Trends in SDWAN

Raghavan Kasturirangan ([email protected])

Principal Systems Engineer
Cisco Systems
Secure Cloud Scale SD-WAN
Previously, Connecting Users to Data Center was the Priority

Internet

Best
Users Applications Effort

WAN
Branch/Campus

Data Center
 Today, things have changed completely

Devices and Things

DC/Private Cloud

Campus and Branch Users WAN SaaS

Mobile Users

IaaS
SD-WAN provides flexible connectivity and ease-of-management

Campus
X2-5
DC/Private Cloud

Branches X100+

Intelligent connectivity
becomes SaaS
business critical

Mobile
Users
X1000s
IaaS

SD-WAN was About Flexible Connectivity

Business Value of Cisco SD-WAN

38% 58% 94%

Lower five-year cost of Faster to implement policy/ Less unplanned

WAN operations configuration changes downtime

Full IDC report available on www.cisco.com/go/sdwan

$14.98M increased revenue per organization

SD-WAN Architecture
The Power of Abstraction
Orchestration Plane

Management

APIs Management Plane

3rd Party
Analytics
Automation

Orchestrator
Control Plane
Control plane

MPLS 4G

INET

Data Plane
Cloud Data Center Campus Branch SOHO
 Cloud Ready WAN

Public Cloud IaaS SaaS Cloud

Data Center Applications

Data Data
Center Center

Small Office Small Office

Home Office Secure Home Office Secure
SD-WAN SD-WAN
Fabric Fabric

Branch Campus Branch Campus

Cloud On-Ramp IaaS Cloud On-Ramp SaaS

Flexible Connectivity
Application-aware Routing with any Topology

Critical Application SLA Bandwidth

Bandwidth Augmentation
Augmentation

Manage
• Augment MPLS with Manage
Internet bandwidth
App Aware Routing Policy
• Latency ≤ 150ms Traffic Engineering
• Loss ≤ 2%
•
Policy
Jitter ≤ 10ms

Internet
Remote Site
Remote Site
Internet
Path 1
MPLS
A
Data Center
Path 2 Data Center
App A
B
MPLS
Path 4G LTE
3

SD-WAN Tunnel
SD-WAN Tunnel
 Voice Optimization
Improve reliability with FEC and Packet Duplication
Forward Error Correction Packet Duplication
• FEC guarantees voice/critical Manage
traffic across unreliable WAN • Packets sent on preferred
path and a secondary path is Manage
links
chosen to duplicate packets
• Reduces retransmissions and • Packet duplication helps
improves throughput voice, video to work well
over unreliable WAN links
Sender Receiver P
1
P
2
P
3
P
4
P
5

Parity
P P P P
Parity 1 2 3 4
P P P P
1 2 3 4

Remote Site Internet

P P P P
Parity
Data Center
Path 1
1 2 3 4

Parity

Internet VPN1 MPLS

VPN1 Path 2 P
1
P
2
P
3
P
4
P
5

Data Center
Path
Remote Site 3 4G LTE
MPLS App A (VPN1)
P P P P P
1 2 3 4 5

App A (VPN1)
 Right Security, Right Place
Typical SD-WAN Solutions Cisco SD-WAN Security

SaaS IaaS SaaS IaaS

Internet Internet

Direct Internet/Cloud Access Internal Data Access IPS FW DNS SWG

• Exposure to attacks from • Compliance (PCI, HIPPA,
Internet/cloud GDPR) CD
• Data breaches • Lateral movements AMP URL SIG FW

• Guest access liability

Threat
Intelligence

Branch Data Center Branch Data Center

Secure
SD-WAN SD-WAN Fabric
Fabric

Challenge of Balancing Security and User Experience “No Compromise” Solution

Adding various point-solution securities (on-premise and/or cloud) will compromise Single management console for networking and security with zero-trust fabric
security, application experience or performance. authentication and end-to-end segmentation that stop breach propagation.
Secure SD-WAN Use-cases
Direct Internet Access Guest Wifi Compliance

URL FilteringCisco Umbrella

Manage Firewall IPS AMP+TG
Firewall URL Filtering Firewall IPS AMP+TG

Direct Internet Access SD-WAN

Internet

Internet VPN1 VPN3

Data Center
Applications VPN2 Applications

Employees Contractors Guests

The End Vision
E2E Segmented Network Architecture

Data
Center

Cloud
SD Campus / Edge
Public Cloud
Branch SD-WAN

Users

SaaS

Devices
Internet

Direct Internet Access

Deliver better digital experiences, anytime, anywhere

 Cisco SD-WAN Interconnects Multi-Domain Networks
End-to-end Experiences
Pervasive Security
Automation and Policy
Telemetry, Analytics and Assurance
Security and Segmentation

Normalized APIs

Vertically API API

Integrated Integration Integration
Controller
Solutions Controller vManage

Users Applications
(Consumers) (Providers)

SD-Access SD-WAN SDDC

Common Desired Benefits
Designing and Deploying for Impact
Augment or replace premium WAN bandwidth

Reduce costs and lower operational complexity $

Ensure remote site uptime

Provide a consistent high quality experience

Prioritize and secure with granular control

Offload guest and public cloud

Thank you