Introduction to Palo Alto's Prisma SDWAN
Introduction to Palo Alto's Prisma SDWAN
SDWAN is a WAN solution which simplifies the management and operation of a WAN by decoupling the control plane from the hardware itself. SD-WAN technology permits organizations to build higher-performance WANs with lower-cost WAN solutions like internet, 4G/5G.
We are going to discuss about the Palo Alto Networks Prisma SD-WAN solution which was formerly knows as CloudGenix SD-WAN solution.
Fig 1.1- Palo Alto's Prisma SDWAN
We are now going to talk about the key components of the Prisma SDWAN solution. These key components are
- Controller
- ION Devices
- ION Fabric
Purpose of the controller:
With the help of the Prisma SDWAN controller, you can centralizes routing policies and builds a network with multiple WAN paths. The path use various kind of links like MPLS, VPLS, Internet and so on..
Automation is the main game changer in SDWAN solution, So with the controller, we can push WAN configuration to ION devices at a branch or data center through APIs. It gives you a centralized point of administration for policy as well as application with rich network analytics.
third main parameter is security, so with this controller, so it enables secure, automated virtual private network (VPN) tunnels through zero touch provisioning.
ION Devices:
Prisma SDWAN which was earlier known as CloudGenix SDWAN has the customer edge device named as "ION device". These ION devices capable of adding WAN networks such as MPLS, LTE and internet links into a single high-performance hybrid WAN infrastructure. ION device can be a physical or virtual device that serves as a forwarding x86 commodity-based element at a branch.
 |
| Fig 1.2- Prisma SDWAN ION |
Note: ION defines as Instant-On Networks
Mode of Operation:
There are two modes of operations for Prisma SDWAN solution and these modes of operations are Analytics mode and Control mode.
Analytics mode: In Analytics mode, we install an ION device into a green field or brownfield branch site. we will place the ION device between a WAN edge router and a LAN switch. The ION device monitors traffic and collects analytics that are reported to the Prisma SDWAN portal.
When sites are in analytics mode, the ION devices do not apply policies or make path selection decisions for applications. In this mode, a data center site is not required.
Control mode: In Control mode, we install an ION device into a green field or brownfield branch site. we will either replace the WAN edge router with the ION device or place the ION device between a WAN edge router and a LAN switch.
The ION device monitors traffic and collects analytics that are reported to the Prisma SDWAN portal. When the site is in control mode, the ION device at the branch dynamically builds secure fabric VPN connections to all data center sites across all WAN paths. So data center site is required.
ION Fabric
ION Fabric is the overlay mesh of ION devices in an hybrid WAN environment. The traffic flow within the ION fabric across ION devices are IPSEC traffic encrypted with AES-256.
