Cisco SD-WAN (Viptela) - clnv.s3.amazonaws.com€¢Cisco SD-WAN is the next generation software...

Cisco SD-WAN (Viptela) Migration, QoS and Advanced Policies Hands-on Lab

Ali Shaikh – Technical Leader

Faraz Shamim – Sr. Technical Leader

Mossaddaq Turabi – Distinguished ENgineer

LTRCRS-3550

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#LTRCRS-3550

• Introduction

• Migration Strategies

• Templates + Zero Touch Provisioning

• Policy Overview

• Hub & Spoke Topology + Preferential DataCenters

• Service Chaining

• Cloud Express for SaaS

• Application Aware Routing

Agenda

Introduction


Introduction

• Cisco SD-WAN is the next generation software defined architecture for the WAN.

• It is a controller based architecture leveraging centralized policies .

• This lab assumes an understanding of the Cisco SD-WAN components and how they construct overlay communication between them:

• vManage – The overlay management appliance

• vSmart – The overlay policy and routing enforcement appliance

• vBond – The overlay orchestrator appliances

• vEdge – The network routing edge appliance

• The goal of this lab is to learn to manipulate the overlay beyond a basic setup to achieve different topologies and network functions.

6LTRCRS-3550


Cisco SD-WAN Architecture

Management Plane

Control Plane

Data Plane

APIs

vSmart Controllers

vAnalytics3rd Party

Automation

vManage

Data Center Campus Branch SOHOCloud

vBond

vEdge Routers

4GMPLS

INET

vOrchestrator Service Orchestration

LTRCRS-3550 7


Cisco SD-WAN Elements and Functions

8LTRCRS-3550

vBond orchestrator

First point of authentication (white-list model)

Orchestrates control and management plane

Facilitates NAT traversal

vManage is the NMS system (a single pane of glass), for the entire SD-WAN fabric

vSmart controllers:

Distribute reachability and security information between the vEdge routers

Distribute data and app-route policies to vEdges

Enforce control policies

vEdge routers

WAN Edge Routers

Establishes OMP session with vSmart for overlay routing

Supports legacy protocols for LAN BGP, OSPF, VRRP

Establishes a secured data plane between sites

Available as HW appliance or as a softaware-only virtual machine (VM)


Secure Segmentation - VPNs

9LTRCRS-3550

MPLS

INET

Transport

(VPN0)

IF

IF

Service

(VPNn)

IF

IF

Management

(VPN512)

IF

• VPNs are isolated from each other, each VPN has its

own forwarding table

• vEdge router allocates label to each of it’s service

VPNs and advertises it as route attribute in OMP

updates- Labels are used to identify VPN in the incoming packets

VPN10

VPN20


Fabric OperationReachability, Security/TLOCs and Policies

BGP, OSPF, Connected, Static

BFD

IPSec Tunnel

OMP

DTLS/TLS Tunnel

Transport1

Transport2VPN1

A

VPN2

B

VPN1

C

VPN2

D

BGP, OSPF, Connected, Static

vSmart

OMPUpdate

OMPUpdate

vEdge1 vEdge2

Subnets Subnets

TLOCs TLOCs

PoliciesOMP

UpdateOMP

Update

T1

T2

T3

T4

T3 T4 T1 T2

Configurations and Zero Touch Provisioning (ZTP)

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12LTRCRS-3550

Configuration and Policy Framework

vManage

vSmart vEdge

Device Configuration Device Configuration

Local Control Policy

(OSPF/BGP)

Local Data Policy

(QoS/Mirror/ACL)

Centralized Control Policy

(Fabric Routing)

Centralized Data Policy

(Fabric Data Plane)

Centralized App-Aware Policy

(Application SLA)

Centralized Data Policy

(Fabric Data Plane)

Centralized App-Aware Policy

(Application SLA)

Centralized

Policies

Localized

Policies

NETCONF/YANG

OMP


Zero Touch Provisioning - Overview

• The Zero Touch Provisioning service relies on:• A license file provided by Cisco for the overlay.

