Cisco SD-WAN and DNA-C
SD-WAN
Cisco SD-WAN Intent-based networking for the branch and WAN 4x Improved application experience Better user experience Deploy applications in minutes on any platform with consistent application performance 40% WAN opex savings Branch Greater agility Simplify the deployment and operation of your WAN and get faster performance using less bandwidth 3.24h Time to threat detection Advanced threat protection Securely connect your users to applications and protect your data from the WAN edge to the cloud
Cisco SD-WAN Solution Built on Cisco DNA Cloud managed and controlled fabric Transport Independence Application quality of experience Control Management Analytics Internet MPLS 4G LTE End-point flexibility (Physical or Virtual) Data Center Campus Integrated Security Branch Public Cloud
Intent-based networking for the branch and WAN Transport independence Centralized cloud managed fabric Intent Learning Context Application quality of experience End-point flexibility Security Integrated security
Comprehensive threat protection Integrated security Router IPSec Tunnel VPN 1 VPN VPN 3 2 VPN 3 Cloud Data Center VPN 4 Cloud Security Meet industry compliance with end-to-end segmentation Internet MPLS Corporate Data Center Reduce attack surface with cloud and on-prem security Talos threat intelligence protects all users devices Small Office Home Office Campus 4G/LTE Branch
Simplify migration to the cloud Application quality of experience Cloud Providers Cloud Applications Secure branch to cloud connectivity protects data in motion Agile workflows simplifies extending the enterprise to IaaS or SaaS Analytics determines the optimal path for the best application experience Small Office Home Office Secure SD-WAN Fabric Data Center Branch Campus IaaS/SaaS
Optimize the user experience Analytics and assurance Visibility of applications and infrastructure across the WAN Forecasting and what-if analysis Intelligent recommendations Viptela vanalytics
Deploy branches faster at lower cost Transport independence Private Cloud MPLS 3G/4G-LTE Colocation Branch Internet Leverage internet for public cloud and Internet access Public Cloud Secure VPN overlay for private and virtual public cloud access Seamless extension to the cloud enables business policy to follow workloads
Reduce complexity for remote sites Single rich services branch platform SD-WAN Unified Communications Easy to deploy and manage services on-demand Cloud Based Security Branch On-demand physical and virtual form factors Best of breed trusted network services Application hosting Application Optimization
Meet Cisco SD-WAN
Cisco SD-WAN Solution Overview Applying SDN Principles Onto The Wide Area Network vbond vmanage APIs 3 rd Party Automation Management/ Orchestration Plane vanalytics vsmart Controllers Control Plane MPLS INET 4G vedge Routers Data Plane Cloud Data Center Campus Branch CoLo
Cisco SD-WAN Solution Roles and Responsibilities Orchestration Plane First point of authentication Distributes list of vsmarts/ vmanage to all vedge routers Facilitates NAT traversal Data Plane Physical of virtual Zero Touch Provisioning Establishes secure fabric Implements data plane policies Exports performance statistics vanalytics vbond MPLS vmanage vsmart Controllers INET 4G APIs 3 rd Party Automation Single pane of glass for Day0, Day1 and Day2 operations Multitenant or single-tenant Centralized provisioning, troubleshooting and monitoring RBAC and APIs Dissimilates control plane information between vedges Distributes data plane policies Implements control plane policies vedge Routers Management Plane Control Plane Cloud Data Center Campus Branch CoLo Most Comprehensive SD-WAN Solution in the Market
Understanding Control and Data Plane
Overlay Routing System IP: 1.1.1.53 System IP: 1.1.1.54 vsmart vsmart MPLS INET OMP peering establishes between vedge routers and vsmart Controllers and between vsmart Controllers Between System IPs Over TLS/DTLS connections Dramatic control plane complexity reduction SD-WAN Traditional IPSec networks IKE+IPSec IKE+IPSec IKE+IPSec System IP: 1.1.1.1 OMP OMP IKE+IPSec IKE+IPSec IPSec IPSec vedge DTLS/TLS Linear Control Plane Complexity O(n) IKE+IPSec Quadratic Control Plane Complexity O(n^2) Intelligent Fabric Routing
OMP Route Types and Prominent Attributes OMP Routes TLOC Label VPN-ID Tag Preference Origin Protocol Origin Metric Service Side MPLS vsmart INET vedge Connected Static Dynamic (OSPF/BGP) TLOC Routes TLOCs Site-ID System-IP Encap-Auth Public IP/Port Private IP/Port Tag Preference Weight L4-L7 Node Ultimate Flexibility and Control over Fabric Behavior Service Routes Network Service VPN-ID Service-ID Label TLOC
