Cisco Software-Defined Wide Area Networks: Designing, Deploying and Securing Your Next Generation WAN with Cisco SD-WAN(Networking Technology)

This is the eBook edition of Cisco Software-Defined Wide-Area Networks. This eBook does not include access to the companion website with practice exam that comes with the print edition. Access to the video mentoring is available through product registration at Cisco Press; or see the instructions in the back pages of your eBook.  This study guide from Cisco Press will help you learn, prepare, and practice for exam success. This guide is built with the objective of providing assessment, review, and practice to help ensure you are prepared for your certification exam. Master Cisco Implementing Cisco SD-WAN Solutions (ENSDWI 300-415) exam topics Assess your knowledge with chapter-opening quizzes Review key concepts with exam preparation tasks Cisco Software-Defined Wide-Area Networks presents you with an organized test preparation routine using proven series elements and techniques. Key Topic tables help you drill on key concepts you must know thoroughly. Chapter-ending Review Questions help you to review what you learned in the chapter. Cisco Software-Defined Wide-Area Networks focuses specifically on the objectives for the Implementing Cisco SD-WAN Solutions (ENSDWI 300-415) exam. Four leading Cisco technology experts share preparation hints and test-taking tips, helping you improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics. Well regarded for its level of detail, assessment features, comprehensive design scenarios, this study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time. The official study guide helps you master all the topics on the Implementing Cisco SD-WAN Solutions (ENSDWI 300-415) exam, including: Architecture Controller Deployment Router Deployment Policies Security and Quality of Service Management and Operations Cisco Software-Defined Wide-Area Networks is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit http://www.cisco.com/web/learning/index.html

Table of Contents:
Introduction     xix Chapter 1  Introduction to Cisco Software-Defined Wide Area Networking (SD-WAN)     1 Networks of Today     1 Common Business and IT Trends     4 Common Desired Benefits     5 High-Level Design Considerations     7 Introduction to Cisco Software-Defined WAN (SD-WAN)     9     Transport Independence     10     Rethinking the WAN     12 Use Cases Demanding Changes in the WAN     13     Bandwidth Aggregation and Application Load-Balancing     13     Protecting Critical Applications with SLAs     14     End-to-End Segmentation     15     Direct Internet Access     15     Fully Managed Network Solution     16 Building an ROI to Identify Cost Savings     17 Introduction to Multidomain     18     Cloud Trends and Adoption     19 Summary     21 Review All Key Topics     22 Key Terms     22 Chapter Review Questions     22 Chapter 2  Cisco SD-WAN Components     25 Data Plane     27 Management Plane     32 Control Plane     34 Orchestration Plane     36 Multi-Tenancy Options     38 Deployment Options     38 Summary     39 Review All Key Topics     39 Key Terms     40 Chapter Review Questions     40 References     42 Chapter 3  Control Plane and Data Plane Operations     43 Control Plane Operations     44     Overlay Management Protocol     47        OMP Routes     48        TLOC Routes     52        Service Routes     54     Path Selection     56     OMP Route Redistribution and Loop Prevention     58 Data Plane Operations     65     TLOC Colors     66     Tunnel Groups     70     Network Address Translation     73        Full Cone NAT     74        Symmetric NAT     75        Address Restricted Cone NAT     76        Port Restricted Cone NAT     77     Network Segmentation     81     Data Plane Encryption     83     Data Plane Encryption with Pairwise     86 Summary     88 Review All Key Topics     88 Key Terms     89 Chapter Review Questions     89 References     90 Chapter 4  Onboarding and Provisioning     91 Configuration Templates     93 Developing and Deploying Templates     97 Onboarding Devices     101     Manual Bootstrapping of a WAN Edge     102     Automatic Provisioning with PNP or ZTP     103 Summary     105 Review All Key Topics     106 Chapter Review Questions     106 References     107 Chapter 5  Introduction to Cisco SD-WAN Policies     109 Purpose of Cisco SD-WAN Policies     109 Types of Cisco SD-WAN Policies     110        Centralized Policy     110        Centralized Policies That Affect the Control Plane     111        Centralized Policies That Affect the Data Plane     112     Localized Policy     112     Policy Domains     113 Cisco SD-WAN Policy Construction     115 Types of Lists     118 Policy Definition     119 Cisco SD-WAN Policy Administration, Activation, and Enforcement     122     Building a Centralized Policy     122     Activating a Centralized Policy     125 Packet Forwarding Order of Operations     127 Summary     128 Review All Key Topics     129 Define Key Terms     129 Chapter Review