Basic Content of SD-WAN Technology
You may be familiar with SD-WAN technology. The basic content of SD-WAN technology is included in the examination syllabus of Cisco’s new CCIE EI certification. SD-WAN is a part of SDN technology and SDN is a centralized network management method. The separation of data forwarding plane and control plane enables you to centralize network intelligence, achieve more network automation, simplify operations and provide centralized configuration, monitoring, and troubleshooting.
Cisco SD-WAN solution is a software based virtual IP fabric overlay network, which can establish a secure and unified connection on any underlay. Cisco SD-WAN is divided into four planes: Data Plane, Control Plane, Management Plane and Orchestration Plane.
vBond
VBond is a device of Orchestration Plane. It understands the way the network is built, shares information among other components, and helps the device join the SD-WAN Fabric (that is, to join the SD-WAN and accept management, the device must first find the vBond and receive certification here). It is also responsible for ZTP.
VBond can be accessed through a public IP or 1:1 NAT (to put it bluntly, the vBond can be directly accessed through the public IP). Other components can be deployed after the NAT (1:1 NAT is not required). Therefore, it is very suitable for deployment in the cloud environment.
The feature of vBond makes it similar to the Hub of DMVPN. Other components can be dynamic addresses. The vBond helps all components to map, and then notifies all devices. Therefore, vBond must be highly flexible when making deployment, because once the it disappears, subsequent newly deployed devices cannot be added to Fabric.
vManage
VManage is a device of Management Plane. It is a single management point in the network (that is, it is the only user interface when we use the GUI interface for configuration, management, monitoring and other operations). Therefore, during deployment, vManage also needs high flexibility.
It provides single tenant or multi-tenant mode, which is suitable for both enterprise user deployment and operator user deployment (in fact, operator deployment is more operable).
It supports RBAC (Role-Based Access Control), supports different customers to see and manage different interfaces, provides centralized configuration, policies and configuration templates (no need to log in to each device to configure), monitors and troubleshoots the entire fabric (providing rich charts to let users know about the network operation situation and whether there is a fault, etc.), provides APIs, and supports the automatic deployment and operation and maintenance of third-party applications.
vSmart
VSmart is a device of Control Plane. Taking the idea of learning routing protocols in the past, vSmart is responsible for routing in the network. The protocol run by SD-WAN is called OMP (Overlay Management Protocol), which is similar to BGP, but it runs automatically and does not require manual neighbor building.
vSmart itself is very similar to the RR (Route Reflector) function of BGP. Routes received from vEdge can be forwarded to other vEdge or vSmart. At the same time, IPSec encryption keys and application awareness policies are issued by vSmart.
Adding vSmart can scale the SD-WAN Fabric network horizontally. In the next article, we will talk about the OMP protocol.
vEdge
VEdge is a device of Data Plane. If we take the idea of learning routing and switching in the past to understand, it is this device that performs encapsulation and de encapsulation. In addition, since Cisco SD-WAN provides a secure data plane, an IPSec tunnel will be automatically built between vEdge and vEdge, and IKE (mainly automation) is not required.
It runs OMP routing protocol with vSmart, and runs standard routing protocols (static, OSPF, BGP) with the customer’s internal network (Service Side). At the same time, it exports performance statistics, warnings, and practices to vManage. There are physical and virtual platforms.
These are the basic components of Cisco SD-WAN.