• Explicitly marking a device as ”valid” or “staging”.

• A configuration template for the device.

• A device configuration template consists of• Basic Information – Device identifiers (Hostname, System-IP, Site-ID)

• Transport & Management VPN – The VPNs for circuits and out-of-band management

• Service VPN – The LAN side at the branch or datacenter

• Additional Templates – Miscellaneous items such as Banners

• Each section is made of independent modules called “Features”.

• A full device template is made up of combining all the ”Features” into the relevant Device Sections to create a Device Template.

13LTRCRS-3550


GUI based Templates / Feature Templates


QoS/SNMP/Banner Templates


QoS Configurations

policy

app-visibility

flow-visibility

class-map

class VOICE queue 0

class VIDEO queue 1

class BIZ-DATA queue 2

class BEST-EFFORT queue 3

!

!

16LTRCRS-3550

qos-scheduler besteffort_scheduler

class BEST-EFFORT

bandwidth-percent 5

buffer-percent 5

drops red-drop

!

qos-scheduler bizdata_scheduler

class BIZ-DATA

bandwidth-percent 50

buffer-percent 50

drops red-drop

!

qos-scheduler video_scheduler

class VIDEO


buffer-percent 30

!

qos-scheduler voice_scheduler

class VOICE


buffer-percent 15

scheduling llq

!

qos-map WAN-QOS

qos-scheduler besteffort_scheduler

qos-scheduler bizdata_scheduler

qos-scheduler video_scheduler

qos-scheduler voice_scheduler

!

!

access-list GuestWiFi

sequence 10

action accept

class BEST-EFFORT

!

!

default-action accept


CLI based Device Configuration Template

• Take the CLI based configuration of the device

• Create a Device template

• Highlight the text and create a device specific variable

• Policy definition is part of the device template

• Used for Branch 1 devices

17LTRCRS-3550


CLI based Device Configuration Template

18LTRCRS-3550


Zero Touch Provisioning - WorkflowControl and Policy Elements

Assumption:

• DHCP on Transport Side (WAN)

• DNS to resolve ztp.viptela.com

Zero Touch Provisioning Server

1

2

Full Registration and

Configuration

5

3

4

vEdge

LTRCRS-3550 19

MigrationStep 1 – DC Deployment


Baseline Topology and Configuration

MPLS Transport

AS 100

198.18.133.0/18

DC1

San Jose

DC2

Chicago

Los Angeles

Branch Type 1

Dallas

Branch Type 2

10.4.0.0/24

10.3.0.0/24

10.2.0.0/24

10.4.254.0/24

HostHost

BGP

AS 65004

Wkst-1

Test Host Test Host

.36 .21.21

.200

.10

OSPF

BR2-MPLS-CE

FW

.1.1

FW

BR1-MPLS-CE

BGP

AS 65003

BGP

AS 65002BGP

AS 65001

OSPFOSPF

.10

.200

DC1-MPLS-CE DC2-MPLS-CE

.221 .221

21LTRCRS-3550


Cisco SD-WAN Site Brownfield DeploymentGateway/DC Site Deployment

Internet MPLSSD-WAN

Overlay

BGP/OSPF

OMP

Identify Gateway/DC Sites providing connectivity

between SD-WAN and legacy sites

Legacy sites talk to each other directly

SD-WAN sites talk to each other directly

Legacy router/connectivity is dropped in the

DC/Gateway sites once migration is complete

DC/Gateway Site

SD-WAN Sites

Legacy/MPLS Sites


Step – 1 : Deploy vEdges in the DC

23

New capabilities and enhancements

• Bandwidth Augmentation and Hybrid Transport (MPLS + Internet)

• VPN Segmentation (Corporate-10, PCI/IOT-20, Guest WiFi-40)

