Cisco Software-Defined Wide Area Networks
Designing, Deploying and Securing Your Next Generation WAN with Cisco Sd-WAN
Cisco Software-Defined Wide Area Networks
Designing, Deploying and Securing Your Next Generation WAN with Cisco Sd-WAN
- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
This authoritative guidebook combines comprehensive coverage of Cisco SD-WAN with complete official preparation for Cisco's new CCNP Enterprise ENSDWI 300-415 certification exam. Authored by a team of Cisco architects responsible for training both Cisco and partner engineers on SD-WAN solutions, it covers all facets of the product: benefits, use cases, components, workings, configuration, support, and more. Throughout, practical examples demonstrate Cisco SD-WAN at work in diverse cloud and premises environments, and the authors show how to apply Cisco SD-WAN technologies and tools in their…mehr
- Luiz Augusto De CarvalhoPlanning, Negotiating, Implementing, and Managing Wide Area Networks21,99 €
- Ryan TischerProgramming and Automating Cisco Networks65,99 €
- Daniel MinoliEthernet-Based Metro Area Networks83,99 €
- Evolution of Software-Defined Networking Foundations for IoT and 5G Mobile Networks179,99 €
- SONET-Based Metro Area Networks71,99 €
- Robert M. ThomasIntroduction to Local Area Networks26,99 €
- Vinit JainTroubleshooting Cisco Nexus Switches and Nx-OS76,99 €
-
-
-
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
- Produktdetails
- Verlag: Pearson Education
- Seitenzahl: 608
- Erscheinungstermin: 7. Oktober 2020
- Englisch
- Abmessung: 224mm x 188mm x 35mm
- Gewicht: 983g
- ISBN-13: 9780136533177
- ISBN-10: 0136533175
- Artikelnr.: 58409580
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
- Verlag: Pearson Education
- Seitenzahl: 608
- Erscheinungstermin: 7. Oktober 2020
- Englisch
- Abmessung: 224mm x 188mm x 35mm
- Gewicht: 983g
- ISBN-13: 9780136533177
- ISBN-10: 0136533175
- Artikelnr.: 58409580
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
Chapter 1 Introduction to Cisco Software-Defined Wide Area Networking
(SD-WAN) 1
Networks of Today 1
Common Business and IT Trends 4
Common Desired Benefits 5
High-Level Design Considerations 7
Introduction to Cisco Software-Defined WAN (SD-WAN) 9
Transport Independence 10
Rethinking the WAN 12
Use Cases Demanding Changes in the WAN 13
Bandwidth Aggregation and Application Load-Balancing 13
Protecting Critical Applications with SLAs 14
End-to-End Segmentation 15
Direct Internet Access 15
Fully Managed Network Solution 16
Building an ROI to Identify Cost Savings 17
Introduction to Multidomain 18
Cloud Trends and Adoption 19
Summary 21
Review All Key Topics 22
Key Terms 22
Chapter Review Questions 22
Chapter 2 Cisco SD-WAN Components 25
Data Plane 27
Management Plane 32
Control Plane 34
Orchestration Plane 36
Multi-Tenancy Options 38
Deployment Options 38
Summary 39
Review All Key Topics 39
Key Terms 40
Chapter Review Questions 40
References 42
Chapter 3 Control Plane and Data Plane Operations 43
Control Plane Operations 44
Overlay Management Protocol 47
OMP Routes 48
TLOC Routes 52
Service Routes 54
Path Selection 56
OMP Route Redistribution and Loop Prevention 58
Data Plane Operations 65
TLOC Colors 66
Tunnel Groups 70
Network Address Translation 73
Full Cone NAT 74
Symmetric NAT 75
Address Restricted Cone NAT 76
Port Restricted Cone NAT 77
Network Segmentation 81
Data Plane Encryption 83
Data Plane Encryption with Pairwise 86
Summary 88
Review All Key Topics 88
Key Terms 89
Chapter Review Questions 89
References 90
Chapter 4 Onboarding and Provisioning 91
Configuration Templates 93
Developing and Deploying Templates 97
Onboarding Devices 101
Manual Bootstrapping of a WAN Edge 102
Automatic Provisioning with PNP or ZTP 103
Summary 105
Review All Key Topics 106
Chapter Review Questions 106
References 107
Chapter 5 Introduction to Cisco SD-WAN Policies 109
