1

2

SDWAN 1.What is SD-WAN? Answer: Software-Defined WAN (SD-WAN) is an overlay architecture that builds a secure, unified connectivity over any transport (MPLS, Broadband, LTE, VSAT etc.) and provides simplified operations with centralized management, policy control and application visibility across the enterprise network.

2.What is the Cisco SD-WAN Solution? Answer: It started as a Viptela SD-WAN solution Cisco bought where a proprietary overlay protocol is managing connectivity between Edge devices using mostly TLS connections unless Symmetric NAT is in place, hence the DTLS/TLS communication with controllers like the vBond, acting as an orchestrator, a vManage server where policies are created plus templates and stuff, then a vSmart controller that centralizes Control Plane signalling and communications.

3.What are the various components of Cisco SDWAN?

Answer: Controllers: vSmart, vBond and vManage Edge: vEdge or cEdge

4.How do we manage Data Plane and Control Plane in the Cisco SDWAN solution? Answer: Data plane is on to the devices itself, but Control plane is now decoupled from the devices and are controlled by vSmart. The decision of data plane traffic is done by vSmart using the protocol OMP. While the real data plane traffic between the vEdges are using IPSEC tunnels.

5.What is TLOC and What attributes are configured to uniquely identify and represent a TLOC route? Answer: TLOC defines as transport locator and defines a specific interface in the overlay network. Each TLOC consists of a set of attributes that are exchanged in OMP updates among the Viptela devices. Attributes are: System IP address, Link color and encapsulation.

6.We are facing an issue of DCONFAIL (DTLS connection failure), what is the problem? Answer: Connectivity issues between vEdge and the controllers.

7.What is the default interval of BFD packets and VRRP in Cisco SDWAN? Answer: 1 second

3

8.Which protocol is used to check the loss, latency and Jitter of the tunnel between the vEdge peers? Answer: BFD: Bidirectional forwarding detection

9.When troubleshooting the certificate issues in the Cisco SDWAN environment, which command is used to verify the validity of the certificates? Answer: Show control local-properties

10.As the deployment of the controllers on the cloud and the connectivity of vEdge with the controller, how security is maintained between them? Answer: The privacy and encryption in the control plane offered by DTLS and TLS provide a safe and secure foundation for the other two security components, authentication and integrity. To perform authentication, the Cisco SD-WAN devices exchange digital certificates. These certificates, which are either installed by the software or hard coded into the hardware, depending on the device, identify the device and allow the devices themselves to automatically determine which ones belong in the network and which are imposters. For integrity, the DTLS or TLS connections run AES-256-GCM, a cryptographic secure hash algorithm which ensures that all control and data traffic sent over the connections has not been tampered with. -Public keys— These keys are generally known. -Private keys— These keys are private. They reside on each Cisco SD-WAN router and cannot be retrieved from the router. -Certificates signed by a root certification authority (CA)— The trust chain associated with the root CA needs to be present on all Cisco SD-WAN router.

11.What are key benefits of Cisco SD-WAN? Answer: -Better user application: Deploy applications in minutes on any platform and with consistent user application. -Greater Agility- Simplify deployment and operation of your WAN and get faster performance using less bandwidth. Deploy your Wan over any type of connections like MPLS, Internet or 4G LTE.

12.Which problem can a CISCO SD-WAN overcome? Answer: -Establish a transport independent WAN for high diversity and low cost. -Meet Service Level Agreements (SLAs) for business critical and real time applications. -Provide end to end segmentation for protecting critical enterprise compute resources.

4

-Extend seamlessly into Public Cloud provide Optimal user experience for SaaS and IaaS applications.

13.Which sectors and Industries have deployed the Cisco SD-WAN solutions? Answer: Cisco has one of the most widely deployed enterprise-grade SD-WAN solutions within the industry. Large deployments have made in sectors like retail, healthcare, financial services, energy, and many more. The solution is deployed across fortune 2000 enterprises with thousands of production sites in major industries including manufacturing retails, oil and gas, insurance, finance, government, logistics, and distribution as some examples.

