Features in Cisco Viptela SDWAN release 20.11.x

Features in Cisco Viptela SDWAN release 20.11.x

Lets start with the Cisco Viptela SDWAN first and then we will discuss on the new feature sets in Cisco Viptela SDWAN release 20.11.x

Cisco Viptela SDWAN

SD-WAN so called Software Defined WAN solution, where control plane or management plane is separated from the physical devices, while in the Viptela solution we have following architecture, where we have data-plane on the physical devices (obviously), Control Plane by VSmart or VBond Management tool, Management Plane via VManage and Orchestration.

Features in Cisco Viptela SDWAN release 20.11.x
Fig 1.1- Cisco Viptela SDWAN

You can also check the updates in the previous releases

Features in Cisco Viptela SDWAN release 20.11.x

So let's talk about what new features has been added on the Cisco Viptela SDWAN release 20.11.x

  • You can provide any organization in the Organization field when establishing controller certificate authorization for enterprise certificates on WAN edge cloud devices. You are not restricted to company names like Cisco Systems. You can utilize your organization's certificate authority name or a third-party certificate authority name using this capability.
  • Cisco SD-WAN Remote Access Configuration allows you to configure a remote access capability in the configuration groups' system profiles. In the system profile, you can configure the following remote access parameters: Private IP Pool, Authentication, AAA Policy, IKEv2 Settings, and IPSec Settings.
  • While deploying devices, the Device Variable Option allows you to read or write variables from the Associate Devices page.
  • Configuration Groups and Feature Profiles–Cisco Security in System Profile, IPV4-Device-Access-Policy in System Profile, IPV6-Device-Access-Policy in System Profile, OSPF Routing in Transport Profile, VPN Interface GRE in Transport Profile, IPSEC in Transport Profile, Tracker Group in Transport Profile, GPS in Transport Profile, IPSEC in Service Profile, Tracker in Service Profile, Tracker Group in Service Profile, UCSE in Other Profile, AppQoE in Other Profile, Remote Access feature in System Profile.
  • Remote access is the provision of secure access to an organization's network from devices located in remote places. The IPv4 and IPv6 private IP address pools for Cisco SD-WAN remote access devices are managed by the resource pool manager.
  • This feature supports the TLOC extension for IPv6 and allows you to configure a GRE-in-UDP tunnel.
  • If you use an identity provider for security assertion markup language (SAML)-based single sign-on (SSO), such as Okta, you may establish user roles using the identity provider. When no roles are assigned for the user by the identity provider, this functionality allows you to allocate user groups locally in Cisco vManage.
  • When configuring data policies on Cisco IOS XE SD-WAN devices, you can specify log action parameters for data policies, application route policies, and localized policies. The log argument enables packets to be logged and syslog messages to be generated. When flow is active, logs are exported to external syslog every five minutes. Logs are only exported to an external syslog server if one is setup in the system; otherwise, just console logging is performed. Policy logs can also be regulated based on the rate set. To accommodate this functionality, a new command policy log-rate-limit is implemented.
  • Router-Generated QoS Cisco vManage Traffic allows you to prioritize or queue Cisco vManage traffic generated by routers based on your individual needs. Using QoS policies and class maps, route vManage traffic through a queue of your choice.
  • The ALG support for NAT DIA has been expanded to include the following protocols: TFTP, Point-to-Point Tunneling Protocol (PPTP), Sun Remote Procedure Call (SUNRPC), Skinny Client Control Protocol (SCCP), and H.323.
  • Assigning affinity groups to service routes and TLOC routes. A popular use is to give more control to routing by combining affinity group preference with control rules that match service routes and TLOC routes. You can configure a control policy to match specific TLOCs or routes and assign them an affinity group value, overriding the affinity group that they inherit from the router.
  • In a Multi-Region Fabric network, route aggregation may be configured on border routers and transport gateways. You can choose whether route aggregation occurs solely for the router's core region or for the router's access region when configuring a border router.
  • Cisco vSmart controllers can limit the number of routes advertised to network routers in order to eliminate routes that are irrelevant to a specific device. The colour of TLOCs on each device is used for filtering to limit the number of routes. A route to a public TLOC, for example, is irrelevant to a router that only has private TLOCs. Advertising fewer routes aids in avoiding routers in the network surpassing their transmit path limit.
  • This feature enables Multicast Source Discovery Protocol (MSDP) compatibility between Cisco IOS XE SD-WAN devices and devices in a non-SD-WAN configuration.
For more updates, please check the release notes below
Release Notes for Cisco SD-WAN Controllers -Release 20.11.x - Cisco