LTRCRS-3550


Deploy DC vEdges along with existing MPLS CPEs

Los Angeles

BR1– Site ID 300

Dallas

BR2– Site ID 400

10.4.0.0/2410.3.0.0/24

10.4.254.0/24

Test Host Test Host

.200

.10.10

OSPF

Internet

Transport

AS 200

MPLS Transport

AS 100

ZTP

Controllers

198.18.133.0/18

DC1 – Site ID 100

San Jose

DC2 – Site ID 200

Chicago

10.2.0.0/24

HostHost

System-IP

10.1.0.1

System-IP

10.2.0.2System-IP

10.2.0.1

System-IP

10.1.0.2

Wkst-1

.36 .21

.211 .212

.21

.211 .212OSPFOSPF

DC1

VEDGE1

DC1

VEDGE2

DC2

VEDGE1DC2

VEDGE2

FW

.1.1

FW

.200

Zero Touch ProvisioningStep 2 – Deploy vEdge in BR2 using ZTP


Zero Touch Provisioning – Lab Notes

• In this lab, a number of device templates have been created.

• In this lab, the features that will be used for all the sites have also been created.

• We will manipulate the values and fields already set in the features in this lab to modify the environment.

• We will use the device templates to push configuration to devices at the data center and at the branch.

• Once the configuration has been setup for the devices, we will observe the Zero Touch Provisioning process by which devices that have not become part of the network are brought in to the environment.

26LTRCRS-3550


Dallas

BR2– Site ID 400

10.4.0.0/24

10.4.254.0/24

System-IP

10.4.0.1

Test Host

.10

.21

OSPF

BR2

VEDGE1

Los Angeles

BR1– Site ID 300

10.3.0.0/24

Test Host

.10

Internet Transport

AS 200MPLS Transport

AS 100

ZTP

Controllers

198.18.133.0/18

DC1 – Site ID 100

San Jose

DC2 – Site ID 200

Chicago

10.2.0.0/24

HostHost

System-IP

10.1.0.1

System-IP

10.2.0.2System-IP

10.2.0.1

System-IP

10.1.0.2

Wkst-1

.36 .21

.211 .212

.21

.211 .212OSPFOSPF

DC1

VEDGE1

DC1

VEDGE2

DC2

VEDGE1DC2

VEDGE2

FW

.1.1

FW

Replace Existing MPLS CE with vEgde in Branch 2


Dallas

BR2– Site ID 400

10.4.0.0/24

10.4.254.0/24

System-IP

10.4.0.1

Test Host

.10

.21

OSPF

BR2

VEDGE1

Los Angeles

BR1– Site ID 300

10.3.0.0/24

Test Host

.10

Internet

Transport

AS 200

MPLS Transport

AS 100

ZTP

Controllers

198.18.133.0/18

DC1 – Site ID 100

San Jose

DC2 – Site ID 200

Chicago

10.2.0.0/24

HostHost

System-IP

10.1.0.1

System-IP

10.2.0.2System-IP

10.2.0.1

System-IP

10.1.0.2

Wkst-1

.36 .21

.211 .212

.21

.211 .212OSPFOSPF

DC1

VEDGE1

DC1

VEDGE2

DC2

VEDGE1DC2

VEDGE2

FW

.1.1

FW

Traffic flow between Migrated and non-Migrated Sites

MigrationStep 3 – Deploy vEdges in BR1 with TLOC Extension


TLOC Extension and Configuration

MPLS INET

br1-vedge1 br1-vedge2

ge0/3

10.5.52.51/24

ge0/2

10.5.51.51/24

vpn 0

interface ge0/0

description MPLS tunnel

ip address 100.65.51.1/30

tunnel-interface

encapsulation ipsec

color mpls restrict

max-control-connections 1

[service list]

!

interface ge0/2

description INET tunnel

ip address 10.5.51.51/24

!

tunnel-interface

encapsulation ipsec preference 100

color biz-internet restrict


[service list]

!

interface ge0/3

ip address 10.5.52.51/24

tloc-extension ge0/0

no shutdown

!

ip route 0.0.0.0/0 100.65.51.2

ip route 0.0.0.0/0 10.5.51.52

vpn 0

interface ge0/0

description INET tunnel

ip dhcp-client

nat

!

tunnel-interface

encapsulation ipsec

color biz-internet restrict


[service list]

!

