10 Interview questions on Cisco Viptela SDWAN

Today we are going to talk about the basic few questions which are usually asked in the interview for Cisco Viptela SDWAN.

Let's start with the first part of interview questions in Cisco Viptela SDWAN. we will come up with another round of questions in Cisco Viptela SDWAN.

Fig 1.1- Cisco Viptela SDWAN

Q1 What is SD-WAN ? 
Software-Defined WAN (SD-WAN) is an overlay architecture that builds a secure, unified connectivity over any transport (MPLS, Broadband, LTE, VSAT etc.) and provides simplified operations with centralized management, policy control and application visibility across the enterprise network.

Q2 What are the various components of Cisco SDWAN ?
Controllers: vSmart, vBond and vManage
Edge: vEdge or cEdge

Q3 How we manage Data Plane and Control Plane in the Cisco SDWAN solution ?
Data plane is on to the devices itself, but Control plane is now decoupled from the devices and are controlled by vSmart. The decision of data plane traffic is done by vSmart using the protocol OMP. While the real data plane traffic between the vEdges are using IPSEC tunnels.

Q4: What is TLOC and What attributes are configured to uniquely identify and represent a TLOC route?
TLOC defines as transport locator and  defines a specific interface in the overlay network. Each TLOC consists of a set of attributes that are exchanged in OMP updates among the Viptela devices.

Attributes are : System IP address, Link color and encapsulation.

Q5: We are facing an issue of DCONFAIL ( DTLS connection failure), what is the problem?
Connectivity issues between vEdge and the controllers.

Q6: What is the default interval of BFD packets and VRRP in Cisco SDWAN?
1 second

Q7: Which protocol is used to check the loss, latency and Jitter of the tunnel between the vEdge peers?
BFD: Bidirectional forwarding detection

Q8: When troubleshooting the certificate issues in the Cisco SDWAN environment, which command is used to verify the validity of the certificates ?
show control local-properties

Q9: As the deployment of the controllers on the cloud and the connectivity of vEdge with the controller, how security is maintained between them ?
The privacy and encryption in the control plane offered by DTLS and TLS provide a safe and secure foundation for the other two security components, authentication and integrity. To perform authentication, the Cisco SD-WAN devices exchange digital certificates. 

These certificates, which are either installed by the software or hard coded into the hardware, depending on the device, identify the device and allow the devices themselves to automatically determine which ones belong in the network and which are imposters. For integrity, the DTLS or TLS connections run AES-256-GCM, a cryptographic secure hash algorithm which ensures that all control and data traffic sent over the connections has not been tampered with.

  • Public keys— These keys are generally known.
  • Private keys— These keys are private. They reside on each Cisco SD-WAN router and cannot be retrieved from the router.
  • Certificates signed by a root certification authority (CA)— The trust chain associated with the root CA needs to be present on all Cisco SD-WAN router.

Q10: we are creating an OMP feature template from the vManage GUI to apply to the WAN edge routers, which attribute will avoid the redistribution of the routes back into the OMP from LAN side?
Configure Overlay AS number