Cisco SD-WAN Overview

In this lesson we’re going to be taking a look at an overview of Cisco’s SD-WAN solution. We’ll start by taking a look at some example of WAN setups and the drawbacks of each. From here, we’ll then cover a high-level overview of the different Cisco SD-WAN components and how they all fit together.

Exam Topic

1.0 Architecture
1.4 Explain the working principles of the Cisco SD-WAN solution
1.4.a SD-WAN control and data planes elements
1.4.b Traditional WAN and SD-WAN solutions

Video Overview

Downsides of Traditional WANs

Today’s enterprises face a number of challenges with their traditional WAN setups.

Cost

Cost is a major factor in WAN setups, especially when we need to provision expensive MPLS circuits at each location. When we start to introduce redundant MPLS circuits at locations, our cost increases considerably.

Our MPLS circuits come at a much higher cost than a regular internet circuit would.

Deployment Time

Due to traditional WANs utilising MPLS circuits, the time taken for them to be commissioned can take a long time. MPLS circuits take longer to be deployed compared to internet circuits or a 3G/4G connection would.

If we’re adding a new site to our network, we can be extremely delayed waiting for MPLS circuits to be installed.

Difficult to manage at scale

When the network includes multiple sites and we start to scale the number of locations, we face challenges managing the devices. Each location needs to managed manually via CLI. It also becomes difficult to manage the configuration on the devices and confirm failover between circuits is working correctly.

Unpredictable application performance

When the network includes multiple sites and we start to scale the number of locations, we face challenges managing the devices. Each location needs to managed manually via CLI. It also becomes difficult to manage the configuration on the devices and confirm failover between circuits is working correctly.

Complex infrastructure setup

The trouble with traditional WANs is the complex network setups required. Our complex setups are required for the modern IT shift to cloud services or even back hauling all user traffic back to a central location to access resources or security reasons.

Traditional WAN Examples

Let’s take a look at some examples of how we may have our traditional WANs setup. 

Traditional MPLS Setup

Traditional MPLS Setup

In the topology above you can see an example of a branch network connecting to head office, via an MPLS circuit.

MPLS circuits tend to be extremely reliable, however can come at a considerable cost – therefore, usually taking uo a considerable chunk on an IT budget.

In addition to this, we also require a high bandwidth MPLS circuit at head office, depending on the amount of branch locations. This is required in order to facilitate the traffic being back-hauled to head office – significantly adding to the cost.

Traditional WAN Setup

Traditional WAN Setup

In our next topology you can see again, our branch connected back to head office. This time however, we have no local internet breakout at the branch. Because of this, internet traffic needs to route via the MPLS to break our centrally.

A common scenario is to break internet traffic out centrally in order to perform packet inspection or filter traffic.

This puts a heavy reliance on our head office and MPLS circuit for connectivity at the branch. In addition to this, we require additional MPLS bandwidth backhauling both network and internet traffic centrally – especially when extended to a large scale.

Shift to the Cloud

Shift to the Cloud

In our final topology, we’re also backhauling traffic back to head office destined for cloud services.

Now more than ever, more enterprises are migrating their services to the cloud. Due to this, our outdated and exitsting network infrastructure becomes more completed and harder to manage. In addition to this, it makes it harder for IT to provide a reliable IT experience to custoemrs without the need for manual intervensions and monitoring.

Benefits of SD-WAN

Cisco’s SD-WAN solution aims to address the short comings we’ve just looked at.

Increased Bandwidth

By allowing enterprises to leverage a transport independent WAN

Rapid Deployment

With SD-WAN allowing us to use any underlying transit network to build our WAN, it allows for rapid deployment of connectivity at branch locations. As we’re not dependent on MPLS circuits, we could install a DSL or 3G/4G connection at location and connect it to our network.

Reduced Cost

SD-WAN offers the benefit of reducing costs by allowing us to use multiple transport networks. Unlike traditional WAN setups, we’re not forced to use a certain circuit, like MPLS. In addition to this, we’re also not tied down to perticular providers.

We have the ability to choise the physical underlying network connections

In-Depth Monitoring

Cisco’s SD-WAN solution has the ability to provide in-depth analysis. This is achieved by tracking key performance metrics.

We have the ability to monitor;

  • Carrier performance at branch locations.
  • Uptime of our WAN, vEdge routers and circuits.
  • Application usage overview.

Security Benefits

Security is at the heart of the SD-WAN solution. The solution provides end-to-end network segmentation and traffic encryption for data. In addition to this, it also uses a zero trust security model for on-boarding devices.

Automation

SD-WAN Overview

Now we understand the downsides of traditional WAN setups and the benefits SD-WAN provides, lets take a look at Cisco’s SD-WAN solution.

Cisco’s SD-WAN solution is a re-brand of the original Viptela solution in which Cisco acquired in 2017.