Purpose of Cisco SD-WAN Policies 109
Types of Cisco SD-WAN Policies 110
Centralized Policy 110
Centralized Policies That Affect the Control Plane 111
Centralized Policies That Affect the Data Plane 112
Localized Policy 112
Policy Domains 113
Cisco SD-WAN Policy Construction 115
Types of Lists 118
Policy Definition 119
Cisco SD-WAN Policy Administration, Activation, and Enforcement 122
Building a Centralized Policy 122
Activating a Centralized Policy 125
Packet Forwarding Order of Operations 127
Summary 128
Review All Key Topics 129
Define Key Terms 129
Chapter Review Questions 129
Chapter 6 Centralized Control Policies 133
Centralized Control Policy Overview 134
Use Case 1: Isolating Remote Branches from Each Other 136
Use Case 1 Review 149
Use Case 2: Enabling Branch-to-Branch Communication Through Data Centers
149
Enabling Branch-to-Branch Communication with Summarization 150
Enabling Branch-to-Branch Communication with TLOC Lists 152
Use Case 2 Review 168
Use Case 3: Traffic Engineering at Sites with Multiple Routers 169
Setting TLOC Preference with Centralized Policy 171
Setting TLOC Preference with Device Templates 177
Use Case 3 Review 179
Use Case 4: Preferring Regional Data Centers for Internet Access 180
Use Case 4 Review 188
Use Case 5: Regional Mesh Networks 188
Use Case 5 Review 195
Use Case 6: Enforcing Security Perimeters with Service Insertion 195
Use Case 6 Review 202
Use Case 7: Isolating Guest Users from the Corporate WAN 202
Use Case 7 Review 206
Use Case 8: Creating Different Network Topologies per Segment 206
Use Case 8 Review 210
Use Case 9: Creating Extranets and Access to Shared Services 211
Use Case 9 Review 222
Summary 223
Review All Key Topics 223
Define Key Terms 224
Chapter Review Questions 224
Reference 226
Chapter 7 Centralized Data Policies 227
Centralized Data Policy Overview 228
Centralized Data Policy Use Cases 228
Use Case 10: Direct Internet Access for Guest Users 230
Use Case 10 Review 242
Use Case 11: Direct Cloud Access for Trusted Applications 243
Use Case 11 Review 253
Use Case 12: Application-Based Traffic Engineering 253
Use Case 12 Review 260
Use Case 13: Protecting Corporate Users with a Cloud-Delivered Firewall 261
Use Case 13 Review 269
Use Case 14: Protecting Applications from Packet Loss 269
Forward Error Correction for Audio and Video 270
Packet Duplication for Credit Card Transactions 274
Use Case 14 Review 280
Summary 280
Review All Key Topics 281
Define Key Terms 282
Chapter Review Questions 282
References 284
Chapter 8 Application-Aware Routing Policies 285
The Business Imperative for Application-Aware Routing 286
The Mechanics of an App-Route Policy 286
Constructing an App-Route Policy 287
Monitoring Tunnel Performance 294
Liveliness Detection 295
Hello Interval 295
Multiplier 297
Path Quality Monitoring 298
App-Route Poll Interval 298
App-Route Multiplier 300
Mapping Traffic Flows to a Transport Tunnel 304
Packet Forwarding with Application-Aware Routing Policies 304
Traditional Lookup in the Routing Table 305
SLA Class Action 306
Summary 315
Review All Key Topics 316
Define Key Terms 316
Chapter Review Questions 316
Chapter 9 Localized Policies 319
Introduction to Localized Policies 319
Localized Control Policies 320
Localized Data Policies 334
Quality of Service Policies 338
Step 1: Assign Traffic to Forwarding Classes 339
Step 2: Map Forwarding Classes to Hardware Queues 341
Step 3: Configure the Scheduling Parameters for Each Queue 341
Step 4: Map All of the Schedulers Together into a Single QoS Map 342
Step 5: Configure the Interface with the QoS Map 343
Summary 346
Review All Key Topics 347
Chapter Review Questions 347
Chapter 10 Cisco SD-WAN Security 349
Cisco SD-WAN Security: Why and What 349
Application-Aware Enterprise Firewall 352
Intrusion Detection and Prevention 360
URL Filtering 367
Advanced Malware Protection and Threat Grid 372
