Re: Ask Me Anything - Getting to know Cisco SD-WAN - Page 2

ciscomoderator · ‎12-10-2019

This topic is a chance to clarify your questions about the Cisco Software-Defined WAN (SD-WAN) solution, its historical roots, the drivers behind SD-WAN adoption, benefits, evolution, and the inner mechanisms that make it attractive to business. In addition, experts will explain and answer questions about SD-WAN on-boarding activities and daily operations.

To participate in this event, please use the button below to ask your questions

Ask questions from Wednesday 11th to Friday 20th of December, 2019

Featured Experts

David Samuel Peñaloza Seijas works as a Senior Network Consulting Engineer at Verizon Enterprise Solutions in the Czech Republic. Previously, he worked as a Network Support Specialist in the IBM Client Innovation Center in the Czech Republic. David is an expert interested in all topics related to networks. However, he focuses mainly on data centers, enterprise networks, and network design, including software-defined networking (SDN). David has a long relationship with Cisco. He has been a Cisco Instructor for the Cisco Academy and was recognized as a Cisco Champion and a Cisco Designated VIP for 2017, 2018, and 2019. David holds CCNP R&S, CCDP, CCNA Security, CCNA CyberOps, and CCNA SP certification. Currently, he is pursing a CCDE.

Juan Rangel is a Technical Consulting Engineer on the Software-Defined WAN team at the Customer Experience (CX) Center. Before he joined the SD-WAN team, he worked on the Routing Protocols team. Juan has nine years of experience in networking and has in-depth knowledge of the America Mobile International Network. Before Juan joined Cisco, he worked at Telmex, Huawei, and Citi. He holds a degree in computer systems engineering from the University of the Americas in Mexico. Juan holds the CCNP Security and CCNP Service Provider certifications, a Huawei HCDA certification, an ITIL v3 Foundation certification, and a CCIE R&S certification (#62667). Juan likes languages and he is fluent in Spanish, English and Portuguese.

Juan Flores is a Technical Consulting Engineer on the Software-Defined WAN team at the Customer Experience (CX) Center. Before he joined the SD-WAN team, he worked on the Routing Protocols team. Juan specializes in Routing Protocols, Service Provider technologies (MPLS), switching, Nexus administration with routing protocols, and SD-WAN technologies. Juan holds a degree in computer systems engineering from the University of the Valley of Mexico. He holds a CCNA R&S certification and he is pursing certifications in CCIE R&S and CCIE SP.

Experts might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the SD-WAN community.

Find further events on https://community.cisco.com/t5/custom/page/page-id/Events?categorayId=technology-support

**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions

gilbert.aispuro1 · ‎12-11-2019

I am trying to get IPS up on my SD-WAN deployment, and I need to create a Signature list to apply on my Security Policy. All routers already have the IPS engine running.

Please help me understand what needs to go in the "IPS Signatures" field. Is there a best practice?

Thank you.

fycal98 · ‎12-13-2019

im using Cisco csr 1000v ios-xe 3.15 downloaded from cisco web site,and i want to use it to implement Cisco Intelligent wan lab for study project ,the image worked well in VmWare but i want to know if the router will ask for license latter.

juaflor2 · ‎12-13-2019

Hello!

IOS XE SD-WAN is supported in the following platforms, unfortunately it is not supported in CSR virtual routers, please refer to the following link:

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/hardware-and-software-installation.html#c_Software_Installation_and_Upgrade_for_Cisco_IOS_XE_Routers_12017.xml

It is worth to mention that once you setup your SD-WAN image in your IOS-XE Router, it won't be using the traditional Cisco Licensing but the Smart Licensing. More information about Smart License can be found below:

https://www.cisco.com/c/en/us/products/software/smart-accounts/software-licensing.html

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/smart-licensing/qsg/b_Smart_Licensing_QuickStart/b_Smart_Licensing_QuickStart_chapter_00.html

Thanks for your question!

giovanni.augusto · ‎12-14-2019

@juaflor2 wrote:
Hello!

IOS XE SD-WAN is supported in the following platforms, unfortunately it is not supported in CSR virtual routers, please refer to the following link:

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/hardware-and-software-installation.html#c_Software_Installation_and_Upgrade_for_Cisco_IOS_XE_Routers_12017.xml

It is worth to mention that once you setup your SD-WAN image in your IOS-XE Router, it won't be using the traditional Cisco Licensing but the Smart Licensing. More information about Smart License can be found below:

https://www.cisco.com/c/en/us/products/software/smart-accounts/software-licensing.html

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/smart-licensing/qsg/b_Smart_Licensing_QuickStart/b_Smart_Licensing_QuickStart_chapter_00.html

Thanks for your question!

