SD-WAN Reference Implementation - Viptela
WWT’s Cisco SD-WAN service offering delivers and provides solutions to organizational processes increasing business requirements with the need for a hybrid WAN architecture; a highly scalable and flexible bandwidth utilization solution without compromising performance or security. Cisco's SD-WAN solution (also known as Viptela) is a true SD-WAN solution designed as a whole solution, meaning all components were design from the ground up for this purpose and to work with each other effectively. This transport-independent fabric provides a full separation between control and data planes, allowing orchestrated policy to be applied across the network.
Cisco SD-WAN is comprised of the following components, and in this Reference Implementation, we will deploy these products according to World Wide Recommended Practices based upon our combined years of experience -
VManage: The vManage is a centralized management interface that enables automatic configuration, management and monitoring of the overlay network. Users login to vManage to centrally manage all aspects of the network life cycle from initial deployment, on-going monitoring and troubleshooting to change control and software upgrades.
VSmart: vSmart controllers are the central nervous system of the SEN. They establish secure connections to all other components in the network, and run an Overlay Management Protocol (OMP) to exchange routing, security and policy information. The centralized policy engine in vSmart provides policy orchestration to manipulate routing information, access control, segmentation, extranets and service chaining.
VBond Orchestrator: The vBond orchestrator facilitates the initial device activation by performing initial authentication and authorization of all elements into the network. vBond provides the information on how each of the components connect to other components. It plays an important role in enabling SEN devices that sit behind the NAT to communicate with the network.
vEdge Router: The vEdge devices are full-featured routers that can communicate using standard routing protocols such as BGP and OSPF (EIGRP will be added in later releases) as well other network features such as ACLs, Qos as well as various routing policies in addition to the overlay communication. Each vEdge router establishes secure connectivity to all of the control components and also establishes IPSec sessions with other vEdge routers in the WAN network that are a part of a VPN that they have access to.