cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

11422
Views
100
Helpful
72
Replies
ciscomoderator
Community Manager

Cisco SD-WAN Global Forum : Quick Guide to Design, Deploy, Operate, and Maintain - AMA

banner_AMAGL_en_lp_900x150_08mar_2021.png

Español  Português Français Русский  日本語 简体中文

All the knowledge of these four experts at your disposal!

Cisco Software-Defined Wide Area Network (SD-WAN) provides a highly scalable, resilient, and secure network infrastructure. With advanced security features built into the solution, automation, centralized management, and monitoring, Cisco SD-WAN enables you to control your network through a single dashboard, reduce operating costs, and ensure the best possible experience for your users in local applications or on the cloud.

In this event, the experts will help you understand how Cisco SD-WAN is designed and its main benefits.
They will explore everything from the basic solution design, which license to choose, or which router to select, to overall design and deployment best practices. vManage allows you to configure devices, templates, security / control policies and much more... What if, for some reason, vManage fails? We will help you master an understanding of the policy framework and common troubleshooting tools and learn from programmatic methods to create backups in the SD-WAN environment.

This event is for Cisco SD-WAN beginners and advanced professionals.

To participate in this event, please use the reply-button.png button below to ask your questions

Ask questions from Monday, March 8 to Friday, March 19, 2021

Featured experts
Photo_glyra_100x140.pngGuilherme Lyra is a Solutions Architect focused on the Enterprise Networking area. With more than 14 years of experience in networking and security technologies, he has designed and led the implementation of projects with national and global extension for companies in segments such as retail, manufacturing, utilities, and government agencies. Guilherme has also conducted training on Software-Defined Networks and WAN optimization. He holds Cisco CCNP, Cisco CCDP, Juniper JNCIA, and Meraki CMNA certifications.

Photo_dablais_100x140.pngDanny Blais joined Cisco in 2000 in the role of Lab Administrator. In 2004, he moved to RTP, North Carolina for one year to be part of an incubator program leading him to a Systems Architect role. He is currently based out of Montréal and supports a major enterprise account in the Québec province. Danny has a college degree in computer science with a networking specialty. He has specialized in many Cisco technologies over the years, from Unified Communications to Data Center and now for the last couple of years Cisco SD-WAN. He holds multiple Cisco certifications: CCNA, CCDA, CCNP, CCDP, and CMNA.

Photo_ossalaza_100x140.pngOsvaldo Salazar Tovar is currently in the role of Solutions Architect for Cisco SD-WAN technology for Latin America. He works with the partner ecosystem to deliver new approaches to simplify and optimize their WAN environments to end customers from different verticals, using the Cisco portfolio as a digital transformation platform. Osvaldo graduated from ITESM, and has several certifications such as CCNP R&S, DevNet Associate, and SD-WAN Specialist.


Photo_tmatzeu_100x140.png
Thomas Matzeu graduated from the French University of Evry. He began as a Deployment Engineer in France, specializing in routing, switching, and security. Thomas joined Cisco in September 2018 as a Pre-Sales Engineer in the Global Virtual Engineering team and focuses on Enterprise Networking technologies such as SD-Access and SD-WAN in Europe.
 
Guilherme, Danny, Osvaldo and Thomas might not be able to answer each question due to the volume expected during this event. For more information, visit the Networking Discussions category.
Find further events on Networking Events list.
Do you know you can get answers before opening a TAC case by visiting the Cisco Community?  
**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions
72 REPLIES 72

It depends up on the (network) requirements from the the customer.
Some networks may be small vs some others big and cloud vs non-cloud options will come into picture too in determining which type of device for a given specific site type etc (branch vs DC vs Colo vs. remote etc)
Sarah Staker
Beginner

Hi guys!

Is there a way to check that the guest traffic goes through GUEST VRF and that the rest of the traffic follows the global routing scheme?

Thank you.

- Sarah

Hello,

Thank you for your question.

Absolutely yes. Cisco SD-WAN has a troubleshooting tool called Simulate Flows that is accessible in vManage. You can use this tool to make sure traffic is going to follow the desired path.

Also, there is end-to-end segmentation built in the solution. What this means is that traffic from a VPN (VRF) is isolated using not only in distinct routing tables, but it is also transported with labels.

Following text from Cisco's documentation explains the workflow:
When you configure a VRF on a router, the VRF has a label associated with it. The router sends the label, along with the VRF ID to the vSmart controller. The vSmart controller propagates this router-to-VRF ID mapping information to the other routers in the domain. The remote routers then use this label to send traffic to the appropriate VRF. The local routers, on receiving the data with the VRF ID label, use the label to demultiplex the data traffic. This is similar to how MPLS labels are used. This design is based on standard RFCs and is compliant with regulatory procedures such as PCI and HIPAA.

