SD-WAN to replace MPLS ? nay

I started with SD-WAN end of 2019 when a customer asked  to set with me for few days to explain Cisco SD-WAN.

I followed Cisco SD-WAN Operation and Deployment (ENSDW) course outline.

While I am preparing, I found all viptela components and terminology were really easy to understand.

The 4Vs in cisco viptela are similar to the three VeloCloud Components etc

But since I knew that my training could be change to  a  consultation session , I asked myself ,

WHY , WHY we are doing SD-WAN ?

And I found that the answer is also the same answer for another question which is

What is next?

What is next after implementing transport connections (colors) to connect my branches with HQ using MPLS , 4G …etc?

To answer that I decide to think like I am the customer and since nowadays, the majority of enterprise traffic flows to public clouds and the Internet, I found the following:

I need to see the connections between my HQ/ branches automated, smart and policy based with centralized management.

I need to have the capability to add more branches without touching or changing anything in my color

I need to have the capability to automate my QoS settings and make it change dynamically based in real time bandwidth monitoring

I need to have capability to communicate over my SD-WAN fabric with my cloud services such as office 365 & Salesforce.com (SaaS) or even communicate with branch that is completely exists in AWS (IaaS)  .

Also how all of this will be secure and how security services layer can be added dynamically to all of it.

SD-WAN try to help us with these new requirements for security, application performance, cloud connectivity, WAN management, and operations

It fully integrates routing, security, centralized policy, and orchestration into large-scale networks.

It is multi-tenant, cloud-delivered, highly-automated, secure, scalable, and application-aware with rich analytics.

With Cisco SD-WAN Cloud OnRamp, the SD-WAN fabric continuously measures the performance of a designated application through all permissible paths from a branch (i.e. MPLS, Internet, and 4G LTE).

The Cisco SD-WAN fabric automatically makes real-time decisions to choose the best-performing path between the end users at a remote branch and the cloud application.

sd

What all of the above doing with MPLS? The simple answer is nothing

MPLS is just one of many a underlay networks we can use to have our overlay SD-WAN fabric

I can say people who compare MPLS with SD-WAN are not really understand what is SD-WAN.

Also they skip the fact that MPLS is not only MPLS L3 VPN.

Anyway , replacement for MPLS as transport option  could be a high speed Internet connection (if we can ensure privacy to it).

Another more realistic replacement option for MPLS could be SRv3 , specially when to come to MPLS TE.

I wrote this article as introduction to cisco SD-WAN:

https://learningnetwork.cisco.com/s/article/cisco-sd-wan-introduction-part-1

Also Cisco SD-WAN Viptela Resources and prerequisites:

https://learningnetwork.cisco.com/s/article/cisco-sd-wan-viptela-resources-and-prerequisites

Yasser Ramzy Auda

My Free Technical Sessions in August

Cisco ISE Deployment Session
Sat, Aug 8, 2020 11:00 PM – 1:00 AM (GMT+04:00)
Presented by me , Free , Language English

Please join my meeting from your computer, tablet or smartphone.
https://global.gotomeeting.com/join/245002845

You can also dial in using your phone.
United States: +1 (224) 501-3412

Access Code: 245-002-845

New to GoToMeeting? Get the app now and be ready when your first meeting starts:
https://global.gotomeeting.com/install/245002845

Tools & Techniques for Cisco DevNet Certifications
Sat, Aug 15, 2020 11:00 PM – 1:00 AM (GMT+04:00)

Presented by me , Free , Language English

Please join my meeting from your computer, tablet or smartphone.
https://global.gotomeeting.com/join/907198509

You can also dial in using your phone.
United States: +1 (646) 749-3122

Access Code: 907-198-509

New to GoToMeeting? Get the app now and be ready when your first meeting starts:
https://global.gotomeeting.com/install/907198509

 

 

 

REST vs NETCONF vs RESTCONF APIs

REST API

REST API use HTTP verbs (GET ,DELETE, PATCH, POST, and PUT methods)
REST API support data encoding XML or JSON
REST API use HTTP/HTTPS for communication
REST API use data model YANG, XSD, JSD, or custom modeling language
REST API tools : cURL , Requests python library , Postman (API client)

NETCONF API

NETCONF API use rpc messages & operations (his own commands)
NETCONF API support data encoding XML
NETCONF API use SSH/TLS for communication
NETCONF API use data model YANG or XSD
NETCONF API tools : ncclient Python tool and SSH from CLI
NETCONF is protocol

RESTCONF API

RESTCONF API use use HTTP verbs (GET ,DELETE, PATCH, POST, and PUT methods)
RESTCONF API support data encoding XML or JSON
RESTCONF API use HTTP/HTTPS for communication
RESTCONF API use data model YANG
RESTCONF API tools: cURL , Requests python libabry , Postman (API cleint)
RESTCONF is portocol

