Re: Cisco SD-WAN Global Forum : Quick Guide to Design, Deploy, Operate, and Maintain - AMA - Page 5

ciscomoderator · ‎03-07-2021

All the knowledge of these four experts at your disposal!

Cisco Software-Defined Wide Area Network (SD-WAN) provides a highly scalable, resilient, and secure network infrastructure. With advanced security features built into the solution, automation, centralized management, and monitoring, Cisco SD-WAN enables you to control your network through a single dashboard, reduce operating costs, and ensure the best possible experience for your users in local applications or on the cloud.

In this event, the experts will help you understand how Cisco SD-WAN is designed and its main benefits.
They will explore everything from the basic solution design, which license to choose, or which router to select, to overall design and deployment best practices. vManage allows you to configure devices, templates, security / control policies and much more... What if, for some reason, vManage fails? We will help you master an understanding of the policy framework and common troubleshooting tools and learn from programmatic methods to create backups in the SD-WAN environment.

This event is for Cisco SD-WAN beginners and advanced professionals.

To participate in this event, please use the button below to ask your questions

Ask questions from Monday, March 8 to Friday, March 19, 2021

Featured experts

Guilherme Lyra is a Solutions Architect focused on the Enterprise Networking area. With more than 14 years of experience in networking and security technologies, he has designed and led the implementation of projects with national and global extension for companies in segments such as retail, manufacturing, utilities, and government agencies. Guilherme has also conducted training on Software-Defined Networks and WAN optimization. He holds Cisco CCNP, Cisco CCDP, Juniper JNCIA, and Meraki CMNA certifications.

Danny Blais joined Cisco in 2000 in the role of Lab Administrator. In 2004, he moved to RTP, North Carolina for one year to be part of an incubator program leading him to a Systems Architect role. He is currently based out of Montréal and supports a major enterprise account in the Québec province. Danny has a college degree in computer science with a networking specialty. He has specialized in many Cisco technologies over the years, from Unified Communications to Data Center and now for the last couple of years Cisco SD-WAN. He holds multiple Cisco certifications: CCNA, CCDA, CCNP, CCDP, and CMNA.

Osvaldo Salazar Tovar is currently in the role of Solutions Architect for Cisco SD-WAN technology for Latin America. He works with the partner ecosystem to deliver new approaches to simplify and optimize their WAN environments to end customers from different verticals, using the Cisco portfolio as a digital transformation platform. Osvaldo graduated from ITESM, and has several certifications such as CCNP R&S, DevNet Associate, and SD-WAN Specialist.

Thomas Matzeu graduated from the French University of Evry. He began as a Deployment Engineer in France, specializing in routing, switching, and security. Thomas joined Cisco in September 2018 as a Pre-Sales Engineer in the Global Virtual Engineering team and focuses on Enterprise Networking technologies such as SD-Access and SD-WAN in Europe.

Guilherme, Danny, Osvaldo and Thomas might not be able to answer each question due to the volume expected during this event. For more information, visit the Networking Discussions category.

Find further events on Networking Events list.

Do you know you can get answers before opening a TAC case by visiting the Cisco Community?

**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions

Modérateur Cisco · ‎03-19-2021

What are the possible integrations between Cisco SD-WAN and ACI?

Thank you for your reply!

JMD

* This is a question posted in French by Jean Marie D. It has been translated by Cisco Community to share the inquiry and its solution in different languages.

dablais · ‎03-19-2021

Hi Jean Marie,

Cisco ACI release 4.1(1) adds support for WAN SLA policies. This feature enables tenant administrators to apply preconfigured policies to specify the levels of packet loss, jitter, and latency for tenant traffic over the WAN. When a WAN SLA policy is applied to tenant traffic, the Cisco APIC sends the configured policies to a Cisco vSmart Controller. The Cisco vSmart Controller, which is configured in Cisco ACI as an external device manager that provides Cisco IOS XE SD-WAN capabilities, chooses the best possible WAN link that meets the loss, jitter, and latency parameters specified in the SLA policy. The WAN SLA policies are applied to tenant traffic though contracts.

As an example of where this feature can be useful, consider a deployment in which branches connect to a data center over a WAN using multiple transport technologies, such as MPLS, internet, and 4G. In such deployments, there can be multiple paths between the branches and data centers. This feature provides optimized path selection in these situations based on application groups and SLA.