14.How do you manage and operate cisco SD-WAN? Cisco SD-WAN is a centrally managed, orchestrated, and operated solutions with a cloud hosted Cisco vManage GUI management and provisioning platform, vSmart controller, and vBond orchestration layer at the heart of the solution. -vSmart controllers are the centralized brain of the solutions that implements policies and connectivity between SD-WAN branches -Cisco vManage manages the entire solution. Cisco’s GUI based centralized management and provisioning platform day 0, day1 and day n+ for the entire Cisco SD-WAN infrastructure.

15. What are vSmart Controllers? Answer: vSmart Controllers are the centralized brain of the solution that implements policies and connectivity between SD-WAN branches. The centralized policy engine in Cisco vSmart Controllers provides policy constructs to manipulate routing information, access control, segmentation and service chaining.

16. What are vBond Orchestrators? Answer: The vBond Orchestrator facilitates the initial bring-up by performing authentication and authorization of all elements into the network. Cisco vBond Orchestrator also provides the information on how each of the components connect to other components. Cisco vBond Orchestrator plays an important role in facilitating Cisco SDWAN devices that sit behind the Network Address Translation (NAT) to communicate with the network.

17. What is Cisco vManage? Answer: Cisco vManage maintains the entire solution. Cisco’s GUI based centralized management and provisioning platform for day0, day1 and day n+ for the entire Cisco SDWAN infrastructure. You can login to the Cisco vManage dashboard to centrally manage the WAN. Cisco vManage provides the ability to manage all aspects of the WAN from provisioning, monitoring, and upgrading routers to application visibility and troubleshooting the WAN.

5

18. How is Cisco SDWAN deployed at branch offices and data center network or regional hub? Answer: Branch office and regional data center hub sites can be deployed and connected using either virtual or physical secure routers. Enterprise customers and service providers can gain rich services like WAN optimization and firewall or basic WAN connectivity for physical or virtual platforms across the branch, WAN, or cloud as follows: Physical:

• Branch- Cisco vEdge Service Routers.

• Branch- Cisco 1000 series Integrated Services Routers (ISR).

• Branch 4000 Series ISR.

• Branch/ Regional Hub/ Data Center- Cisco ASR 1000 Series Aggregation Services Routers (ASR). Virtual:

• SD- Branch- Cisco

• 5000 Series Enterprise Network Compute System (ENCS) and integrated Services Virtual Router (ISRv).

• Network-Hub/ Colocation/ Data center- Cisco Cloud Services Platform 5000 and Cloud Services Router 1000V (CSR 1000V).

Public Cloud

• Amazon Web Series.

• Google Cloud Services.

• Microsoft Azure.

19. How does Global SD-WAN replace MPLS connectivity? Answer: SD-WAN technology does not necessarily replace MPLS services, but rather can augment MPLS services in a Hybrid WAN configuration. Our customers can utilize our SD-WAN service to combine MPLS circuits with public broadband or LTE circuits to increase the reliability of their wide area networks. For small branch deployments SD-WAN can replace MPLS services by using only public broadband connections, however, in these cases multiple broadband connections are recommended to increase reliability. Syringa Networks' Global SD-WAN is also comprised of multiple gateways located in strategic datacenters throughout the world. In creating a global backbone fabric, we have engineered a cloud environment that allows for a higher level of flexibility and reliability for our customer’s wide area networks. Leveraging a combination of last mile services via public broadband and MPLS connectivity to our distributed cloud gateways, our customers have the flexibility to craft a solution that best suits their networking requirements.

20. How is SD-WAN performance ensured over broadband links? Answer: If network performance is a top customer priority and you are using public broadband connections, Syringa Networks can implement an SD-WAN solution using Forward Error Correction and Dynamic Path

6

Optimization technologies to ensure the quality of your network. Also, our Network Operations Center (NOC) proactively monitors the performance of all network links and interfaces across our global network. Parameters such as capacity, congestion, latency, packet loss, and jitter are closely surveilled to comply with our service level agreements.

21. Can you still use existing firewall with SD-WAN? Answer: Customers can utilize their existing firewall or they can utilize Syringa Networks’ managed firewall service

that is integrated with our Global SD-WAN service. If a customer chooses to use their own firewall, Syringa

Networks can provision our SD-WAN appliance behind the firewall to ensure the service is secure. If the

customer chooses to utilize Syringa Networks’ managed firewall service, we will provision our SD-WAN

appliance with an integrated next-generation firewall.

