Part 1: Cisco SD-WAN Implementation Exam Prep Series (ENSDWI) 300 - 415
SD-WAN Architecture
Cisco SD-WAN has 3 controller components that are known as vManage (NMS), vSmart (Control Plane) and vBond (Orchestrator). These components are flexible in deployment and can be deployed in AWS, Azure public clouds.
These components also support on-prem deployment for agencies where cloud access is not available as per the security guidelines. Supported format for controller software are .ova and .qcow2 that can be instantiated.
 |
| Fig 1.1- Cisco Viptela SDWAN |
vManage
vManage is the NMS for Cisco SD-WAN controller. Also considered to be the single window to perform the monitoring and configuration tasks. All the device configuration is controlled through templates and these are defined in vManage.
Not only device templates, centralized, local polices are also defined on vManage and sent to vSmart (centralized polices) and to edge routers (local polices). vManage can be deployed in HA mode across geographically separate locations.
As the solution is horizontal scalable the capacity to handle large number of devices can be achieved through clustering of multiple instances of vManage. Minimum 3 instances can be deployed in a cluster.
vSmart
vSmart implements the control plane of the Cisco SD-WAN overlay solution. It maintains the connections that forms the secure overlay network. Also known as the brain of the solution. Edge router forms the secure DTLS/TLS tunnel to vSmart – OMP (routing adjacencies) are formed inside the secure tunnel. vSmart forms the OMP adjacencies with other vSmart and Edge routers to send the routing and policy updates.
It is responsible to share the crypto key information to edge routers for encryption and decryption purpose. vSmart receives the lan subnet information (vRoutes/OMP routes) from edge router along with the TLOC (uniquely identifies each link in fabric – combination of System IP + Color + Encapsulation). It enforce the control polices on edge router.
vBond
vBond implements the orchestration plane of the Cisco SD-WAN solution. This component binds all other components together. vBond plays a critical role while on-boarding the device as it is the first point on contact.
vBond is the only component known to a new router once authenticated and authorized, vBond orchestrate the connection between the router and vManage & vSmart. vBond forms the temporary DTLS secure tunnels to vBond – which is terminated once router get connected to vManage and vSmart.
Edge Router (cEdge/vEdge)
Edge router provides the secure data plane communication between the locations. Cisco manufactured SD-WAN devices are known as cEdge and Viptela manufactured devices were known as vEdge.
cEdge meet wide variety of the use-cases in customer environment such as – small site will LTE connectivity can have ISR 1000 series devices, site that need on-board security devices routers with more memory (min. 8GB) can be deployed, voice support can be activated with ISR 4000 and Catalyst 8000 series routers.
