Cisco Software-Defined Wide Area Networks: Designing, Deploying and Securing Your Next Generation WAN with Cisco SD-WAN, 1st edition

Published by Cisco Press (September 4, 2020) © 2021

  • Jason Gooley
  • Dana Yanch
  • Dustin Schuemann
  • John Curran
Products list
$65.99
Buy nowOpens in a new tab
Sold by InformIT and ebook resellers
  • Available for purchase from all major ebook resellers, including InformIT.com
Products list
$55.99

Price Reduced From: $69.99

Details

  • A print text
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
Cisco Software-Defined Wide-Area Networks from Cisco Press will help you learn, prepare, and practice for exam success. This study guide is built with the objective of providing assessment, review, and practice to help ensure you are prepared for your certification exam.
Cisco Software-Defined Wide-Area Networks presents you with an organised test preparation routine using proven series elements and techniques. Key Topic tables help you drill on key concepts you must know thoroughly. Chapter-ending Review Questions help you to review what you learned in the chapter.
  • Master Implementing Cisco SD-WAN Solutions (ENSDWI 300-415) exam topics
  • Assess your knowledge with chapter-ending review questions
  • Review key terms
  • Practice with realistic exam questions in the practice test software
Cisco Software-Defined Wide-Area Networks enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Four leading Cisco technology experts share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.
This study package includes
  • A test-preparation routine proven to help you pass the exams
  • Chapter-ending Key Topic tables, which help you drill on key concepts you must know thoroughly
  • Chapter-ending Review Questions, to review what you learned in the chapter
  • The powerful Pearson Test Prep Practice Test software, with two full exams comprised of well-reviewed, exam-realistic questions, customisation options, and detailed performance reports
Introduction     xix

Chapter 1  Introduction to Cisco Software-Defined Wide Area Networking (SD-WAN)     1