22. How reliable is Global SD-WAN if only Internet circuits are used? Answer: Global SD-WAN can be extremely resilient. However, it is important to understand that SD-WAN reliability increases only with the use of multiple public Internet connections together. While lower cost Internet access such as DSL, Cable Modem, and some types of wireless delivery methods may seem attractive due to the price, these are generally asymmetrical and highly oversubscribed. While this may work for a smaller office with low data requirements, it is best to select the appropriate network connection for the application. Doing this will ensure that your Global SD-WAN deployment is as reliable as possible. Our expert Sales and Sales Engineering team can greatly assist in vetting the right Internet delivery method for your applications and requirements.

23. How easy is it to upgrade bandwidth or add locations to an existing deployment? Answer:

Bandwidth upgrades and adding new locations can be quick and easy with our Global SD-WAN service.

Since SD-WAN typically utilizes public broadband connections, which usually install in days or weeks

instead of months like fiber-based services, upgrades and new installations can turn up very quickly. If a

new site needs to turn-up extremely fast, wireless LTE can be used to get the site up in a few days instead

of months. Our Sales team can assist you with turning up new locations or adding bandwidth.

24. What is a Zero-Touch Provisioning (ZTP) Process? Answer:

Zero-touch provisioning (ZTP) is a method of setting up devices that automatically configures the device

using a switch feature. ZTP helps IT teams quickly deploy network devices in a large-scale environment,

eliminating most of the manual labor involved with adding them to a network.

25. What are the requirements for ZTP Provisioning? Answer:

7

The zero-touch provisioning process may vary from setup to setup; however, the basic requirements

include the following: a network device with ZTP; a Dynamic Host Configuration Protocol (DHCP) or Trivial

File Transfer Protocol (TFTP) server; and. a file server.

26. What are Controller Connections? Answer:

The SD-WAN controller maintains connections to all SD-WAN Edges to identify the operational state of

SD-WAN tunnels across different WANs and retrieve QoS performance metrics for each SD-WAN tunnel.

These metrics are used by the Service Orchestrator.

27. What is difference between SDN and SDWAN? Answer:

Software Defined Networking (SDN):

SDN was built for supporting computer needs to found in Local Area Networks (LANs) also as in

commission Provider networks. The goal was to develop dynamic, flexible, scalable connectivity to

support changing demands within the DC (data center) and on core networks. SDNs are directly

programmable, providing an agile centrally managed platform that decouples the Control Plane –

decisions about where traffic is routed – from the info Plane – which determines how traffic is

forwarded. Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts

for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.

Software Defined- Wide Area Network:

SD-WAN may be a commonly used alternative solution which allows organizations to link together

numerous distributed locations through the utilization of broadband and MPLS. The most difference

between SDN and SD-WAN is that SD-WAN focuses on delivering a good Area Network (WAN) which

connects multiple sites together.

SDN SDWAN

Software Defined Network. Software Defined Wide Area Network.

Operates a LAN or a service provider’s core network.

Enables connections between networks and users across geographies.

Programmable by the user to deliver bandwidth on-demand.

It is programmed to give operational simplification, integrated security and traffic prioritization.

Offers visibility into the real-time analytics and also in the core network performance.

Offers visibility into the real-time analytics and also in the WAN environment.

Provides a centralized view for automation of network services.

Focuses on software- defined application routing capabilities.

8

Designed by the user. Configured by the vendor.

Variations of commodity and specialised switching hardware.

Off-the-shelf x86 appliances- physical, virtual, cloud.

Technology has taken a long time to mature.

Recent technology but maturing very rapidly.

29. What is Zero Touch Provisioning (ZTP) process? Answer: Zero Touch Provisioning is an automatic provisioning process which starts when the vEdge router is powered up for the first time. The vEdge will attempt to connect to a ZTP Server with the hostname ztp.viptela.com, where it will get its vBond orchestrator information. Once the vBond orchestrator information is obtained, it can then subsequently make connections to the vManage and vSmart controllers in order to get its full configuration and join overlay network.

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24