Sorry, what do you mean CSR doesn't support IOS-XE SD-WAN?

Here I see it's listed as supported :

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/release/notes/xe-16-11/sd-wan-rel-notes-19-1.html#id_102931

Maros Zaleha · ‎12-16-2019

Hi,

I have a question regarding vEdge routers in Viptela SD-WAN.

From my understanding vEdge router simply forwards traffic according to the information from vSmart, so all the route calculation happens in the Control Plane with vSmart controllers.

Are vEdge routers essentially like CEF? Does it also have to calculate some paths, since they can run OSPF and BGP or do they truly just forward traffic?

Could you please elaborate on how this vEdge router acts as a DATA PLANE? I don't quite understand why was data plane and control plane separated if vEdge has to calculate ospf and bgp routes.

Thank you! :)

@confignetworks · ‎12-16-2019

Hello,

vEdge have to do route calculation if you activate OSPF or BGP on LAN side towards your equimpements. vEdge will behave as a normal router and will execute the configuration sent from the controller.

When we say control and Dataplane separated, this does not mean that vEdge don't run any calculation.

However, all the configuration, athentication, IPSEC key renewal management are managed by the control part.

Thanks

David Samuel Penaloza Seijas · ‎12-17-2019

Adding up here to complement.

The routers can have a local configuration (CLI mode) or a global policy (vManage mode + centralized policy).

When we refer them as acting in the data plane is meant to highlight a couple of points:

As with any SDN-related solution, control, data and management planes are decoupled. Quite different than with common networking where all the planes are held by the same router/device
Their tasks are mostly about performing traffic forwarding decisions - as any other router would - with either a centralized or localized policy (E.g. QoS, Application Aware Routing, ACLs) without holding the complete load for the control plane decisions. Those control plane related matters are mostly handled by vSmart.

As mentioned earlier, this does not mean they do not perform any calculation, they simply offload most of the heavy-lifting tasks to vSmart.

Hope it helps! :)

bullfinch · ‎12-17-2019

Hi

is it possible to use Port-channel on ISK4K for SDWAN vpn 0 connections?

For example i am trying to configure int Port-Channel1.301 and Tunnel1301 (or 301), but when commit -

Router(config-subif)# commit check
Failed: 'interface': VRF get failed for Port-channel1.301

configuration example :

interface GigabitEthernet0/0/2
 no ip address
 negotiation auto
 channel-group 1 mode active
!
interface GigabitEthernet0/0/3
 no ip address
 negotiation auto
 channel-group 1 mode active
!
interface Port-channel1
 no ip address
 no negotiation auto
!
interface Port-channel1.301
 encapsulation dot1Q 301
 ip address X.X.X.X 255.255.255.240
!
interface Tunnel301
ip unnumbered Port-channel1.301
tunnel source Port-channel1.301
tunnel mode sdwan
!
sdwan
!
interface Port-channel1.301
tunnel-interface
encapsulation ipsec
color public-internet
!

AndyRibbens7838 · ‎12-18-2019

Hi,

Im wondering if the following problem is possible to solve:

R1 has red and blue tunnels

R2 has red only

R3 has blue only

A common service vpn on all 3 (vpn 600)

Omp set to redistribute connected

R1 learns vpn 600 subnets from R2 and R3 via omp

R2 only learns vpn 600 subnet from R1 via omp

R3 only learns vnp 600 subnet from R1 via omp

Can I configure it so R3 learns routes to R2 vpn 600 subnet via R1 and vice vera?

Thanks

Surjeet Singh · ‎12-25-2019

Is it possible to perform conditional route advertisement from viptela ? something like i have two color(example Internet+MPLS on vEdge devices. i want to advertise default route in ospf in service vpn only if internet is up and as soon as it went down it should stop advertising default route ?

In VRRP we have option to track prefix-list, here i know we can track prefix list learn via OMP, do we have any way to track NAT route by this prefix list ? example : ip route 8.8.8.8/32 vpn 0.

Regards,
Surjeet Singh

David Samuel Penaloza Seijas · ‎01-05-2020

Helllo @AndyRibbens7838

Can I configure it so R3 learns routes to R2 vpn 600 subnet via R1 and vice vera?

Absolutely, R1 would have to learn both routes, and you need a set of control policy statements matching those routes and setting the next hop as R1.

You would be building a hub and spoke type of topology for this specific VPN (note that the topologies are VPN-wise).

For your reference: please, give a look to this resource: https://www.ciscolive.com/global/on-demand-library.html?search=sd-wan%20policy#/session/154022953569300162tA

Hope that helps!