cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Community FAQ- Getting to know Cisco SD-WAN

146
Views
0
Helpful
0
Comments

 

This event had place on Wednesday 11th, December 2019 at 10hrs PDT;

IntroductionEvent slides

Featured Experts

david.pngDavid Samuel Peñaloza Seijas works as a Senior Network Consulting Engineer at Verizon Enterprise Solutions in the Czech Republic. Previously, he worked as a Network Support Specialist in the IBM Client Innovation Center in the Czech Republic. David is an expert interested in all topics related to networks. However, he focuses mainly on data centers, enterprise networks, and network design, including software-defined networking (SDN). David has a long relationship with Cisco. He has been a Cisco Instructor for the Cisco Academy and was recognized as a Cisco Champion and a Cisco Designated VIP for 2017, 2018, and 2019. David holds CCNP R&S, CCDP, CCNA Security, CCNA CyberOps, and CCNA SP certification. Currently, he is pursing a CCDE.

juan-rangel.pngJuan Rangel is a Technical Consulting Engineer on the Software-Defined WAN team at the Customer Experience (CX) Center. Before he joined the SD-WAN team, he worked on the Routing Protocols team. Juan has nine years of experience in networking and has in-depth knowledge of the America Mobile International Network. Before Juan joined Cisco, he worked at Telmex, Huawei, and Citi. He holds a degree in computer systems engineering from the University of the Americas in Mexico. Juan holds the CCNP Security and CCNP Service Provider certifications, a Huawei HCDA certification, an ITIL v3 Foundation certification, and a CCIE R&S certification (#62667). Juan likes languages and he is fluent in Spanish, English and Portuguese.

;juan-flores.jpegJuan Flores;is a Technical Consulting Engineer on the Software-Defined WAN team at the Customer Experience (CX) Center. Before he joined the SD-WAN team, he worked on the Routing Protocols team. Juan specializes in Routing Protocols, Service Provider technologies (MPLS), switching, Nexus administration with routing protocols, and SD-WAN technologies. Juan holds a degree in computer systems engineering from the University of the Valley of Mexico. He holds a CCNA R&S certification and he is pursing certifications in CCIE R&S and CCIE SP.

You can download the slides of the presentation in PDF format here.

Live Questions

Q: How Cisco SD-WAN competes with SilverPeak & CloudGenix. In November 2019 Gartner Report it was mentioned that SilverPeak is a leader in SD-WAN, while Cisco was downgraded to a Challenger and Cloudgenix remained as a visionary. Could you please provide comments?

A: More than looking into the competition terms. It is recommended to have a look at the requirements and needs the project is looking for. In the end, the most important thing is to meet the requirements and assure that the solution provides the required features, stability and availability

Q: Question for Juan Flores and Juan Rangel Is SD WAN is the replacement of site-to-site vpn (example DMVPN,FLEXVPN)?

A: SD-WAN can provide the same topologies and traffic flows as DMVPN or FLEXVPN - it can be used. But, I would recommend to analyze other requirements as well.

Q: Can we say SD-WAN the future of VPN to replace the legacy flexvpn,ikev1 and IKEV2, svti, dvti)?

A: I would not say its a complete replacement, but it certainly improves several of those mechanisms and bundles them together in a single solution. Remember all of them are individual protocols. therefore, many applications will exist for them, not only WAN.

Q: Could it be possible to get a demo lic to test drive the SD WAN instead of DCLOUD, please?

A: I would recommend you to check this with your assigned account manager (if its out of dcloud).

Q: Would SD-WAN replace MPLS?

A: I would not say that. MPLS is a transport (save costs using internet circuits). What you do is to augment your bandwidth transport using internet bound transport. But, for some applications, MPLS would offer a better SLA than regular internet connections.

Q: Noob question is SD-WAN Cisco proprietary?

A : Hello, thanks for your question, in fact, it is a Cisco Proprietary solution!

Q: Could you please provide a deployment guide which about SD-WAN and WAAS deployment scenarios? And do you suggest to use both together? Are there any use cases about this deployment?

A: Please, check the end-to-end guide: https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/SD-WAN-End-to-End-Deployment-Guide.pdf   WAAS usually manipulates the TCP sessions. SD-WAN offers a TCP optimization as well. I would be careful in using both at the same time.

Q: Which is the profile recommended to manage sdwan infrastructure? CCNA? CCNP? CCIE?

A: SD-WAN is a friendly solution, You could start using it even if you have CCNA, if you need to deploy other protocols such BGP, OSPF, you would have to have a deeper knowledge of that specific protocol.

Q: On page 20, if we talk about BGP, aren't private and public AS numbers the other way around?

A: You are right, its a typo. Thanks for the catch.