 

Comparison between RESTCONF commands and NETCONF commands (Operations)

YASSER

Cisco ISE Resources

ISE Performance & Scale:
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148

ISE Security Ecosystem Integration Design Guides:
https://community.cisco.com/t5/security-documents/ise-security-ecosystem-integration-guides/ta-p/3621164#toc-hId-155262917

ISE Upgrades – Best Practices
https://community.cisco.com/t5/security-documents/ise-upgrades-best-practices/tac-p/3656936

Cisco ISE Licenses:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_0110.html

Cisco ISE Licenses Quick Guide:
https://community.cisco.com/t5/security-documents/ise-2-4-licensing-quick-access/ta-p/3653471

ISE Features by Release:
https://community.cisco.com/t5/security-documents/ise-features-by-release/ta-p/3621656?fbclid=IwAR3bxBTfhdXi6R_U7jbA1zGKUR4WPFvmGipmnmuzMiF1iIbioz-3SdHh96M

ISE Secure Wired Access Prescriptive Deployment Guide
https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

Cisco Identity Services Engine Administrator Guide, Release 2.4:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24.html
Cisco Identity Services Engine Administrator Guide, Release 2.6:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ise_admin_guide_26.html
Cisco Identity Services Engine Administrator Guide, Release 2.7:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/workflow/Cisco_ISE_2_7_Admin_Guide_Workflow.html

Cisco Identity Services Engine Hardware Installation Guide:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/installation_guide/b_ise_InstallationGuide20/Installing_ISE_on_a_VMware_Virtual_Machine.html?fbclid=IwAR2hViuiei5mYpGtVWXszQ2Zcm72PqjRosiEdA6n5J5YIjtxgS_R2-bADmk

Tips for New ISE administrators
https://community.cisco.com/t5/security-documents/tips-for-new-ise-administrators/ta-p/3891856

Advanced ISE tips to make your deployment easier
https://community.cisco.com/t5/security-documents/advanced-ise-tips-to-make-your-deployment-easier/ta-p/3850189

Top Ten misconfigured Cisco IOS Switch settings for ISE integration
https://community.cisco.com/t5/security-documents/top-ten-mis-configured-cisco-ios-switch-settings-for-ise/ta-p/3643912#toc-hId–1079758048

Top Six Important Cisco WLC settings for ISE integration
https://community.cisco.com/t5/security-documents/top-six-important-cisco-wlc-settings-for-ise-integration/ta-p/3643795

ISE Community Resources
https://community.cisco.com/t5/security-documents/ise-community-resources/ta-p/3621621

ACS to ISE Migration
https://community.cisco.com/t5/security-documents/acs-to-ise-migration/ta-p/3644038

How To Troubleshoot ISE Failed Authentications & Authorizations
https://community.cisco.com/t5/security-documents/how-to-troubleshoot-ise-failed-authentications-amp/ta-p/3630960

ISE Error and System Messages (Excel Sheet)
https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-system-message-guides-list.html

Blogs:
http://www.defaultgateway.co.uk/sise-v30.html
https://www.network-node.com/blog?tag=ISE
https://zigbits.tech/tag/cisco-ise/

Books:
Cisco press Integrated Security Technologies and Solutions – Volume II (Cover ISE2.4)
Cisco press Cisco ISE for BYOD and Secure Unified Access, 2nd Edition (Cover ISE2.2)
Practical Deployment of Cisco Identity Services Engine (ISE)

Tools:

ISE Portal Builder
https://isepb.cisco.com/

ISE Endpoint Analysis Tool
https://iseeat.cisco.com/

My Cisco Learning Network Free Documents & Guides

All my Cisco Learning Network Documents & Guides for free
Last Update 22-Apr-2020.

