10 Interview questions on Cisco Viptela SDWAN
Today we are going to talk about the basic few questions which are usually asked in the interview for Cisco Viptela SDWAN.
Let's start with the first part of interview questions in Cisco Viptela SDWAN. we will come up with another round of questions in Cisco Viptela SDWAN.
Fig 1.1- Cisco Viptela SDWAN |
Q1 What is SD-WAN ?
Software-Defined WAN (SD-WAN) is an overlay architecture that builds a secure,
unified connectivity over any transport (MPLS, Broadband, LTE, VSAT etc.) and
provides simplified operations with centralized management, policy control and
application visibility across the enterprise network.
Q2 What are the various components of Cisco SDWAN ?
Controllers: vSmart, vBond and vManage
Edge: vEdge or cEdge
Q3 How we manage Data Plane and Control Plane in the
Cisco SDWAN solution ?
Data plane is on to the devices itself, but Control plane is now decoupled from
the devices and are controlled by vSmart. The decision of data plane traffic is
done by vSmart using the protocol OMP. While the real data plane traffic
between the vEdges are using IPSEC tunnels.
Q4: What is TLOC and What attributes are configured to
uniquely identify and represent a TLOC route?
TLOC defines as transport locator and
defines a specific interface in the overlay network. Each TLOC consists
of a set of attributes that are exchanged in OMP updates among the Viptela
devices.
Attributes are : System IP address, Link color and
encapsulation.
Q5: We are facing an issue of DCONFAIL ( DTLS connection
failure), what is the problem?
Connectivity issues between vEdge and the controllers.
Q6: What is the default interval of BFD packets and VRRP
in Cisco SDWAN?
1 second
Q7: Which protocol is used to check the loss, latency and
Jitter of the tunnel between the vEdge peers?
BFD: Bidirectional forwarding detection
Q8: When troubleshooting the certificate issues in the
Cisco SDWAN environment, which command is used to verify the validity of the
certificates ?
show control local-properties
Q9: As the deployment of the controllers on the cloud and
the connectivity of vEdge with the controller, how security is maintained
between them ?
The privacy and encryption in the control plane offered by DTLS and TLS provide
a safe and secure foundation for the other two security components,
authentication and integrity. To perform authentication, the Cisco SD-WAN
devices exchange digital certificates.
These certificates, which are either
installed by the software or hard coded into the hardware, depending on the
device, identify the device and allow the devices themselves to automatically
determine which ones belong in the network and which are imposters. For
integrity, the DTLS or TLS connections run AES-256-GCM, a cryptographic secure
hash algorithm which ensures that all control and data traffic sent over the
connections has not been tampered with.
- Public keys— These keys are generally known.
- Private keys— These keys are private. They reside on each Cisco SD-WAN router and cannot be retrieved from the router.
- Certificates signed by a root certification authority (CA)— The trust chain associated with the root CA needs to be present on all Cisco SD-WAN router.
Q10: we are creating an OMP feature template from the
vManage GUI to apply to the WAN edge routers, which attribute will avoid the
redistribution of the routes back into the OMP from LAN side?
Configure Overlay AS number