order of Operations (vEdge)
- Traffic symmetry for DPI
- Controller connections
See you on the next post!
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 13 years of experience, Andres is specialized in Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.