Test Author | Dec 20, 2020
Cisco vManage is a centralized network management system. Cisco vManage dashboard provides a visual window into the network, and it allows you to configure and manage Cisco vEdge network devices. Cisco vManage software runs on a server in the network. This server is typically situated in a centralized location, such as a data center. It is possible for Cisco vManage software to run on the same physical server as Cisco vSmart Controller software.
You can use Cisco vManage to store certificate credentials, and to create and store configurations for all Cisco vEdge network components. As these components come online in the network, they request their certificates and configurations from Cisco vManage. When Cisco vManage receives these requests, it pushes the certificates and configurations to the Cisco vEdge network devices.
For vEdge Cloud routers, Cisco vManage can also sign certificates and generate bootstrap configurations, and it can decommission the devices.
The Cisco vSmart Controller oversees the control plane of the Cisco SD-WAN overlay network, establishing, adjusting, and maintaining the connections that form the Cisco SD-WAN fabric.
The major components of the Cisco vSmart Controller are:
The Cisco vSmart Controller maintains a centralized route table that stores the route information, called OMP routes, that it learns from the vEdge routers and from any other Cisco vSmart Controllers in the Cisco SD-WAN overlay network. Based on the configured policy, the Cisco vSmart Controller shares this route information with the Cisco vEdge network devices in the network so that they can communicate with each other.
The Cisco vSmart Controller is software that runs as a virtual machine on a server configured with ESXi or VMware hypervisor software. The vSmart software image is a signed image that is downloadable from the Cisco SD-WAN website. A single Cisco SD-WAN root-of-trust public certificate is embedded into all vSmart software images.
During the initial startup of a Cisco vSmart Controller, you enter minimal configuration information, such as the IP addresses of the controller and the Cisco vBond Orchestrator. With this information and the root-of-trust public certificate, the Cisco vSmart Controller authenticates itself on the network, establishes a DTLS control connection with the Cisco vBond Orchestrator, and receives and activates its full configuration from Cisco vManage if one is present in the domain. (Otherwise, you can manually download a configuration file or create a configuration directly on the Cisco vSmart Controller through a console connection.) The Cisco vSmart Controller is now also ready to accept connections from the vEdge routers in its domain.
To provide redundancy and high availability, a typical overlay network includes multiple Cisco vSmart Controllers in each domain. A domain can have up to 20 vSmart controllers. To ensure that the OMP network routes remain synchronized, all the Cisco vSmart Controllers must have the same configuration for policy and OMP. However, the configuration for device-specific information, such as interface locations and addresses, system IDs, and host names, can be different. In a network with redundant Cisco vSmart Controllers, the Cisco vBond Orchestrator tells the Cisco vSmart Controllers about each other and tells each Cisco vSmart Controller which vEdge routers in the domain it should accept control connections from. (Different vEdge routers in the same domain connect to different Cisco vSmart Controllers, to provide load balancing.) If one Cisco vSmart Controller becomes unavailable, the other controllers automatically and immediately sustain the functioning of the overlay network.
The Cisco vBond Orchestrator automatically coordinates the initial bringup of Cisco vSmart Controllers and vEdge routers, and it facilities connectivity between Cisco vSmart Controllers and vEdge routers. During the bringup processes, the Cisco vBond Orchestrator authenticates and validates the devices wishing to join the overlay network. This automatic orchestration process prevents tedious and error-prone manual bringup.
The Cisco vBond Orchestrator is the only Cisco vEdge device that is located in a public address space. This design allows the Cisco vBond Orchestrator to communicate with Cisco vSmart Controllers and vEdge routers that are located behind NAT devices, and it allows the Cisco vBond Orchestrator to solve any NAT-traversal issues of these Cisco vEdge devices.
The major components of the Cisco vBond Orchestrator are:
The Cisco vBond Orchestrator is a software module that authenticates the Cisco vSmart Controllers and the vEdge routers in the overlay network and coordinates connectivity between them. It must have a public IP address so that all Cisco vEdge devices in the network can connect to it. (It is the only Cisco vEdge device that must have a public address.)
