Cisco CCNP ENCOR - Cisco SD-WAN Principles and Solution Design

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] you [Music] hello my name is Jo Campo welcome to module one Lesson four of our Cisco and core video series about Cisco sd1 principles and solution design in this lesson you will learn about the difference between a traditional wide area network in the software defined wide area network we will also discuss the sd1 solution design and the sd1 deployment options what is a traditional when a traditional when provide which ability between remote branches or campus to services in applications in the data center it typically uses MPLS as primary for reliable and secured connectivity to the data center and uses the internet as a backup the traditional wine architecture was limited to enterprise branch and data center once an organization adopts cloud-based applications in the form of sass and is it's one architecture experiences an explosion of traffic accessing applications distributed across the globe these changes have multiple implications for IT employee productivity may be compromised by SAS application performance problems one expenses can rise with inefficient use of dedicated and backup circuits IT fights a daily complex battle of connecting multiple types of users with multiple types of devices to multiple cloud environments what are the disadvantages of the traditional one number one is expensive bandwidth limited bandwidth of expensive private MPLS circuits inhibits rollout and impacts performance of applications at the same time private MPLS one redundancy is complex to deploy and manage traditional one is data center dependent with no direct access to cloud resources from the branch with a hub-and-spoke network design the traffic is back hold through the enterprise data center with heavy performance penalties expect unpredictable application performance with traditional one application traffic over internet links lacks SLA is poor predictable performance every change in the application quality of service requires manual changes across the branches and the data center infrastructure is complex for traditional one traditional wine includes multitude of single function devices and appliances connected via different wine links this infrastructure sprawl causes complexity of branch IT management now let's talk about the shiny new toy called SD one SD when addresses the current IT challenges this new approach to network connectivity can lower operational costs and improve resource usage for multi-site deployments network administrators can use bandwidth more efficiently and can help ensure high levels of performance for critical applications without sacrificing security or data privacy with SD when IT can deliver routing threat protection efficient offloading of expensive circuits and simplification of when network management let's delve deeper into the business benefits of SD when number one is better application experience SD 1 provides high availability with predictable service for all critical enterprise application it provides multiple hybrid active active links for all Network scenarios it provides dynamically routed application traffic with application that we're routing for efficient delivery and improve user experience it also improves up X replacing expensive multi-protocol label switching services or MPLS services with more economical and flexible broadband including secure VPN connections number two it provides more security it provides application aware policies with end-to-end segmentation and real-time access control SD wine has integrated threat protection which is enforced at the right place it secures traffic across broadband internet and into the cloud it distributes security to the branch and remote endpoints with next-gen firewall dns security and next-gen AV optimize cloud connectivity sd1 provides seamless extension of the wine to multiple public clouds it provides real-time optimized performance for Microsoft Office 365 Salesforce in other major SAS applications it provides optimized workflows for a cloud platform such as Amazon Web Services or AWS and Microsoft Azure simplified management it provides a single centralized cloud delivered management dashboard for configuration and management of one cloud and security it also has template based zero-touch provisioning features for all locations such as branch campus and cloud lastly it provides detailed reporting of application and when performance for business analytics and bandwidth forecasting sisqó currently offers to SD wine solution the first one is Cisco SD wine which is based on with teller this is the preferred solution for organizations that require an SD wine solution with cloud-based initiatives it provides granular segmentation advanced routing advanced security and complex topologies while connecting to cloud instances the second solution by Cisco is Meraki SD when this is the recommended solution for organizations that require UTM or unified threat management solutions with SD wine functionality or for those that are existing Cisco Meraki customers looking to expand to sd when UTM is an all-in-one security solution delivered in a single appliance and typically includes the following security features such as firewall VPN intrusion prevention antivirus anti-spam and web content filtering in this section let's talk about the sd1 components based on the preferred solution which is Videla the Cisco SD wine solution is software based it's a virtual IP fabric network that builds a secure unified connectivity over any transport network or called the underlay the underlay network is the physical infrastructure for the wine such as the Internet MPLS Metro Ethernet or your 4G network the underlay network also provides a service to the overlay network and is responsible for the delivery of packets across networks the underlay network as you see here below is the infrastructure that you have now the overlay network is the sd1 solution that we're going to run on top of the underlay Network the whole point here is that Sdn is on top of those existing LAN links and no cost internet connections and then we can aggregate them together and use the most reliable method to move data between sites the Cisco Sdn is