01 introduction to Cisco sd-wan architecture concepts and basic terms
Enterprise Cloud: cloud application access experience optimization, public cloud and private cloud integration;Application experience Optimization: automatic identification of key applications and optimization of use experience;Reduce the cost of dedicated line: integrate the line resources of private network, improve the utilization rate of line bandwidth, and replace the dedicated line with Internet line;Simplified operation and maintenance: automatic online and unified management of equipment, flexible strategy deployment;Network security: multi tenancy isolation, integrated security functions, traffic scheduling of regional security center.
6Cisco sd-wan terminology6.1Transport side - transport layer - a controller or vedge interface connected to the underlying / WAN networkNever vpn0 & nbsp& nbsp; Underlying networkUnless split tunnel is used, traffic is usually encrypted in tunnel mode
6.2Connect the service side - server - vedge interface to the LANVpn1-510 (511-512 reserved)& nbsp; Customer intranet private networkTraffic forwarded from the original source
6.3TLOC - a collection of entities that make up the transmission side connectionSystem IP: IPv4 address (non routing identifier)Color: interface identifier on local vedgeDedicated TLOs: IP address on the interface inside NATPublic TLOs: IP address on interface outside natIf the connection is not restricted by NAT, private / public can be the same
6.4Vroute - learning / connecting routing on the server sideVroute with attribute mark of mobile phone by OMP
6.5 OMP overlay management protocol, which can be opened automatically but cannot be closedDynamic routing protocol for upper management domainDistribution, routing, encryption and policy integration mechanism
6.6 site ID - determine the source location of advertisement prefixConfigure theIt doesn‘t have to be unique, but assume the same locationThe configuration of OMP and TLOC is proposed
6.7 unique identifier of system IP OMP endpoint32 bit decimal representation (IPv4 address)Logically, it is the return address of vpn0, which is called "system"The system interface is the endpoint of OMP
6.8 organization name - defines the Ou to match during certificate authenticationTwo way Ou is used for authentication, B / t control and vedge nodeIt can be set to any value as long as it is consistent in the viptera Sen field
6.9 tlocs, colors, site IDs and carriersThe TLOC color color is used as a static identifier for: the TLOC interface on the edge device; Bottom layer network accessoriesThe specific colors used are classified as "private" or "public": private color {MPLS, private1-6, Ethernet}; All other colors are publicPrivate and public colors are very importantThe color setting is applicable to: Communication from vedge to vedge; Communication between vdge and controllerIf the site ID is the same, its color is public: use private informationThe operator‘s setting is the final determinant of the private / public IP / port: the use of private colors at two endpoints, and the need for a session before them to establish between the public IP / ports
7、 Cisco sd-wan controller deploymentList the elements of control plane establish the control plane establish the data plane7.1 various construction modes:Cisco cloud model: not supported in China at presentCloud hosting: MSP modeEnterprise self built: Private Cloud Model
https://siqilab.com:44305/data/attachment/forum/202105/13/143716b1ec1o9mwwxw9wmx.png
Pages:
[1]
