Cisco SD-WAN uses device and feature templates to manage configurations efficiently across multiple devices. Here’s a breakdown of how these templates work:
Device Templates: These are specific to a device model, such as vEdge routers, and are used to configure the complete operational setup of a device. A device template consists of one or more feature templates. Device templates can be customized for different locations or roles within a network.
Feature Templates: These templates define configurations for specific software features on Cisco SD-WAN devices. They can be applied across multiple device types and are used to configure parameters like system settings, interfaces, routing protocols, and security settings. Feature templates can be mandatory or optional, and some have default configurations that can be overridden.
Parameter Scope: Parameters in feature templates can have different scopes:
Device Specific: Values are unique to each device and are entered when attaching a device template to a specific device. Examples include system IP address, hostname, and GPS location.
Global: Values apply to all devices using the template, such as DNS server settings or interface MTUs.
CSV Files: Device-specific settings can be managed using CSV files. Each row in the CSV file corresponds to a device, with columns for parameters like device ID, IP address, and hostname. These files are uploaded when attaching a device template to a device.
Template Creation: Templates can be created from feature templates or via the CLI. Mandatory feature templates and some optional ones have default configurations. Custom templates can be created to tailor configurations to specific needs.
Configuration Management: Templates help in managing configurations across multiple devices, reducing human error and scaling issues. They support features like zero-touch provisioning (ZTP) and automatic rollback, ensuring efficient and error-free deployment.
These templates streamline the configuration process, making it easier to manage and scale Cisco SD-WAN networks.
SD-WAN, or Software-Defined Wide Area Network, is a virtual WAN architecture that uses software-defined networking (SDN) principles to manage and optimize the performance of wide area networks. It allows organizations to securely connect users, applications, and data across multiple locations, providing improved performance, reliability, and scalability. SD-WAN simplifies network management by providing centralized control and visibility over the entire network, enabling businesses to use lower-cost Internet access to build higher-performance WANs, often replacing more expensive private WAN connection technologies like MPLS.
SD-WAN vs MPLS
The main difference between SD-WAN and MPLS is that SD-WAN is a virtualized network overlay that can combine multiple types of connections, whereas MPLS is a dedicated, hardware-based private network. SD-WAN creates encrypted tunnels over the internet, while MPLS doesnât directly support encryption but is partitioned from the internet.
SD-WAN: A software-defined wide area network that uses virtualization and overlay tunnels to connect users to workloads across multiple transport services and types of existing infrastructure, offering improved bandwidth availability, WAN redundancy, and cost-effectiveness.
MPLS: A multiprotocol label switching protocol that improves performance and efficiency of data transmission in a wide area network, operating between Layer 2 and Layer 3 of the OSI model, but with higher per-megabit costs and limited flexibility.
SD-WAN is generally considered more cost-effective, flexible, and secure than MPLS, with the ability to cost-effectively mix and match network links according to content type or priority. However, MPLS is still in demand, particularly for organizations with specific connectivity and security requirements, due to its lower packet loss and dedicated leased lines. Ultimately, the choice between SD-WAN and MPLS depends on the organizationâs specific needs and priorities.
SD-WAN implementation
Implementing SD-WAN involves several best practices to ensure a successful and efficient transition. Here are key steps and considerations:
Assess Your Network: Evaluate your current network infrastructure to identify strengths, weaknesses, and areas that require improvement. This includes understanding your network traffic patterns, application requirements, and performance goals. Assess compatibility issues with legacy systems and ensure your SD-WAN solution aligns with your business objectives.
Define Objectives and Strategy: Clearly define what you want to achieve with SD-WAN, such as cost savings, improved performance, or enhanced security. Align stakeholders and decision-makers on the strategic goals of the SD-WAN implementation.
Choose Deployment Model: Decide whether to deploy SD-WAN in-house, use a managed service provider (MSP), or a hybrid approach. Consider factors like in-house expertise, management and monitoring needs, and budget constraints.
Select the Right Vendor: Choose a vendor that offers robust SD-WAN solutions, including advanced security features, flexible deployment options, and strong customer support. Ensure the vendor can meet industry, country, or region-specific regulations.
Plan for Scalability and Flexibility: Design your SD-WAN solution to handle future growth and changing business demands. This includes considering the number of locations, size, and complexity of your network. Use modular methodologies and configuration templates to streamline deployment and management.
Implement Security Measures: Secure SD-WAN solutions should include advanced security features like Zero Trust Network Access (ZTNA), Intrusion Prevention System (IPS), and application-aware firewall capabilities. Ensure the SD-WAN solution can dynamically scale and adapt to different cloud environments.
Monitor and Troubleshoot: Implement robust monitoring tools to proactively identify and resolve performance issues. Regularly review performance metrics and network logs to ensure optimal performance and address any potential bottlenecks or security threats.
Ongoing Maintenance: After deployment, continue to maintain the SD-WAN network to ensure it operates efficiently. This includes regular updates, monitoring, and troubleshooting.