Q: Is it accurate to say iWAN has been superseded by SD-WAN? Would we ever propose iWAN to a customer today?

A: I would say that is the main feeling. IWAN efforts have been reduced in order to improve the SD-WAN fort after Viptela's acquisition.

Q: I know that Viptela solution in a full mesh design, each branch creates tunnels to all the other branches. So in the design, we need to take that into consideration. Do you know if there are any coming improvements of the full mesh default behavior, for example like dmvpn phase3?

A: If you need to improve your SD-WAN deployment you can always do it with policies, in that way you could have your whole full mesh or separated mesh networks.

Q: SD-WAN is going to replace iWAN?

A: SD-WAN is the ultimate Cisco's solution, it solves some limitations present in iWAN, such as having a HUB MC as a single point of failure, the Controllers are not centralized but in the cloud for example. SD-WAN will dynamically manage your traffic.

Q: What is the "i" in iWAN stand for?

A: For IWAN the description is " Intelligent Wide Area Network".

Q: Is SD-WAN the same as Viptela?

A: Cisco SD-WAN works with Cisco and Viptela devices. It is not the same but it is part of Viptela. SD-WAN is Cisco proprietary and Viptela is part of Cisco.

Q: SD-WAN does not currently support another advantage that offers by WAAS like caching and data redundancy only offer TCP Opt. it will fully support these features and replace of WAAS in the feature?

A: Cisco SD-WAN support WAAS here

Q: When we should create a full mesh design with viptela, and if we have like 3000 branches, each branch should create tunnels to all the other branches. And then that would be a scaling problem in vedges or cedges installed on each branch. My question is if there is any improvement in the road map that for example create to static tunnels to hubs and dynamic tunnels when branches want to communicate?

A: I'd say that in the case you have this scenario you should delimit your network with policies to design a hub-spoke. The tunnels will be there but you can limit what can be routed or no with the policies.

Q: How can an enterprise moving its Services to Azure/AWS can benefit from SDWAN what component of SD WAN is required in Cloud?

A: In SD WAN for cloud components we need the following controllers, vmanage, vbondd, vsmart.Specific to Cisco SD-WAN, you have three options when it comes to cloud:

Cloud onRamp for SaaS - extends the SD-WAN concept of “quality probing” to SaaS applications on the Internet. Al routers, automatically connect the new routers to your backend VPCs/VNets, then extend that connectivity to your SD-WAN cloud. In this method, SD-WAN connected sites now see AWS/Azure as another branch location and can build direct tunnels to the cloud.
SD-WAN can then be used to funnel traffic through the best performing colocations, apply policies to the traffic (in the form of running the traffic through a virtualized service chain of network equipment) and send it on its way to the cloud.

Q: Is zero-touch provisioning can be achieved in SD-WAN/Veptella?

A: ZTP is used in SD-WAN in fact!

Q: What is underlay?

A: This is a good question, we have two parts, Underlay is the connection to your ISP and the Overlay is the virtual tunnels over underlay.

Q: Selecting multiple paths can result in asymmetric routing, How SDWAN takes care of it?

A: In CEDGE or VEDGE devices we can manipulate the traffic using specific metrics such as Local Preference to select the best path.

Q: How is SD-WAN different than having, fr example FR connection to an SP and using L2 Tunnels?

A:For SD-WAN we can connect to an internet cloud and we just need to complete basic connectivity with the Service Provider. We can use the default route or BGP to complete Underlay then over the Overlay we can establish virtual tunnels.

Q: SD-WAN can integrate with ACI and with SGT?

A: Yes, SD-WAN can integrate with ACI, im adding more information here: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/Cisco-ACI-and-SDWAN-Integration.html

Q: The lifecycle of iWAN doesn't last much. The customers who have invested in iWAN has to invest again in SD WAN?

A: SD-WAN is a separate solution, however, I recommend you to contact your Cisco Sales Engineer and share this concern with him, he can have a more accurate answer for this one!

Q: Can we have some visibility on Licensing of SDWAN?

A: SD-WAN does not function with the traditional licensing model; here you have a Smart Account consolidating everything in there.

Q: I can see that we can connect to an internet cloud. Is this for end-user, so that you don't need, for example, have a Frame Relay dedicated link, but instead you connect to the internet?

A: On SD-WAN solution the VEDGE/CEDGE devices that are the "Customer Edge" just need to have a connection with the ISP. in this way we save cost because we can use the Internet cloud. MPLS cloud is more expensive.

Q: What are the tools available to troubleshoot SD WAN connection, any specific ones?

A: You can troubleshoot SD-WAN just like in the traditional way, via CLI but you can also troubleshoot it using vManage tools, some of these tools will be shown in the Live Demo!