DNS Web Layer Security 377
Cloud Security 381
vManage Authentication and Authorization 384
Local Authentication with Role-Based Access Control (RBAC) 384
Remote Authentication with Role-Based Access Control (RBAC) 387
Summary 389
Review All Key Topics 389
Define Key Terms 389
Chapter Review Questions 389
Chapter 11 Cisco SD-WAN Cloud onRamp 393
Cisco SD-WAN Cloud onRamp 393
Cloud onRamp for SaaS 394
Cloud onRamp for IaaS 412
Cloud onRamp for Colocation 429
Why Colocation? 432
How It Works 432
Service Chaining for a Single Service Node 434
Service Chaining for Multiple Service Nodes 436
Service Chaining and the Public Cloud 436
Infrastructure as a Service 438
Software as a Service 438
Redundancy and High Availability 440
Service Chain Design Best Practices 440
Configuration and Management 442
Cluster Creation 442
Image Repository 449
Service Chain Creation 449
Monitoring 454
Summary 455
Review All Key Topics 456
Define Key Terms 456
Chapter Review Questions 456
Chapter 12 Cisco SD-WAN Design and Migration 459
Cisco SD-WAN Design Methodology 459
Cisco SD-WAN Migration Preparation 460
Cisco SD-WAN Data Center Design 462
Transport-Side Connectivity 463
Loopback TLOC Design 465
Service-Side Connectivity 466
Cisco SD-WAN Branch Design 469
Complete CE Replacement—Single Cisco SD-WAN Edge 470
Complete CE Replacement—Dual Cisco SD-WAN Edge 471
Integration with Existing CE Router 475
Integration with a Branch Firewall 476
Integration with Voice Services 478
Cisco SD-WAN Overlay and Underlay Integration 480
Overlay Only 480
Overlay with Underlay Backup 481
Full Overlay and Underlay Integration 485
Summary 490
Review All Key Topics 490
Chapter Review Questions 490
Chapter 13 Provisioning Cisco SD-WAN Controllers in a Private Cloud 493
SD-WAN Controller Functionality Recap 493
Certificates 496
vManage Controller Deployment 501
Step 1: Deploy vManage Virtual Appliance on VMware ESXi or KVM 503
Step 2: Bootstrap and Configure vManage Controller 506
Step 3/4: Set Organization Name and vBond Address in vManage; Install Root
CA Certificate 506
Step 5: Generate, Sign, and Install Certificate onto vManage Controller 511
vBond Controller Deployment 513
Step 1/2/3: Deploy vBond Virtual Machine on VMware ESXi; Bootstrap and
Configure vBond Controller; Manually Install Root CA Certificate on vBond
514
Step 4/5: Add vBond Controller to vManage; Generate, Sign, and Install
Certificate onto vBond Controller 516
vSmart Controller Deployment 518
Step 1/2/3: Deploy vSmart Virtual Machine from Downloaded OVA; Bootstrap
and Configure vSmart Controller; Manually Install Root CA Certificate on
vSmart 519
Step 4/5: Add vSmart Controller to vManage; Generate, Sign, and Install
Certificate onto vSmart Controller 520
Summary 523
Review All Key Topics 524
Define Key Terms 524
Chapter Review Questions 524
References 526
Appendix A: Answers to Chapter Review Questions 527
Appendix B: Example 7-17 539
Glossary of Key Terms 553
Index 557
Chapter 1 Introduction to Cisco Software-Defined Wide Area Networking
(SD-WAN) 1
Networks of Today 1
Common Business and IT Trends 4
Common Desired Benefits 5
High-Level Design Considerations 7
Introduction to Cisco Software-Defined WAN (SD-WAN) 9
Transport Independence 10
Rethinking the WAN 12
Use Cases Demanding Changes in the WAN 13
Bandwidth Aggregation and Application Load-Balancing 13
Protecting Critical Applications with SLAs 14
End-to-End Segmentation 15
Direct Internet Access 15
Fully Managed Network Solution 16
Building an ROI to Identify Cost Savings 17
Introduction to Multidomain 18
Cloud Trends and Adoption 19
Summary 21
Review All Key Topics 22
Key Terms 22
Chapter Review Questions 22
Chapter 2 Cisco SD-WAN Components 25
Data Plane 27
Management Plane 32
Control Plane 34
Orchestration Plane 36
Multi-Tenancy Options 38
Deployment Options 38
Summary 39
Review All Key Topics 39
Key Terms 40
Chapter Review Questions 40