Questions     129 Chapter 6  Centralized Control Policies     133 Centralized Control Policy Overview     134 Use Case 1: Isolating Remote Branches from Each Other     136     Use Case 1 Review     149 Use Case 2: Enabling Branch-to-Branch Communication Through Data Centers     149     Enabling Branch-to-Branch Communication with Summarization     150     Enabling Branch-to-Branch Communication with TLOC Lists     152     Use Case 2 Review     168 Use Case 3: Traffic Engineering at Sites with Multiple Routers     169     Setting TLOC Preference with Centralized Policy     171     Setting TLOC Preference with Device Templates     177     Use Case 3 Review     179 Use Case 4: Preferring Regional Data Centers for Internet Access     180     Use Case 4 Review     188 Use Case 5: Regional Mesh Networks     188     Use Case 5 Review     195 Use Case 6: Enforcing Security Perimeters with Service Insertion     195     Use Case 6 Review     202 Use Case 7: Isolating Guest Users from the Corporate WAN     202     Use Case 7 Review     206 Use Case 8: Creating Different Network Topologies per Segment     206     Use Case 8 Review     210 Use Case 9: Creating Extranets and Access to Shared Services     211     Use Case 9 Review     222 Summary     223 Review All Key Topics     223 Define Key Terms     224 Chapter Review Questions     224 Reference     226 Chapter 7  Centralized Data Policies     227 Centralized Data Policy Overview     228 Centralized Data Policy Use Cases     228     Use Case 10: Direct Internet Access for Guest Users     230        Use Case 10 Review     242     Use Case 11: Direct Cloud Access for Trusted Applications     243        Use Case 11 Review     253     Use Case 12: Application-Based Traffic Engineering     253        Use Case 12 Review     260     Use Case 13: Protecting Corporate Users with a Cloud-Delivered Firewall     261        Use Case 13 Review     269     Use Case 14: Protecting Applications from Packet Loss     269        Forward Error Correction for Audio and Video     270        Packet Duplication for Credit Card Transactions     274        Use Case 14 Review     280 Summary     280 Review All Key Topics     281 Define Key Terms     282 Chapter Review Questions     282 References     284 Chapter 8  Application-Aware Routing Policies     285 The Business Imperative for Application-Aware Routing     286 The Mechanics of an App-Route Policy     286 Constructing an App-Route Policy     287 Monitoring Tunnel Performance     294        Liveliness Detection     295        Hello Interval     295        Multiplier     297     Path Quality Monitoring     298        App-Route Poll Interval     298        App-Route Multiplier     300 Mapping Traffic Flows to a Transport Tunnel     304     Packet Forwarding with Application-Aware Routing Policies     304        Traditional Lookup in the Routing Table     305        SLA Class Action     306 Summary     315 Review All Key Topics     316 Define Key Terms     316 Chapter Review Questions     316 Chapter 9  Localized Policies     319 Introduction to Localized Policies     319 Localized Control Policies     320 Localized Data Policies     334 Quality of Service Policies     338     Step 1: Assign Traffic to Forwarding Classes     339     Step 2: Map Forwarding Classes to Hardware Queues     341     Step 3: Configure the Scheduling Parameters for Each Queue     341     Step 4: Map All of the Schedulers Together into a Single QoS Map     342     Step 5: Configure the Interface with the QoS Map     343 Summary     346 Review All Key Topics     347 Chapter Review Questions     347 Chapter 10  Cisco SD-WAN Security     349 Cisco SD-WAN Security: Why and What     349 Application-Aware Enterprise Firewall     352 Intrusion Detection and Prevention     360 URL Filtering     367 Advanced Malware Protection and Threat Grid     372 DNS Web Layer Security     377 Cloud Security     381 vManage Authentication and Authorization     384     Local Authentication with Role-Based Access Control (RBAC)     384     Remote Authentication with Role-Based Access Control (RBAC)     387 Summary     389 Review All Key Topics     389 Define Key Terms     389 Chapter Review Questions     389 Chapter 11  Cisco SD-WAN Cloud onRamp     393 Cisco SD-WAN Cloud onRamp     393 Cloud onRamp for SaaS     394 Cloud onRamp for IaaS     412 Cloud onRamp for Colocation     429     Why Colocation?     