The document provides an overview and agenda for a technical deep dive into Cisco SD-WAN. It discusses extending Cisco SD-WAN to Cisco routers, using Cloud onRamp to improve access to SaaS and IaaS applications, and providing layered security between sites and to the cloud. It also covers operations and troubleshooting capabilities in Cisco SD-WAN such as infrastructure monitoring, application visibility, performance statistics, and troubleshooting tools.

1. David Klebanov
Cisco SD-WAN Technical Marketing
August 16, 2018
A Technical Deep Dive into Cisco
SD-WAN

2. Agenda
SD-WAN on Cisco Routers
S. Secure Branch
MultiCloud onRamp for SaaS and IaaS
Cisco SD-WANRecap
S. Operations and Troubleshooting

3. Campus Branch SOHOData Center
SD-WAN Edge
4GMPLS
INET
Cisco SD-WAN
Cloud
onRamp
SaaS IaaS
• Cloud Delivered SDN Architecture
• Application Quality of Experience
• Comprehensive Security
• Flexible Operations
vSmart
Controllers
APIs
3rd Party
Automation
vManage
vAnalytics

4. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-WAN on Cisco Routers

5. Cisco SD-WAN Platform Options
ISR 1000 ISR 4000 ASR 1000
• High-performance
• Hardware & software
redundancy
• Modular
• Integrated service
containers
• Next-gen
• Performance
flexibility
Branch Services
Public Cloud Virtualization
ENCS 5100 ENCS 5400
vEdge 2000
• 10 Gbps
• Modular
vEdge 1000
• Up to 1 Gbps
• Fixed
vEdge 100
• 100 Mbps
• 4G LTE & WiFi
SD-WAN
• 20 Gbps
• Modular
vEdge 5000

6. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-WAN on ISR4K Demo

7. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MultiCloud onRamp for SaaS

8. Traditional SaaS Applications Access
Which way is cloud?
• Direct Internet Access
• Regional Breakout
• Data Center Backhaul
WideArea
Network
Remote SiteUsers
Regional
Hub
Data Center

9. Solution Logic
Steer SaaS
Application Traffic
2
Report SaaS
Quality
3
Monitor SaaS
Performance
1

10. Cloud onRamp for SaaS – Dual DIA
Hub, CoLo,
Cloud Colo
Remote Site
ISP1
Best
Performing
ISP2
SD-WAN
Fabric
Quality Probing
• Detect application performance
through one or more Direct
Internet Access circuits
• vEdge routers chose best
performing path
- Per-Application, Per-VPN
• Automatic failover in case of
performance degradation
• Fully automated
WAN Edge
Loss/
Latency
!

11. Cloud onRamp for SaaS – DIA and Gateway
Quality Probing
Remote Site
Best
Performing
MPLS
ISP2
• Detect application performance
through DIAs and gateways
- Customer/SP owned and operated
- Security, performance, reliability
• vEdge routers chose best
performing path
- Per-Application, Per-VPN
• Automatic failover in case of
performance degradation
• Fully automated
ISP1
Hub, CoLo,
Cloud Colo
Loss/
Latency
!
WAN Edge
SD-WAN
Fabric

12. Application Quality of Experience
Quantifiable user experience
using quality score

13. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp for SaaS
Demo

14. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MultiCloud onRamp for IaaS

15. Traditional IaaS Access
WideArea
Network
VNET VNET
VNET VNET
VPC VPC
VPC VPC
How to provide security,
segmentation, QoS and
reliability to the cloud
workloads?
Remote Site Campus
Data Center
How to provide direct-to-
cloud access?
TunnelTunnel

16. Solution Logic
Extend SD-WAN Fabric
to IaaS
2
Automate
Provisioning
3
Integrate with
IaaS APIs
1

17. WAN Edge
WAN Edge
Gateway VPC
AZ1
AZ2
VPC
AZ2
Host VPC
AZ1
VPC
Host VPC
AZ1
AZ2
VPC
• Fully automated through
vManage wizard
• Greatly simplifies brownfield
integration
- No changes are required on
host VPCs
• Multipathing, segmentation,
QoS, Application Aware
Routing
• Fast failover
- Speed of BGP convergence
Standard IPSec + BGP
(2x)
AWS Region
vManage
Cloud onRamp for IaaS - AWS
BGP <-> OMP
INET
VGW
VGW
Direct
Connect
MPLS

18. Standard IPSec + BGP
(2x)
Azure Region
vManage
Cloud onRamp for IaaS - Azure
BGP <-> OMP
INET
Express
Route
GW
MPLS
WAN Edge
WAN Edge
VNET Gateway
AS1
AS2
VNET
AS2
Host
VNET
VNET
AS1
Host
VNET
AS
1
AS
2
VNET
VPN
GW
VPN
GW
• Fully automated through
vManage wizard
• Greatly simplifies brownfield
integration
- No changes are required on
host VNETs
• Multipathing, segmentation,
QoS, Application Aware
Routing
• Fast failover
- Speed of BGP convergence

19. Direct-to-Cloud
MultiCloud
onRamp
Remote Site Campus
Future
Clouds
Data Center

20. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp for AWS
Demo

21. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure Branch

22. Traditional Branch Security
WideArea
Network
Remote Site
Data Center
Remote Site
VPN1 VPN2
VPN3
Users
Users
Cloud
Firewall
• How to provide application level security?
• How to provide transport independent segmentation?
• How to eliminate backhaul latency for secure cloud access?
Firewall

23. Layered Branch Security with SD-WAN
Application
Firewall
Zone Based
Firewall
Dedicated
Firewall
DIA and Cloud
Users
Compliance
VPN1
VPN2
VPN3
Cloud
Security
• Pick and choose the appropriate security controls

24. Segmentation
VPN
WAN Edge
VPN
WAN Edge
Remote Site /
Data Center
VPN VPN
Remote Site /
Data Center
SD-WAN Fabric
INET
MPLS

25. Inter-Site Security
VPN
Zone Based
App Firewall
WAN Edge
VPN
Zone Based
App Firewall
WAN Edge
Remote Site / Data Center
• Filter unwanted applications
• Stateful inspection for traffic
• (optional) Dedicatedsecurity
Remote Site / Data Center
VPN
WAN Edge
Dedicated
Firewall
Regional Hub
Service Insertion

26. DIA and Cloud
VPN
Zone Based
App Firewall
Cloud
Security
3rd Party
WAN Edge
DDoS Protection
Remote Site
• Filter unwanted applications
• Stateful inspection for DIA traffic
• Internet security
GRE/IPSec Tunnel

27. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Stayed Tuned for Much
More Branch Security Soon!

28. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-WAN Zone Based Firewall
Demo

29. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Operations and Troubleshooting

30. Infrastructure Health
Control Connections Health
Device Bringup

31. Application Visibility
Application Path
Application Recognition

32. Performance Statistics
Tunnel Level Statistics
Interface Level Statistics

33. Path Tools
AppRoute Visualization
Simulate Flows

34. Advance Queries
Realtime

35. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Operations and Troubleshooting
Demo

36. • Extend Cisco SD-WANto Cisco ISR and ASR family of routers
• Migrate existing site into Cisco SD-WAN in15 minutes without any additional
hardware
• Provide better use experience consuming cloud SaaS application with Cloud
onRamp for SaaS
• Automatically extend SD-WANinto public IaaS clouds with Cloud onRamp for
IaaS
• Provide layered and stateful security for inter-site and site to cloud communication
with integrated Cisco SD-WAN controls
• Flexible operations model and full solution transparency
Key Takeaways

37. Thank you for watching.