If you haven’t heard about this technology yet, definitely you should start learning about it. Not just Enterprise network engineers, but Service Provider people as well. It helps everyone to reduce their cost, provide much more insights about their IT environment, basically to get more out of your existing infrastructure SD-WAN helps thousands of companies as of 2022.
There are so many SD-WAN vendors, trying to provide a very intelligent WAN network environment to their customers. Understanding the important, commonly chosen SD-WAN vendors is important before deciding on the vendors for your company.
Cisco, similar to many other WAN technologies, joins with its own solution to the SDWAN era. Before we talk about their solution high level, you can find one of the best Cisco SD WAN Course to learn about their solution from design and practical aspects.
What is SD-WAN?
SD-WAN is an acronym for software-defined networking in a wide area network (WAN). SD-WAN simplifies the management and operation of a WAN by decoupling the networking hardware from its control mechanism.
This concept is similar to how software-defined networking implements virtualization technology to improve data center management and operation.
A key reason for SD-WAN is to allow companies to build higher-performance WANs using lower-cost and commercially available Internet access, enabling businesses to partially or wholly replace more expensive private WAN connection technologies such as MPLS.
Characteristics of SD-WANs
Below are the characteristics of many SD-WAN solutions:
1. The ability to support multiple connection types, such as MPLS, Last Mile Fiber Optical Network, or through high-speed cellular networks e.g. 4G LTE and 5G wireless technologies
2. The ability to do dynamic application-aware path selection, for load sharing and resiliency purposes
3. A simple interface that is easy to configure and manage
4. The ability to support VPNs, and third-party services such as WAN optimization controllers, firewalls, and web gateways
Although there are many aspects of SD-WAN that can be covered, would be too long for this post, as a summary, SD-WAN tries to overcome some of the challenges that traditional WAN networks have, these are:
- Exposing an enterprise to the internet can introduce threat and compliance issues
- Limited Application Visibility and understanding of networks
- Expensive WAN Circuits with limited features
How Cisco SD-WAN Improves Security
- Following are the threat defense features which are available on the Cisco Viptela WAN Edge router:
- Stateful Application Firewall
- IPS/IDS
- URL Filtering
- Cisco Advanced Malware Protection (AMP) and ThreatGRID
- Cisco Umbrella
- Tunneling to Secure internet gateways on the cloud.
Cisco SD-WAN architecture provides strong security for control plane, data plane, and management plane operations.
To enable the SD-WAN branches to have Direct Internet Access (DIA) without dependency on another device or solution for security, strong threat defense mechanisms are built into the WAN Edge router.
Cisco SD-WAN IPSEC VPN
IPSEC tunnel will be configured between all the WAN Edges in full mesh manner by default.
One IPSEC tunnel will be used to carry multiple VPN traffic.
By Default, using AES Encryption type.
- For scalability purpose, SD-WAN is not using IKE (Either IKEv1 or IKEv2) for key exchange between the WAN Edges.
- WAN Edges will be using there DTLS/SSL secure channel with vSmart for key exchange process.
- All the WAN Edges will share there keys along with OMP update to vSmart and vSmart will be responsible for exchanging the keys.
In order to get professional help, you may want to look at orhanergun.net for the SD-WAN courses for Cisco, Fortinet, Versa, and some other vendors.