0% found this document useful (0 votes)

26 views133 pages

Cisco SD-WAN

Uploaded by

Văn Dung Nguyễn

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

26 views133 pages

Cisco SD-WAN

Uploaded by

Văn Dung Nguyễn

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 133

Cisco SD-WAN

Quan Dinh
EN Specialist Engineer
[email protected]
Dec 2019
Agenda
What is SD-WAN

SD-WAN Architecture

SD-WAN Terminology

Deployment Models

SD-WAN Platforms

Technology Deep Dive

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Cisco Digital Network
Architecture (Cisco DNA)
Why an intent-based
network?

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
1. Closed and hardware-centric models are giving way to open, programmable and
software-centric platforms that integrate with applications, systems and domains
beyond the network.
2. Manual, repetitive command-line-interface-driven management is being largely
superseded by policy-based automation.
3. Perimeter-based, reactive security has been supplanted by network-embedded,
context-based security that reaches from the cloud to the enterprise edge.
4. Simple network visibility is morphing to predictive and contextual analytics for
users, devices, applications, things and the network at all points in time.

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Cisco’s new architecture
is integrated to
interconnect
EVERY domain of
the expanded
enterprise
IOT CAMPUS BRANCH DC CLOUD SP SECURITY

ONLY CISCO
© 2019 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Each Domain Must Support Its Unique Role
SD-Access SD-WAN ACI
Cisco DNA Center Cisco vManage Cisco APIC

Campus Data Center

and IOT Branch/WAN and Cloud

Users & IoT Traffic steering Data & applications

• Bring users onboard • Path selection • Connectivity to and
between applications
• Authenticate, • Secure internet and
control access cloud access • Prevent data breaches

The domains must cooperate to meet business intent

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Cisco intent-based networking solutions span
access to applications
Data Center
Cisco ACI

Public Cloud
Cisco ACI
Anywhere
Users

SaaS
Cisco Applications
Cisco Cloud edge
SD-Access SD-WAN
Internet
Things

Common policy and comprehensive

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
100+ Global Enterprise Customers Across Verticals

FinServ FINSERV HEALTHCARE

Healthcare / PHARMA
/ Pharma MANUFACTURING
Manufacturing

Retail RETAIL TECHNOLOGY

Technology OTHER
Other INDUSTRIES
Industries

Part 1:
Evolution from a Single Device to a Distributed Architecture

Part 2: The Control Plane Bring Up Process

Part 3: The Data Plane Bring Up Process

Next hop
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
MPLS,
INET,
3G,
LTE…

vSmart
Controllers

vEdge
Routers
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Integrated Control and Data Plane
O(n^2) Control Complexity
Limited Scale 6000 Network Control Plane
Routing
Tables Only 4
Routing
tables

3rd Party • Facilitates fabric discovery

vAnalytics
Automation • Dissimilates control plane
information between vEdges
vBond
• Distributes data plane and
vSmart app-aware routing policies to
Controllers the vEdge routers
MPLS 4G • Implements control plane
policies, such as service
INET
vEdge chaining, multi-topology and
Routers multi-hop
• Dramatically reduces control
Cloud Data Center Campus Branch SOHO
plane complexity
• Highly resilient
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Cisco SD-WAN Solution Elements
Data Plane Data Plane
Physical/Virtual

vManage Cisco vEdge

APIs • WAN edge router

• Provides secure data plane
3rd Party
vAnalytics with remote vEdge routers
Automation
• Establishes secure control
vBond plane with vSmart controllers
(OMP)
vSmart • Implements data plane and
Controllers
application aware routing
MPLS 4G policies
INET • Exports performance
vEdge
statistics
Routers
• Leverages traditional routing
protocols like OSPF, BGP and
Cloud Data Center Campus Branch SOHO VRRP
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
• Support Zero Touch
Deployment
Cisco SD-WAN Solution Elements
Orchestration Plane
Orchestration Plane
vManage
Cisco vBond
APIs

3rd Party
vAnalytics • Orchestrates control and
Automation
management plane
vBond • First point of
authentication (white-list
vSmart model)
Controllers
• Distributes list of vSmarts/
MPLS 4G vManage to all vEdge
INET routers
vEdge • Facilitates NAT traversal
Routers
• Requires public IP Address
[could sit behind 1:1 NAT]
Cloud Data Center Campus Branch SOHO • Highly resilient
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Cisco SD-WAN Solution Elements
Management Plane
Management Plane
vManage
Cisco vManage
APIs
• Single pane of glass for
3rd Party
vAnalytics Day0, Day1 and Day2
Automation
operations
vBond • Multitenant with web scale
• Centralized provisioning
vSmart
Controllers • Policies and Templates
4G
• Troubleshooting and
MPLS
Monitoring
INET
vEdge • Software upgrades
Routers • GUI with RBAC
• Programmatic interfaces
Cloud Data Center Campus Branch SOHO (REST, NETCONF)
• Highly resilient
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
vAnalytics Value

Visibility • Offered as an optional cloud

SaaS service
- Cloud only deployment,
What-If • Multi-customer sourced data
- Anonymized
• Reports for customers,
Recommendations partners and operators
• Included with Enterprise
License tier
Forecasting

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
vAnalytics Main Characteristics
Network Centric Application/Flow Centric
• Site Availability • Based on DPI and cflowd
• Network Availability • Bandwidth Usage
- Top sources, destinations apps
• Site Usage Analysis
- Per-Site basis
- Top sites by bandwidth consumption
- Historical bandwidth consumption • Application Performance
- Application to tunnel binding and
• Carrier Performance performance information
- Approute stats on a per-carrier basis
- Carriers health ranking
• Anomaly Detection
- Baseline of application usage
- Anomaly detection based on
overall application usage (by
application family, by site)

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Controllers
Deployment Methodology
On-Premise Hosted
vBond vManage vSmart vSmart vBond vManage vSmart vSmart

ESXi or KVM AWS or Azure

VM VM

Physical Server Container Container

Branch virtualization Public Cloud

ENCS 5100 ENCS 5400

• Up to 250Mbps • 250Mbps – 2GB

SD-WAN Branch Services

vEdge 100 vEdge 1000 vEdge 2000 ISR 1000 ISR 4000 ASR 1000

• 100 Mbps • Up to 1 Gbps • 10 Gbps

• 4G LTE & Wireless • Fixed • Modular • 200 Mbps • Up to 2 Gbps • 2.5-200Gbps
• Next-gen • Modular • High-performance
connectivity
• Integrated service service
• Performance w/hardware assist
flexibility containers
• Compute with UCS • Hardware &
E software
redundancy
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
vEdge-1000 and vEdge-2000 Routers
Hardware Specification
vEdge 1000 vEdge 2000 vEdge 5000