 

 

SEGMENTATION.jpg

 

 

 

LABELS.jpg

 

Hope this helps.

Best regards.

Modérateur Cisco
Frequent Contributor

Why does Cisco SD-WAN use OMP in the Control Plane and not the traditional routing protocols?

Thank you

Didier

* This is a question posted in French by Didier M. It has been translated by Cisco Community to share the inquiry and its solution in different languages.

Hello Didier,

Because OMP is used to propagate not only routes but also policies and information about TLOCs. This allows for greater flexibility than what we have with traditional protocols.

Hope this helps.
Regards.

Cisco Moderador
Community Manager

Hi everyone

How are alerts defined and how are REST API extensions used?

Note: This question is a translation of an original post created in the Spanish community by Fernando MondragonIt was translated by the Cisco Community to share the query and its solution in different languages.

Hi Fernando,

Below a link to the table where you can find how alarms are defined per severity (Minor, Medium, Major, Critical): https://sdwan-docs.cisco.com/Product_Documentation/vManage_Help/Release_18.4/Monitor/Alarms

 

About the REST API extensions, for Alarms and Monitoring my suggestion is to use the Webhooks. It is a push-model mechanism to send notifications in real-time.

An example of Webhooks utilization: https://developer.cisco.com/codeexchange/github/repo/suchandanreddy/sdwan-webhooks/

 

Another alternative, using traditional REST API, is to poll for the vManage's data frequently.

Cisco Moderador
Community Manager

Another question

How can I optimize SaaS connectivity with Cisco SD-WAN?

Note: This question is a translation of an original post created in the Spanish community by Fernando MondragonIt was translated by the Cisco Community to share the query and its solution in different languages.

Hi Fernando

With Cloud OnRamp for SaaS, the SD-WAN fabric continuously measures the performance of a designated SaaS application through all permissible paths from a branch. For each path, the fabric computes a quality-of-experience score ranging from 0 to 10, with 10 being the best performance. This score gives network administrators visibility into application performance that has never before been available. Most importantly, the fabric automatically makes real-time decisions to choose the best-performing path between the end users at a remote branch and the cloud SaaS application. Enterprises have the flexibility to deploy this capability in multiple ways, according to their business needs and security requirements.

Cisco Moderador
Community Manager

Hi experts

Can Cisco SD-WAN integrate to security cloud providers?

Note: This question is a translation of an original post created in the Spanish community by Dani Ma was translated by the Cisco Community to share the query and its solution in different languages.

Correct, Cisco SD-WAN can integrate to security cloud providers, check details on https://umbrella.cisco.com/solutions/sd-wan-security

Cisco Moderador
Community Manager

In other topics, what are the security features included in Cisco SD-WAN?

Note: This question is a translation of an original post created in the Spanish community by Dani Ma. It was translated by the Cisco Community to share the query and its solution in different languages.

Cisco SD-WAN builds on the architecture called secure access service edge (SASE). WAN security and features today must be distributed, cloud-based, flexible, and agile. Cisco SD-WAN is the industry’s first fully integrated SASE offering that combines best-of-breed SD-WAN with the cloud-based Cisco Umbrella or on-premise security portfolio. Both security architectures provide full protection for enterprises connecting to cloud and internet applications. These security features are:


Enterprise firewalls: Granular policy and control of thousands of applications
Secure web gateway: Full protection against all kinds of web-based attacks, including SSL inspection
DNS layer security and URL filtering: Stops threats at the earliest point, significantly reducing incidents
IPS: A built-in intrusion prevention system within an on-premises enterprise firewall based on Snort ® and powered by Talos ®
Cloud Access Security Broker (CASB): Protects against account compromises, breaches, and other major risks in the cloud application ecosystem
Malware protection: An extended security feature across both on-premises and cloud security using Cisco AMP and Threat Grid to prevent and detect malicious files with sandboxing

mikey_p
Beginner

Hi,

 

Slow to finding this service.  Lucky to make it in time apparently :).

 

If you are running sites that only have MPLS connections with Internet services via a DC and other sites that only have Internet connections is it logical to have multiple vSMARTs?  A vSMART hosted on the MPLS network and another hosted in the cloud?  I.e. the intelligence of the solution doesn’t suffer if there is an outage of vSMART or Internet connection at the DC?

 

Thanks

 

Mike

Hi Mikey, hope you are fine.

Assuming you are asking for cloud hosted controllers, common thing for this scenarios would be to make a breakout to internet on MPLS, opening specific ports for specific IPs (ones for controllers), while you have single link type of sites,  your network use DC (where both type of links exist) as pivot to inter connect the sites. As best practice you would reach controllers through both of the links you have on your environment so you have resiliency as a principle of your design.

Regards

Osvaldo