interface ge0/2

ip address 10.5.51.52/24

tloc-extension ge0/0

no shutdown

!

interface ge0/3

description MPLS tunnel

ip address 10.5.52.52/24

tunnel-interface

encapsulation ipsec

color mpls restrict


[service list]

!

ip route 0.0.0.0/0 10.5.52.51

ge0/0

100.65.51.1/24

ge0/0

dhcp

ge0/2

10.5.51.52/24

ge0/3

10.5.52.52/24

ip route 10.5.52.52/32 100.65.51.1

Add route to reach

br1-vedge2 mpls

tunnel end-pointDo not forget NAT

LTRCRS-3550 30


Dallas

BR2– Site ID 400

10.4.0.0/24

10.4.254.0/24

System-IP

10.4.0.1

Test Host

.10

.21

OSPF

BR2

VEDGE1

Internet Transport


AS 100

ZTP

Controllers

198.18.133.0/18

DC1 – Site ID 100

San Jose

DC2 – Site ID 200

Chicago

10.2.0.0/24

HostHost

System-IP

10.1.0.1

System-IP

10.2.0.2System-IP

10.2.0.1

System-IP

10.1.0.2

Wkst-1

.36 .21

.211 .212

.21

.211 .212OSPFOSPF

DC1

VEDGE1

DC1

VEDGE2

DC2

VEDGE1DC2

VEDGE2

FW

.1.1

FW

Replace Existing MPLS CE with vEgdes in Branch 1

Los Angeles

BR1– Site ID 300

10.3.0.0/24

System-IP

10.3.0.1System-IP

10.3.0.2

Test Host

.2 .3

.21

VRRP

BR1

VEDGE1BR1

VEDGE2

X X


Internet

Transport

AS 200

MPLS Transport

AS 100

ZTP

Controllers

10.1.20.0/24

DC1 – Site ID 100

San Jose

DC2 – Site ID 200

Chicago

Los Angeles

BR1– Site ID 300

Dallas

BR1– Site ID 400

10.4.20.0/24

10.3.20.0/24

10.2.20.0/24

Test HostTest Host

System-IP

10.1.0.1

System-IP

10.2.0.2System-IP

10.2.0.1

System-IP

10.1.0.2

System-IP

10.4.0.1

Test Host Test Host

.10

.2 .3

.10

.2 .3

.1

.10

.2 .3

.10

VRRPVRRP

VRRPSystem-IP

10.3.0.1System-IP

10.3.0.2

DC1

VEDGE1

DC1

VEDGE2

DC2

VEDGE1DC2

VEDGE2

BR2

VEDGE1

BR1

VEDGE1BR1

VEDGE2

VPN 20 – IOT/PCI VPN Segment


Internet

Transport

AS 200

MPLS Transport

AS 100

ZTP

Controllers

DC1 – Site ID 100

San Jose

Los Angeles

BR1– Site ID 300

Dallas

BR1– Site ID 400

10.4.40.0/24

10.3.40.0/24

System-IP

10.1.0.1

System-IP

10.2.0.2System-IP

10.2.0.1

System-IP

10.1.0.2

System-IP

10.4.0.1

Test Host Test Host

.1

.10

.2 .3

.10

VRRPSystem-IP

10.3.0.1System-IP

10.3.0.2

DC1

VEDGE1

DC1

VEDGE2

DC2

VEDGE1DC2

VEDGE2

BR2

VEDGE1

BR1

VEDGE1BR1

VEDGE2

VPN 40 – GuestWiFi VPN Segment

Policy


Policy - Overview

• The SD-WAN overlay is controlled by centralized policies.

• The policies that dictate the network topology are called Control Policies.

• These policies manipulate the advertisement of routes and TLOCs (Transport Location) information.

• The policies are configured via the vManage GUI.

• The policies are applied to the vSmart controller.

• The vSmart controller propagates the necessary information to the vEdgerouters as per the policy directives.

35LTRCRS-3550


Inbound Policy: determines which routes are installed in the local routing database of the vSmart controller.