1 Gbps AES-256 10 Gbps AES-256 20 Gbps AES-256

1RU, standard rack mountable 1RU, standard rack mountable 1RU, standard rack mountable
8x GE SFP (10/100/1000) 4x Fixed GE SFP (10/100/1000) 4 NIMs (Network Interface
TPM chip 2 Pluggable Interface Modules Modules)
3G/4G via USB (or) Ethernet 8 x 1GE SFP (10/100/1000) 8 x 1GE SFP (10/100/1000)
Security, QoS 2 x 10GE SFP+ 4 x 10GE SFP+
Dual Power supplies (external) TPM chip TPM chip
Low power consumption 3G/4G via USB (or) Ethernet 3G/4G via USB (or) Ethernet
Security, QoS Security, QoS
Dual power supplies (internal) Dual power supplies (internal)
Redundant fans Redundant fans

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
vEdge-100 Routers
Hardware Specification
vEdge 100m vEdge 100mw

vEdge 100

100 Mbps AES-256 100 Mbps AES-256 100 Mbps AES-256

5x 1000Base-T 1RU 1RU
TPM chip 5x 1000Base-T 5x 1000Base-T
Security, QoS 1x POE port 1x POE port
2G/3G/4G LTE 2G/3G/4G LTE
External AC PS
Internal AC PS 802.11a/b/g/n/ac
Kensington lock
1x USB-3.0 Internal AC PS
Fan-less TPM Board-ID 1x USB-3.0
9” x 1.75” x 5.5” Kensington lock TPM Board-ID
GPS Low power fan Kensington lock
GPS Low power fan
GPS

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
vEdge Cloud Virtual Routers
Deployment Methodology
On-Premise Hosted
vEdgeCloud vEdgeCloud vEdgeCloud vEdgeCloud vEdgeCloud vEdgeCloud

ESXi or KVM AWS or Azure

VM Throughput: VM
Physical Server 2x vCPU 500Mb/s
4x vCPU 1Gb/s
8x vCPU 1.5Gb/s
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Control Plane Bring up

vBond

3
DTL
S 1. Automated Control
Plane Bring up (Cisco)
6 5 2. Register Customer to
Which Controller PNP Connect (ZTP
and NMS you Server)
DTLS/ 3. Re-direct and
belong to
(DTLS) 7 TLS connecto to vBond
4. Edge devices will
connect to the
Controller
4

IPSec/GRE
For Routed Traffic Asymmetric
Encryption

Key Exchange
P P’ D’

Part 1: TLOCs, Color (Public, Private), VPNs

Part 2:
OMP, DTLS/TLS, Site ID, Reserved VPNs, Transport and Service Sides

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Transport Locators (TLOCs)
vSmarts advertise TLOCs
vSmart to all vEdges*
(Default)

Full Mesh
SD-WAN Fabric TLOCs advertised to vSmarts
(Default)

vEdge

Local TLOCs
(System IP, Color, Encap)

vEdge vEdge

vEdge vEdge
* Can be influenced by the control policies
Transport Locator (TLOC) OMP IPSec Tunnel
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Transport Colors

T3 T1 T2 T3
Public T1 T2
T4 T4
Public
T1 T3 T1 DMZ T3
vEdge vEdge vEdge vEdge
T2 Privat T4 T2 T4

e Privat
T1, T3 – Public Color T2, T4 – Private Color e
T1, T3 – Public Color T2, T4 – Private Color

T1 T3 T2 T4 T1 T3 T2 T4

T1 T4 T2 T3 T1 T4 T2 T3

Color restrict will prevent attempt to establish IPSec tunnel to

TLOCs with different color
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Overlay Management Protocol (OMP)
vSmart • TCP based extensible control plane protocol
• Runs between vEdge routers and vSmart
controllers and between the vSmart
controllers
- Inside TLS/DTLS connections
• Leverages address families to advertise
vSmart vSmart
reachability for TLOCs, unicast/multicast
destinations (statically/dynamically learnt
service side routes), service routes (L4-L7),
BFD stats (TE and H-SDWAN) and Cloud
onRamp for SaaS probe stats (gateway)
- Uses attributes
vEdge vEdge
• Distributes IPSec encryption keys, and data
Note: vEdge routers need not connect to all vSmart Controllers and app-aware policies (embedded
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential NETCONF)
Deployment Models

Part 1: Deployment Options

Part 2: Service Management

Part 3: MultiTenancy

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Agenda
Zero-Trust Fabric
Fabric Operation
Application Traffic Security
Application Experience and QoS
Multicast
Cloud Adoption
High Availability
Operational Simplicity and Transparency
Analytics