Networks of Today     1

Common Business and IT Trends     4

Common Desired Benefits     5

High-Level Design Considerations     7

Introduction to Cisco Software-Defined WAN (SD-WAN)     9

    Transport Independence     10

    Rethinking the WAN     12

Use Cases Demanding Changes in the WAN     13

    Bandwidth Aggregation and Application Load-Balancing     13

    Protecting Critical Applications with SLAs     14

    End-to-End Segmentation     15

    Direct Internet Access     15

    Fully Managed Network Solution     16

Building an ROI to Identify Cost Savings     17

Introduction to Multidomain     18

    Cloud Trends and Adoption     19

Summary     21

Review All Key Topics     22

Key Terms     22

Chapter Review Questions     22

Chapter 2  Cisco SD-WAN Components     25

Data Plane     27

Management Plane     32

Control Plane     34

Orchestration Plane     36

Multi-Tenancy Options     38

Deployment Options     38

Summary     39

Review All Key Topics     39

Key Terms     40

Chapter Review Questions     40

References     42

Chapter 3  Control Plane and Data Plane Operations     43

Control Plane Operations     44

    Overlay Management Protocol     47

       OMP Routes     48

       TLOC Routes     52

       Service Routes     54

    Path Selection     56

    OMP Route Redistribution and Loop Prevention     58

Data Plane Operations     65

    TLOC Colors     66

    Tunnel Groups     70

    Network Address Translation     73

       Full Cone NAT     74

       Symmetric NAT     75

       Address Restricted Cone NAT     76

       Port Restricted Cone NAT     77

    Network Segmentation     81

    Data Plane Encryption     83

    Data Plane Encryption with Pairwise     86

Summary     88

Review All Key Topics     88

Key Terms     89

Chapter Review Questions     89

References     90

Chapter 4  Onboarding and Provisioning     91

Configuration Templates     93

Developing and Deploying Templates     97

Onboarding Devices     101

    Manual Bootstrapping of a WAN Edge     102

    Automatic Provisioning with PNP or ZTP     103

Summary     105

Review All Key Topics     106

Chapter Review Questions     106

References     107

Chapter 5  Introduction to Cisco SD-WAN Policies     109

Purpose of Cisco SD-WAN Policies     109

Types of Cisco SD-WAN Policies     110

       Centralized Policy     110

       Centralized Policies That Affect the Control Plane     111

       Centralized Policies That Affect the Data Plane     112

    Localized Policy     112

    Policy Domains     113

Cisco SD-WAN Policy Construction     115

Types of Lists     118

Policy Definition     119

Cisco SD-WAN Policy Administration, Activation, and Enforcement     122

    Building a Centralized Policy     122

    Activating a Centralized Policy     125

Packet Forwarding Order of Operations     127

Summary     128

Review All Key Topics     129

Define Key Terms     129

Chapter Review Questions     129

Chapter 6  Centralized Control Policies     133

Centralized Control Policy Overview     134

Use Case 1: Isolating Remote Branches from Each Other     136

    Use Case 1 Review     149

Use Case 2: Enabling Branch-to-Branch Communication Through Data Centers     149

    Enabling Branch-to-Branch Communication with Summarization     150

    Enabling Branch-to-Branch Communication with TLOC Lists     152

    Use Case 2 Review     168

Use Case 3: Traffic Engineering at Sites with Multiple Routers     169

    Setting TLOC Preference with Centralized Policy     171

    Setting TLOC Preference with Device Templates     177

    Use Case 3 Review     179

Use Case 4: Preferring Regional Data Centers for Internet Access     180

    Use Case 4 Review     188

Use Case 5: Regional Mesh Networks     188

    Use Case 5 Review     195

Use Case 6: Enforcing Security Perimeters with Service Insertion     195

    Use Case 6 Review     202

Use Case 7: Isolating Guest Users from the Corporate WAN     202

    Use Case 7 Review     206

Use Case 8: Creating Different Network Topologies per Segment     206

    Use Case 8 Review     210

Use Case 9: Creating Extranets and Access to Shared Services     211

    Use Case 9 Review     222

Summary     223

Review All Key Topics     223

Define Key Terms     224

Chapter Review Questions     224

Reference     226

Chapter 7  Centralized Data Policies     227

Centralized Data Policy Overview     228

Centralized Data Policy Use Cases     228

    Use Case 10: Direct Internet Access for Guest Users     230

       Use Case 10 Review     242

    Use Case 11: Direct Cloud Access for Trusted Applications     243

       Use Case 11 Review     253

    Use Case 12: Application-Based Traffic Engineering     253

       Use Case 12 Review     260

    Use Case 13: Protecting Corporate Users with a Cloud-Delivered Firewall     261

       Use Case 13 Review     269

    Use Case 14: Protecting Applications from Packet Loss     269

       Forward Error Correction for Audio and Video     270

       Packet Duplication for Credit Card Transactions     274

       Use Case 14 Review     280

Summary     280

Review All Key Topics     281

Define Key Terms     282