Outbound Policy: applied AFTER a route is retrieved from routing database, but BEFORE the vSmart controller advertises it.

Policy - Workflow

LTRCRS-3550 36

Hub & Spoke Topology


Hub & Spoke Topology

• By default SDWAN solution supports full mesh

• To make the solution more scalable, hub and spoke topology can be created

• In our example, we will create hub and spoke for VPN 10 and 20

• VPN 40 will be restricted using VPN-Membership policy

• Currently, Branch 1 can directly talk to Branch 2 because of the full mesh topology

• After applying StrictHub-n-Spoke policy, Branch 1 can talk to Branch 2 via hub on

38LTRCRS-3550

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco PublicLTRCRS-3550

Strict Hub and Spoke – Before Policy Application

Dallas

BR2– Site ID 400

10.4.0.0/24

10.4.254.0/24

System-IP

10.4.0.1

Test Host

.10

.21

OSPF

BR2

VEDGE1

Internet Transport


AS 100

ZTP

Controllers

198.18.133.0/18

DC1 – Site ID 100

San Jose

DC2 – Site ID 200

Chicago

10.2.0.0/24

HostHost

System-IP

10.1.0.1

System-IP

10.2.0.2System-IP

10.2.0.1

System-IP

10.1.0.2

Wkst-1

.36 .21

.211 .212

.21

.211 .212OSPFOSPF

DC1

VEDGE1

DC1

VEDGE2

DC2

VEDGE1DC2

VEDGE2

FW

.1.1

FW

Los Angeles

BR1– Site ID 300

10.3.0.0/24

System-IP

10.3.0.1System-IP

10.3.0.2

Test Host

.2 .3

.21

VRRP

BR1

VEDGE1BR1

VEDGE2

X X


Policy Definition

control-policy Hub-n-SpokeALLVPN

sequence 1

match tloc

site-list AllDC

!

action accept

!

sequence 11

match tloc

!

action reject

!

sequence 21

match route

site-list AllBranches

vpn-list corpVPN

!

action reject

!

!

sequence 31

match route


vpn-list pciVPN

!

action accept

set

tloc-list DC-TLOCS

!

!

!


!

vpn-membership vpnMembership_-258379630

sequence 10

match

vpn-list corpVPN

!

action accept

!

!

sequence 20

match

vpn-list pciVPN

!

action accept

!

!

default-action reject

!

!


Strict Hub and Spoke – After Policy Application

Dallas

BR2– Site ID 400

10.4.0.0/24

10.4.254.0/24

System-IP

10.4.0.1

Test Host

.10

.21

OSPF

BR2

VEDGE1

Internet Transport


AS 100

ZTP

Controllers

198.18.133.0/18

DC1 – Site ID 100

San Jose

DC2 – Site ID 200

Chicago

10.2.0.0/24

HostHost

System-IP

10.1.0.1

System-IP

10.2.0.2System-IP

10.2.0.1

System-IP

10.1.0.2

Wkst-1

.36 .21

.211 .212

.21

.211 .212OSPFOSPF

DC1

VEDGE1

DC1

VEDGE2

DC2

VEDGE1DC2

VEDGE2

FW

.1.1

FW

Los Angeles

BR1– Site ID 300

10.3.0.0/24

System-IP

10.3.0.1System-IP

10.3.0.2

Test Host

.2 .3

.21

VRRP

BR1

VEDGE1BR1

VEDGE2

X X

Preferential Data Centers


Preferential Data Centers

• By default vEdge will perform load balancing for all routes coming via the DC

• There are situations when a certain site may want to prefer one DC over the other

• In our example, there are 4 vEdges in the DC advertising DC routes

• These DC are also advertising default route (0.0.0.0) for the Internet

• The goal:Branch 1 should prefer DC1 for default routes and Branch 2 should prefer DC2 for the default route

