Networking, Security & Cloud Knowledge

Showing posts with label SDWAN. Show all posts
Showing posts with label SDWAN. Show all posts

Sunday, October 9, 2022

 SDWAN


Traditional network:

  • Branch office connecting to central office (Headend / DC)  using MPLS or DMVPN.
  • If there site is multi-home, it uses one of the path based on network reachability or policy configured.
  • Devices at each site are managed and configured separately

 

Limitation of traditional topology

  • Scaling over MPLS may be expensive.
  • With upcoming cloud technology and associated services (e.g. office 365, drop box, one note etc), we may require traffic going out to different location (like Microsoft Azure, Amazon AWS, Google cloud) apart from central office.
  • Qos can be issue on internet link.
  • Troubleshooting is not easy..

 


SD-WAN: 

  • SDWAN changes Configurable network to programable network. So with this we don’t need to know how to configure devices from different vendor like cisco, juniper.
  • It divides network into two part, North bound and South bound.
  • North bound host all controller which can be used to manage SD-WAN eco system.
  • User can configure policy by on Controller by using API
  • Southbound (CPE) device are managed by north bound controller. Reduced manual configuration task.
  • Introduces application aware routing. 


SDN terms:

  • APIs (Application programming interfaces) – simplifies network view for app developers.
  • Embedded programming language – e.g Python interpreter.
  • Network controller – simplifies writing source code for developer
  • ASIC firmware – provides access to lower-lever firmware
  • Application hosting – network devices with dedicated hardware to host apps
  • CMS (Configuration management software) -   e.g Ansible, Chef, Puppet.
  • XMPP (Extensible management and presence protocol) - open source technology used for IM and presence

 

Separates Data plan , control plan and management plan.

  • CPU intensive task Control Plan and management plan is removed from router and move to central controller.
  • uses protocol like MP-BGP or OMPS (Overlay management protocol)


Cisco created iWAN (based on dmvpn), Cisco now brought Viptela (SD WAN vendor). We have other vendor like Versa 

 SD-WAN component


Cisco SD-WAN

  • vBond
  • Control Plane (vSmart)
  • Mgmt (vManage)
  • Data plane (vEDGE cEDGE)


Versa SD-WAN

  • Versa Director
  • Versa Controller
  • Versa Analytic 
  • Edge CPE



Controller:

  • Support app aware routing policies, here it will monitor circuit and take decision to divert traffic over better link in case you have redundant circuit.
  • can take care of each individual app of office 365, e.g skype , email separately. It dig dipper for each application and route accordingly.
  • We can segment traffic like VRF.
  •  We are also getting following product built in with SD-WAN
    • APP aware enterprise firewall
    • IPS
    • DNS layer enforcement with Umbrella
    • URL filtering.

All of above thing can be managed using vManage


Orchestrator ( vBond  / Versa Director )

  • Acts like single pane of glass to manage system.  

When we get new router for Branch office it should be able to reach vBond. Cisco vBond and Cisco vBond will redirect it to customer vBond router. Customer vBond will verify certificate and serial number.