From the course: Implementing Cisco Software-Defined Wan (SD-WAN) for your Enterprise and Cloud

Cisco SD-WAN terminology and constructs - Cisco Tutorial

From the course: Implementing Cisco Software-Defined Wan (SD-WAN) for your Enterprise and Cloud

Start my 1-month free trial Buy for my team

Cisco SD-WAN terminology and constructs

- [Instructor] In this lesson, we're going to talk about some of the SD-WAN terminology and the constructs. To start with, let's talk about VPNs. VPNs are a logical container for the grouping of LAN side networks. It's going to be a method for us to provide segmentation between the networks of various groupings of security realms. And then we're going to separate the control and data plane on a router into these logical containers or these logical VPNs. And we're going to do this through the use of Virtual Routing and Forwarding, VRF, contexts. And so every router interface will belong to at least one VPN. Now, VPNs are classified and they're configured in a numerical format. And to start with we have VPN0, which is system defined. VPN0 is going to be used for the control plane traffic for the vBond, the vManage, and the VSmarts. All of your WAN transports are going to be associated with VPN0. And as well IPSec tunnels are going to terminate on VPN0 interfaces. They will not terminate on any other the VPNs. The next VPN number we're going to talk about is 512, and this is used for our out-of-band system management. So it doesn't necessarily require an interface, but if you want to connect in an interface, you can. And the way I would give this an analogy is this is like if you bought a new Cat 9K. Right next to the back of it, next to the console port, there's that other dedicated ethernet port that says Gig0/0, and it belongs to the VRF of Mgmt-intf. That is the exact same thing we have here. And like I said, it doesn't necessarily require interface, but you can link one to that so that you can have one for out-of-band network. So right now, what we've talked about is we talked about VPN0 and we talked about VPN512. So that leaves us with 1 through 511. So what those numbers are going to be reserved for is for our user or service-side type traffic. And so throughout this course, we're going to be using VPN100 for our enterprise or corporate networks, and we're going to be using VPN200 for our guest traffic. The next construct is colors. And it's used to associate an interface in VPN0 to a type of transport. Quite simply, it's a way to put a label on it and will be used later on in other things like policy. Now, colors are classified as either public, or they're classified as private. There is a slight behavior change depending upon what you choose, but the most common ones that I have seen are going to be biz-internet and public-internet and LTE. And then when we go onto the private side, it will be MPLS or Metro-E. But again, you have a wide variety of different colors that you can choose. Now you can only use one color per edge device. So you cannot have two interfaces associated to, like, biz-internet, but you can have one interface associated to biz-internet, and another one associated to public-internet. And the most number of colors that you can have on a device is eight at the time of this recording. Now the next concept we're going to talk about is a system ID. Now, a system ID is similar to a router ID, but it's for SD-WAN. So it'll be in four octets, so it'll be X.X.X.X. And if you're already using a router ID, just go ahead and carry that on, right? Let's just go ahead and transfer that over for system ID. It's an important component that we'll use in the underlying technology. Now the next thing we're going to talk about is transport locator IDs or TLOCs for short. And this is used to identify the encapsulating interface of remote router. So this is going to be based off the system ID, but it's also going to include the encapsulating interface IP and the color. And so to explain that a little bit better, if you think about it, I'll have like R1 and I'll have R2. Okay, and on both these routes, they're going to have an interface, and then I might be using MPLS for one type of transport. And then I could be using the internet for a second transport. So from R2's perspective, he needs to form two tunnels, but he needs to know how and where to form the connection or terminate the connection on R1 across the internet. And so with that, he will just establish the connection, and he will do that using R1's TLOC that is associated to the internet. And then for the other connection, which is going to use the MPLS, he'll use R1's TLOC across the MPLS to form that connection. So in this case, R1 has two TLOCS, and then R2 has two TLOCs. They have one TLOC for each transport because, again, it's the combination of the system ID with the interface IP and the color.

Contents