43LTRCRS-3550


DC Preference – Before policy application

Dallas

BR2– Site ID 400

10.4.0.0/24

10.4.254.0/24

System-IP

10.4.0.1

Test Host

.10

.21

OSPF

BR2

VEDGE1

Internet Transport


AS 100

ZTP

Controllers

198.18.133.0/18

DC1 – Site ID 100

San Jose

DC2 – Site ID 200

Chicago

10.2.0.0/24

HostHost

System-IP

10.1.0.1

System-IP

10.2.0.2System-IP

10.2.0.1

System-IP

10.1.0.2

Wkst-1

.36 .21

.211 .212

.21

.211 .212OSPFOSPF

DC1

VEDGE1

DC1

VEDGE2

DC2

VEDGE1DC2

VEDGE2

FW

.1.1

FW

Los Angeles

BR1– Site ID 300

10.3.0.0/24

System-IP

10.3.0.1System-IP

10.3.0.2

Test Host

.2 .3

.21

VRRP

BR1

VEDGE1BR1

VEDGE2

X X


DC Preference Policycontrol-policy PreferDC1

sequence 1

match route

site-list DC1

!

action accept

set

preference 100

!

!

!

sequence 11

match route


vpn-list pciVPN

!

action accept

set

tloc-list DC-TLOCS

!

!

!


!

control-policy PreferDC2

sequence 1

match route

site-list DC2

!

action accept

set

preference 100

!

!

!

sequence 11

match route


vpn-list pciVPN

!

action accept

set

tloc-list DC-TLOCS

!

!

!


!


DC Preference – After policy application

Dallas

BR2– Site ID 400

10.4.0.0/24

10.4.254.0/24

System-IP

10.4.0.1

Test Host

.10

.21

OSPF

BR2

VEDGE1

Internet Transport


AS 100

ZTP

Controllers

198.18.133.0/18

DC1 – Site ID 100

San Jose

DC2 – Site ID 200

Chicago

10.2.0.0/24

HostHost

System-IP

10.1.0.1

System-IP

10.2.0.2System-IP

10.2.0.1

System-IP

10.1.0.2

Wkst-1

.36 .21

.211 .212

.21

.211 .212OSPFOSPF

DC1

VEDGE1

DC1

VEDGE2

DC2

VEDGE1DC2

VEDGE2

FW

.1.1

FW

Los Angeles

BR1– Site ID 300

10.3.0.0/24

System-IP

10.3.0.1System-IP

10.3.0.2

Test Host

.2 .3

.21

VRRP

BR1

VEDGE1BR1

VEDGE2

X X

Service Insertion


Service Insertion – Workflow

• vEdge router with connected service

makes advertisement- Service route

- Service VPN label

• Service is advertised in the VPN

• Service can be singly or dually connected

(Firewall trust zones) to the advertising

vEdge

• Policies are used to insert the service into

the matching traffic forwarding path- Match on 6-tuple or DPI signature

- Applied on ingress/egress vEdge

Data

Center

Remote

Office

Regional

Hub

Service

Advertisement

Policy

AdvertisementvSmart

VPN1

VPN1

VPN1

Traffic Path

Control Plane

FW

4GMPLS

INET


DC Preference Policycontrol-policy MultiTopologyFWInsertion

sequence 1

match route


vpn-list pciVPN

!

action accept

set

tloc-list DC-TLOCS

!

!

!

sequence 11

match route


vpn-list corpVPN

!

action accept

set

service FW vpn 10

!

!

!


!

vpn 10

service FW address 198.18.130.1

DC vEdges Configuration


Service Insertion – Traffic Flow after policy Activation

Dallas

BR2– Site ID 400

10.4.0.0/24

10.4.254.0/24

System-IP

10.4.0.1

Test Host

.10

.21

OSPF

BR2

VEDGE1

Internet Transport


AS 100

ZTP

Controllers

198.18.133.0/18

DC1 – Site ID 100

San Jose

DC2 – Site ID 200

Chicago

10.2.0.0/24

HostHost

System-IP

10.1.0.1

System-IP

10.2.0.2System-IP

10.2.0.1

System-IP

10.1.0.2

Wkst-1

.36 .21

.211 .212

.21

.211 .212OSPFOSPF

DC1

VEDGE1

DC1

VEDGE2

DC2

VEDGE1DC2

VEDGE2

FW

.1.1

FW

Los Angeles

BR1– Site ID 300

10.3.0.0/24

System-IP

10.3.0.1System-IP

10.3.0.2

Test Host

.2 .3

.21

VRRP

BR1

VEDGE1BR1

VEDGE2

X X

Application-Aware Routing


Application Aware Routing - Overview

• Cisco SD-WAN provides the ability to use multiple transports in more than just an active-active fashion. It provides the ability to use intelligent decision making for application steering on different transports.

