Cisco SD-WAN Training
1. Introduction to Cisco SD-WAN Architecture
How is the SDN network different from traditional network architecture? What are Cisco Solutions for SDN networks? What is a Cisco SDN Solution for WAN Networks? and most importantly, How is the Cisco SD-WAN architecture? These are the questions that will be answered in this section.
2. Cisco SD-WAN Implementation Guide
In the next section we will start to implement SD-WAN infrastructure. therefore in this section we will prepare Cisco SD-WAN implementation guide that shows exactly what we will do in the next steps.
3. SD-WAN Certificate Authority Configuration
To start installing and configuring SD-WAN controllers, the first step is to prepare a SD-WAN certificate authority server, since certificate is the main authentication method between controllers and also SD-WAN routers. all components of the SD-WAN architecture receive their own certificate from the certificate authority. this is what we will do in this section.
4. cisco SD-WAN vManage Installation and Configurationn (20.3.4)
Cisco SD-WAN vManage Installation and Configuration is the goal of this section. vMnagae is management-plane section of cisco SD-WAN controller. Throughout this course we will work with vManage to Configure and Manage our SD-WAN Infrastructure.
5. Cisco SD-WAN vBond Installation (Version 20.3.4)
vBond is another controller in SD-WAN infrastructure. it is the fist point of contact and must be reachable to all other controllers and also WAN routers. The installation and configuration of the vBond controller is discussed in this section.
6. cisco SD-WAN vSmart Installation (Version 20.3.4)
The Cisco SD-WAN vSmart installation and configuration process is exactly the same as for vBond controller. Install vSmart, install certificate for vSmart, and finally create DTLS tunnels between vSmart with vBond and vManage controllers. DTLS Tunnels will be used to transfer management and control traffics between controllers.
7. cisco SD-WAN WAN Edge List Provisioning
Cisco SD-WAN WAN Edge List Provisioning means that you must obtain licenses of your WAN routers from Cisco website before you can add them to your SD-WAN infrastructure. this is what we are going to do in this section.
8. Add WAN Edge Router in SDWAN Infrastructure
In previous sections, all of SD-WAN controllers are installed. Now is the time to add WAN edge router to complete our SD-WAN infrastructure. That is the discussion of this section.
9. SD-WAN Templates and WAN Edge Routers
Three controllers and four WAN routers within the SD-WAN infrastructure are already configured using CLI mode of course CLI mode cannot be scalable to configure, manage and monitor thousands of WAN routers. Therefore, in this section we will change the configuration mode of the WAN edge routers from CLI to vManage, so that all remaining configurations are carried out via vManage GUI interface and with the help of SD-WAN templates.
10. SD-WAN Template and Controllers
In the last section we changed the configuration mode of the WAN Edge Routers from CLI to vManage using SD-WAN template. In this section we change the configuration mode of the controller from CLI to vManage with the same concept.
11. Add second transport in SD-WAN
Adding a second transport in SD-WAN is what we will implement in this section. We have already set up an SD-WAN infrastructure via internet transport. In this section, our second transport, MPLS, will be added to our SD-WAN infrastructure. This is done through the vManage GUI interface since we have already changed the configuration modes from CLI to vManage.
12. Cisco SD-WAN Service VPN
Cisco SD-WAN Service VPN are subnets and services distributed behind SD-WAN network which communicate over SD-WAN infrastructure. in other words, the LAN part of SD-WAN infrastructure that is not yet ready in our topology. This section is devoted to create LAN section of the SD-WAN infrastructure using Service VPN.
13. Cisco SD-WAN OMP Routing Concept
Understanding Cisco SD-WAN OMP routing concept is required to implement and troubleshoot policy-based routing or traffic engineering on SD-WAN infrastructure. Therefore, this section is dedicated to further details into SD-WAN OMP routing protocol.
14. OSPF in Service VPN in Cisco SD-WAN
OSPF in Service VPN in Cisco SD-WAN is the target of this section which means to enable OSPF routing protocol (and also static route) between WAN Edge router in main Office in our SD-WAN infrastructure and enterprise datacenter which is also located in the main office and then redistribute routes between OSPF and OMP Routing Protocol. Therefore, users all over SD-WAN Infrastructure can communicate with different areas of Enterprise such as data center.
15. SD-WAN BGP Configuration in WAN Transport
SD-WAN BGP Configuration in WAN Transport is what will be implemented in this section. Already default route is used in edge routers to access wan connectivity over internet and MPLS transport. but in most cases, it is necessary to implement BGP in WAN transport.
