Introduction to SD-WAN

Hi Lagapides, I am working in ISP company, is it possible to install SDWAN concept in ISP network

Hello Gayathri

Typically, SD-WAN is primarily geared towards the multi-site enterprise, where the WAN of each site can be enhanced and managed more holistically. Interconnections between remote sites can enjoy multiple benefits, including high availability, reliability, quality of service, and many others.

Note here that there are certain topological network characteristics that are required to make SD-WAN useful. SD-WAN typically requires multiple remote sites, each connected via one or more WAN links over a third-party network (such as the Internet).

Now Cisco’s SD-WAN solution is massively scalable, so as far as the size of ISP networks go, it can be used without issue on an ISP’s network. However, how useful it will actually be for an ISP depends highly upon the topology and network infrastructure of the ISP itself. Does the ISP in question have multiple remote sites (or network regions) that it interconnects over other (third party?) networks? This is not typically the infrastructure associated with ISPs.

So how useful it will actually be, depends upon the use cases intended to be deployed as well as the topology of the ISP’s network.

A more typical scenario for ISPs is to create an MPLS network to serve its customers.

Now having said all of this, it is possible for an ISP to sell ā€œSD-WAN as a serviceā€ for its own customers over its own network. In such a case, Cisco’s SD-WAN solution would be appropriate. But in this case, the SD-WAN would be deployed to serve customers, rather than the internal needs of the ISP itself.

I hope this has been helpful!

Laz

2 posts were merged into an existing topic: Introduction to SD-Access

Hello Serge

Concerning the use of DNA for the CCIE exam, take a look at this NetworkLessons note about it.

Now although not essential for certification, having access to Cisco DNAC can be helpful. You don’t necessarily need a separate license for SD-Access labs that are useful for preparing CCIE Enterprise Infrastructure. However, you will require a valid DNAC license to fully utilize the features of the Cisco DNA Center in general.

Cisco DNA Center offers various licensing tiers, such as Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier. Each tier provides different levels of functionality and features, but as far as I know, none of them are free, and none offer any sandbox/testbed options.

If you do have access to such licenses, for a CCIE Enterprise Infrastructure lab setup, you might consider using the Cisco DNA Advantage or Cisco DNA Premier license, as they offer a comprehensive set of features, including SD-Access capabilities that you will likely need for your CCIE practice.

Let us know how you get along!

I hope this has been helpful!

Laz

Can you define your meaning of private wan? I have a private wan is a bunch of lans connected via technologies like VPN, MPLS, metro ethernet, physical dedicated cables, and I guess now SD wan.

Hello Patrick

A WAN is a network that interconnects remote networks. In this context, the Internet itself can be considered a WAN. It however is not a private WAN.

A private WAN is a service that you purchase from an ISP that delivers interconnectivity between your remote sites over an infrastructure that is separate and independent from the public Internet. Some examples of private WAN services include MPLS, Metro Ethernet, Frame Relay, or leased lines.

On the contrary, VPNs are not private WANs because you typically run those over the public Internet. SD-WAN is not a private WAN either, but it can leverage both public and private WANs as part of the connections it manages.

I hope this has been helpful!

Laz

Good SDWAN content but was wondering if a review of 8Kv routers is pending?
Using latest SDWAN code and issues with vEdges (8Kv’s) not joining. CSR no longer on CCIE exam for SDWAN.

Thanks.

Hello Rick

As far as I know, I don’t believe that Rene will be making content for the Catalyst 8000V. However, if this is something that you would like to see, please feel free to make a suggestion at the following Member Ideas page:

There you can post your suggestions, and you may find that others have made similar suggestions, so you can add your voice to theirs.

If you share more information about your topology, your error messages, and the specific circumstances under which the joining fails, we may be able to help you somewhat.

The current version of the CCIE lab exam is 1.1. In version 1.0, the CSR was not explicitly stated as part of the SD-WAN exam topics.

I hope this has been helpful!

Laz

Hello, everyone.

I am studying this topic for ENCOR and I just need someone to verify my understanding.

Traditional Challenges

From what I know, the decision regarding which WAN circuit to use mainly revolves around cost, bandwidth, and reliability.

For example, internet circuits can offer higher bandwidths, aren’t that expensive, but aren’t always reliable. Like Rene said, there could be times during the day where the internet is just slower (in fact, in my country for a specific ISP, the internet was always experiencing heavy packetloss at the start of winter :smiley: ).

So the solution there would be to purchase business internet but that’s again, expensive and we cannot configure QoS on the internet.

MPLS circuits are reliable and built on redundant architectures although they may offer less BW, they support end-to-end QoS, but their biggest problem is the cost.

So a company can choose to use either one of these or just… use both for redundancy. If the internet is having problems or goes down, you could use MPLS and vice-versa.

The problem, however, that I see here is complexity and cost.

With MPLS, the ISP will typically ask you to use BGP for the peering. If you weren’t using BGP before, you need someone who understands it to implement it and share routes. The more sites you connect to MPLS, the more expensive it becomes.

On the internet on the other hand, you can use your own routing protocol but again, there are times where it could be unreliable and we cannot use QoS there.

We also cannot be application-specific and say, for example ā€œonly time-sensitive traffic will pass through MPLS for redundancyā€ without having to go through some complex agreements and configurations with the ISP.

SD-WAN
With SD-WAN, we’ll still need to purchase some WAN circuits but this could be significantly different if we decided to use SD-WAN.

For example, since SD-WAN can monitor all of our different WAN circuits and latencies, we could just get two normal internet connections to different ISPs and have SD-WAN pick which link is the best based off the latency and utilization.

If one of the ISPs becomes unreliable or overwhelmed, we could just switch to the other ISP’s circuit without having to pay money for business-class internet. You can also which applications should use which circuit.

The management is much easier since you use SDN to manage pretty much every device in the WAN cloud. If you need to apply a policy to all routers in the WAN, you can just do it from the SD-WAN controller.

If we’re also using MPLS, we technically don’t even need to implement and form a BGP peering with the PE router to exchange routes, do we? Considering that everything is tunneled via an SD-WAN tunnel, we just need to be able to reach the router (our other CE router) and the end of the MPLS infrastructure and tunnel everything, which is also encrypted.

To ensure reliability, you don’t even need MPLS (although it depends of course!) and business-class internet in certain cases.

I do have one question, though.

In the video, Rene said that the routers in the SD-WAN cloud are just dumb devices with the data plane while the control plane is centralized on the controller.

I am not sure if this is 100% correct, though. You do configure things that affect the control plane but you don’t take the control plane away from the devices. Full control SDN never really took off, OpenFlow is about the only solution that does that these days. Only a portion of the control plane is centralized, which are things like IPSec key creation, or not?

Thank you.
David