FortiGate SD-WAN Configuration Steps
To configure SD-WAN on a FortiGate device, follow these step-by-step instructions:
Enable SD-WAN Feature: Navigate to System > Feature visibility and ensure the SD-WAN option is selected.
Remove WAN Interfaces from Policies: Go to Policy & Objects > Firewall Policy and remove WAN interfaces from any existing policies to avoid losing internet connection.
Create SD-WAN Interface: Navigate to Network > SD-WAN and create a new SD-WAN interface. Click âCreate New SD-WAN Memberâ on all ports used in SD-WAN.
Configure SD-WAN Members: For each WAN interface, assign the correct network gateway address. For example, set the wan1 interface Addressing mode to DHCP and Distance to 10, and set the wan2 interface IP/Netmask to 10.100.20.1 255.255.255.0.
Enable SD-WAN: In the SD-WAN Interface Members table, click âCreate New,â select the interface, and set the appropriate gateway and cost. Set the status to Enable and click OK.
Configure SD-WAN Rules: Define SD-WAN rules to steer traffic based on business applications. These rules are matched in order, and the first match applies to the traffic.
Install Device Settings: Use FortiManager to install device settings, including creating interfaces, building VPN tunnels, and setting up BGP adjacencies. Preview the changes before installation to ensure accuracy.
Map Interfaces: Map your interfaces to Normalized Interfaces so that Policy Packages will install correctly.
Install Policy Packages: Go to Policy & Objects and click Install on the top blue bar. Preview the install before proceeding to ensure all settings are correct.
Silver Peak, now part of Hewlett Packard Enterprise (HPE) Aruba, offers a software-defined wide-area networking (SD-WAN) solution, EdgeConnect. This comprehensive platform enables enterprises to transform their legacy WAN architectures into a robust, secure, and efficient SD-WAN.
Cloud-Centric Architecture: Designed for a cloud-first world, EdgeConnect simplifies branch office and WAN deployments, empowering remote workforces and enabling cloud-connected distributed enterprises.
Intelligent WAN: The platform uses artificial intelligence (AI) and machine learning (ML) to optimize WAN traffic, ensuring improved application performance, network reliability, and business efficiency.
Security: EdgeConnect integrates advanced security features, including stateful zone-based firewalls, intrusion prevention, and web security gateways, to protect users and applications from web-based threats.
Centralized Management: A single, intuitive interface allows for unified management, monitoring, and troubleshooting of WAN and security services across the entire network.
Interoperability: EdgeConnect supports a range of transport services, including MPLS, LTE, and broadband internet services, allowing enterprises to leverage their existing infrastructure and migrate to SD-WAN at their own pace.
Benefits
Improved Application Performance: EdgeConnect optimizes WAN traffic to ensure fast and reliable access to cloud-based applications and services.
Enhanced Network Reliability: The platformâs AI-driven architecture detects and mitigates network issues, reducing downtime and improving overall network availability.
Increased Business Agility: With EdgeConnect, enterprises can quickly deploy new services and applications, and respond to changing business needs with greater flexibility.
Simplified Management: Centralized management and monitoring simplify WAN and security administration, reducing operational costs and complexity.
A software-defined network that optimizes traffic routing over multiple connections (e.g., internet, MPLS, broadband)
Provides a centralized platform for managing and monitoring site-to-site connections
Offers advanced features like traffic shaping, quality of service (QoS), and security
Designed to improve network reliability, scalability, and agility
Can be used for site-to-cloud connections, as well as intra-site connectivity
VPN:
A point-to-point encryption solution that creates a secure connection between two endpoints (device-to-network or network-to-network)
Provides confidentiality and integrity of data transmitted over the internet
Can be used for remote access, site-to-site connectivity, and internet-to-cloud connections
Typically uses protocols like IPsec, SSL/TLS, or OpenVPN
Comparison Highlights:
Scalability:Â SD-WAN is designed to handle large-scale, distributed networks, while VPNs are better suited for smaller, more focused connections.
Routing:Â SD-WAN optimizes traffic routing across multiple connections, whereas VPNs rely on a single network link.
Management:Â SD-WAN provides a centralized management platform, whereas VPNs often require individual configuration and monitoring.
Security:Â Both SD-WAN and VPN offer encryption and security features, but SD-WANâs advanced capabilities, such as traffic shaping and QoS, provide additional security benefits.
Use Cases:Â SD-WAN is ideal for large-scale, distributed networks, while VPNs are better suited for smaller, more focused connections, such as remote access or site-to-site connectivity.
In Summary:
SD-WAN and VPN are both essential technologies for securing and managing network connections. SD-WAN is designed for large-scale, distributed networks, offering advanced features like traffic optimization and centralized management. VPNs, on the other hand, provide point-to-point encryption and are well-suited for smaller, more focused connections. When choosing between SD-WAN and VPN, consider the size and complexity of your network, as well as your specific security and connectivity requirements.
The Lazy Networker 