SDWAN basic of work flow

 People are doing cisco SDWAN Certification but they need to understand basic of work flow .

Basic Architecture :
Controllers : Vmanage , Vsmart , Vbond ( Always Software)
Edge device : Vedge / Cedge ( Always Hardware )
Controllers can be hosted on AWS , Azure (Cloud )
Controllers when On premises - ESXI , KVM ( Virtualization )
OMP : overlay Management Protocol
System IP is always endpoint to OMP peer .
OMP established between Vsmart (in case of Multiple Vsmart)
OMP established between Vedge to all Vsmart .
End Point is always system IP of devices for establishment of OMP
OMP always run under DTLS / TLS tunnel
OMP is Cisco Propriety Protocol
DTLS/TLS is Industry Protocol
DTLS = udp based
TLS = TCP based
Vedge to Vbond always DTLS and its Temporary/Transient
Vedge to Vsmart Both DTLS /TLS - Permanent
Vedge to Vmanage both DTLS/TLS-Permanent

note : Cedge can also be software ( in cloud DC and lab environment )

Question : I am attaching Small scenario , Please answer following
How many OMP peer from Vedge A
How many OMP peer from Vedge B
How many TLS tunnel from Vedge A
How many TLS tunnel from Vedge B

Traffic classification and marking

 When you are working as network lead , network Architect in cisco SDWAN solution .

you should be very good with traffic classification and marking , this will help you also to define AAR policy .

As SDWAN is more application centric , we should good to identify type of traffic , categorization of traffic , how to mark those traffic and after marking these traffic and calling them in aar policy (by matching and setting prefered path .)

nothing is zero touch my friends in Reality , its look good with Sales Deck

AAR

 Application aware routing is centralized Policy .

In Centralized Policy further classification it's data Plane Policy ( because it will impact site to site user traffic )

Conclusions : Centralized Data plane policy.

Site A ---- Site B have IPsec tunnel over MPls ( Private 1 ) and IPsec tunnel over Internet ( public ). By default communication from site A to site B for application will be done by both path ( equal cost multi path ) .

But I want to apply policy to utilise MPLS for critical services like video call , so I will preferred path color Private 1 for video call and backup path public

I will preferred path FTP or less equal priority traffic from A to B from ISP tunnel

SDWAN is more application Centric .

 SDWAN is more application Centric .

One of the most important Feature is Cisco SDWAN is AAR: Application Aware Routing .

Administrator need to understand what major Category of user application or Traffic .

There are four type of Pre defined SLA class with some value of loss (First Column ) , Latency (2nd Column) , Jitter (3rd Column).

You can edit this Value and also add new SLA Class also.

Note that any number of SLA Class can be created, but only 4 SLA class can be associated to the Application Aware Routing policy

TLS

 If you are reading /learning Cisco SDWAN , you will heard about TLS (Transport Layer Security)

Don't get confuse with SSL .
TLS is Successor of SSL.

Three versions of SSL (Develop by Netscape) have been released: SSL 1.0, 2.0, and 3.0. ( Each Version now Deprecated)

Four versions of SSL (Develop by IETF ) have been released: TLS 1.0, 1.1, 1.2, and 1.3. ( 1.0 , 1.1 Version now Deprecated , 1.2 Widely used ).

A website that implements SSL/TLS has "HTTPS" in its URL instead of "HTTP."

OMP

 When someone say OMP, Below are key points:

-OMP works under DTLS/ TLS tunnel
-DTLS works in UDP and its industry standard
-TLS works on TCP and its industry standard
-OMP only cisco
-OMP peering from vEdge - Vsmart
-OMP peering from Vsmart - Vsmart
-OMP peering always form with system IP
Vsmart act as route reflector if he received OMP routes will reflect to all vEdge

OMP is easy

Key Notes

 f some one Saying Control Policy (interviewer / Customer/ partner) , Which keywords hit in your brain

 : Control POLICY = Topology Policy 
 : Control Policy fall under Centralised Policy (Centre of gravity is Vsmart )
 : Control policy impacts Control plane
 : Tweak OMP/TLOC route or both as per business requiremnt 
 : match , action ,set 
 : once control policy is ready , need to apply outbound/inbound direction from vsmart



Approach : All OMP from Site A , Site B and Site C advertised should have omp -tag 500 .
#
*******Site list Approach/Thought Process****************
So lets define site list ABC (11,12, 13) which have site id of site A.B,C as OMP-tag is common for all of them .
Lets define other Site list DC (100) , which will have only site id of DC .

 site-list ABC
 site-id 11-13
!
 site-list DC
 site-id 100

************Control Policy Approach/ Thought Process*************
Define control policy name :(Topology Policy )
We are choosing OMP route under Topology Policy/ Control policy .
Match : on Site-list and any prefix from site A , B, C
Action : Accept
Set : OMP tag 500


 control-policy XYZ
  sequence 1
   match route
   site-list ABC
   prefix-list Any_prefix
   !
   action accept
   set
    omp-tag 500
   !
   !
  !
 default-action accept
!

****Control Policy Calling in which direction and impact on which site*****************************

As DC supposed to recieved OMP from Site A, Site B , Site C With Tag 500 , so we will Call Site-list DC to get impacted with Control Policy XYZ from Outwards direction from Vsmart Prospective

site-list DC
 control-policy XYZ out