Cisco SD-WAN Black Belt Training

Upon completing this course, the learner will be able to meet these overall objectives: -Know and understand Cisco’s SD-WAN concepts, features, benefits, terminology and the way this approach innovates common administrative tasks on today’s networks. -Differentiate and explain each of the building blocks of SD-WAN Solution -Explain the concept of “Fabric” and the different node types that conform it (Fabric Edge Nodes, Control Plane Nodes, Management Nodes and Orchestration Nodes) -Identify the roles and functions of vEdge, vSmart, vManage and vBond entities

Retail Price: $4,495.00

Next Date: Request Date

Course Days: 5


Request a Date

Request Custom Course


Course Objectives:

Upon completing this course, the learner will be able to meet these overall objectives:

  • Know and understand Cisco’s SD-WAN concepts, features, benefits, terminology and the way this approach innovates common administrative tasks on today’s networks.
  • Differentiate and explain each of the building blocks of SD-WAN Solution
  • Explain the concept of “Fabric” and the different node types that conform it (Fabric Edge Nodes, Control Plane Nodes, Management Nodes and Orchestration Nodes)
  • Identify the roles and functions of vEdge, vSmart, vManage and vBond entities
  • Know and understand the Zero Touch Provisioning Model
  • Know and understand the Zero Trust Provisioning Model
  • Identify Overlay Management Protocol (OMP) as a key element of the SD-WAN solution and the role it plays for Control Plane setup
  • Understand segmentation of SD-WAN fabric, through the use of VPN’s (VRF’s)
  • Understand the role that templates have in SD-WAN solution, differentiate templates and know how to apply them
  • Differentiate Control, Data and Application Route Policies and know how they are used in SD-WAN
  • Identify and apply QoS mechanisms to SD-WAN fabric
  • Discuss Use Cases for SD-WAN

Course Outline

 

Module 1: SD-WAN Solution Overview

  • Traditional WAN - Challenges
  • SD-WAN Overview and definitions
  • SD-WAN Benefits
  • SD-WAN Key Concepts
  • SD-WAN Main Components
    • WAN Edge (cEdge/vEdge)
    • vSmart
    • vManage
    • vBond
  • On-Premise vs. Cloud-based Control Plane
  • Requesting a Cloud based SD-WAN Controllers - Process

Module 2: Secure Control Plane Bring-Up

  • Zero Trust Security Principles
  • Secure Control Channels
  • Establishing vEdge Router Identity
  • Establishing Control Elements Identities (vBond, vSmart, Edge)
  • Secure Control Channel between Edge Router and vBond
  • Secure Control Channel between Edge Router and vSmart/vManage

Module 3: Secure Data Plane Bring-Up

  • Limitations of traditional key exchange mechanisms (IKE)
  • SD-WAN new centralized Encryption key distribution
  • Traffic Encryption for data privacy
  • Authentication Header for Data Plane Integrity
  • Anti-Replay Protection (man-in-the-middle)
  • Role of Bidirectional Forwarding Detection (BFD)
  • Considerations about MTU and MSS
  • End to End Segmentation (VPN’s)
  • Role of Application Visibility and Recognition
  • Infrastructure DDoS Mitigation
  • Security Policies and Services
  • Cloud Security: Secure Direct Internet Access

Module 4: Overlay Management Protocol (OMP)

  • Definition of overlay routing
  • Role and characteristics of Overlay Management Protocol (OMP)
  • OMP Advertised Routes
  • Route Redistribution (edge routing protocol to OMP and vice versa)
  • Best Path Algorithm

Module 5: Using Templates

  • Basic Elements in the configuration for any device
  • Need for Templates
  • Options to Apply Templates to Devices
  • Overview of Feature Templates
  • Categories of Feature Templates
  • Workflow for Applying Templates to Devices

Module 6: Using Policies

  • Policy Architecture
  • Application Aware Routing Policies
  • Control Policies
  • Data Policies
  • VPN Membership Policies
  • Routing Policies
  • Cflowd Templates

Module 7: Quality of Service (QoS)

  • QoS Pipeline – vEdge Router
  • Data Packet Flow
  • Queueing Management
  • Control Traffic Prioritization
  • Random Early Detection (RED)
  • Traffic Policing
  • Traffic Shaping
  • Marking and Remarking
  • Class-Map
  • QoS Scheduler
  • QoS Map
  • Applying QoS policies

Module 8: Basic Troubleshooting

  • Troubleshooting Control Plane Bring Up
  • GUI validation in vManage
  • CLI validation with “Show” commands in vEdge Router
  • Troubleshooting Data Plane
  • Troubleshooting OMP

Module 9: Use Cases & Design

  • Guest Wi-Fi
  • Bandwidth Augmentation
  • Cloud onRamp for SAAS
  • Critical Applications SLA
  • Regional Secure Perimeter
  • Cisco SD-WAN Co-Locations

Module 10: SD-WAN Security

  • Control Plane and Date Plane Security Overview
  • Cisco SD-WAN Zero Trust Deployment (ZTD) Model
  • Cisco SD-WAN Security Features
  • Unified Threat Defense
  • Firewall Policies
  • Zone-Based Firewall
  • Snort based IPS Policy configuration
  • URL Filtering
  • Cisco DNS Umbrella Integration

Module 11: Migration from Traditional WAN to SD-WAN

  • Migrating from IOS-XE to SD-WAN XE – Configuration migration tool
  • Migration Strategies for the DC/RSO
  • Migration Strategies for the Branch
  • Migration of current routing to SD-WAN Policies

Module 12: Automating the SD-WAN vBranch

  • Deploying the SD-WAN Branch on Cisco ENCS
  • Automating the Virtual Branch with Cisco DNA-C
  • Deploying and Managing SD-WAN sites with Cisco NSO and Cisco MSX
  • Cisco SD-WAN vManage Integration with REST APIs – Automating ad Monitoring
  • Creating custom application scripts using Python. Ansible and node.js to fast track Branch Deployments

Lab Outline

  • Lab 1: Add Edge Router to vManage Inventory
  • Lab 2:  Configure and Deploy Control-Plane Connectivity
  • Lab 3: Configure and Deploy an Overlay Network
  • Lab 4: Provision and Deploy vManage Templates
  • Lab 5: Provision and Deploy vManage Policies
  • Lab 6: Service Insertion using a FW
  • Lab 7: Application Firewalling using Centralized Policies
  • Lab 8: Application Aware Routing
  • Lab 9: Prefer Data Center DC1 and DC2 for Different Set of Branches for Regional Internet Exit
  • Lab 10: Deploying the SD-WAN branch using Cisco NSO
  • Lab 11: vManage REST API Integration with custom Python Application


Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com


Request a Date