Latest

Fabric Operation in Cisco Viptela SDWAN

As we discuss on Application aware routing, Secure segmentation in Cisco SDWAN solution which is very much clear now. Now we are going to talk about Fabric operation in Viptela SDWAN solution. When we talk about Fabric operation which means how the control plane and Data plane traffic flows in the SDWAN solution.

You need to understand various terms used in the Cisco SDWAN solution and these terms are:
  • OMP ( Overlay Management Protocol)
  • TLOC's (Transport location identifier)
  • DTLS (Datagram Transport Layer Security protocol)
  • TLS (Transport Layer Security protocol)
  • BFD (Bidirectional Forwarding Detection)
  • IPSEC (IP Security tunnels)
OMP (Overlay Management Protocol): Used for sending Layer 3 updates from vEdges to vSmart. OMP is enabled by default on all vEdge routers, vManage NMSs, and vSmart controllers, so there is not need to explicitly configure or enable OMP. OMP must be operational for the Viptela overlay network to function. If you disable it, you disable the overlay network.

TLOC (Transport location identifier): TLOC is used to bind this interface, which connects to another vEdge router at the same physical site, to the local router's WAN transport interface (on vEdge routers only).

DTLS (Datagram Transport Layer Security protocol) : The vSmart controller, which is the centralized brain of the Viptela solution, establishes and maintains DTLS or TLS connections to all Viptela devices in the overlay network which means to the vEdge routers, the vBond orchestrators, to vManage NMSs, and to other vSmart controllers. These connections carry control plane traffic. DTLS or TLS provides communication privacy between Viptela devices in the network, using the Advanced Encryption Standard (AES-256) encryption algorithm to encrypt all control traffic sent over the connections.

BFD (Bidirectional Forwarding Detection): The BFD protocol, which detects link failures as part of the Viptela high availability solution, is enabled by default on all vEdge routers, and you cannot disable it.

IPSEC (IP Security tunnels) : IPSEC tunnels is to establish secure connection between vEdge for flowing data traffic. I think everybody knows how secure IPSEC tunnels are.

Fig 1.1- Fabric Operation in SDWAN

Fabric Operations in Cisco SDWAN

  • vSmarts advertise routes and encryption keys to WAN Edges in OMP updates
  • Routes and encryption keys are advertised to vSmarts in OMP updates
  • Local Routes which includes Local prefixes (OSPF/BGP) and SD-WAN tunnel endpoints (TLOCs)
  • Security Context which includes IPSec Encryption Keys
  • BFD used for Path liveliness and quality measurement like Up/Down, loss/latency/jitter, IPSec tunnel MTU. BFD also uses hello (up/down) interval, poll (app-aware)interval and multiplier for detection
Fig 1.2