Cisco SD-WAN was built to provide the best possible user experience as they access applications over the WAN, and Cisco Application Centric Infrastructure (Cisco ACI) was created specifically for managing application workloads in data centers and clouds. To automate how Cisco SD-WAN routes application traffic to users with the priority it needs, Cisco created a multidomain architecture to mesh these two networking domains together. As described in “3 Ways Intent-Based Networking Fulfills Business Intent with Multidomain Integration”, Cisco’s multidomain architecture provides a way in which segmentation, security, and service assurance policies can be defined in one domain and exchanged, monitored, and enforced in all the domains. This blog will focus specifically on service assurance policy integration between Cisco ACI and Cisco SD-WAN.

Distributed users and applications create complexity

The process of transporting data optimally between applications and users is getting complicated. Applications are no longer confined to the data center but are spread over clouds or offered as a service, and users that access them not just from campus and branches, but from homes, coffee shops, airports, and everywhere in between. Tasked with ensuring the best possible user experience, Cisco SD-WAN routes the traffic on the best available path, by using real-time knowledge of traffic flows and quickly adapting to changing network conditions.

But how does SD-WAN know which application traffic to prioritize over others and how does it select the best path for it? Often, these parameters need to be manually entered in the SD-WAN controller. It’s not hard to imagine that this process could get complex and out of hand as the number of applications and traffic flows increase, and applications and users get more geographically distributed. Complicating this further is the fact that the edge routers need to detect these traffic flows and apply the appropriate prioritization to that traffic. This is where the ACI and SD-WAN policy integration can help ease the complexity.

A single source of QoS truth

Cisco ACI is a data center and cloud networking architecture created to manage and deploy workloads in any location and on any cloud. An application running in that environment defines a contract with Cisco ACI for the prioritization of its traffic. Cisco Application Policy Infrastructure Controller (Cisco APIC), the controller for the ACI network, learns the application needs and configures ACI switches to tag the application packets with the appropriate Differentiated Services Code Point (DSCP) value that defines its relative priority.

In Cisco’s multidomain architecture, Cisco APIC uses APIs offered by Cisco vManage, the controller for Cisco SD-WAN network, to communicate the QoS requirements associated with each DSCP tag to it. These QoS values include the maximum allowable delay, jitter, latency, and packet-loss. vManage uses these values to configure SD-WAN edge routers to recognize and route packets with DSCP tags appropriately through the SD-WAN fabric. Cisco SD-WAN’s analytical engine, vAnalytics, monitors this flow in real-time and ensures that the defined QoS values are being met. If not, it takes corrective actions immediately to place the traffic on a better route.

If you need to make any changes to this prioritization you simply alter it in the application in the data center, from where the values will flow through ACI to vManage, and the whole delivery network is configured within seconds – without fuss or errors. Traffic for the same application in the reverse direction – from user to the data center – is routed with the same QoS levels so create a uniform 2-way flow.

Conclusion

While Cisco SD-WAN provides great user experience, its integration with Cisco ACI you can provide that high level of experience with ease. Cisco multidomain architecture provides an automated way for the entire organization’s networks to configure themselves around policies defined at the source, avoiding manual work, and costly errors.

With such automation between networking domains, you can make certain that a healthcare worker checking on vital patient records at their bedside never has to wait to download and view their X-ray or MRI images.

(Reprinted with permission from Dave Coverly, www.speedbump.com)

For more information on Cisco’s multidomain architecture

• Read the AAG: Cisco Multidomain Integrations for Intent-Based Networking At-a-Glance
• Read the White Paper: Intent-based networking’s next evolution
• See the infographic: It’s time for your network to do more
• Dive deeper and listen to Cisco experts: Cisco Applications and End to End Infrastructure Policy (Tech Field Day), and The Integrated Multi-Domain Network - Status and Evolution
• Watch Techwise TV: Multidomain Integrations for Intent-Based Networking