TPM • Each physical vEdge router is uniquely

Chip identified by the chassis ID and certificate
serial number
• Certificate is stored in on-board Temper
Proof Module (TPM)
- Installed during manufacturing process
Device
Certificat • Certificate is signed by Avnet root CA
e - Trusted by Control Plane elements
• Symantec root CA chain of trust is used to
validate Control Plane elements
Root Chain • Alternatively, Enterprise root CA chain of
trust can be used to validate Control Plane
elements
In Software - Can be automatically installed during ZTP
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
vEdge Cloud Router Identity
Signed by vManage
(If cluster, each member signs)
• OTP/Token is generated by vManage
- One per-(chassis ID, serial number) in the
uploaded vEdge list
• OTP/Token is supplied to vEdge Cloud
router in Cloud-Init during the VM
Device deployment
Certificate(
s) • vManage signs certificate(s) for the vEdge
Cloud router post OTP/Token validation
- If vManage cluster, each member signs
- vManage removes OTP to prevent reuse
• Symantec root CA chain of trust is used to
Root Chain validate Control Plane elements
• Alternatively, Enterprise root CA chain of
In Software
trust can be used to validate Control Plane
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
elements
- Can be provided in Cloud-Init
Controllers Identity
In Software Signed by Symantec
• Controller identity is provided by the
Symantec signed certificate
- Alternatively can use Enterprise CA.
Requires Enterprise Root CA chain on all
other controllers and vEdge routers
Root Chain Device
Certificate • Avnet Root CA chain is used to
authenticate vEdge routers
• Viptela Root CA chain is used to
authenticate vEdge Cloud routers
- Provided by the CA running on each
vManage server member of a cluster
Root Chain Root Chain
• Symantec Root CA chain is used to
authenticate other controllers
In Software Provided by vManage CA - Alternatively can use Enterprise Root CA
(If cluster, one per-member)
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
chain
vEdge and Controllers White-List
Signed Administrator
vEdge List Defined
Controllers • Administrator adds controllers (vSmarts
and vBonds) in the vManage GUI
vManage - vManage itself is locally recognized
- Automated certificate signing through
Symantec
• Controllers list is distributed by vManage
to all the controllers
vBond vSmart • Administrator uploads digitally signed
vEdge list in the vManage GUI
- White-list for both physical and virtual
vEdge
- Downloadable from Viptela support page
• vEdge list is distributed by vManage to all
vEdge the controllers
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Mutual Trust
vEdge, vSmart, vManage to vBond
Validate: Root trust, certificate serial,
org-name
 Certificates are exchanged and mutual
authentication takes place
vBond  vBond validates:
- Trust for vSmart, vManage and
vEdge certificate root CA
- Certificate serial* numbers against
authorized white-list (from
vManage)
vSmart vManage - Organization name (received
certificate OU) against locally
configured one
 vSmarts, vManage and vEdge validate:
Validate: Root trust,Validate: Root trust,Validate: Root trust,
- Trust for vBond certificate root CA
org-name org-name org-name - Organization name (received
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential certificate
* OTP/Token OU)
in case of vEdge against locally
Cloud
configured one
Mutual Trust
vSmart to vSmart, vManage to vSmart
Validate: Root trust, certificate serial,
org-name  Certificates are exchanged and mutual
authentication takes place
 vSmart validates:
vManage
- Trust for other vSmart and vManage
certificate root CA
- Certificate serial numbers against
authorized white-list (from vManage)
- Organization name (received
vSmart vSmart certificate OU) against locally
configured one
 vManage validates:
- Trust for vSmart certificate root CA
- Certificate serial numbers against
Validate: Root trust, Validate: Root trust,
certificate serial, certificate serial,
authorized white-list (from vManage)
org-name org-name
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
- Organization name (received
certificate OU) against locally
Mutual Trust
vEdge to vSmart, vManage
Validate: Root trust, Validate: Root trust,
certificate serial certificate serial  Certificates are exchanged and mutual
org-name org-name
authentication takes place
 vSmart and vManage validate:
vSmart vManage - Trust for vEdge certificate root CA
- Certificate serial* numbers against
authorized white-list (from
vManage)
- Organization name (received
certificate OU) against locally
configured one
vEdge
 vEdge validates:
- Trust for vSmart and vManage
Validate: Root trust, certificate root CA
org-name - Organization name (received
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
* OTP/Tokencertificate
in case of vEdgeOU)
Cloud against locally
(only vManage)
Fabric Operation

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Viptela Fabric Terminology
• Overlay Management Protocol – Control plane protocol distributing reachability,
security and policies throughout the fabric
• Transport Locator (TLOC) – Transport attachment point and next hop route
attribute
• Color – Control plane tag used for IPSec tunnel establishment logic

• Site ID – Unique per-site numeric identifier used in policy application

• System IP – Unique per-device (vEdge and controllers) IPv4 notation identifier. Also
used as Router ID for BGP and OSPF.
• Organization Name – Overlay identifier common to all elements of the fabric

• VPN – Device-level and network-level segmentation.

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Overlay Management Protocol (OMP)
vSmart • TCP based extensible control plane protocol
• Runs between vEdge routers and vSmart
controllers and between the vSmart
controllers
- Inside TLS/DTLS connections
• Leverages address families to advertise
vSmart vSmart
reachability for TLOCs, unicast/multicast
destinations (statically/dynamically learnt
service side routes), service routes (L4-L7),
BFD stats (TE and H-SDWAN) and Cloud
onRamp for SaaS probe stats (gateway)
- Uses attributes
vEdge vEdge
• Distributes IPSec encryption keys, and data
Note: vEdge routers need not connect to all vSmart Controllers and app-aware policies (embedded
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential NETCONF)
Network-wide Control Plane
Viptela SD-WAN Traditional

Network Control Plane

Data Plane + Local Control Plane Integrated Control and Data Plane
O(n) Control Complexity O(n^2) Control Complexity
High Scale Limited Scale
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Bidirectional Forwarding Detection (BFD)

vEdge
• Path liveliness and quality measurement
detection protocol
- Up/Down, loss/latency/jitter, IPSec tunnel
MTU
• Runs between all vEdge and vEdge Cloud
vEdge vEdge
routers in the topology
- Inside IPSec tunnels
- Operates in echo mode
- Automatically invoked at IPSec tunnel
establishment
- Cannot be disabled

vEdge vEdge • Uses hello (up/down) interval, poll (app-aware)

interval and multiplier for detection
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential - Fully customizable per-vEdge, per-color
Transport Locators (TLOCs)
vSmarts advertise TLOCs
vSmart to all vEdges*
(Default)

Full Mesh
SD-WAN Fabric TLOCs advertised to vSmarts
(Default)

vEdge

Local TLOCs
(System IP, Color, Encap)

vEdge vEdge

vEdge vEdge
* Can be influenced by the control policies
Transport Locator (TLOC) OMP IPSec Tunnel
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Transport Colors

T3 T1 T2 T3
Public T1 T2
T4 T4
Public
T1 T3 T1 DMZ T3
vEdge vEdge vEdge vEdge
T2 Privat T4 T2 T4

e Privat
T1, T3 – Public Color T2, T4 – Private Color e
T1, T3 – Public Color T2, T4 – Private Color

T1 T3 T2 T4 T1 T3 T2 T4

T1 T4 T2 T3 T1 T4 T2 T3

Color restrict will prevent attempt to establish IPSec tunnel to

TLOCs with different color
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Fabric Communication
Per-Session Loadsharing Per-Session Weighted Application Pinning Application Aware Routing
Active/Active Active/Active Active/Standby SLA Compliant

SLA SLA

Single-hop Fabric Hierarchical Multi-hop Fabric

Core

NETCONF/YANG

Device Configuration Device Configuration

Centralized Control Policy Local Control Policy

(Fabric Routing) (OSPF/BGP)
Localized
Centralized Data Policy Centralized Policies Local Data Policy
(Fabric Data Plane) Policies (QoS/Mirror/ACL)
Centralized App-Aware Policy
(Application SLA)

OMP

Centralized Data Policy Centralized App-Aware Policy

vSmart (Fabric Data Plane) (Application SLA) vEdge
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Data Plane Privacy
vSmart
 Each vEdge advertises its local Controllers  Symmetric encryption keys
IPsec encryption keys used asymmetrically
 Encryption key is per-transport

OMP OMP
Update Update Loca
Loca
l
l
Transport1

y2
y1

Ke
Ke

Transport2

y1
vEdge vEdge
y2

Ke
Ke

Remote
Remote Traffic Encrypted with
Keys 2
Traffic Encrypted with AES256-GCM
Keys 1 Control Plane
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Data Plane Integrity
 vBond discovers vEdge public IP vSmart  vEdge computes AH value
Controllers
address, even if traverses NAT based on the post NAT public IP
 vBond communicates public IP  Packet integrity (+IP headers) is
to the vEdge preserved across NAT
OMP OMP
Update Update

