- Identify Overlay Management Protocol (OMP) as a key element of the SD-WAN solution and the role it plays for Control Plane setup
- Understand segmentation of SD-WAN fabric, through the use of VPNs (VRFs)
- Understand the role that templates have in SD-WAN solution, differentiate templates and know how to apply them
- Differentiate Control, Data and Application Route Policies and know how they are used in SD-WAN
- Identify and apply QoS mechanisms to SD-WAN fabric
- Discuss Use Cases for SD-WAN
Students that want a deeper dive into SD-WAN
Module 1: SD-WAN Solution Overview
- Traditional WAN - Challenges
- SD-WAN Overview and definitions
- SD-WAN Benefits
- SD-WAN Key Concepts
- SD-WAN Main Components
- WAN Edge (cEdge/vEdge)
- vSmart
- vManage
- vBond
- On-Premise vs. Cloud-based Control Plane
- Requesting a Cloud based SD-WAN Controllers - Process
Module 2: Secure Control Plane Bring-Up
- Zero Trust Security Principles
- Secure Control Channels
- Establishing vEdge Router Identity
- Establishing Control Elements Identities (vBond, vSmart, Edge)
- Secure Control Channel between Edge Router and vBond
- Secure Control Channel between Edge Router and vSmart/vManage
Module 3: Secure Data Plane Bring-Up
- Limitations of traditional key exchange mechanisms (IKE)
- SD-WAN new centralized Encryption key distribution
- Traffic Encryption for data privacy
- Authentication Header for Data Plane Integrity
- Anti-Replay Protection (man-in-the-middle)
- Role of Bidirectional Forwarding Detection (BFD)
- Considerations about MTU and MSS
- End to End Segmentation (VPNs)
- Role of Application Visibility and Recognition
- Infrastructure DDoS Mitigation
- Security Policies and Services
- Cloud Security: Secure Direct Internet Access
Module 4: Overlay Management Protocol (OMP)
- Definition of overlay routing
- Role and characteristics of Overlay Management Protocol (OMP)
- OMP Advertised Routes
- Route Redistribution (edge routing protocol to OMP and vice versa)
- Best Path Algorithm
Module 5: Using Templates
- Basic Elements in the configuration for any device
- Need for Templates
- Options to Apply Templates to Devices
- Overview of Feature Templates
- Categories of Feature Templates
- Workflow for Applying Templates to Devices
Module 6: Using Policies
- Policy Architecture
- Application Aware Routing Policies
- Control Policies
- Data Policies
- VPN Membership Policies
- Routing Policies
- Cflowd Templates
Module 7: Quality of Service (QoS)
- QoS Pipeline vEdge Router
- Data Packet Flow
- Queueing Management
- Control Traffic Prioritization
- Random Early Detection (RED)
- Traffic Policing
- Traffic Shaping
- Marking and Remarking
- Class-Map
- QoS Scheduler
- QoS Map
- Applying QoS policies
Module 8: Basic Troubleshooting
- Troubleshooting Control Plane Bring Up
- GUI validation in vManage
- CLI validation with Show commands in vEdge Router
- Troubleshooting Data Plane
- Troubleshooting OMP
Module 9: Use Cases & Design
- Guest Wi-Fi
- Bandwidth Augmentation
- Cloud onRamp for SAAS
- Critical Applications SLA
- Regional Secure Perimeter
- Cisco SD-WAN Co-Locations
Module 10: SD-WAN Security
- Control Plane and Date Plane Security Overview
- Cisco SD-WAN Zero Trust Deployment (ZTD) Model
- Cisco SD-WAN Security Features
- Unified Threat Defense
- Firewall Policies
- Zone-Based Firewall
- Snort based IPS Policy configuration
- URL Filtering
- Cisco DNS Umbrella Integration
Module 11: Migration from Traditional WAN to SD-WAN
- Migrating from IOS-XE to SD-WAN XE Configuration migration tool
- Migration Strategies for the DC/RSO
- Migration Strategies for the Branch
- Migration of current routing to SD-WAN Policies
Module 12: Automating the SD-WAN vBranch
- Deploying the SD-WAN Branch on Cisco ENCS
- Automating the Virtual Branch with Cisco DNA-C
- Deploying and Managing SD-WAN sites with Cisco NSO and Cisco MSX
- Cisco SD-WAN vManage Integration with REST APIs Automating ad Monitoring
- Creating custom application scripts using Python. Ansible and node.js to fast track Branch Deployments