432     How It Works     432     Service Chaining for a Single Service Node     434     Service Chaining for Multiple Service Nodes     436     Service Chaining and the Public Cloud     436        Infrastructure as a Service     438        Software as a Service     438        Redundancy and High Availability     440        Service Chain Design Best Practices     440     Configuration and Management     442        Cluster Creation     442        Image Repository     449        Service Chain Creation     449     Monitoring     454 Summary     455 Review All Key Topics     456 Define Key Terms     456 Chapter Review Questions     456 Chapter 12  Cisco SD-WAN Design and Migration     459 Cisco SD-WAN Design Methodology     459 Cisco SD-WAN Migration Preparation     460 Cisco SD-WAN Data Center Design     462     Transport-Side Connectivity     463     Loopback TLOC Design     465     Service-Side Connectivity     466 Cisco SD-WAN Branch Design     469     Complete CE Replacement—Single Cisco SD-WAN Edge     470     Complete CE Replacement—Dual Cisco SD-WAN Edge     471     Integration with Existing CE Router     475     Integration with a Branch Firewall     476     Integration with Voice Services     478 Cisco SD-WAN Overlay and Underlay Integration     480     Overlay Only     480     Overlay with Underlay Backup     481     Full Overlay and Underlay Integration     485 Summary     490 Review All Key Topics     490 Chapter Review Questions     490 Chapter 13  Provisioning Cisco SD-WAN Controllers in a Private Cloud     493 SD-WAN Controller Functionality Recap     493 Certificates     496 vManage Controller Deployment     501     Step 1: Deploy vManage Virtual Appliance on VMware ESXi or KVM     503     Step 2: Bootstrap and Configure vManage Controller     506     Step 3/4: Set Organization Name and vBond Address in vManage; Install Root CA Certificate     506     Step 5: Generate, Sign, and Install Certificate onto vManage Controller     511 vBond Controller Deployment     513     Step 1/2/3: Deploy vBond Virtual Machine on VMware ESXi; Bootstrap and Configure vBond Controller; Manually Install Root CA Certificate on vBond     514     Step 4/5: Add vBond Controller to vManage; Generate, Sign, and Install Certificate onto vBond Controller     516 vSmart Controller Deployment     518     Step 1/2/3: Deploy vSmart Virtual Machine from Downloaded OVA; Bootstrap and Configure vSmart Controller; Manually Install Root CA Certificate on vSmart     519     Step 4/5: Add vSmart Controller to vManage; Generate, Sign, and Install Certificate onto vSmart Controller     520 Summary     523 Review All Key Topics     524 Define Key Terms     524 Chapter Review Questions     524 References     526 Appendix A:  Answers to Chapter Review Questions     527 Appendix B:  Example 7-17     539 Glossary of Key Terms     553 Index     557

About the Author :
Jason Gooley, CCIE No. 38759 (RS and SP), is a very enthusiastic and spontaneous person who has more than 25 years of experience in the industry. Currently, Jason works as a Technical Evangelist for the Worldwide Enterprise Networking Sales team at Cisco Systems. Jason is very passionate about helping others in the industry succeed. In addition to being a Cisco Press author, Jason is a distinguished speaker at Cisco Live, contributes to the development of the Cisco CCIE and DevNet exams, provides training for Learning@Cisco, is an active CCIE mentor, is a committee member for the Cisco Continuing Education Program (CE), and is a program committee member of the Chicago Network Operators Group (CHI-NOG), www.chinog.org. Jason also hosts a show called MetalDevOps.  Dana Yanch, CCIE No. 25567 (RS,DC) CCDE No. 20130071, at the time of writing content for this book was a Global Technical Solutions Architect at Cisco focused on designing and deploying SD-WAN solutions for large enterprises around the world. Prior to spending the last six years working with Viptela and other SD-WAN technologies, Dana had a focus on fabric-based data center technologies. Dana has presented at several Cisco Live Events worldwide and has a passion for public speaking and mentorship. Dana can now be found at Aviatrix, the multi-cloud networking platform, designing cloud connectivity architectures every single day. Dustin Schuemann, CCIE No. 59235 (R&S), is a Technical Solutions Architect at Cisco Systems. Within the Demo CoE organization, Dustin is a subject matter expert on all things SD-WAN, including development of SD-WAN demo offerings and CPOC labs for some of Cisco's largest customers. He has been a distinguished speaker at Cisco Live multiple times, where he has presented on multiple topics around Cisco SD-WAN. Dustin has more than 17 years of experience in the network engineering field, and before Cisco he was a network architect for multiple firms within the manufacturing and financial industries. He is very passionate about giving back to the IT community and helping to mentor other network engineers. Dustin currently resides in Raleigh, North Carolina. John Curran is a Technical Solutions Architect with Cisco's Global Virtual Engineering team, where he assists customers and partners with the design of their next-generation networks. John is a subject matter expert in routing and SD-WAN and is excited to spend time teaching and training on these topics. John presents regularly at Cisco Live events around the world and has been repeatedly recognized as a Distinguished Speaker. In his prior role at Cisco, John worked as a Network Consulting Engineer for Cisco's Advanced Services team, supporting government and education customers. John holds a Bachelor of Science degree in Computer Engineering Technology from the University of Cincinnati.