Transport1

vEdge Transport2 vEdge

IP UDP ESP Data

Network 20 8 36 …
Address
Translation Encrypted AES256-GCM
Control Plane
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential Authenticated
Fabric Operation Walk-Through
OMP Update:
OMP
vSmart  Reachability – IP Subnets, TLOCs
 Security – Encryption Keys
DTLS/TLS Tunnel
 Policy – Data/App-route Policies
IPSec Tunnel
OMP OMP
BFD Update Update
Policies
OMP OMP
Update Update

vEdge vEdge
Transport1
TLOCs TLOCs
VPN1 VPN2 Transport2 VPN1 VPN2
BGP, OSPF, BGP, OSPF,
Connected, Connected,
Static A B C D Static

Subnets Subnets
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Application Traffic
Security

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Cisco SD-WAN VPNs
vEdge Router Security Zones

IF, IF,
Sub-IF Sub-IF
MPLS
Service Transport
(VPNn) (VPN0)
IF, IF,
Sub-IF Sub-IF
INET

Management
• VPNs are isolated from each other, each
(VPN512)
VPN has its own forwarding table
IF • Reachability within VPN is advertised by
the OMP
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
End-to-End Segmentation

VPN 1
Interface VPN1 SD-WAN VPN1 Interface
IPSec VPN 2
VLAN VPN2 Tunnel VPN2 VLAN
VPN 3
Ingress Egress
vEdge vEdge

IP UDP ESP VPN Data

20 8 36 4 …

• Segment connectivity across fabric • Labels are used to identify VPN for
w/o reliance on underlay transport destination route lookup
• vEdge routers maintain per-VPN • Interfaces and sub-interfaces (802.1Q
routing table tags) are mapped into VPNs
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Arbitrary VPN Topologies
Full-Mesh Hub-and-Spoke

• Each VPN can have it’s own topology

- Full-mesh, hub-and-spoke, partial-
VPN1 VPN2 mesh, point-to-point, etc…
• VPN topology can be influenced by
leveraging control policies
- Filtering TLOCs or modifying next-hop
TLOC attribute for OMP routes
Partial Mesh Point-to-Point
• Applications can benefit from
shortest path, e.g. voice takes full-
mesh topology
VPN3 VPN4
• Security compliance can benefit from
controlled connectivity topology, e.g.
PCI data takes hub-and-spoke
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential topology
Local Secure Perimeter
Fabric Security

In-Line Firewall Fabric Firewall

vSmart vManage
vEdge

Data Policy

Firewall vEdge vEdge ACL

Deep Packet Inspection

Cloud
Data Center App 1
App 2

App 3,000
Data Center vEdge Router
MPLS 4G

INET
 App Firewall
Small Office
Home Office  Traffic prioritization
Campus
 Transport selection
Branch

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
vEdge Router QoS
Data Policy
vManage Classification of application traffic into
QoS forwarding classes (queues)

vSmart

Ingress Interface Egress Interface

QoS forwarding QoS
classes Scheduler Out
FC Q
Application FC Q
Traffic FC Q

Policing Map into Policing Shaping Bandwidth %

(ACL Action) Egress Queue Buffer %
ACL Match Scheduling Priority
ACL Action/Data
Drop
Policy Control Plane
© 2017 (Map reserved.
Cisco and/or its affi liates. All rights into FCs)
Cisco Confidential
Path Quality and Liveliness Detection
Multiplier (n)
• Each vEdge router sends BFD hello
packets for path quality and liveliness
detection
- Packets echoed back by remote site
Hello Interval (ms)
Liveliness • Hello interval and multiplier determine
how many BFD packets need to be lost
Quality
App-Route Multiplier (n) to declare IPSec tunnel down
• Number of hello intervals that fit inside
Poll Interval Poll Interval Poll Interval (ms) poll interval determines the number of
BFD packets considered for establishing
poll interval average path quality
• App-route multiplier determines
number of poll intervals for establishing
Hello Interval (ms)
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
overall average path quality
Critical Applications SLA
 vEdge Routers vManage App Aware Routing
continuously perform Policy
path liveliness and App A path must have:
Latency < 150ms
quality measurements Loss < 2%
Jitter < 10ms

Internet
Remote Site
1
Path
MPLS Regional
Path 2 Data Center

Path 4G LTE
3
Path1: 10ms, 0% loss, 5ms
jitter
Path2: 200ms, 3% loss, 10ms IPSec Tunnel
© 2017 jitter
Cisco and/or its affi liates. All rights reserved. Cisco Confidential

Path3: 140ms, 1% loss, 10ms

Path MTU Discovery
 Proactively discover tunnel path MTU  Send ICMP Unreachable,
vSmart
using BFD packets Fragmentation Needed back to host,
Controllers
 Set TCP-MSS value on the transiting if DF bit was set by the host on
packets exceeding tunnel MTU
TCP SYN packets to prevent - Non-TCP traffic
fragmentation for TCP traffic - Participate in host PMTUD
- TCP SYN itself is small packet,
won’t be fragmented

Transport1

vEdge Transport2 vEdge

Network Path
MTU Discovery
Host Path AES256-GCM
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential MTU Discovery Control Plane
TCP Optimization
Optimized
TCP Connections TCP Connection (Cubic) TCP Connections

SD-WAN
Fabric
Users vEdge vEdge Servers
High Latency Path

• High latency path between users and • Optimized TCP connection uses
applications, i.e. geo-distances selective acknowledgement to prevent
unnecessary retransmissions and large
• vEdge routers terminate TCP sessions
initial TCP window size to maximize
and provide local acknowledgements
- Hosts don’t have to wait for end-to-
throughput
end TCP ACKs and pause TCP • Hosts using older TCP/IP stacks will see
transmission the most benefit
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Multicast

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Multicast Traffic Flow
 vEdges interoperate with IGMP v1/v2 and  Replicators advertise themselves using
PIM on the service side OMP
 vEdges advertise receiver multicast groups  Replicators replicate multicast stream to
using OMP receivers as learnt through OMP
 vEdge cannot be RP. Router is required.
- If running SSM, RP is not needed vSmart
Controllers
OMP
Update
IGMP/PIM OMP
Update
OMP OMP
Update Update Sender

Receiver Branch SD-WAN

Fabric
Data
IGMP/PIM
Center
RP

Receiver Branch
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential Replicators Control Plane Multicast Stream
Cloud Adoption

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Direct Internet Access
• Can use one or more local DIA exits or
Internet backhaul traffic to the regional hub
through the SD-WAN fabric and exit to
Internet from there
- Per-VPN behavior enforcement

