Features in Cisco Catalyst SDWAN release 20.12.x

Lets start with the Cisco Catalyst SDWAN (Earlier known as Cisco Viptela SDWAN)first and then we will discuss on the new feature sets in Cisco Catalyst SDWAN release 20.12.x

Cisco Catalyst SDWAN

SD-WAN so called Software Defined WAN solution, where control plane or management plane is separated from the physical devices, while in the Viptela solution we have following architecture, where we have data-plane on the physical devices (obviously), Control Plane by VSmart or VBond Management tool, Management Plane via VManage and Orchestration.

Fig 1.1- Cisco Catalyst SDWAN

You can also check the updates in the previous releases

Features in Cisco Viptela SDWAN release 20.11.x - The Network DNA
Features in Cisco Viptela SDWAN release 20.10.x - The Network DNA
Features in Cisco Viptela SDWAN release 20.9.x - The Network DNA
Features in Cisco Viptela SDWAN release 20.8.x - The Network DNA
Features in Cisco Viptela SDWAN release 20.7.x - The Network DNA

Features in Cisco Catalyst SDWAN release 20.12.x

So let's talk about what new features has been added on the Cisco Catalyst SDWAN release 20.12.x

• Certificate Support Without the Organizational Unit Field: Enterprise certificates installed on devices do not require the Organizational Unit (OU) field to be specified. Previously, this parameter was utilized as part of a device's authentication. The OU field in a signed certificate, on the other hand, must match the organization name defined on the device.
• Cisco Catalyst SD-WAN Remote Access Configuration in SSL-VPN Mode: Using Cisco SD-WAN Manager, you may set the following Cisco Catalyst SD-WAN Remote Access capabilities for a device in SSL-VPN mode: Private IP Pool, Authentication, and AAA Policy.
• Configuration Groups and Feature Profiles (Phase IV): You now have Flexible Port Speed, OSPFv3 IPv4 Routing, OSPFv3 IPv6 Routing, and T1/E1 Controller features in the Transport Profile. Sub features for transport VPN such as OSPFv3 IPv4 Routing, OSPFv3 IPv6 Routing, T1/E1 Serial, DSL PPPoE, DSL PPPoA, DSL IPoE, and Ethernet PPPoE have been included. OSPFv3 IPv4 Routing, OSPFv3 IPv6 Routing, EIGRP Routing, Object Tracker, and Object Tracker Group are now available in the Service Profile. The Route Leak to Global VPN option is added to the service VPN's Route Leak parameter.
• Support for Dual Device Site Configuration Support for Dual Device Site Configuration and Enhancements to User-Defined Device Tagging
• VFR (Virtual Fragmentation Reassembly) and Underlay Fragmentation are techniques in which packets are fragmented for improved transit while passing through a VFR equipped Cisco IOS XE Catalyst SD-WAN device. Packets in a network's underneath layer are fragmented by underlay fragmentation. Underlay fragmentation is used to deliver bigger packets that exceed the (MTU) limit.
• Support for Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System (TACACS) authentication in a multitenant deployment on WAN edge devices is enabled by RADIUS/TACAS Support for Multitenancy.
• NAT Limits improved to permit NAT to impose per tenant maximum limit on translations. Tier is now known as Resource Profile in Cisco SD-WAN Manager as of this version.
• To guarantee symmetric routing of traffic flows across devices in a network, you can employ affinity groups, affinity group preference, and translation of RIB metrics. Symmetric routing supports a wide range of network topologies, including Multi-Region Fabric. Transport gateways can transfer RIB measurements to control plane protocols like BGP and OSPF to provide symmetric routing outside the overlay network. This allows the path preference configuration to be extended to routers outside of the overlay network, such as those in a data center LAN.
• Snort Engine Version update includes support for Snort engine version 3, an update from version 2, as well as IPv6 GRE or IPsec Tunnels. Allows you to create an IPv6 GRE or IPSEC tunnel between a Cisco IOS XE Catalyst SD-WAN device and a third-party device through a service VPN.
• Activating MACsec with Cisco SD-WAN Manager provides support for activating MACsec with Cisco SD-WAN Manager on the service side for Cisco Catalyst SD-WAN devices. When MACsec is enabled in Cisco SD-WAN Manager, communication between devices in the service VPN is secured, increasing the service VPN's security.
• SDCI Connections now have VPC and VNet tags. Additional features of Virtual Private Cloud (VPC) and Virtual Networks (VNets) tags associated with a connection can be added or modified.
• NAT66 support for multiple WAN links DIA will employ several WAN Links to direct local IPv6 traffic to the internet.
• The multi-factor-auth duo command requires Duo multifactor authentication (MFA) to authenticate users' identities before they can log in.

Further you can read the notes in details below
Release Notes for Cisco Catalyst SD-WAN Control Components Release 20.12.x - Cisco

Continue Reading...

• Cisco SD-WAN: Underlay Network vs Overlay Fabric
• Cisco SDWAN: TLOC & TLOC Carrier
• Cisco SDWAN: Breaking Down Communication Between TLOC Colors
• Cisco Viptela SDWAN: Packet Duplication
• Unify Your Remote Access with Cisco SD-WAN
• Finding the Right SD-WAN Vendor for Your Business