References 42
Chapter 3 Control Plane and Data Plane Operations 43
Control Plane Operations 44
Overlay Management Protocol 47
OMP Routes 48
TLOC Routes 52
Service Routes 54
Path Selection 56
OMP Route Redistribution and Loop Prevention 58
Data Plane Operations 65
TLOC Colors 66
Tunnel Groups 70
Network Address Translation 73
Full Cone NAT 74
Symmetric NAT 75
Address Restricted Cone NAT 76
Port Restricted Cone NAT 77
Network Segmentation 81
Data Plane Encryption 83
Data Plane Encryption with Pairwise 86
Summary 88
Review All Key Topics 88
Key Terms 89
Chapter Review Questions 89
References 90
Chapter 4 Onboarding and Provisioning 91
Configuration Templates 93
Developing and Deploying Templates 97
Onboarding Devices 101
Manual Bootstrapping of a WAN Edge 102
Automatic Provisioning with PNP or ZTP 103
Summary 105
Review All Key Topics 106
Chapter Review Questions 106
References 107
Chapter 5 Introduction to Cisco SD-WAN Policies 109
Purpose of Cisco SD-WAN Policies 109
Types of Cisco SD-WAN Policies 110
Centralized Policy 110
Centralized Policies That Affect the Control Plane 111
Centralized Policies That Affect the Data Plane 112
Localized Policy 112
Policy Domains 113
Cisco SD-WAN Policy Construction 115
Types of Lists 118
Policy Definition 119
Cisco SD-WAN Policy Administration, Activation, and Enforcement 122
Building a Centralized Policy 122
Activating a Centralized Policy 125
Packet Forwarding Order of Operations 127
Summary 128
Review All Key Topics 129
Define Key Terms 129
Chapter Review Questions 129
Chapter 6 Centralized Control Policies 133
Centralized Control Policy Overview 134
Use Case 1: Isolating Remote Branches from Each Other 136
Use Case 1 Review 149
Use Case 2: Enabling Branch-to-Branch Communication Through Data Centers
149
Enabling Branch-to-Branch Communication with Summarization 150
Enabling Branch-to-Branch Communication with TLOC Lists 152
Use Case 2 Review 168
Use Case 3: Traffic Engineering at Sites with Multiple Routers 169
Setting TLOC Preference with Centralized Policy 171
Setting TLOC Preference with Device Templates 177
Use Case 3 Review 179
Use Case 4: Preferring Regional Data Centers for Internet Access 180
Use Case 4 Review 188
Use Case 5: Regional Mesh Networks 188
Use Case 5 Review 195
Use Case 6: Enforcing Security Perimeters with Service Insertion 195
Use Case 6 Review 202
Use Case 7: Isolating Guest Users from the Corporate WAN 202
Use Case 7 Review 206
Use Case 8: Creating Different Network Topologies per Segment 206
Use Case 8 Review 210
Use Case 9: Creating Extranets and Access to Shared Services 211
Use Case 9 Review 222
Summary 223
Review All Key Topics 223
Define Key Terms 224
Chapter Review Questions 224
Reference 226
Chapter 7 Centralized Data Policies 227
Centralized Data Policy Overview 228
Centralized Data Policy Use Cases 228
Use Case 10: Direct Internet Access for Guest Users 230
Use Case 10 Review 242
Use Case 11: Direct Cloud Access for Trusted Applications 243
Use Case 11 Review 253
Use Case 12: Application-Based Traffic Engineering 253
Use Case 12 Review 260
Use Case 13: Protecting Corporate Users with a Cloud-Delivered Firewall 261
Use Case 13 Review 269
Use Case 14: Protecting Applications from Packet Loss 269
Forward Error Correction for Audio and Video 270
Packet Duplication for Credit Card Transactions 274
Use Case 14 Review 280
Summary 280
Review All Key Topics 281
Define Key Terms 282
Chapter Review Questions 282
References 284
Chapter 8 Application-Aware Routing Policies 285
The Business Imperative for Application-Aware Routing 286
The Mechanics of an App-Route Policy 286
Constructing an App-Route Policy 287
Monitoring Tunnel Performance 294
Liveliness Detection 295
Hello Interval 295
Multiplier 297
Path Quality Monitoring 298
App-Route Poll Interval 298
App-Route Multiplier 300
Mapping Traffic Flows to a Transport Tunnel 304