ISP3 • VPN default route for all traffic DIA or

data policy for selective traffic DIA

Regional • Network Address Translation (NAT) on

Data Center the vEdge router only allows response
ISP1 traffic back
- Any unsolicited Internet traffic will be
ISP2
SD-WAN blocked by IP table filters
Fabric
MPLS • For performance based routing toward
Data Center
Remote Site SaaS applications use Cloud onRamp
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Cloud onRamp for SaaS – Internet DIA

• vEdge router at the remote site

performs quality probing for selected
SaaS applications across each local DIA
exit
Loss/ - Simulates client connection using HTTP
Latency ping
Regional
! Data Center • Results of quality probing are quantified
ISP1 as vQoE score (combination of loss and
latency)
SD-WAN
Fabric • Local DIA exit with better vQoE score is
ISP2
Remote Site Data Center chosen to carry the traffic for the
selected SaaS application
- Initial application flow may choose sub-
Quality Probing optimal path until DPI identification is
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential complete and cache table is populated
Cloud onRamp for SaaS – Regional
Gateway
• vEdge routers at the remote site and
regional hub perform quality probing
for selected SaaS applications across
their local Internet exits
ISP2 - Simulate client connection using HTTP
Loss/ ping
Latency • Results of quality probing are quantified
Regional
as vQoE score (combination of loss and
! Data Center
latency)
ISP1
- HTTP ping for local DIA and App-
SD-WAN Route+HTTP ping for regional Internet
exit
MPLS Fabric
Remote Site Data Center • Internet exit with better vQoE score is
chosen to carry the traffic for the
Quality Probing
selected SaaS application
- Initial application flow may choose sub-
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
optimal path until DPI identification is
complete and cache table is populated
Cloud Security and SD-WAN
• vEdge router creates a GRE tunnel to
one or more SWG Enforcement Nodes
(PoPs)
- Redundant PoPs, redundant ISPs

POP1 POP2 • Eliminates backhaul of traffic destined

to Internet and cloud applications
Regional • Provides advanced security services
Data Center - Can inspect SSL encrypted data,
DIA ISP1 requires installation of SWG root
certificate on the hosts
SD-WAN
ISP2 Fabric • Cloud onRamp for SaaS can choose the
Data Center path across best performing SWG
Remote Site
Enforcement Node (PoP) for selected
SaaS applications
GRE Tunnel
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Cloud Security with Cisco Umbrella

• vEdge router intercepts client DNS

queries
- Deep Packet Inspection

• DNS queries are forwarded to Cisco

Umbrella DNS servers based on the
Regional
data or application aware routing
Data Center policies centrally defined on vManage
DIA ISP1 - Target DNS servers list is defined under
the service side VPN
- Policy can pin DNS query for specific
SD-WAN application (DPI based) to specific DNS
Fabric server from the list
Remote Site Data Center

• Cisco Umbrella enforces security policy

DNS Queries compliance based on DNS resolution
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
High Availability and
Redundancy

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Site Redundancy - Routed
 Redundant pair of vEdge routers operate in
active/active mode
SD-WAN
Fabric  vEdge routers are one or more Layer 3 hops
away from the hosts
 Standard OSPF or BGP routing protocols are
running between the redundant pair vEdge
vEdge A OS
vEdge B routers and the site router
PF GP
/B F /B
GP
O
SP  Bi-directional redistribution between OMP and
OSPF/BGP and vice versa on the vEdge
Site
Router routers
- OSPF DN bit, BGP SoO community
 Site router performs equal cost multipathing
for remote destinations across SD-WA Fabric
Host - Can manipulate OSPF/BGP to prefer one vEdge
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
router over the other
Site Redundancy - Bridged

 vEdge routers are Layer 2 adjacent to the

SD-WAN hosts
Fabric - Default gateway for the hosts
 Virtual Router Redundancy Protocol (VRRP)
runs between the two redundant vEdge
routers
vEdge A vEdge B - Active/active when using multi-group (per-
VRRP Active VRRP Standby VLAN)
VRRP
 VRRP Active vEdge responds to ARP
requests for the virtual IP with its physical
interface MAC address
- No virtual MAC
 In case of failover, new VRRP Active vEdge
Host router sends out gratuitous ARP to update
ARP table on the hosts and mac address
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Transport Redundancy - Meshed
 vEdge routers are directly connected to all
the transports
- No need for L2 switches front-ending the
MPLS Internet vEdge routers
 When transport goes down, vEdge routers
detect the condition and bring down the
tunnels built across the failed transport
vEdge vEdge - BFD times out across tunnels
 Both vEdge routers still draw the traffic for
the prefixes available through the SD-WAN
fabric
 If one of the vEdge routers fails (dual
failure), second vEdge router takes over
forwarding the traffic in and out of site
- Both transport are still available
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Transport Redundancy – TLOC Extension

 vEdge routers are connected only to their

respective transports
MPLS Internet  vEdge routers build IPSec tunnels across
directly connected transports and across
the transports connected to the
neighboring vEdge router
vEdge vEdge - Neighboring vEdge router acts as an
underlay router for tunnels initiated from
the other vEdge
 If one of the vEdge routers fails (dual
failure), second vEdge router takes over
forwarding the traffic in and out of site
- Only transport connected to the remaining
vEdge router can be used
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Path and Remote-End Redundancy

 vEdge routers leverage BFD for

Data
Center
detecting tunnel liveliness
• If intermediate network path through
the SD-WAN fabric fails or if the
remote-end vEdge router (e.g. data
MPLS Internet center) fails, BFD hellos will time out
and remote site vEdge router will
bring down its relevant IPSec tunnels
• Traffic will be rerouted after the failed
condition had been detected
- BFD hello timer and multiplier can be
Remote tweaked for faster detection
Site

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Control Redundancy - vSmart
vSmart
 vSmart controllers exchange OMP
Controllers messages between themselves and they
Control have identical view of the SD-WAN fabric
Plane
Data Plane  vEdge routers connect to upto three
vSmart controllers for redundancy
Cloud
 Single vSmart controller failure has no
Data Center impact, as long as there is another
vSmart controller vEdge routers are
registered with
Data Center  If all vSmart controllers fail or become
MPLS 4G
INET unreachable, vEdge routers will continue
operating on a last known good state for
Small Office
Home a configurable amount of time (min of
Office Campus re-key timer and GR timer)
Branch
- No updates to reachability
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential - No IPSec rekey
- No policy changes propagation
Control Redundancy - vManage
vManage  vManage servers form a cluster for
Cluster
redundancy and high availability
Management
Plane
Data Plane  All servers in the cluster act as
active/active nodes
- All members of the cluster must be in
Cloud the same DC / metro area
Data Center
 For geo-redundancy, vManage servers
operate in active/standby mode
Data Center - Not clustered
MPLS 4G
- Database replication between sites is
INET
needed
Small Office  Loss of all vManage servers has no
Home
Office Campus
impact on fabric operation
- No administrative changes
Branch
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
- No statistics collection
Operational Simplicity
and Transparency

