ENCOR Flashcards
SD WAN - what is the controller
vManage
vManage is what type of itnerface
HTTP website
vSmart
Control plane
Pushes policies down to edge
vEdge
Edge Router in SD_WAN
vBond
Orchestrator - Zero-touch provisioning
Newer cisco verison of vEdge
cEdge
SD-WAN - what topologoes is enabled with the most basic liences?
Hop and spoke
SDWAN topologies
Hub and Spoke
Partial Mesh
Full mesh
PTP
In SD-WAN - What technologies enable application aware SLA(service-levelagreement)?
DPI
6-Tuple
DPI stands for
Deep Packet Inspection
6-Tuple refers too
6 Tuple is inspection of :
- S,D IP
- S,D Port
- QoS -DSCP
- IP protocol
SD-WAN enables a user to deal with multiple WAN links, such as a leased line and MPLS circuit. What are the different SD-WAN configurations avaliable?
Active-Active
Active-Active (weighted)
Active-Standby (pinning)
Application-Aware SLA
SD-WAN : multiple WAN’s - Active-Active
Load balance across multiple WAN connections
SD-WAN : multiple WAN’s - Active-Active (weighted)
Weighted Load balance across multiple WAN connections
SD-WAN : multiple WAN’s - Active-Standby (pinning)
some applications always use one link, others (such as voice) always use one link
SD-WAN : multiple WAN’s - Application-Aware SLA
Tracking metrics and responding
SD-WAN - Protocol between vSmart and vEdge
OMP - Overlay Management Protocol
OMP is responsible for telling …
telling vEdge/cEdge on how to create IPsec tunnels
OMP uses what protocols
TCP/TLS
bVond - Important considerations
Must have a public IP address
1:1 NAT
Why is NAT traversal required in SD-WAN
IPsec tunnels are L3 so there is NO port numbers for the NAT to grab onto
If NAT-T is enabled, what does SD-WAN do when it detects NAT is enabled
Switches from IPsec headers to UDP 4500
Allows NAT traversal
What does vBond push new devices to vManage
Admins must approve new devices to ecosystem
Gets pushed to vSmart
Why is vBond needed?
vSmart and vEdge don’t know about each other
How does vBond help with NAT travesal?
Both vEdge/cEdge on a side of a NAT firewall
vBond sends packets at same time (knows public/private addresses) to each device which builds that NAT mappings
OR vBond sends dummy packets
SD-WAN Controller Deployment Models
Pyblic
Hybrid
Hybrid w/ private IPs
SD-WAN Controller Deployment Model - Public
Use AWS or other public cloud providor
vSmart/vBond and vManage in multiple AWS regions
SD-WAN Controller Deployment Model - Hybrid
Some vSmart/Manage/Bond in cloud
others in private data centers
Avoids issue of WAN circuits going down
SD-WAN Controller Deployment Model - Hybrid w/ Private IP addresses
Some vSmart/Manage/Bond in cloud
others in private data centers
Private IP addresses used in PERSONAL Wan circuits
Is it RECOMMENDED vSmart and vManage be behind 1:1 NAT
Yes, but not enforced
Example of hardware SD-WAn can be deployed on
ISR&ASR series
ENCS 5000 series
CSR 1000V
SD-WAN - zero touch provisioning
Devices (vEdges and cEdges) configured automatically (without involvement) when joining the network. Compoennts:
What components allow ZTP in SD-WAN
Template configuraiton
Whitelist on vManage
ZTP Router turn on process
1) Turns on
2) Connect to “ZTP Cloud Server” – Cisco Server
3) Gets vBond address
ZTP uses certificates for security of vManages and vSmarts