Packet Forwarding with Application-Aware Routing Policies 304
Traditional Lookup in the Routing Table 305
SLA Class Action 306
Summary 315
Review All Key Topics 316
Define Key Terms 316
Chapter Review Questions 316
Chapter 9 Localized Policies 319
Introduction to Localized Policies 319
Localized Control Policies 320
Localized Data Policies 334
Quality of Service Policies 338
Step 1: Assign Traffic to Forwarding Classes 339
Step 2: Map Forwarding Classes to Hardware Queues 341
Step 3: Configure the Scheduling Parameters for Each Queue 341
Step 4: Map All of the Schedulers Together into a Single QoS Map 342
Step 5: Configure the Interface with the QoS Map 343
Summary 346
Review All Key Topics 347
Chapter Review Questions 347
Chapter 10 Cisco SD-WAN Security 349
Cisco SD-WAN Security: Why and What 349
Application-Aware Enterprise Firewall 352
Intrusion Detection and Prevention 360
URL Filtering 367
Advanced Malware Protection and Threat Grid 372
DNS Web Layer Security 377
Cloud Security 381
vManage Authentication and Authorization 384
Local Authentication with Role-Based Access Control (RBAC) 384
Remote Authentication with Role-Based Access Control (RBAC) 387
Summary 389
Review All Key Topics 389
Define Key Terms 389
Chapter Review Questions 389
Chapter 11 Cisco SD-WAN Cloud onRamp 393
Cisco SD-WAN Cloud onRamp 393
Cloud onRamp for SaaS 394
Cloud onRamp for IaaS 412
Cloud onRamp for Colocation 429
Why Colocation? 432
How It Works 432
Service Chaining for a Single Service Node 434
Service Chaining for Multiple Service Nodes 436
Service Chaining and the Public Cloud 436
Infrastructure as a Service 438
Software as a Service 438
Redundancy and High Availability 440
Service Chain Design Best Practices 440
Configuration and Management 442
Cluster Creation 442
Image Repository 449
Service Chain Creation 449
Monitoring 454
Summary 455
Review All Key Topics 456
Define Key Terms 456
Chapter Review Questions 456
Chapter 12 Cisco SD-WAN Design and Migration 459
Cisco SD-WAN Design Methodology 459
Cisco SD-WAN Migration Preparation 460
Cisco SD-WAN Data Center Design 462
Transport-Side Connectivity 463
Loopback TLOC Design 465
Service-Side Connectivity 466
Cisco SD-WAN Branch Design 469
Complete CE Replacement—Single Cisco SD-WAN Edge 470
Complete CE Replacement—Dual Cisco SD-WAN Edge 471
Integration with Existing CE Router 475
Integration with a Branch Firewall 476
Integration with Voice Services 478
Cisco SD-WAN Overlay and Underlay Integration 480
Overlay Only 480
Overlay with Underlay Backup 481
Full Overlay and Underlay Integration 485
Summary 490
Review All Key Topics 490
Chapter Review Questions 490
Chapter 13 Provisioning Cisco SD-WAN Controllers in a Private Cloud 493
SD-WAN Controller Functionality Recap 493
Certificates 496
vManage Controller Deployment 501
Step 1: Deploy vManage Virtual Appliance on VMware ESXi or KVM 503
Step 2: Bootstrap and Configure vManage Controller 506
Step 3/4: Set Organization Name and vBond Address in vManage; Install Root
CA Certificate 506
Step 5: Generate, Sign, and Install Certificate onto vManage Controller 511
vBond Controller Deployment 513
Step 1/2/3: Deploy vBond Virtual Machine on VMware ESXi; Bootstrap and
Configure vBond Controller; Manually Install Root CA Certificate on vBond
514
Step 4/5: Add vBond Controller to vManage; Generate, Sign, and Install
Certificate onto vBond Controller 516
vSmart Controller Deployment 518
Step 1/2/3: Deploy vSmart Virtual Machine from Downloaded OVA; Bootstrap
and Configure vSmart Controller; Manually Install Root CA Certificate on
vSmart 519
Step 4/5: Add vSmart Controller to vManage; Generate, Sign, and Install
Certificate onto vSmart Controller 520
Summary 523
Review All Key Topics 524
Define Key Terms 524
Chapter Review Questions 524
References 526
Appendix A: Answers to Chapter Review Questions 527
Appendix B: Example 7-17 539
Glossary of Key Terms 553
Index 557