Please enable JavaScript.
Coggle requires JavaScript to display documents.
SD-WAN - Coggle Diagram
SD-WAN
VPN (Virtual Private Network)
Like VRF
Separation of Customer
Numbering - 0 - 65530 VPNs allows
Reversed VPN No.
512 = Management (out of band connectivity)
0 = WAN Circuit - Underlay
Licenceing
Base Licence = 1 VPN only
Topology
Full mesh
Partial mesh
Hub/spoke
Point-to-point
IPsec can carry all VPNs
Can create them as per customer request
Interfaces
Physical
logical
Need to assign to each VPN
Tunnels
vEdge Tunnels
IPSec between vEdge
With vBond DTLS only
Temporary only
Type of Tunnels
DTLS - UDP - vBond
TLS - TCP - vManage & vSmart
IPSec - vEdges
Topology
Hub/Spoke (basic license)
Additional Licence
Point-to-Point
Half Mesh
Full Mesh
Control plane tunnels
Admin controls DTLS/TLS
Full mesh
vBond DTLS only
vManage & vSmart support both
Traffic Forwarding
Path selection
Cisco support = up to 7 WAN connections
Policies
vManage pushes to vEdges
4 Policy Options
Active-Active Load Sharing
Load sharing = all WAN
Active-Active Weighted
Bandwidth Dependent
Application Pinning
Active-Standby
Application-Aware SLA
Monitor Active Connection
Active-Standby
Apply Per application basis
Application Identification
Deep Packet Inspection
(Extra Licence needed)
Layer 5 to 7 inspection
6 Tuple Match
Checks S+D IP, Port, DSCP, Protocol No.
Transport Locators
(TLOCs)
Connections Between 2 ends
3 Parameters
To form a TLOC
System IP (like Router ID)
Colour (String/desctiption)
Encapsulation Type
IPSec (preferred)
GRE
1 TLOC Per WAN Circuit
TLOC Advertisement
vEdges to vSmart
vSmart to All vEdges