Cisco Catalyst SD-WAN

Anastasiya Volkova, CCIE No. 54378 (EN and Security), is a Solutions Architect on the Cisco Global Demo Engineering team, with a focus on Enterprise networking, Security and Cloud solutions, and multi-domain integrations. Anastasiya has more than 12 years of industry experience. Her background includes different areas of expertise, from hands-on experience in design, implementation, and support of network solutions to conducting trainings and technical presentations. She is very passionate about sharing her knowledge with others, hoping to help more people fall in love with the technology.   Osvaldo Salazar Tovar is a Technical Solutions Architect/Solutions Engineer in the Cisco Enterprise Routing and SD-WAN group. Throughout his career, he has supported the Global Service Provider and Enterprise Networking teams in LATAM through various technical sales engineering roles. He is currently working with different verticals in the United States, assisting customers and partners in designing and implementing nextgeneration WANs and emphasizing the importance of the WAN. He holds a bachelor of science degree in information and communication technologies from Instituto Tecnologico y de Estudios Superiores de Monterrey (ITESM).   Constantin Mohorea, CCIE No. 16223, CCDE No. 20170054, is a Customer Delivery Technical Leader at Cisco with more than 20 years of experience in the networking industry. He specializes in designing and delivering Cisco SD-WAN technologies to clients across various industries and has a strong history of helping clients achieve their business goals. He is passionate about the evolving trends in programmability and automation within the networking sector and has authored a Cisco Press DevNet certification book. Constantin resides in Toronto, Canada.   Dustin Schuemann, CCIE No. 59235 (R&S), is very passionate about giving back through mentoring and building communities in the IT industry. Dustin has 22 years of experience in the networking field, and before joining Cisco he worked in the manufacturing, retail, and finance industries. Dustin currently works in Cisco’s Global Demo Engineering organization as a Solutions Architect, leading the demo strategic direction. Dustin speaks on SD-WAN at Cisco Live globally and has been inducted into the Cisco Live Hall of Fame by achieving Distinguished Speaker status at five different events.

