SD-WAN, SDA, Fabric Flashcards
SD-WAN, SD-Access, ACI
Why type of Tunnels does SD-WAN leverage?
IPSec
What is the name of the device where SD-WAN Policy is defined?
The Controller
What are the 4 main components of Cisco SD-WAN and what are their functions?
vManage - GUI and API VM used to configure and manage SD-WAN
vSmart - the controller that pushes the policy and acts as the data plane for the SD-WAN
vEdge / cEdge - These are the SD-WAN Edge Routers
vBond - the out of band orchestrator
What is cEdge and how is it different from vEdge?
cEdge is a Cisco ISR router running Viptella firmware. The main difference is that cEdge supports advanced security features that vEdge does not.
What features does cEdge have that vEdge does not?
- Cisco AMP and Threat Grid
- Enterprise Firewall
- Cisco Umbrella DNS
- URL Filtering
- Snort IPS
What are the three main features of vBond?
- Control Plane Connection - permanent control plane connection to each vSmart controller
- NAT Traversal
- Load Balancing - load balances routers to vSmart controllers when more than one exist in a domain
What are the benefits of SD-WAN?
- Lower Costs and Reduce Risks with simple WAN automation and Orchestration
- Extend Enterprise networks seamlessly into the public cloud
- Provide optimal user experience for SaaS applications
- Leverage a transport-independent WAN for lower cost and higher diversity. This means the underlay network can be any type of IP-based network, such as the Internet, MPLS, 3G/4G LTE, satellite, or dedicated circuits.
- Enhance application visibility and use that visibility to improve performance with intelligent path control to meet SLAs for business-critical and real-time applications.
- Provide end-to-end WAN traffic segmentation
What are some limitations of Cisco SD-WAN?
- Base SD-WAN license only allows for a Hub-and-Spoke topology
- If there are two vManage, they must be Active/Passive
- vAnalytics feature requires an additional license
- vBond must have a public IP address (or NAT’d private)
- Some ISR/ASR modules may not be compatible with cEdge
- Deep Packet Inspection (DPI) requires additional licensing
What are the four different SD-WAN traffic forwarding options when configuring a policy?
- Active/Active: Load Balanced
- Active/Active Weighted: Load balanced based on bandwidth
- Active/Standby Pinning: Application traffic has a preferred route unless it is down
- Application Aware SLA: application traffic chooses a route based on network metrics such as loss and jitter
In SD-WAN, what is OMP?
Overlay Management Protocol - this is the control plane information and controller policies that is sent from vSmart to the vEdge. Sent over TCP using SSL
What are the three different types of SD-WAN deployment models?
- Public: on AWS
- Hybrid: on-prem using Public IPs
- Hybrid w/ Private IP: when ISP rejects public IP route
What is a TLOC extension?
A connection between two vEdge routers at the same site that create a “U-shaped” topological connection to two redundant WAN links.
TLOC = Transport Locator
When deploying a vEdge or cEdge router using Zero Touch Provisioning (ZTP), what is the first thing the router attempts to communicate with?
A ZTP Server that is hosted and managed by Cisco on the Internet
When deploying a vEdge or cEdge router using Zero Touch Provisioning (ZTP), what are the only protocols enabled on the outside interface by default?
DNS, DHCP, and ICMP
When DPI is not enabled in SD-WAN, what are the 6 parameters used to identify an application within a policy?
1 -2) Source and Destination IP address
3 - 4) Source and Destination Port
5) DSCP value (QoS)
6) Protocol Number
