2023/09/10 IT & Cyber-Security Solutions 890 visit(s) 8 min to read
Ctelecoms
In our previous blog, we discussed the Cisco Catalyst SD-WAN solution. In this blog, we will be focusing on the Cisco Catalyst SD-WAN component. Let’s read it together to learn more about it!
The Cisco Catalyst SD-WAN system's secure, virtual IP fabric comprises four essential elements:
Among these components, the edge router can take the form of a physical Cisco Catalyst SD-WAN hardware device or software functioning as a virtual machine. The remaining three components are software-only, with the Cloud router, Cisco SD-WAN Manager, and Cisco SD-WAN Controller software running on servers, and the Cisco SD-WAN Validator software operating as a process (daemon) on an edge router.
The accompanying figure illustrates the components of Cisco Catalyst SD-WAN, and the following sections provide detailed descriptions of each component.
Cisco Catalyst SD-WAN Manager
Cisco SD-WAN Manager serves as a centralized network management system, offering a user-friendly dashboard that provides a visual representation of the network. It allows users to configure and manage Cisco edge network devices efficiently. The software for Cisco SD-WAN Manager typically operates on a server within the network and is often located in a centralized position, such as a data center. It's worth noting that Cisco SD-WAN Manager software can run on the same physical server as the Cisco SD-WAN Controller software if needed.
One of the key functionalities of Cisco SD-WAN Manager is its ability to store certificate credentials and create and store configurations for all Cisco edge network components. When these components are added to the network, they request their certificates and configurations from Cisco SD-WAN Manager. Upon receiving these requests, Cisco SD-WAN Manager pushes the necessary certificates and configurations to the Cisco edge network devices, ensuring they are properly configured and authenticated.
Additionally, for Cloud routers, Cisco SD-WAN Manager has the capability to sign certificates and generate bootstrap configurations. It can also perform device decommissioning when needed, ensuring the efficient management of these network components.
Cisco Catalyst SD-WAN Controller
Cisco SD-WAN Manager serves as a centralized network management system, offering a user-friendly dashboard that provides a visual representation of the network. It allows users to configure and manage Cisco edge network devices efficiently. The software for Cisco SD-WAN Manager typically operates on a server within the network and is often located in a centralized position, such as a data center. It's worth noting that Cisco SD-WAN Manager software can run on the same physical server as the Cisco SD-WAN Controller software if needed.
One of the key functionalities of Cisco SD-WAN Manager is its ability to store certificate credentials and create and store configurations for all Cisco edge network components. When these components are added to the network, they request their certificates and configurations from Cisco SD-WAN Manager. Upon receiving these requests, Cisco SD-WAN Manager pushes the necessary certificates and configurations to the Cisco edge network devices, ensuring they are properly configured and authenticated.
Additionally, for Cloud routers, Cisco SD-WAN Manager has the capability to sign certificates and generate bootstrap configurations. It can also perform device decommissioning when needed, ensuring the efficient management of these network components.
Cisco Catalyst SD-WAN Validator
The Cisco SD-WAN Validator plays a crucial role in the Cisco Catalyst SD-WAN ecosystem, automating and simplifying the initial setup of Cisco SD-WAN Controllers and edge routers, while also ensuring connectivity between them. During the setup process, the Cisco SD-WAN Validator authenticates and validates devices seeking to join the overlay network, eliminating the need for manual configuration and reducing the risk of errors.
Here are the key components and functions of the Cisco SD-WAN Validator:
The Cisco SD-WAN Validator is a software module responsible for authenticating Cisco SD-WAN Controllers and edge routers in the overlay network and coordinating their connectivity. It requires a public IP address, making it the only Cisco vEdge device in the network that must have a public address.
The key responsibilities of the Cisco SD-WAN Validator include establishing the initial control connections between Cisco SD-WAN Controllers and edge routers, creating DTLS tunnels for authentication purposes, and instructing the relevant edge routers and Cisco SD-WAN Controllers to establish secure connectivity with each other. Importantly, it does not maintain any state information, ensuring efficiency and simplicity in its operation.
For redundancy and fault tolerance, you can deploy multiple Cisco SD-WAN Validators in the network, and edge routers can be directed to connect to any of them. Each Cisco SD-WAN Validator maintains permanent DTLS connections with all Cisco Catalyst SD-WAN Controllers, and in case one becomes unavailable, the others seamlessly take over, ensuring the continuity of network operations. In scenarios with multiple Cisco SD-WAN Controllers, the Cisco SD-WAN Validator pairs edge routers with specific controllers to achieve load balancing.
Finally, edge routers, whether hardware or software devices, are responsible for handling data traffic across the network. When integrated into an existing network, these edge routers function like standard routers.
