Sample SDWAN Equipment Overview
SDWAN will provide the following:
Let’s look at a sample of Cisco SDWAN equipment based on the Catalyst 8300 series and Cisco ISR1100-6G. These series are both powered with Cisco IOS XE SD-WAN software to deliver a secure cloud-scale SD-WAN solution for the HQ and branch sites.
The Cisco Catalyst C8300-1N1S-4T2X supports 1x SM slot, 1x NIM slot, 2x 10Gbps ethernet ports and 4x 1Gbps Ethernet ports in a 1RU chassis.
The C8300-1N1S-4T2X supports SD-WAN IPsec throughput of up to 15 Gbps with 6000 overlay tunnels, to position it as the ideal device to be installed at the hub site. Each hub device can be configured with a 10Gbps DNA Advantage aggregate bandwidth license.
The Cisco Catalyst C8300-1N1S-6T supports 1 x SM slot, 1 x NIM slot and 6 x 1Gbps Ethernet ports in a 1RU chassis.
The C8300-1N1S-6T supports SD-WAN IPsec throughput of up to 1,9Gbps with 6000 overlay tunnels to position it as the ideal device to be installed in a branch site with an aggregate DNA Advantage aggregate bandwidth license of 1Gbps.
The ISR 1100-6G supports 2 x SFP and 4 x 1Gbps Ethernet ports for LAN and WAN connectivity.
The ISR 1100-6G can be licensed with an aggregated 100Mbps DNA Advantage license for each of the branches.
This solution provides a secure hybrid overlay technology for virtualizing the enterprise WAN with centralized management and control. The solution builds an overlay fabric which is carrier- and transport-agnostic. This allows network-wide segmentation for lines of business, compliance, and business partners. It also offers optimized performance for the Internet and public clouds in future phases.
The proposed solution provides a clear separation between management-plane, control plane, and data plane. This allows each component to work independently and efficiently. It also facilitates scaling of the different components based on the needs of the network. Some of the features that are supported include:
The solution is built based on the zero-trust model. All of the components mutually authenticate each other, and all of the edge devices are authorized before they are allowed into the network. Every packet across the data plane, control plane, and management-plane that flows through the network is encrypted using SSL and IP Security (IPsec) technologies. The solution has differentiated capabilities to build a large-scale IPsec network should this be required.
The solution is cloud-delivered. The controllers are hosted in the cloud. You can login to Cisco vManage, the Viptela dashboard, to centrally manage the Wide Area Network. Furthermore, Cisco vManage provides the ability to manage all aspects of the WAN from provisioning, monitoring and upgrading routers to application visibility and troubleshooting the WAN.
Zero Touch Provisioning
All Cisco SD-WAN routers are configured and managed using zero touch provisioning (ZTP). This allows for a significant reduction in operational expenses and maintenance.
Cisco SD-WAN Advanced vAnalytics
The WAN is mostly made up of disparate infrastructure elements which are not directly controlled by IT. These elements are often operated by multiple providers. Because of this complexity, IT professionals often struggle to identify the source of network problems, have no real-time visibility into application or network performance, and cannot proactively plan future infrastructure growth.
Cisco SD-WAN vAnalytics is an analytics engine that provides the assurance and analytics elements of intent-based networking for the WAN. It provides customers with the visibility and insights necessary to isolate and resolve issues in the WAN. Additionally, Cisco SD-WAN vAnalytics delivers intelligent data analysis for planning and what-if scenarios.
The major components of Cisco SD-WAN vAnalytics include:
- Comprehensive visibility of applications and infrastructure across the WAN
- Provides real-time information for failure correlation, cross customer benchmarking, and application performance scores
- Forecasting / What-if Analysis
- Enables future planning based on application / bandwidth, branch expansion analysis, and policy changes
- Intelligent Recommendations
- Recommendations for application QoS categorization and policy changes for predictable application performance
Cisco SD-WAN Security
Cisco provides security for the branch that is centrally managed. It protects users, connected devices, and application usage across the WAN. In addition, SD-WAN Security enables Dedicated Internet Access (DIA) to multi-cloud environments. Cisco SD-WAN Security gives you the ability to manage certified trustworthy platforms while deploying security features from a single dashboard. The Cisco vManage console helps protect the network while reducing risk and ensuring business compliance. Security is delivered in a best-of-breed architecture, with many features being delivered on the device and a portion on the cloud. As a result, end users—whether in the data centre, branch, campus, or a remote location—can enjoy protection from a variety of security threats. Cisco SD-WAN Security offers the following advantages:
- Secure Internet gateway: Secure access to the Internet and multi-cloud applications with threat protection over all ports.
- Full-stack edge security: Embedded enterprise firewall, intrusion prevention, and URL filtering capabilities for a comprehensive branch edge security.
- Unified access security: Provide anytime, anywhere access to all applications based on the trustworthiness of users and devices
- Edge firewall flexibility: Next-generation or zone-based firewall options to secure on-site services and devices and increase compliance
- Edge router flexibility: Thin, rich, or full-stack router options to fit on-site IT demand including voice, video, wireless, LTE, compute, and containers
Cisco DNA Advantage software across all the routers ensures fast access to innovation, evergreen security protection and software refreshes independent of hardware. Furthermore, Cisco DNA Advantage software provides the following advanced features:
- Unlimited overlays and VPN’s
- Advanced SD-WAN Layer 2 & 3 routing (IPv4 and IPv6)
- Software Support Service (SWSS)
- Analytics and Deep Packet Inspection
- Advanced Security features
- Cross-domain innovations
- Advanced voice features
- Advanced Cisco DNA Automation
- Advanced application experience