Data Plane Establishment TLOCs vsmart vsmarts advertise TLOCs to vedges in OMP TLOC routes SD-WAN Fabric with TLOCs as tunnel endpoints vedge TLOCs advertised to vsmarts in OMP TLOC routes IPSec IPSec IPSec vedge MPLS INET vedge Local TLOCs (System IP, Color, Encap Pub IP/Port, Priv IP/Port) BFD for quality and liveliness detection vedge vedge Transport Locator (TLOC) OMP IPSec Tunnel Flexible Data Plane
Common Data Plane Communication Per-Session Loadsharing Active/Active Per-Session Weighted Active/Active Application Pinning Active/Standby Application Aware Routing SLA Compliant MPLS INET MPLS INET MPLS INET MPLS INET SLA SLA Default Device Configurable Policy Enforced Policy Enforced Ultimate Control over Application Traffic Forwarding
Segmentation, AppQoE and Cloud onramp
End-to-End Segmentation with Multi-Topology Single Tunnel vsmart Route Tables B A C A C B Full Mesh Hub and Spoke vedge Router vedge Router IP UDP ESP LBL Original Packet Partial Mesh Point to Point Segment connectivity across fabric w/o reliance on underlay transport vedge routers maintain per-vpn routing table for complete control plane separation Resource Compartmentalization, Compliance and Attack Surface Reduction
Application Quality of Experience Queuing Rate Tokens Token Bucket vedge Conforming Default Behavior Marking Ingress Interface Q0 Q1 Q2 Q7 Egress Interface Ingress Interface Egress Interface Ingress Interface DSCP Copy DSCP Egress Interface DSCP Classification Queuing Shaping/Policing Queuing Modify with ACL/Data Policy Modify with re-write rules Deep Packet Inspection App 1 Visibility Internet SLA Routing App 2 MPLS App 3,000 Remote Site 4G/LTE Data Center Delivering Better Application Quality of Experience
Cloud onramp for SaaS and IaaS SaaS Applications Host VPCs/VNETs Regional Hub Cloud Data Center Gateway VPC/VNET Remote Site SD-WAN Fabric Campus Remote Site SD-WAN Fabric Campus Quality Probing (HTTP) Standard IPSec Versatile Cloud Adoption
Viptela Architecture Simplified Management Single Pane Of Glass Rich Analytics & Monitoring
Deploy rich services across on any platform End-point flexibility Branch virtualization Public Cloud ENCS 5100 ENCS 5400 Up to 250Mbps 250Mbps 2GB SD-WAN Branch Services vedge 100 vedge 1000 vedge 2000 ISR 1000 ISR 4000 ASR 1000 100 Mbps 4G LTE & Wireless Up to 1 Gbps Fixed 10 Gbps Modular 200 Mbps Next-gen connectivity Performance flexibility Up to 2 Gbps Modular Integrated service containers Compute with UCS E 2.5-200Gbps High-performance service w/hardware assist Hardware & software redundancy
Enterprise NFV
Introducing Cisco Enterprise NFV Network Services in Minutes, on Any Platform Cisco DNA Center/ Network Service Orchestrator/ Virtual Managed Services Virtual Router (ISRv,CSR,vEdge) Virtual Firewall (ASAv, NGFWv) Virtual WAN Optimization (vwaas) Virtual Wireless LAN Controller (ewlc) Third-Party VNFs Network Functions Virtualization Infrastructure Software (NFVIS) Cisco 4000 Series ISR + UCS E-Series Enterprise Network Compute System (ENCS) Cisco UCS C-Series / CSP-2100
Purpose built Network Hypervisor Enterprise NFV Infrastructure Software (NFVIS) REFERENCE Network Hypervisor Zero-Touch Deployment Monitoring Supports segmentation of virtual networks Abstract CPU, memory, and storage resources Automatic connection to PnP server Highly secure connection to the orchestration system Easy day-0 provisioning Netconf Notification Host and VM Statistics Packet Capture Lifecycle Management Service Chaining Open API Provisioning and launch of VNFs Failure and recovery monitoring Stop and restart services Dynamically add and remove services Elastic service insertion Multiple independent service paths based on applications or user profiles Programmable API for service orchestration Rest and NETCONF API
Current ENCS Portfolio Best of Routing & Compute Complete Virtualized Services Open for Third Party Services and Apps Enterprise Network Compute System AN W SD ENCS 5100 Series ENCS 5400 Series software NFVIS-BR ENCS 5104 4-Core CPU PoE Capacity Guidance 4-core, 3.4 GHz ENCS 5406 6-Core 6-core, 1.9GHz ENCS 5412 12-Core ENCS 5408 8-Core 8-core, 2.0GHz 12-core, 1.5GHz No No 200W 200W ISRv + 1 VNF ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs R Y D EA
Shipping Now Roadmap ENCS 5400 Series Integrated Power Supply 16-64 GB DRAM 8 Integrated LAN Ports with Optional POE Hardware Acceleration for VM Traffic 6, 8, or 12-Core Intel Xeon-D Dedicated Board Management Controller USB 3.0 Storage Optional Hardware RAID Controller Network Interface Module for LTE & legacy WAN 2 Onboard Gigabit Ethernet ports with SFP Internal M.2 Storage 2 HDD or SSD RAID 0 & 1 Optional Hardware Crypto Module