Cisco APIC release 4.2(1) adds support for enabling returning traffic from a remote site that is destined for the ACI data center to receive differentiated services over the WAN. After the tenant admin registers the Cisco APIC to vManage, the Cisco APIC pulls the WAN-SLA policies and the WAN-VPN from vManage. Then, the Cisco APIC assigns DSCP to each WAN-SLA policy and pushes a prefix list. The prefix list, which is taken from the EPG if the contract between this EPG and L3Out has WAN-SLA configured, enables quality of service on the returning traffic. The WAN-SLA policy and WAN-VPN are both available in the tenant common. Tenant admins map the WAN-VPNs to VRFs on remote sites.

Danny

Cisco Moderador · ‎03-19-2021

Thanks for this event, team!
Could you explain how TCP optimization works, please?

Note: This question is the translation of a post originally created in Portuguese by Adolfo Suarez.It was translated by the Cisco Community to share the query and its solution in different languages.

Guilherme Lyra · ‎03-19-2021

First, keep in mind that TCP is a bidirectional protocol and operates only when connection-initiation messages (SYNs) are acknowledged by ACK messages in a timely fashion. Cisco SD-WAN has a built-in TCP Optimization feature that allows us to fine tune the processing of TCP data traffic, thus decreasing round-trip latency and improving throughput.
With TCP optimization, a router acts as a TCP proxy between a client that is initiating a TCP flow and a server that is listening for a TCP flow, as illustrated in the following figure:

When we enable TCP optimization on the two routers above, Router A terminates the TCP connection from the client and establishes a TCP connection with Router B. Router B then establishes a TCP connection to the server. The two routers cache the TCP traffic in their buffers to ensure that the traffic from the client reaches the server without allowing the TCP connection to time out.

svemulap@cisco.com · ‎03-19-2021

Hi -

There is a support for both vEdge and cEdge platforms for TCP Optimization.
Please refer to following links on how this feature works and how to enable on the platform in question.

# For vE1000, vE2000 and vE2K
https://www.cisco.com/c/dam/en/us/td/docs/routers/sdwan/configuration/config-18-2.pdf#page=530

# For cEdge running IOS-XE
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/optimization-ha/ios-xe-16/network-optimization-high-availability-book-xe/m-tcp-optimization.html

Hope you find it useful.

John Ventura · ‎03-19-2021

Hi everybody,

With additional headers from GRE, IPSEC and OMP, how is the MTU defined between the routers?

Guilherme Lyra · ‎03-19-2021

Hi John,

OMP is a protocol used exclusively on the Control Plane, that is, it propagates routes, policies, TLOCs. It will not be used to transport or encapsulate data traffic. In the Data Plane we will have encapsulation with IPsec or GRE (IPsec is used by default) and in this case, yes, there is an overhead that needs to be taken into account. Bear in mind that we have BFD sessions established between SD-WAN routers over the transport tunnels. BFD will be used for link failure detection, measuring of latency, loss and other statistics used by application-aware routing. BFD will also assist in the PMTU Discovery process in each of the available transports.

Regards.

G.

svemulap@cisco.com · ‎03-19-2021

Hi -

In SDWAN environment, we have two ways of computing the PMTU.
* done on transport side via the physical interface in VPN 0
* via BFD which runs between two end nodes on the data path

Please refer to: https://www.cisco.com/c/dam/en/us/td/docs/routers/sdwan/configuration/config-18-3.pdf#page=494
.. which has additional details.

Hope it helps.

Jessica Deaken · ‎03-19-2021

Hi guys,

Considering a Cisco SD-WAN deployment with cloud-based controllers, what happens if communication is lost between WAN Edges and the controllers? Are the WAN Edges able to continue forwarding data traffic?

svemulap@cisco.com · ‎03-19-2021

Yes. OMP which runs on top of DTLS from Edge devices to vSmart has a GR (graceful timer) values.
When an Edge looses connectivity to vSmart - GR kicks in. Default timer is 12 hrs and is configurable.
Detail information is at: https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/SD-WAN_Release_16.2/03Routing/02Configuring_OMP

Hope it helps.

Guilherme Lyra · ‎03-19-2021

Thank you svemulap!

In addition to that, the environment continues to operate normally, based on the latest OMP information. This is valid both on the vSmart side and on the WAN Edges side. By default, OMP information is kept in cache for 12 hours and this can be changed by tuning an option called "OMP Graceful Restart".

Best regards.

G.

Olipo · ‎03-19-2021

Which router models can work inside Cisco SD-WAN overlay?

TY

Osvaldo Salazar Tovar · ‎03-22-2021

Hi Olipo,

There are routers for each requirement, you can check general list here: https://www.cisco.com/c/en/us/products/collateral/software/one-wan-subscription/guide-c07-740642.html

Hope it helps, regards.