based on the same routing principles used on the internet for years if you know how OSPF BGP and networks they still do the goal here is to separate the data plate from the control plane and that will virtualize much of the routing that used to require dedicated hardware this separation between control and data plane enables the sd1 solution to run over any transport circuit if you can ping it we can build a tunnel across it as long as you have connectivity between sites like MPLS and Internet or a point-to-point link we can create tunnels between sites and then engineer the traffic to use those tunnels efficiently the Cisco V bond Orchestrator is a multi-tenant element of the Cisco SD wine fabric V bond is the first point of contact and performs initial authentication when devices are connecting to the organization overlay the event facilitates the mutual discovery of the control and management elements of the fabric by using a zero trust certificate based allowed list model Cisco V bond automatically distributes a list of V smart controllers and the V managed system to the V edge routers during the deployment process for situations in which V smart controllers the V managed system or the VH routers themselves are behind net the V band orchestrator facilitates the function of NAT traversal by allowing the learning of public and private IP addresses the discovery of public and private IP addresses allows connectivity to be established across the public network like Internet or 4G and private network like MPLS and point-to-point the V bond Orchestrator itself should reside in the public IP space or on the private IP space with one-to-one net so that all remote especially internet only sites can reach it when tied to dns this reachable V bond IP address allows for a zero touch deployment V bond should be highly resilient if B bond is down no other device can join the overlay when deployed as an on-premise illusion by the customer it is the responsibility of the customer to provide adequate infrastructure resiliency and lastly V bond can run in single or multi tenant mode sisqó V magnets is on the management plane and provides a single pane of glass for day zero day one and day two operations Cisco V managed multi-tenant web-scale architecture meets the needs of enterprises and service providers alike cisco v managed as a web-based GUI with role based access control some key functions of cisco v managed include centralized provisioning centralized policies and device configuration templates and the ability to troubleshoot and monitor the entire environment you can also perform centralized software upgrades on all fabric elements which include V edges V bond V smart and V manage itself v manage should run in high resiliency mode because if you lose V manage you lose the management plane V manage supports multi tenant mode in addition to the default single tenant mode of operation you can use V manage programmatic interfaces to enable DevOps operations and so also extract performance statistics collected from the entire fabric you can export performance statistics to external systems or to the cisco v analytics tool for further processing and closer examination cisco SD wine software provides a REST API which is a programmatic interface for controlling configuring and monitoring the siskiyou sd1 devices in an overlay Network you can access the REST API through the V manage web server the control plane is the centralized brain of the solution establishing overlay management protocol or OMP which appears with all the v edge routers control plane policy such as service chaining traffic engineering and / VPN topology are implemented by the control plane the goal of the control plane is to dramatically reduce complexity within the entire fabric network while no network data is forwarded by the control plane itself connectivity information is distributed from the control plane to all V as routers orchestrating the secure data plane of the fabric cisco v smart controllers provide scalability to the control plane functionality of the cisco SD wine fabric the V smart controllers facilitate fabric discovery by running OMP between themselves and the V edge routers the V smart controller acts as a distribution point to establish the data plane connectivity between the edge routers this information exchange includes service land side which ability transport one side IP addressing IPSec encryption keys site identifiers and so on together with the V edge routers V smart controllers act as a distribution system for the pertinent information required to establish the data plane connectivity directly between the V edge routers all control plane updates are sent from V edges to V smart in a route reflector fashion V smart then reflects those updates to all remote V edge sites this is how V edge learns about all available tunnel endpoints and user prefixes in the network since the control plane is centralized you are not required to build control channels directly between all V edge routers these smart controllers also distribute data plane and application aware routing policies to the V edge routers for enforcement control policies acting on the control plane information are locally enforced on the V smart controllers this control plane policies can implement service chaining and various types of topologies and generally can influence the flow of traffic across the fabric the use of a centralized control plane dramatically reduces the control plane load traditionally associated with building large-scale IPSec networks solving the N squared complexity problem the V smart controller deployment model not only solves the horizontal scale issue but also provides high availability and resiliency these smart controllers are often deployed in geographical dispersed data centers to reduce the likelihood of control plane failure when delivered as a cloud service these smart controllers are redundant lis hosted in the Cisco cloud when deployed as an on-premise illusion by the customer the customer must provide infrastructure resiliency the wine edge router functions as the data plane the VH routers provide a secure data plane with remote V edge routers a security control plane with V smart controllers and implement data plane in