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Centralized Operations and Tenancy
Multi-Tenancy A B A+B

Dedicated VPN
Tenancy Tenancy

VPN1 MPLS 4G VPN1 VPN1 VPN2

MPLS 4G
VPN2 VPN2
VPN3 INET VPN3 INET
Tenant VPN1 VPN1 Tenant Tenant VPN2 VPN1 Tenant
VPN2 VPN2 A B
A VPN3 VPN3 B

Tenant Tenant A Tenant Tenant

B A A+B B A+B B A

Enterprise
Tenancy

VPN1 MPLS 4G VPN1

VPN2 VPN2
VPN3 INET VPN3

Tenant VPN1 VPN1 Tenant

A VPN2 VPN2
VPN3 VPN3 B

Tenant Tenant
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential B A Control Plane
Simplified Management
Single Pane Of Glass Operations Rich Analytics

Power Tools

REST NETCONF Syslog SNMP Flow Export CLI Linux Shell

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Zero Touch Provisioning – vEdge
Appliance
Control and Policy
Zero Touch Provisioning
Elements
Server

Re orc
dir
2 3

ztp

at l
ic tro
ec hest

n
Qu tela

io
5

un on
tt
.vi
ery .co

m c

an tio e
o c ator
p

vM ra ic
m ial

ag n
Full Registration and

v
1

e
orp

co Init

m figu de
r
to m
Configuration

fro n l
ora

co itia
4

In
te
Assumption:
• DHCP on Transport Side (WAN)
• DNS to resolve ztp.viptela.com*

vEdge
* Factory default config  Delivered as-a-Service
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Zero Touch Provisioning – vEdge Cloud
Control and Policy
vManage Elements

1
Cloud-Init

at l
3

ic tro
n
Provisionin

io
5

un on
g Tool

m c

an tio e
vM ra ic
m ial

ag n
Full Registration and

v
2

e
co Init

m figu de
De
plo Configuration

fro n l
y

co itia
VM
4

In
Assumption:
• DHCP on Transport Side (WAN)

vEdge Cloud

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Centralized Device Configuration
Enforcement
• Centralized Feature Templates
• Enforces configuration
compliance
• Self-recover on misconfiguration

• Feature Configuration
with Variables

• Single stage (Zero Touch Provisioning) – Identity is automatically

trusted
• Two stage (One Touch Provisioning) – Identity is not automatically
trusted. Requires administrator validation.
• Staging Mode – Identity is automatically trusted for control, but not
for data. Requires administrator validation.
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Application and Flow Visibility

• Application and flow visibility

for each vEdge router
- DPI needs to be enabled for
application visibility
- Flow data can be exported
from vEdge to external
collector

• Realtime views or custom

timeline views granularity

• Views can be zoomed into

• BFD is used to measure

performance characteristics of
each individual IPSec tunnel
• Loss, latency and jitter is
represented in the tunnel
performance graph on the
vManage
• Realtime views or custom
timeline views granularity
• Views can be zoomed into

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Troubleshooting
• Basic connectivity troubleshooting
with ping and traceroute from any
vEdge in the topology to any
destination
• Advance troubleshooting with real-
time queries against vEdge routers

• Expert troubleshooting with full

featured CLI and Linux bash shell
• Traffic analysis with synthetic traffic
generation to test policies

Failed
2 Upgrade
• All software upgrades are performed
centrally from vManage
• One or two stage upgrade
Activate Active Software A Rollback
- Load software and reboot now
Available Software B
1 3 - Load software and reboot later
Available Software C
Available Software D • Self-healing on upgrade failure
- Device will revert to the last good
image
• There is no requirement to run the
same software version on all
elements
vEdge
- Controllers should have higher software
version than routers
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Role Based Access Control (RBAC)

• Enforce segregation of
administrative responsibilities
• Create user groups to control
access to the GUI elements
- Assign read and write
permissions
• Create local user repository or
link to centralized LDAP/AD
• Map users into the user groups
- Users can belong to multiple
user groups
© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Migration and
Deployment Models

Controllers Datacenter Branches

vManage

vSmar vBon
t d

Non- Non- SDWAN

SDWAN SDWAN SDWAN
SDWAN SDWAN

MPLS Internet MPLS Internet MPLS Internet

Non- Non-
SDWAN SDWAN SDWAN SDWAN SDWAN SDWAN

vEdge Router

Switch INET

WiFi APs
Cisco SD-WAN Fabric
4G
(Backup)

Stores Distro CentersField Offices Stores Distro Centers GS Stores Field Offices

Americas Asia Europe

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Small Enterprise (100 Sites)
Seamless
ZTP/Central vManage, HP NNM,
Cisco SD-WAN Active- Monitoring/Syslog/ Migration
Config/Policy/SW Connectivity Riverbed Cisco SD-WAN
Active cFlow (Brownfield)
Upgrade SteelCentral

Gold
(Single MPLS, Single Broadband)

Silver
(Dual Broadband)

Bronze
(Single Broadband)

MPLS
Cisco SD-WAN
vEdge Router

Switch

INET

Large Medium Medium Small Large Medium Medium Small Medium Small

Americas Asia Europe

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Small Enterprise (100 Sites)
vManage Seemly No impact to
ZTP/Central Monitoring/
Cisco SD-WAN HP NNM Migration traffic: Migrated
Config/Policy/SW Connectivity Active-Active Syslog/
Riverbed (Brownfield) to Non-
Upgrade cFlow
StealCentral migrated
Works over
App-Routing/ Segmentati Single Video
Cisco SD-WAN Encryption Cisco SD-WAN Cisco SD-WAN
Circuit Selection on VPN Conferencing
(Excellent)
GRE to SWG, Full Mesh for Branch
Centralized QoS- Cisco SD-WAN AWS, SFDC,
Internet Exit DC Internet as VPN Topology Partial Mesh for IAAS and SAAS
Queue mapping O365, OneDrive
backup SOHO
Primary DC Backup DC
Dual MPLS, Dual Broadband

Single MPLS, Single Broadband (vEdge 2K)

Single MPLS, Single Broadband (vEdge1 K)

vEdge Router MPLS1

Switch

MPLS2

INET

Large Medium Medium

• Inefficient use of available bandwidth

• High management overhead of multiple carriage data

services at a single location

• Unsuitable base for future projects (in store digital

services and security)

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Cisco Team Offer
• Rapid deployment of branch locations
• Improved business return on network investment and technical staff
• Secure and scalable platform to enable enhanced in-store services
• Improved branch availability and bandwidth utilization to improve
end user application experience
What they're saying
"With Cisco SD-WAN, my life as a network
administrator is significantly easier. To deploy new
configurations and policy changes across the entire
network, what would have taken a very long time
previously, touching many devices individually, now
takes a matter of minutes."