16. Cisco SD-WAN Route Policy
Cisco SD-WAN Route Policy is a tool for route manipulation. route filtering, changing metrics or metric type, adding community, and changing AS-Path are some of the manipulations that we can apply while receiving or advertising routes.
17. Cisco SD-WAN Topology
Cisco SD-WAN Topology has a full-mesh topology by default. in other words all sites can communicate with each other without any limitation. In this section two other topologies, hub and spoke and mesh topology is implemented in cisco SD-WAN infrastructure.
18. Cisco SD-WAN Custom Topology
Cisco SD-WAN Custom Topology is what we will implement in this section. default SD-WAN topology is full mesh and in the last section we implemented hub and spoke and mesh topology. custom topology requires us to manipulate OMP routes and TLOC updates.
19. Cisco SD-WAN non-direct internet access
Cisco SD-WAN non-direct internet access is the discussion of this section. non-direct internet access means tunnelling branch Internet traffic to a central site or datacenter for Internet access.
Cisco SD-WAN direct Internet Access will be discussed in another section.
20. Cisco SD-WAN access list and application firewall
Cisco SD-WAN access list and application firewall is to filter data traffic as in non-SDN network environments. In this section we learn how to filter data traffic in network and transport layer and also application layer with the help of native cisco SD-WAN application firewall.
21. Cisco SD-WAN Traffic Engineering
Cisco SD-WAN Traffic Engineering, route traffic on a different path than routing table, without changing routing table, exactly like PBR (Policy Based Routing) in traditional Cisco routers.
22. Cisco SD-WAN Application Aware Routing
Cisco SD-WAN application routing enables routers to route traffic based on their QoS requirements. You can specify QoS requirements such as delay, jitter, and loss for each application, and application-aware routing helps the router to route traffic in a path to meet QoS requirements. This feature is a data plane policy, meaning it doesn’t change routing table.
23. cisco SD-WAN Bandwidth Policing
Cisco SD-WAN Bandwidth Policing makes it possible to limit bandwidth of specific data traffic. It is a data plane policy which can be implemented both in localized and centralized policy.
24. cisco SD-WAN Traffic Shaping
Cisco SD-WAN Traffic Shaping is another QoS feature for limiting traffic bandwidth. What is the difference between traffic policing and traffic shaping? Where traffic shaping or traffic policing is used? These are the questions which will be answered in this section.
25. cisco SD-WAN QoS : Queuing
Cisco SD-WAN QoS tools help us ensure the quality of applications. One of the most important tools is queuing, which prioritizes delay-sensitive applications and guarantees bandwidth for application in proportion to their needs, so that junk or bulk traffic does not occupy the entire bandwidth.
26. Cisco SD-WAN Route Leaking
Cisco SD-WAN Route Leaking enables communication between different service VPNs. By default, no communication between different VRF or Service VPNs are allowed.
27. Cisco SD-WAN Direct Internet Access
Cisco SD-WAN Direct Internet Access enables sites to use the same Internet that is used for SD-WAN inter-site and internal transport connectivity. direct internet access and service publishing are implemented using NAT technology. These are the concepts that we will implement in this section.
28. Cisco SD-WAN VPN Label
Cisco SD-WAN VPN Label concept is important to understand so we can analyse and troubleshoot Cisco SD-WAN network connectivity. I decided to discuss this topic in this section so that we can better understand the concept of service chaining, which will be discussed in the next few sections.
29. Cisco SD-WAN Subinterface Template
Cisco SD-WAN subinterface configuration is the subject of this section to overcome the limitations of the physical interface in WAN edge routers.
Creating sub-interfaces is generally not an important concept to talk about. However, there are two small points in creating a subinterface in a Cisco SD-WAN environment. That is why I decided to create this video.
30. Cisco SD-WAN Service Chaining
Cisco SD-WAN service chaining allows us to force traffic through some central services like firewall and IPS before it is forwarded to the destination.
However, service chaining is not supported in CSR1000v but I will try to show the concept and configuration except for final result.
31. Cisco SD-WAN Security Policy
Cisco SD-WAN Security Policy offers us native built-in SD-WAN security features such as zone-based firewall, intrusion prevention system (IPS), URL filtering, anti-malware protection, DNS security and TLS/SSL decryption to be implemented directly in WAN edge routers.