The Cisco vBond Orchestrator orchestrates the initial control connection between Cisco vSmart Controllers and vEdge routers. It creates DTLS tunnels to the Cisco vSmart Controllers and vEdge routers to authenticate each node that is requesting control plane connectivity. This authentication behavior assures that only valid customer nodes can participate in the Cisco SD-WAN overlay network. The DTLS connections with Cisco vSmart Controllers are permanent so that the vBond controller can inform the Cisco vSmart Controllers as vEdge routers join the network. The DTLS connections with vEdge routers are temporary; once the Cisco vBond Orchestrator has matched a vEdge router with a Cisco vSmart Controller, there is no need for the Cisco vBond Orchestrator and the vEdge router to communicate with each other. The Cisco vBond Orchestrator shares only the information that is required for control plane connectivity, and it instructs the proper vEdge routers and Cisco vSmart Controllers to initiate secure connectivity with each other. The Cisco vBond Orchestrator maintains no state.
To provide redundancy for the Cisco vBond Orchestrator, you can create multiple vBond entities in the network and point all vEdge routers to those Cisco vBond Orchestrators. Each Cisco vBond Orchestrator maintains a permanent DTLS connection with each Cisco vSmart Controller in the network. If one Cisco vBond Orchestrator becomes unavailable, the others are automatically and immediately able to sustain the functioning of the overlay network. In a domain with multiple Cisco vSmart Controllers, the vBond orchestrator pairs a vEdge router with one of the Cisco vSmart Controllers to provide load balancing.
The vEdge router, whether a hardware or software device, is responsible for the data traffic sent across the network. When you place a vEdge router into an existing network, it appears as a standard router.
To illustrate this, the figure here shows a vEdge router and an existing router that are connected by a standard Ethernet interface. These two routers appear to each other to be Layer 3 end points, and if routing is needed between the two devices, OSPF or BGP can be enabled over the interface. Standard router functions, such as VLAN tagging, QoS, ACLs, and route policies, are also available on this interface.
The vEdge router's components are:
The vEdge router has local intelligence to make site-local decisions regarding routing, high availability (HA), interfaces, ARP management, ACLs, and so forth. The OMP session with the Cisco vSmart Controller influences the RIB in the vEdge router, providing non-site-local routes and the reachability information necessary to build the overlay network.
The hardware vEdge router includes a Trusted Board ID chip, which is a secure cryptoprocessor that contains the private key and public key for the router, along with a signed certificate. All this information is used for device authentication. When you initially start up a vEdge router, you enter minimal configuration information, such as the IP addresses of the vEdge router and the Cisco vBond Orchestrator. With this information and the information on the Trusted Board ID chip, the vEdge router authenticates itself on the network, establishes a DTLS connection with the Cisco vSmart Controller in its domain, and receives and activates its full configuration from Cisco vManage if one is present in the domain. Otherwise, you can manually download a configuration file or create a configuration directly on the vEdge router through a console connection.
The world of SD-WAN technology is continually changing over the last few years.
Test Author | Dec 24, 2020
Learn about fundamental concepts and benefits of Cisco SDWAN Solution.
Test Author | Dec 20, 2020
CCIE Enterprise Infrastructure is replacement of most popular CCIE Routing and Switching Lab exam however in practical terms if a complete different certification.
Test Author | Nov 18, 2020
With the ever growing Security domain, demand for Cisco CCIE Security certification has substantially risen. The aspirants into this field, planning to build a career in the IT industry can opt for CCIE Security course at Networkers Home – India’s best CCIE training Company.
Test Author | Nov 12, 2020
With the revolutionary changes in IT infrastructure and more businesses shifting to clouds, networks and networking professionals are facing tremendous pressure to align themselves with the technological trends of networking.
Test Author | Nov 05, 2020