application-aware policies because all data within the fabric is forwarded in the data plane performance statistics are exported from the V edge routers VH routers are available in both physical and virtual form factors supports zero touch deployment and use traditional routing protocols like OSPF BGP and vrrp for integration with networks that are not part of the when fabric cisco v edge routers are the data plane elements of the cisco SD wine fabric cisco vh routers are essentially wine and routers that are positioned at every site at which the sd1 fabric must be extended v edge routers are responsible for encrypting and decrypting application traffic between the sites the v edge routers established a control plane relationship with a v smart controller to exchange pertinent information that is required to establish the fabric and learn centrally provisioned policies data plane and application that we're routing policies are implemented on the v edge routers VH routers export performance statistics and alerts and events to the centralized V managed system for a single point of management B edge routers use standards based OSPF and BGP routing protocols for learning which ability information from service landside interfaces and for brownfield integration with non SD wine sites v edge routers have very matured full-stack routing implementation which accommodates simple moderate and complex routed environments for layer two redundant service landside interfaces v edge routers implement virtual router redundancy protocol or vrrp as first sub redundancy protocol which can operate on a per VLAN basis V edge routers can be brought online in a full zero touch deployment fashion or by requiring administrative approval zero touch deployment relies on the use of science certificates installed in the on-board TPM or temper proof module to establish a unique router identity one of the keys to a software-defined networking solution is the visibility into the network and the applications running over that network the Cisco Sdn solution has great automation and analytics that give administrator vulnerable insights into the sd1 operations the V analytics platform provide graphical representation of the performance of your entire Cisco SD when overlay network over time and enables you to drill down to the characteristics of a single carrier tunnel or application at a particular time the B analytics dashboard serves as an interactive overview of your network in an entrance point for more details the dashboard displays information for the last 24 hours you have an option to drill down and select various time periods for which to display data the V analytics platform displays application performance with quality of experience or vqe value the BQE value ranges from zero to ten with zero as the worst performance in tennis the best the Vienna Linux platform calculates the vqv value based on latency lost and jitter customizing the calculation of each application here are some of the VI analytics features the analytics provide real-time information for failure correlation cross customer benchmarking and application performance scores it enables future planning based on intelligent data like application and bandwidth forecasting branch expansion analysis and policy change what ifs and lastly it provides a quality of experience score for applications that are running under network to help identify how your application is performing based on recent changes made on your network you so there's many options when it comes to deploying the controllers the first one is that your company can deploy the tree controller types such as be managed V smart and V bond as will be required by your environment this can be hosted on your own on-premise or private cloud the second option is through an MSP or the managed service provider the recommended approach is through the Cisco cloud on this option the controllers will be deployed in the Cisco cloud which is entirely managed by Cisco so controllers of course must be IP reachable right from the edge devices and from other controllers the actual location is technically flexible as long as the controllers are hosted entirely in the cloud which is the recommended model Microsoft Azure and Amazon Web Services are directly supporting and integrated into the solution you can deploy in single or multiple availability zones you can also deploy controllers entirely on-premise you know that right column over there you can use public and private transport networks but you must consider some specific design issues and we could also do a mix of the two deployment models it's always it's important to point that the controllers can reach each other on an IT level and the VH devices can reach the controllers right so because they're going to need to talk to each other regardless of where they are if they're in the cloud we're obviously going to have to have internet connections to the controller if they're on-premises we can have private connections to the cloud so if you have an MPLS CAC connection only for a site and it cannot connect to the cloud enabled controller but we can connect to our data center we can connect to the V smart and V bond there in this lesson you learned about the difference between a traditional wide area network and the software-defined wide area network we also talked about the sd1 solution design and the sd1 components which are the V managed V smart V bond VH and the V analytics we also spoke about the sd1 controller deployment options such as managed by Cisco cloud operations MSP operations team or your own enterprise IT
Info
Channel: Paul Browning
Views: 2,204
Rating: 4.9344263 out of 5
Keywords: cisco sd wan, sdwan, sd-wan, cisco, cisco sd wan training, viptela training, sd wan, viptela sd wan, sd wan solutions, sd wan gartner, cisco sd wan viptela, cisco viptela training, ccna, ccnp, ccie, sd wan training, SD-WAN, SDN, SD-Access, ENCOR, dmvpn, cisco sd wan solution, cisco sd wan tutorial, traditional wan vs SD-WAN, cisco ccna, cisco training, new ccna, cisco ccna full course, cisco ccna certification, new cisco, CCNP, CCNP ENCOR
Id: jpG0Rw_jDxk
Channel Id: undefined
Length: 23min 1sec (1381 seconds)
Published: Tue Apr 21 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.