Peter Castle, Network Administrator, Reece

Riedel Networks was founded in 2005 when a Formula 1 team needed a simpler,
more cost-effective networking solution for its car telemetry data. Since then, this
subsidiary of Riedel Communications has shifted its focus to providing clients with
high-performance MPLS VPNs. When the company wanted to solidify its
networking business without hurting MPLS sales, it partnered with Cisco to
provide its customers with SD-WAN.

• Add value to MPLS portfolio without cannibalizing sales

• Find a mature, scalable SD-WAN offering with support for

multitenancy

• Find a partner that can help ensure long-term support

© 2017 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Cisco Team Offer
• Attracted new business and offered more products to existing MPLS
clients
• Achieved substantial cost savings for customers who chose a hybrid
network model
• Projects 25-30 percent annual growth over the next five years
What they're saying
"SD-WAN is making our portfolio of networking
services more appealing. The more we can offer on
top of our existing infrastructure, the likelier we are
to bring in new customers and to retain existing
ones. SD-WAN is a value-add that will ensure
Riedel Networks' growth."

Michael Martens, CEO, Riedel Networks

https://www.cisco.com/c/en/us/solutions/enterprise-networks/network-architecture-
customer-success-stories.html?flt2_general-table0=Cisco%20SD-WAN
Backup Slides

Administrator Installer
ZTP
Identity Trust
Server

vEdge List vEdge Configuration Network Power

(White-List) Template

vManage
DHCP

vEdge
Identity
vSmart vBond (X.509)