The solution works by splitting the network architecture into 3 planes.

  • Management/Orchestration Plane
  • Control Plane
  • Data Plane

Management/Orchestration Plane

This plane is responsible for central monitoring and configuration. In addition to this, it assists with the automatic on-boarding of SD-WAN routers into the overlay network.

Control Plane

The control plane is used to build and maintain the network topology and make decisions on where the traffic should flow.

Data Plane

Finally, the data plane is responsible for forwarding packets within the network. This is based on the decisions that are made by the control plane.

SD-WAN Overlay

An example of this can be seen above.

The SD-WAN solution allows us to push software-defined networking (SDN) into our WAN. The great thing about this is that we can automate the process of ensuring end-to-end throughput and performance are maintained for users. Traffic can be monitored and managed automatically by the SD-WAN platform.

There are a number of key components that make up the Cisco SD-WAN solution.

  • vManage
  • vSmart
  • vEdge
  • vAnalytics

vManage

The vManage component is the single plane of glass view that allows us to view and manage the entire SD-WAN solution. It acts as a network monitoring system (NMS) for the infrastructure.

We have the ability to control vManage using either the web GUI or via REST API.

Finally, within vManage we create the device configuration, push configuration to devices and manage the SD-WAN solution as a whole.

vManage can be hosted locally on premise or within the cloud

vSmart

The vSmart controller is the brains of the whole SD-WAN solution. It’s used to implement the policies and configuration created on our vManage component.

In addition to this, vSmart is used to communicate directly with each and every branch router using datagram transport layer security (DTLS). The connection is then used to advertise routers, routes and security and policy information to the routers connecting to it. 

vEdge

vEdge devices are the routers within the SD-WAN solution. The vEdge devices can be either software or hardware based. There are two SD-WAN routers you might see mentioned.

  • vEdge (Viptela)
  • cEdge (Cisco)

vEdge routers are the original Viptela platforms that run Viptela’s code.
cEdge on the other hand is Viptela’s software integrated with Cisco’s IOS-XE.

The vEdge routers themselves connect to the vSmart controllers via DTLS tunnels.

There are a number of Cisco routers that support the SD-WAN solution, as shown below:

SDWAN Supported Routers

NOTE: The devices must be running the SD-WAN specific IOS-XE firmware to be used within the SD-WAN solution.

vBond

We use the vBond component to ‘bond’ everything within the SD-WAN solution together. In addition to this, it’s used to authenticate the vSmart controllers and vEdge routers that connect to it. Once devices have been authenticated, it co-ordinates the connectivity and orchestration between them all.

vBond is responsible for the zero touch provisioning SD-WAN provides. It’s also the only device within the solution that requires a public IP address.

It’s the job of vBond to understand how the network topology is constructed. With this information, it then shares this across the other components of the solution.

The vBond component can be ran as a virtual machine (VM) on premise or as an agent service on a vEdge router.

vAnalaytics

vAnalytics is the only component within the SD-WAN solution that is optional.

The great thing about vAnalytics is that it provides in-depth recommendations based on the health of the network. It uses the information gathered to reduce the amount of time and effort required to manage our WAN by automating tasks.

A fantastic use for vAnalytics is to predict how much bandwifth is actually required at our locations. Take for example, we’ve got a site with a 100Mbps circuit. vAnalytics will monitor the usage and inform us that the average usage is only 10Mbps. We can then utilise this information to reduce the bandwidth of the circuit, in turn reducing the cost.

Cisco OnRamp

Cisco’s SD-WAN solution has a set of functionality to address organisations push to cloud services. These functionalities are known as Cisco onRamp. OnRamp aims to assist with both IaaS (Infrastructure as a Service) and SaaS (Software as a Service) deployments.

Cisco OnRamp SaaS

Cisco OnRamp Saas aims to provide optimal performance for users that are using software applications hosted within the cloud. This is achieved by automatically selecting the best performing internet exit point within the network to be used.

SD-WAN Cloud OnRamp SaaS

In the example above we have two locations, a head office and branch network. Both of these connections have a direct connection to the internet.

Using Cloud onRamp SaaS, our vEdge routers will send HTTP probes to the SaaS application from all circuits. The probe will measure the latency and loss in order to give each circuit a quality of experience (QoE) rating.
If a circuit provides a better QoE rating for the application, the SD-WAN solution will automatically route traffic via the ciruit with a better QoE rating

Cisco OnRamp IaaS

Cloud onRamp allows us to extend the SD-WAN solution into the public cloud.

SD-WAN Cloud OnRamp IaaS

As you can see in the example, it achieves this by deploying a vEdge router within the cloud – in this example we’re using AWS. This then allows us to connect directly to our infrastructure hosted within platforms like Azure and AWS.