CCIEv5 R&S Documents & Guides
CCIEv5 IPv4 Multicast Study Guide
https://learningnetwork.cisco.com/s/article/cciev5-ipv4-multicast-study-guide
CCIEv5 BGP Attributes & Best Path Selection
https://learningnetwork.cisco.com/s/article/cciev5-bgp-attributes-amp-best-path-selection
Introduction to QoS
https://learningnetwork.cisco.com/s/article/introduction-to-qos
CCIEv5 MPLS (LDP,vrf lite,MPLS VPN) Study Guide
https://learningnetwork.cisco.com/s/article/cciev5-mpls-ldp-vrf-lite-mpls-vpn-study-guide
CCIEv5 BGP Load Sharing & Load Balancing
https://learningnetwork.cisco.com/s/article/cciev5-bgp-load-sharing-amp-load-balancing
CCIEv5 DHCP/DNS/DHCPv6 Labs
https://learningnetwork.cisco.com/s/article/cciev5-dhcp-dns-dhcpv6-labs
CCIEv5 IPv6 Over MPLS (6PE,6VPE) Labs.
https://learningnetwork.cisco.com/s/article/cciev5-ipv6-over-mpls-6pe-6vpe-labs-x
CCIEv5 BGPv6 (IPv6 Over BGP) Lab.
https://learningnetwork.cisco.com/s/article/cciev5-bgpv6-ipv6-over-bgp-lab-x
CCIEv5 PPP Mega Lab (IPCP,PPPOE,CHAP,PAP)
https://learningnetwork.cisco.com/s/article/cciev5-ppp-mega-lab-ipcp-pppoe-chap-pap-x
CCIEv5 VRF Lite Lab (BLUE,GREEN,YELLOW,RED VRFs)
https://learningnetwork.cisco.com/s/article/cciev5-vrf-lite-lab-blue-green-yellow-red-vrfs-x
CCIEv5 BGP AS 4bytes Lab
https://learningnetwork.cisco.com/s/article/cciev5-bgp-as-4bytes-lab
CCIEv5 BGP Dynamic Neighbor Lab
https://learningnetwork.cisco.com/docs/DOC-25025
CCIEv5 Bidirectional Forwarding Detection (BFD) Overview
https://learningnetwork.cisco.com/s/article/cciev5-bgp-dynamic-neighbor-lab
CCIEv5 IPv6 FHS (First Hop Security) Quick Guide
https://learningnetwork.cisco.com/s/article/cciev5-ipv6-fhs-first-hop-security-quick-guide
CCIEv5 EPC Overview
https://learningnetwork.cisco.com/s/article/cciev5-epc-overview
CCIEv5 VTPv3 Overview
https://learningnetwork.cisco.com/s/article/cciev5-vtpv3-overview
CCIEv5 Quick Guide For Redistribution & Path Control
https://learningnetwork.cisco.com/s/article/cciev5-quick-guide-for-redistribution-amp-path-control
CCIEv5 New Topics Workbook
https://learningnetwork.cisco.com/s/article/cciev5-new-topics-workbook
CCIEv5 New Lab Topics Resources
https://learningnetwork.cisco.com/s/article/cciev5-new-lab-topics-resources

CCIEv5 R&S & Security Documents & Guides
CCIEv5 Security IGP,EGP Authentication
https://learningnetwork.cisco.com/s/article/cciev5-security-igp-egp-authentication
CCIEv5 DMVPN Quick Guide
https://learningnetwork.cisco.com/s/article/cciev5-dmvpn-quick-guide
CCIEv5 DMVPN Labs Workbook
https://learningnetwork.cisco.com/s/article/cciev5-dmvpn-labs-workbook
CCIEv5 Unprotected GRE Tunnel , Protected GRE Tunnel with IPsec -VTI
https://learningnetwork.cisco.com/s/article/cciev5-unprotected-gre-tunnel-protected-gre-tunnel-with-ipsec-vti

CCIEv5 Security Documents & Guides
CCIE Security SSL VPN IOS & ASA
https://learningnetwork.cisco.com/s/article/ccie-security-ssl-vpn-ios-amp-asa
CCIE Security EASY VPN IOS & ASA
https://learningnetwork.cisco.com/s/article/ccie-security-easy-vpn-ios-amp-asa
CCIE Security DMVPN Dual Hub Workbook
https://learningnetwork.cisco.com/s/article/ccie-security-dmvpn-dual-hub-workbook
CCIE Security IKEv2 & FlexVPN Quick Overview
https://learningnetwork.cisco.com/s/article/ccie-security-ikev2-amp-flexvpn-quick-overview
CCIE Security GET VPN Quick Overview
https://learningnetwork.cisco.com/s/article/ccie-security-get-vpn-quick-overview
CCIE Security IOS/ASA PKI Quick Overview
https://learningnetwork.cisco.com/s/article/ccie-security-ios-asa-pki-quick-overview
CCIEv5 Security Introduction to Net Flow & StealthWatch System
https://learningnetwork.cisco.com/s/article/cciev5-security-introduction-to-net-flow-amp-stealthwatch-system
Introduction to FirePOWER & FireSIGHT Policies
https://learningnetwork.cisco.com/s/article/introduction-to-firepower-amp-firesight-policies
Cisco FirePOWER & FireSIGHT HA,Clustering and Staking
https://learningnetwork.cisco.com/s/article/cisco-firepower-amp-firesight-ha-clustering-and-staking
Introduction to ASA with FirePOWER
https://learningnetwork.cisco.com/s/article/introduction-to-asa-with-firepower
CCIE Security v5 & FTD
https://learningnetwork.cisco.com/s/article/ccie-security-v5-amp-ftd
Attacking Cisco R&S with Kali (Backtrack)
https://learningnetwork.cisco.com/s/article/attacking-cisco-r-amp-s-with-kali-backtrack-x
Configuring ASA for CWS
https://learningnetwork.cisco.com/s/article/configuring-asa-for-cws