• App-Aware Routing leverages the following logic:

• Measure loss, latency, jitter characteristics on all active tunnels.

• Network administrator defines a central policy that specifies SLAs for applications.

• The SD-WAN solution steers application traffic onto the paths that satisfy the SLAs.

• Traffic can be steered on any best path, or provided hierarchy in terms of what preferred path to be taken for a given application.

52LTRCRS-3550


Application Aware Routing - Workflow

Path1: 10ms, 0% loss, 5ms jitter



vManage App Aware Routing PolicyApp A path must have:

Latency < 150ms

Loss < 2%

Jitter < 10ms

vEdges measure path

liveliness and quality

Internet

MPLS

4G LTE

IPSec Tunnel

Remote Site

Regional

Data CenterPath 2


Application Aware Routing – Lab Notes

• In this lab, you will:

• Learn to use the Simulate Flows to observe behavior in default state.

• Learn to view and modify SLAs for applications.

• Use a policy that steers DSCP 46 traffic onto MPLS as its preferred path.

• Observe via using the Simulate Flows capability that traffic steering takes effect.

• Inject latency into the environment.

• Observe via using the Simulate Flows that traffic is steered onto a path that satisfies the SLA.

54LTRCRS-3550

CloudExpress


CloudExpress – Overview

56LTRCRS-3550

Carrier-Neutral Facility(CNF)

SD-WANFabric

Regional Facility(Data Center/Colo)

BranchINET

Direct Internet Access(DIA)

Direct Connect

Cloud Exchange

1

2

3a

b

4G

INETMPLS


CloudExpress – Lab Implementation

Dallas

BR2– Site ID 400

10.4.0.0/24

10.4.254.0/24

System-IP

10.4.0.1

Test Host

.10

.21

OSPF

BR2

VEDGE1

Internet Transport


AS 100

ZTP

Controllers

198.18.133.0/18

DC1 – Site ID 100

San Jose

DC2 – Site ID 200

Chicago

10.2.0.0/24

HostHost

System-IP

10.1.0.1

System-IP

10.2.0.2System-IP

10.2.0.1

System-IP

10.1.0.2

Wkst-1

.36 .21

.211 .212

.21

.211 .212OSPFOSPF

DC1

VEDGE1

DC1

VEDGE2

DC2

VEDGE1DC2

VEDGE2

FW

.1.1

FW

Los Angeles

BR1– Site ID 300

10.3.0.0/24

System-IP

10.3.0.1System-IP

10.3.0.2

Test Host

.2 .3

.21

VRRP

BR1

VEDGE1BR1

VEDGE2

CXP

Gateway

CXP

Gateway

CXP

DIACXP

DIA


CloudExpress – Lab Notes

• In this lab, you will:

• Add in a new application to Cloud Express

• Learn how to add a new DIA Site

• Monitor vQoE scores for different applications and sites

58LTRCRS-3550


Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#LTRCRS-3550


• Please complete your Online Session Evaluations after each session

• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt

• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.

Complete Your Online Session Evaluation

http://ciscolive.com/Online

http://www.ciscolive.com/global/on-demand-library/


Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Tech Circle

• Meet the Engineer 1:1 meetings

• Related sessions

61LTRCRS-3550

Thank you

Date post:	27-Jun-2018
Category:	Documents
Upload:	lyquynh
View:	229 times
Download:	8 times

Cisco SD-WAN (Viptela) - clnv.s3.amazonaws.com€¢Cisco SD-WAN is the next generation software...

Documents