Introduction xxii

Chapter 1 Introduction to Cisco Catalyst SD-WAN 2

    Transport Independence 3

    Use Cases Demanding Changes in the WAN 6

    Cloud Trends and Adoption 9

    Summary 12

    Review All Key Topics 12

    Key Terms 12

    Chapter Review Questions 12

Chapter 2 Cisco Catalyst SD-WAN Components 14

    Data Plane 16

    Management Plane 22

    Control Plane 24

    Orchestration Plane 27

    Multi-tenancy Options 28

    Deployment Options 29

    Summary 30

    Review All Key Topics 30

    Key Terms 31

    Chapter Review Questions 31

    References 32

Chapter 3 Control Plane and Data Plane Operations 34

    Control Plane Operations 35

    Data Plane Operations 65

    Summary 88

    Review All Key Topics 88

    Key Terms 89

    Chapter Review Questions 89

    References 89

Chapter 4 Onboarding and Provisioning 92

    Configuration Templates 94

    Developing and Deploying Templates 98

    Configuration Groups and Feature Profiles 102

    Developing and Deploying Configuration Groups 103

    Onboarding Devices 111

    Key Settings in Device Templates and Configuration Groups 117

    Summary 120

    Review All Key Topics 120

    Key Terms 120

    Chapter Review Questions 121

    References 122

Chapter 5 Cisco Catalyst SD-WAN Design and Migration 124

    Cisco SD-WAN Design Methodology 125

    Cisco SD-WAN Control Components Design 136

    Cisco SD-WAN Implementation Preparation 154

    Cisco SD-WAN Transport Connectivity 157

    Cisco SD-WAN Data Center Design 166

    Cisco SD-WAN Branch Design 170

    Integrating Cisco SD-WAN with Existing Networks 176

    Summary 185

    Review All Key Topics 185

    Chapter Review Questions 186

    References 189

Chapter 6 Introduction to Cisco Catalyst SD-WAN Policies 190

    Purpose of Cisco Catalyst SD-WAN Policies 190

    Types of Cisco Catalyst SD-WAN Policies 191

    Cisco Catalyst SD-WAN Policy Construction 195

    Cisco Catalyst SD-WAN Policy Administration, Activation, and

    Packet Forwarding Order of Operations 208

    Summary 210

    Review All Key Topics 210

    Define Key Terms 210

    Chapter Review Questions 211

Chapter 7 Centralized Control Policies 214

    Centralized Control Policy Overview 215

    Use Case 1: Isolating Remote Branches from Each Other 217

    Use Case 2: Enabling Branch-to-Branch Communication Through Data Centers 235

    Use Case 3: Traffic Engineering at Sites with Multiple Routers 251

    Use Case 4: Preferring Regional Data Centers for Internet Access 260

    Use Case 5: Regional Mesh Networks 267

    Use Case 6: Enforcing Security Perimeters with Service Insertion 274

    Use Case 7: Isolating Guest Users from the Corporate WAN 281

    Use Case 8: Creating Different Network Topologies for Each Segment 284

    Use Case 9: Creating Extranets and Access to Shared Services 288

    Summary 299

    Review All Key Topics 300

    Define Key Terms 300

    Chapter Review Questions 300

    References 302

Chapter 8 Centralized Data Policies 304

    Centralized Data Policy Overview 304

    Use Case 10: Direct Internet Access for Guest Users 306

    Use Case 11: Direct Cloud Access for Trusted Applications 322

    Use Case 12: Application-Based Traffic Engineering 331

    Application-Based Traffic Engineering with Policy Groups 338

    Use Case 13: Protecting Corporate Users with a Secure Internet Gateway 341

    Use Case 14: Protecting Applications from Packet Loss 353

    Summary 363

    Review All Key Topics 364

    Define Key Terms 364

    Chapter Review Questions 364

    References 366

Chapter 9 Application-Aware Routing Policies 368

    The Business Imperative for Application-Aware Routing 368

    The Mechanics of Traditional App-Route Policies 369

    Enhanced Application-Aware Routing 402

    Summary 407

    Review All Key Topics 407

    Define Key Terms 408

    Chapter Review Questions 408

    References 410

Chapter 10 Localized Policies 412

    Introduction to Localized Policies 412

    Localized Control Policies 413

    Localized Data Policies 426

    Quality of Service Policies 430

    Summary 439

    Review All Key Topics 440

    Chapter Review Questions 440

    References 442

Chapter 11 Cisco Catalyst SD-WAN Security 444

    Cisco Catalyst SD-WAN Security: Why and What 444

    Cisco Catalyst SD-WAN Security Policies 448

    Unified Security Policies 479

    Secure Internet Gateway (SIG) 483

    Policy Groups 486

    Secure Segmentation 494

    SD-WAN Manager Authentication and Authorization 503

    Summary 510

    Review All Key Topics 511

    Define Key Terms 511

    Chapter Review Questions 511

    Reference 513

Chapter 12 Cisco Catalyst SD-WAN Cloud OnRamp 514

    Cloud OnRamp for SaaS 516

    Cloud OnRamp for Multicloud 534

    SD-WAN Cloud Interconnect 546

    Summary 548

    Review All Key Topics 549

    Define Key Terms 549

    Chapter Review Questions 549

    References 550

Chapter 13 Cisco Catalyst SD-WAN Programmability 552

    Cisco Catalyst SD-WAN API Overview 553

    Using the Cisco Catalyst SD-WAN API with Python 563

    Cisco Catalyst SD-WAN Infrastructure as Code 586

    Summary 592

    Review All Key Topics 592

    Key Terms 592

    Chapter Review Questions 592

    References 594

Chapter 14 Cisco Catalyst SD-WAN Monitoring and Operations 596

    SD-WAN Manager Monitoring Tools 596

    SD-WAN Manager Troubleshooting Tools 610

    SD-WAN Monitoring with ThousandEyes 619

    SD-WAN Analytics Overview 629

    Summary 633

    Review All Key Topics 633

    Chapter Review Questions 633

Appendix A Answers to Chapter Review Questions 636

Glossary of Key Terms 649

 

978038313906, TOC, 9/13/2024