The components of an edge router in the Cisco SD-WAN ecosystem are integral to its functionality and play essential roles in managing and forwarding network traffic. Here's a breakdown of these components:
These components collectively enable the edge router to handle a wide range of tasks, from securely communicating with the Cisco SD-WAN Controller and other edge routers to efficiently routing and forwarding network traffic while adhering to specified policies and quality requirements.
The edge router possesses localized intelligence, enabling it to make site-specific decisions related to routing, high availability (HA), interface management, ARP (Address Resolution Protocol) management, ACLs (Access Control Lists), and other functions. This local intelligence allows the edge router to handle tasks specific to its site without relying solely on central management.
The OMP (Overlay Management Protocol) session established with the Cisco SD-WAN Controller plays a critical role in influencing the Routing Information Base (RIB) within the edge router. It provides non-site-local routes and reachability information necessary for constructing and maintaining the overlay network. This means that the edge router can incorporate information from the central controller to make routing decisions that affect the entire network.
In terms of security and device authentication, hardware-based edge routers come equipped with a Trusted Board ID chip, which serves as a secure cryptoprocessor. This chip stores the private key, public key, and a signed certificate for the router. During the initial startup of the edge router, you typically provide minimal configuration information, such as the IP addresses of the router and the Cisco SD-WAN Validator. With this information and the data stored on the Trusted Board ID chip, the edge router can authenticate itself on the network. It then establishes a DTLS (Datagram Transport Layer Security) connection with the Cisco SD-WAN Controller within its domain.
Once connected, the edge router can receive its complete configuration from Cisco SD-WAN Manager, assuming it is available within the domain. This allows for automated and consistent configuration management across the network. In cases where Cisco SD-WAN Manager is not present, you have the option to manually download a configuration file or create a configuration directly on the edge router via a console connection.
Overall, the edge router's combination of local intelligence and secure hardware elements ensures it can operate autonomously and securely, while also benefiting from central control and configuration management when available.
Cisco Catalyst SD-WAN offers a range of next-generation software services to enhance and optimize cloud networking, providing improved performance, visibility, and ease of management. Here's an overview of these services:
These next-generation software services are integral to Cisco Catalyst SD-WAN's goal of providing a more efficient, reliable, and user-friendly experience for businesses using cloud-based applications and services. They enable organizations to optimize their network performance, gain deep insights into network behavior, and simplify the management of SD-WAN controllers in cloud environments.
Enterprises are increasingly reliant on critical SaaS applications like Microsoft Office365, Salesforce, Dropbox, and others. To provide connectivity for their users accessing these applications, enterprises typically employ three primary methods:
However, network performance can significantly impact the user experience when accessing SaaS applications. Latency and packet loss, in particular, can degrade application performance. Unfortunately, many network administrators lack visibility into the performance characteristics between end-users and SaaS applications. When network path issues arise and impact application performance, shifting traffic from a primary to an alternate path can be a complex, manual, time-consuming, and error-prone process.
Cisco Catalyst SD-WAN Cloud onRamp for SaaS addresses these challenges by providing:
Enabling Cloud onRamp for SaaS in Cisco SD-WAN Manager is straightforward, typically requiring just a few clicks. Once enabled, network administrators can access the Cloud onRamp dashboard within Cisco SD-WAN Manager. This dashboard provides continuous visibility into the performance of individual applications, empowering administrators to make data-driven decisions to ensure an optimal user experience when accessing SaaS applications.
Cisco SD-WAN Analytics is a valuable tool within the Cisco Catalyst SD-WAN solution, offering in-depth visibility and insights into both application performance and network conditions over time. This Software as a Service (SaaS) offering, hosted by Cisco, provides a comprehensive view of your network and allows for detailed analysis, with the following key features:
Overall, Cisco SD-WAN Analytics offers a comprehensive view of your network's performance and application behavior over time. It empowers network administrators and IT teams to make data-driven decisions, troubleshoot issues efficiently, and plan for future network enhancements based on historical data and insights.
The Cisco Catalyst SD-WAN Portal is a specialized cloud-based infrastructure automation tool designed specifically for Cisco Catalyst SD-WAN. Its primary purpose is to simplify and streamline the provisioning, monitoring, and maintenance of various Cisco SD-WAN Controllers within public cloud environments.
Using the Cisco Catalyst SD-WAN Portal, you can efficiently provision and manage the following types of controllers:
By using the Cisco Catalyst SD-WAN Portal, organizations can expedite the deployment of Cisco SD-WAN components in public cloud providers, ensure proper configuration, and monitor the health and performance of these controllers from a centralized and user-friendly interface. This tool contributes to a more efficient and agile network management process in cloud-based Cisco SD-WAN deployments.
Ctelecoms, as a Premier Cisco Partner, underscores our profound expertise in planning and implementing Cisco solutions in the kingdom. We are always ready to assist with your organization's security and solution requirements.