Q: If one has Managed Routers from Service provider, what is the recommendation for SDWAN is it on customer/enterprise own router connected back to back or should it be on or managed Router by ISP? What is the recommended way?

A: The benefit of SD-WAN is that we can use an Internet clod with ISP instead of MPLS that is more expensive. The SD-WAN edge devices need to have basic connectivity with ISP PE, we can use a default route of BGP.
If the PE router is managed by your ISP or you, we just need to achieve basic connectivity in order to reach SD WAN controllers on the cloud.

Q: For the SD-WAN setup being discussed now from vBond -> vManage -> vSmart -> establishing data plane thru IPSec via BFD, does that mean there will be no more network configurations to be saved, and running, on the Edge Routers?

A: Yes, all the configuration will be there in the routers, you can also SSH into each router to see it but they're configured via vManage and the vManage is the one who pushes the configurations to every router with a few clicks.

Q: Will these vComponents will save the necessary configurations, or will it be saved on a separate device somewhere on a cloud setup?

A: The configurations are saved in the vManage as Device Templates, there're 2 modes for the routers, CLI mode (traditional) and vManage mode, if you go for vManage mode you will have everything in the vManage no matter if you lose the router.
To complement: in CLI mode the configuration stays in the device (traditional way).

Q: Monitoring of SD WAN and route change due to less performing link etc is though which component?

A: Some SLAs are configured, each SLA will have the jitter, delay and loss parameters with a % in there. Depending on your SLA the Policy will react and forward the traffic to any given link or color.

Q: PE end SD Wan...CE end onther vendor llike juniper... it will communicate ?

A: Yes but not with SD-WAN, the link between the CE and PE is a traditional link, such Internet or MPLS, but SD-WAN will create its own overlay above the underlay.

Q: Which component on SD WAN solution is used for Monitoring SD WAN deployment?

A: To monitor traffic on sd-wan we can use CFLOWD that is similar to Netflow or vAnalitics.

Q: How is network configuration through automation can be integrated with Cisco SD-WAN? Any recommended setup for this one?

A: For SD-WAN we can use centralized policy and localized policy, this can affect all devices or specific devices.

Q: Templates is fine.How about Qos and ACL?

A: For configuration, we have two options, vManage mode or CLI mode. The benefit of Sd-WAN is the possibility to use vManage mode that automatically can affect Edge devices. Here with a template, we can add QoS or ACL. This is an introductory session - we can go deep into many topics but time runs off quickly. We will definitely consider these questions for a later session (if possible). Thanks!

Q: Is any virtualized vEdge referred to as "Device Model: vEdge Cloud", even if it is virtualized on an ENCS which is located on-premises?

A: Yes, what matters is that it is a VNF/VM. Virtualized appliance.vEdge -> Viptela hardware vEdge cloud -> virtual appliance cEdge -> Cisco appliance running IOS-XE.

Q: Where we will get templates for L3 protocal ? and is there any free lab available for SD WAN?

A: You can use cisco dcloud. Check the following URL: https://dcloud2-lon.cisco.com/content/catalogue?filters=s-enterprise-networks&search=sd-wan&screenCommand=openFilterScreen&isLoggingIn=true

Q: By default Cisco will provide the Certificate for CE and PE routers?

A: CE and PE? Those are functions and roles in your network. For vEdge and cEdge devices: they have a chipset placed into them during manufacturing. For the controllers, they are provided and signed by Symantec and Digicert.

Q: How many devices can be configured with the templates? Is there any limit?

A: The capacity of the templates is related to the capacity of the vManage controller itself. Each vManage controller can have. Its up to 2000 devices if I remember well. (take this number with a grain of salt)

Q: As I know we can use and manage the security features like L7 app firewall and IPS with cEdge routers. My question is do we manage on vManage as well these firewall features?

A: vMAnage will host the configuration, and that will be pushed down to the devices in the fabric.

Q: This SD wan device, it will support all modules like FW, Router, optimization devices as well?

A: It depends on the device. Hardware capabilities depend on licenses and hardware.

Q: How to modify the template, like L3 and ACl?

A: Once the template is created, you get to the left pane: templates. Edit it, and you will have, either the block of text to modify, or the feature templates to change values on.

Q: Would the IGP matter if it is OSPF or EIGRP? I’m referring to what expert Juan Rangel covered on the slides that had the BGP and isg(OSPF) in the diagram.?

A: EIGRP run only on CISCO devices “CEDGE” and OSPF can run on CEDGE and VEDGE because is an open standard, if Edge devices will connect internally with another vendor is necessary to use OSPF.

Related Information

Content for Community-Ad