Miscellaneous Topics
Introduction to SDN
https://learningnetwork.cisco.com/s/article/introduction-to-sdn
What is Cisco ACI?
https://learningnetwork.cisco.com/s/article/what-is-cisco-aci-x
Learn Python , Now!
https://learningnetwork.cisco.com/s/article/learn-python-now-x
IS-IS Study Guide Cisco IOS,IOS-XR
https://learningnetwork.cisco.com/s/article/is-is-study-guide-cisco-ios-ios-xr
Understating Cisco IOS v15 Licenses
https://learningnetwork.cisco.com/s/article/understating-cisco-ios-v15-licenses
CCNA Security Risk Quantitative Assessment
https://learningnetwork.cisco.com/s/article/ccna-security-risk-quantitative-assessment
Cisco Catalyst ME 3400 Overview & Configuration
https://learningnetwork.cisco.com/s/article/cisco-catalyst-me-3400-overview-amp-configuration
Understanding Cisco EEM by examples Part 1
https://learningnetwork.cisco.com/s/article/understanding-cisco-eem-by-examples-part-1
Understanding Cisco EEM by examples Part 2
https://learningnetwork.cisco.com/s/article/understanding-cisco-eem-by-examples-part-2
CCNA Workbook Lab 1
https://learningnetwork.cisco.com/s/article/ccna-workbook-lab-1
CCNA Workbook Lab 2
https://learningnetwork.cisco.com/s/article/ccna-workbook-lab-2
Zone Based Firewall Part 1
https://learningnetwork.cisco.com/s/article/zone-based-firewall-part-1
Introducing CCNA v3.0 New Topics
https://learningnetwork.cisco.com/s/article/introducing-ccna-v3-0-new-topics
Cisco Routers Password Types
https://learningnetwork.cisco.com/s/article/cisco-routers-password-types
Protection Techniques from Wardriving attack
https://learningnetwork.cisco.com/s/article/protection-techniques-nbsp-from-wardriving-attack
CCNP R&S (TSHOOT) MALLOCFAIL Errors and General Memory Problems
https://learningnetwork.cisco.com/s/article/ccnp-r-amp-s-tshoot-mallocfail-errors-and-general-memory-problems
MTU issues in CCIE R&S TS Section
https://learningnetwork.cisco.com/s/article/mtu-issues-in-ccie-r-amp-s-ts-section
PPP over Frame Relay (PPPoFR) Lab
https://learningnetwork.cisco.com/s/article/ppp-over-frame-relay-pppofr-lab
Load Sharing with HSRP Multigroup HSRP (MHSRP) Lab
https://learningnetwork.cisco.com/s/article/load-sharing-with-hsrp-multigroup-hsrp-mhsrp-lab
Frame Relay Lab without FR core or Back2Back.
https://learningnetwork.cisco.com/s/article/frame-relay-lab-without-fr-core-or-back2back-x
Cisco Router As Type 7 Decryptor
https://learningnetwork.cisco.com/s/article/cisco-router-as-type-7-decryptor
The Myth about Proctor
https://learningnetwork.cisco.com/s/article/the-myth-about-proctor
IGP Limitations
https://learningnetwork.cisco.com/s/article/igp-limitations
Creating Menu in Cisco Routers
https://learningnetwork.cisco.com/s/article/creating-menu-in-cisco-routers
How To Create Comm Access Server Router with ISR G2 ?
https://learningnetwork.cisco.com/s/article/how-to-create-comm-access-server-router-with-isr-g2-x
Cisco SD-WAN Introduction Part 1
https://learningnetwork.cisco.com/s/article/cisco-sd-wan-introduction-part-1
Introduction to Python [Free English Videos]
https://learningnetwork.cisco.com/s/article/introduction-to-python-free-english-videos-x
Introduction to AI & Machine Learning Part 1.
https://learningnetwork.cisco.com/s/article/introduction-to-ai-amp-machine-learning-part-1-x
The History of DevOps & NetDevOps
https://learningnetwork.cisco.com/s/article/the-history-of-devops-amp-nbsp-netdevops
ISE 2.4 & 2.6 Resources and prerequisites
https://learningnetwork.cisco.com/s/article/ise-2-4-amp-2-6-resources-and-prerequisites
Cisco SD-WAN Viptela Resources and prerequisites
https://learningnetwork.cisco.com/s/article/cisco-sd-wan-viptela-resources-and-prerequisites

 

Yasser Ramzy Auda

Cisco Champion 2016,2017,2020

CCIE# 45694|CCSI# 34215

Cisco Technical Excellence Award  July 2019