Chapter Review Questions     282

References     284

Chapter 8  Application-Aware Routing Policies     285

The Business Imperative for Application-Aware Routing     286

The Mechanics of an App-Route Policy     286

Constructing an App-Route Policy     287

Monitoring Tunnel Performance     294

       Liveliness Detection     295

       Hello Interval     295

       Multiplier     297

    Path Quality Monitoring     298

       App-Route Poll Interval     298

       App-Route Multiplier     300

Mapping Traffic Flows to a Transport Tunnel     304

    Packet Forwarding with Application-Aware Routing Policies     304

       Traditional Lookup in the Routing Table     305

       SLA Class Action     306

Summary     315

Review All Key Topics     316

Define Key Terms     316

Chapter Review Questions     316

Chapter 9  Localized Policies     319

Introduction to Localized Policies     319

Localized Control Policies     320

Localized Data Policies     334

Quality of Service Policies     338

    Step 1: Assign Traffic to Forwarding Classes     339

    Step 2: Map Forwarding Classes to Hardware Queues     341

    Step 3: Configure the Scheduling Parameters for Each Queue     341

    Step 4: Map All of the Schedulers Together into a Single QoS Map     342

    Step 5: Configure the Interface with the QoS Map     343

Summary     346

Review All Key Topics     347

Chapter Review Questions     347

Chapter 10  Cisco SD-WAN Security     349

Cisco SD-WAN Security: Why and What     349

Application-Aware Enterprise Firewall     352

Intrusion Detection and Prevention     360

URL Filtering     367

Advanced Malware Protection and Threat Grid     372

DNS Web Layer Security     377

Cloud Security     381

vManage Authentication and Authorization     384

    Local Authentication with Role-Based Access Control (RBAC)     384

    Remote Authentication with Role-Based Access Control (RBAC)     387

Summary     389

Review All Key Topics     389

Define Key Terms     389

Chapter Review Questions     389

Chapter 11  Cisco SD-WAN Cloud onRamp     393

Cisco SD-WAN Cloud onRamp     393

Cloud onRamp for SaaS     394

Cloud onRamp for IaaS     412

Cloud onRamp for Colocation     429

    Why Colocation?     432

    How It Works     432

    Service Chaining for a Single Service Node     434

    Service Chaining for Multiple Service Nodes     436

    Service Chaining and the Public Cloud     436

       Infrastructure as a Service     438

       Software as a Service     438

       Redundancy and High Availability     440

       Service Chain Design Best Practices     440

    Configuration and Management     442

       Cluster Creation     442

       Image Repository     449

       Service Chain Creation     449

    Monitoring     454

Summary     455

Review All Key Topics     456

Define Key Terms     456

Chapter Review Questions     456

Chapter 12  Cisco SD-WAN Design and Migration     459

Cisco SD-WAN Design Methodology     459

Cisco SD-WAN Migration Preparation     460

Cisco SD-WAN Data Center Design     462

    Transport-Side Connectivity     463

    Loopback TLOC Design     465

    Service-Side Connectivity     466

Cisco SD-WAN Branch Design     469

    Complete CE Replacement—Single Cisco SD-WAN Edge     470

    Complete CE Replacement—Dual Cisco SD-WAN Edge     471

    Integration with Existing CE Router     475

    Integration with a Branch Firewall     476

    Integration with Voice Services     478

Cisco SD-WAN Overlay and Underlay Integration     480

    Overlay Only     480

    Overlay with Underlay Backup     481

    Full Overlay and Underlay Integration     485

Summary     490

Review All Key Topics     490

Chapter Review Questions     490

Chapter 13  Provisioning Cisco SD-WAN Controllers in a Private Cloud     493

SD-WAN Controller Functionality Recap     493

Certificates     496

vManage Controller Deployment     501

    Step 1: Deploy vManage Virtual Appliance on VMware ESXi or KVM     503

    Step 2: Bootstrap and Configure vManage Controller     506

    Step 3/4: Set Organization Name and vBond Address in vManage; Install Root CA Certificate     506

    Step 5: Generate, Sign, and Install Certificate onto vManage Controller     511

vBond Controller Deployment     513

    Step 1/2/3: Deploy vBond Virtual Machine on VMware ESXi; Bootstrap and Configure vBond Controller; Manually Install Root CA Certificate on vBond     514

    Step 4/5: Add vBond Controller to vManage; Generate, Sign, and Install

Certificate onto vBond Controller     516

vSmart Controller Deployment     518

    Step 1/2/3: Deploy vSmart Virtual Machine from Downloaded OVA; Bootstrap and Configure vSmart Controller; Manually Install Root CA Certificate on vSmart     519

    Step 4/5: Add vSmart Controller to vManage; Generate, Sign, and Install Certificate onto vSmart Controller     520

Summary     523

Review All Key Topics     524

Define Key Terms     524

Chapter Review Questions     524

References     526

Appendix A:  Answers to Chapter Review Questions     527

Appendix B:  Example 7-17     539

Glossary of Key Terms     553

Index     557




Need help? Get in touch