Featured image

Table of Contents Link to heading

Software-Defined WAN (SD-WAN) Link to heading

Info
Cisco SD-WAN (based on Viptela) is an overlay architecture that provides a secure logical connectivity among offices, data centres, and the cloud, regardless of the physical topology (satellite, LTE, and MPLS).

SD-WAN Architecture Link to heading

vManage NMS Link to heading

Warning
The vManage network management system (NMS) provides a user interface to configure and manage the full SD-WAN solution.

vBond Orchestrator Link to heading

Warning
The vBond orchestrator is a virtualised vEdge running a dedicated function of the vBond persona.

Every vBond has a permanent control plane connection over a Datagram Transport Layer Security (DTLS) tunnel with every vSmart controller.

Authentication Link to heading

Info
The vBond authenticates every new device to the fabric and direct them to the appropriate vSmart and vManage device.

Load Balancing Link to heading

Info
The vBond provides load balancing of sessions to fabrics that have multiple vSmart or vManage controllers.

NAT Detection (NAT-T) Link to heading

  • Problem: Devices often sit behind NAT (home offices, branch sites). NAT hides their real IP/port, so they can’t directly form secure control connections to controllers (vSmart, vManage).
  • Solution: vBond acts as a STUN server (Session Traversal Utilities for NAT). When a device contacts vBond, it reflects back the device’s public IP/port.
  • Result: The device learns how it appears on the Internet and can use that info to build DTLS/TLS tunnels to controllers across NAT boundaries.
  • This process is called NAT-T (NAT Traversal).

vSmart Controller Link to heading

Overlay Management Protocol (OMP) Link to heading

Warning
The vSmart controller uses DTLS tunnels with edge devices to form OMP neighbourships.

OMP is a routing protocol (similar to BGP) that processes OMP routes learned from the SD-WAN edge devices (or other vSmart controllers) and then advertises them to the edge devices in the SD-WAN fabric.

Control Plane Policies Link to heading

Info
The vSmart controller implements all the control plane policies created on vManage.
  1. A policy is created on vManage
  2. That policy is downloaded to the vSmart controller
  3. vSmart converts the policy into a format that all the edge devices in the fabric can understand
  4. vSmart distributes the data plane policy to the applicable edge devices

Edge Routers Link to heading

Warning
Cisco SD-WAN edge devices/routers are available as physical hardware, or in software with virtualised routers that sit at the perimeter of a site.

Each SD-WAN router automatically establishes:

  1. A secure DTLS connection with the vSmart controller and forms an OMP neighborship
  2. Standard IPsec sessions with other SD-WAN routers in the fabric.

SD-WAN routers only make site-local decisions. The vSmart controller provides remote site routes and the reachability information necessary to build the SD-WAN fabric.

“vEdge” is legacy Viptela hardware platforms; whereas “cEdge” is new Cisco IOS XE hardware platforms.

vAnalytics Link to heading

Warning

vAnalytics is an optional analytics and assurance service that has many advanced capabilities, including the following:

  • Visibility into applications and infrastructure across the WAN
  • Forecasting and what-if analysis
  • Intelligent recommendations