Cisco SD-WAN-Complete1
100% (2)
Cisco SD-WAN-Complete1
250 pages
SD Wan
100% (1)
SD Wan
21 pages
Cisco SD Wan
100% (1)
Cisco SD Wan
185 pages
Course Outline: ACCT 102 Principles of Accounting
No ratings yet
Course Outline: ACCT 102 Principles of Accounting
7 pages
Salaf Stories - Qasas As-Salaf - Stories of The Righteous Heroes Before Us..
100% (1)
Salaf Stories - Qasas As-Salaf - Stories of The Righteous Heroes Before Us..
213 pages
Industrial Training Report of Cipet
No ratings yet
Industrial Training Report of Cipet
47 pages
Cisco SD-WAN (1) 2093489054263191810
100% (1)
Cisco SD-WAN (1) 2093489054263191810
109 pages
Understanding Cisco' Next Generation SD-WAN Solution: Danny Blais & Luis Cruz
No ratings yet
Understanding Cisco' Next Generation SD-WAN Solution: Danny Blais & Luis Cruz
50 pages
Tech Talk For 23rd July
No ratings yet
Tech Talk For 23rd July
117 pages
Cisco Intent Based Network
No ratings yet
Cisco Intent Based Network
76 pages
Test Drive - SDWAN
No ratings yet
Test Drive - SDWAN
52 pages
Snap Wan 523v3
No ratings yet
Snap Wan 523v3
64 pages
Cisco SD-WAN: Connect To Any Cloud, Anywhere, Securely
No ratings yet
Cisco SD-WAN: Connect To Any Cloud, Anywhere, Securely
26 pages
Introducing Cisco SD-WAN: Brian Joanis Systems Engineer, Cisco Systems
No ratings yet
Introducing Cisco SD-WAN: Brian Joanis Systems Engineer, Cisco Systems
21 pages
Cisco SD-Access - Customers 2018-Min
No ratings yet
Cisco SD-Access - Customers 2018-Min
39 pages
Viptela SD-WAN Solution Overview
No ratings yet
Viptela SD-WAN Solution Overview
25 pages
Cisco Virtual Update Cisco Sdwan Viptela
No ratings yet
Cisco Virtual Update Cisco Sdwan Viptela
55 pages
Cisco Sdwan Design Guide
No ratings yet
Cisco Sdwan Design Guide
102 pages
Cisco Sdwan Design Guide
No ratings yet
Cisco Sdwan Design Guide
102 pages
CVD SD Wan Design 2018oct
No ratings yet
CVD SD Wan Design 2018oct
31 pages
Sdwan Intro
No ratings yet
Sdwan Intro
19 pages
Cisco SD-WAN: Connect Any User To Any Application Without Compromise
No ratings yet
Cisco SD-WAN: Connect Any User To Any Application Without Compromise
36 pages
SDWAN
100% (1)
SDWAN
281 pages
ISR1100 and ISR1100X Series Routers TDM
No ratings yet
ISR1100 and ISR1100X Series Routers TDM
46 pages
SD Wan
No ratings yet
SD Wan
5 pages
CCIE EI Evolving Technology
No ratings yet
CCIE EI Evolving Technology
222 pages
Cisco DNA Etkinlik Sunumu
No ratings yet
Cisco DNA Etkinlik Sunumu
42 pages
SDWAN Deployment
No ratings yet
SDWAN Deployment
145 pages
BRKRST-2669-Cloud-Ready WAN For IAAS & SaaS With Cisco's NextGen SD-WAN
No ratings yet
BRKRST-2669-Cloud-Ready WAN For IAAS & SaaS With Cisco's NextGen SD-WAN
126 pages
BRKRST 2377
No ratings yet
BRKRST 2377
111 pages
Materi PPT Snap
No ratings yet
Materi PPT Snap
79 pages
DCN Evolution: Hernan Vukovic Technical Solutions Architect Julio/2020
No ratings yet
DCN Evolution: Hernan Vukovic Technical Solutions Architect Julio/2020
56 pages
Cisco SMB NB 06 SD Wan Sol Overview Cte en PDF
No ratings yet
Cisco SMB NB 06 SD Wan Sol Overview Cte en PDF
7 pages
CCIE EI Evolving Technology - SDWAN
No ratings yet
CCIE EI Evolving Technology - SDWAN
87 pages
SDAccess Architecture Overview v1.00 Partner
No ratings yet
SDAccess Architecture Overview v1.00 Partner
68 pages
Managing - Secure.cisco - SD WAN - Branch.with - SASE
No ratings yet
Managing - Secure.cisco - SD WAN - Branch.with - SASE
295 pages
002 What Is SD-WAN - NetworkAcademy - Io
No ratings yet
002 What Is SD-WAN - NetworkAcademy - Io
5 pages
Intro DC 23
No ratings yet
Intro DC 23
39 pages
SD-WAN For Managed Services
No ratings yet
SD-WAN For Managed Services
86 pages
Cisco SD-WAN: Securely Connect Any User To Any Application Across Any Platform, All With A Consistent User Experience
100% (1)
Cisco SD-WAN: Securely Connect Any User To Any Application Across Any Platform, All With A Consistent User Experience
7 pages
BRKCRS 2110
No ratings yet
BRKCRS 2110
51 pages
Cisco Catalyst 9000 Switching: Foundation For An Entirely New Era in Intent-Based Networking
No ratings yet
Cisco Catalyst 9000 Switching: Foundation For An Entirely New Era in Intent-Based Networking
50 pages
BRKCRS 2110
No ratings yet
BRKCRS 2110
58 pages
ISR1100 and ISR1100X Series Workshop Session III
No ratings yet
ISR1100 and ISR1100X Series Workshop Session III
107 pages
Chapter 1 - Exploring Network PDF
No ratings yet
Chapter 1 - Exploring Network PDF
51 pages
SDWAN Intro
No ratings yet
SDWAN Intro
26 pages
IoT Certification Sales Pitch April2020FINAL
No ratings yet
IoT Certification Sales Pitch April2020FINAL
85 pages
Dna Software Routing Subscription
No ratings yet
Dna Software Routing Subscription
82 pages
Getting To Know Cisco DNA Center PDF
No ratings yet
Getting To Know Cisco DNA Center PDF
27 pages
Getting To Know Cisco DNA Center PDF
No ratings yet
Getting To Know Cisco DNA Center PDF
27 pages
Cisco SDWAN 20.4 What's New!
No ratings yet
Cisco SDWAN 20.4 What's New!
33 pages
Brkapp 9024
No ratings yet
Brkapp 9024
27 pages
SD Wan
100% (1)
SD Wan
32 pages
Software-Defined Networking and Network Programmability: Mark "Mitch" Mitchiner - Solutions Architect CCIE #3958
No ratings yet
Software-Defined Networking and Network Programmability: Mark "Mitch" Mitchiner - Solutions Architect CCIE #3958
73 pages
SD Wan Fy22 LM Stage1 Fullppt
No ratings yet
SD Wan Fy22 LM Stage1 Fullppt
57 pages
2 - Chapter Two
No ratings yet
2 - Chapter Two
31 pages
Aci DC Cisco
No ratings yet
Aci DC Cisco
71 pages
Tetration Update: and Others Topics
No ratings yet
Tetration Update: and Others Topics
35 pages
Cisco Sdwan Design Guide
No ratings yet
Cisco Sdwan Design Guide
101 pages
Study Guide Cisco 300-915 DEVIOT Developing Solutions using Cisco IoT and Edge Platforms Exam
From Everand
Study Guide Cisco 300-915 DEVIOT Developing Solutions using Cisco IoT and Edge Platforms Exam
Anand Vemula
No ratings yet
SD-WAN Demystified: Empowering Your Network for Success
From Everand
SD-WAN Demystified: Empowering Your Network for Success
Maula Issa
5/5 (1)
Configuring IPCop Firewalls: Closing Borders with Open Source
From Everand
Configuring IPCop Firewalls: Closing Borders with Open Source
Barrie Dempster
No ratings yet
REMOTE ACCESS VPN- SSL VPN: A deep dive into SSL VPN from basic
From Everand
REMOTE ACCESS VPN- SSL VPN: A deep dive into SSL VPN from basic
MAMTA DEVI
5/5 (1)
MBA Books For Reference
50% (4)
MBA Books For Reference
1 page
New Lesson Plan 7 (P.e)
No ratings yet
New Lesson Plan 7 (P.e)
2 pages
5 VA of DATA Assistant 2024 MMA YGN TB Project
No ratings yet
5 VA of DATA Assistant 2024 MMA YGN TB Project
7 pages
Glyco Guard Glycogen Control Supplement Review (1000
No ratings yet
Glyco Guard Glycogen Control Supplement Review (1000
4 pages
NBA - 1 - Syllabus Prescribed by WBSCTE - Final
No ratings yet
NBA - 1 - Syllabus Prescribed by WBSCTE - Final
8 pages
M 203018 We503d Op Enus Reva
No ratings yet
M 203018 We503d Op Enus Reva
21 pages
Thanksgiving
No ratings yet
Thanksgiving
1 page
Amazing Stories Synopsis
No ratings yet
Amazing Stories Synopsis
24 pages
92 Lost Is Replaced
No ratings yet
92 Lost Is Replaced
6 pages
VHP7100G: Basic Specifications
No ratings yet
VHP7100G: Basic Specifications
2 pages
Chap 1 Abhiram Ranade
0% (1)
Chap 1 Abhiram Ranade
40 pages
Tuberia Hdpe FM Isco
No ratings yet
Tuberia Hdpe FM Isco
13 pages
Module 5 - POPULATION DYNAMICS - JULY 12 Student Guide
No ratings yet
Module 5 - POPULATION DYNAMICS - JULY 12 Student Guide
10 pages
Surface Mining and Mining Reclamation in Germany
No ratings yet
Surface Mining and Mining Reclamation in Germany
111 pages
Java Design Patterns
100% (1)
Java Design Patterns
18 pages
Task 2 - B1
No ratings yet
Task 2 - B1
4 pages
Design of Agrivoltaic System With Internet of Things Control For Chili Fruit Classification Using The Neural Network Method
No ratings yet
Design of Agrivoltaic System With Internet of Things Control For Chili Fruit Classification Using The Neural Network Method
8 pages
1-Sahit Mala-9 (Punjabi Poetry and Vartak) : Prescribed Books
No ratings yet
1-Sahit Mala-9 (Punjabi Poetry and Vartak) : Prescribed Books
3 pages
Safety Procedures: Warning
No ratings yet
Safety Procedures: Warning
11 pages
Reflection
100% (2)
Reflection
2 pages
PercentageType 3
No ratings yet
PercentageType 3
6 pages
Neural Network Notes
No ratings yet
Neural Network Notes
12 pages
The Teacher and The School Curriculum - CTP Module
No ratings yet
The Teacher and The School Curriculum - CTP Module
5 pages
Model 310B Specification EN
No ratings yet
Model 310B Specification EN
2 pages
Phil 4:7 8: An Eagle That Had Been Captured When It Was Quite Young. The Farmer Who Snared The Bird
No ratings yet
Phil 4:7 8: An Eagle That Had Been Captured When It Was Quite Young. The Farmer Who Snared The Bird
2 pages
MPR-100 Brochure GB 220930 144329
No ratings yet
MPR-100 Brochure GB 220930 144329
3 pages
Roland EARTH Piano ENGLISH Manual
No ratings yet
Roland EARTH Piano ENGLISH Manual
59 pages