Cisco SD-WAN Black Belt Training
Upon completing this course, the learner will be able to meet these overall objectives:
-Know and understand Cisco’s SD-WAN concepts, features, benefits, terminology and the way this approach innovates common administrative tasks on today’s networks.
-Differentiate and explain each of the building blocks of SD-WAN Solution
-Explain the concept of “Fabric” and the different node types that conform it (Fabric Edge Nodes, Control Plane Nodes, Management Nodes and Orchestration Nodes)
-Identify the roles and functions of vEdge, vSmart, vManage and vBond entities
Course Objectives:
Upon completing this course, the learner will be able to meet these overall objectives:
- Know and understand Cisco’s SD-WAN concepts, features, benefits, terminology and the way this approach innovates common administrative tasks on today’s networks.
- Differentiate and explain each of the building blocks of SD-WAN Solution
- Explain the concept of “Fabric” and the different node types that conform it (Fabric Edge Nodes, Control Plane Nodes, Management Nodes and Orchestration Nodes)
- Identify the roles and functions of vEdge, vSmart, vManage and vBond entities
- Know and understand the Zero Touch Provisioning Model
- Know and understand the Zero Trust Provisioning Model
- Identify Overlay Management Protocol (OMP) as a key element of the SD-WAN solution and the role it plays for Control Plane setup
- Understand segmentation of SD-WAN fabric, through the use of VPN’s (VRF’s)
- Understand the role that templates have in SD-WAN solution, differentiate templates and know how to apply them
- Differentiate Control, Data and Application Route Policies and know how they are used in SD-WAN
- Identify and apply QoS mechanisms to SD-WAN fabric
- Discuss Use Cases for SD-WAN
Course Outline
Module 1: SD-WAN Solution Overview
- Traditional WAN - Challenges
- SD-WAN Overview and definitions
- SD-WAN Benefits
- SD-WAN Key Concepts
- SD-WAN Main Components
- WAN Edge (cEdge/vEdge)
- vSmart
- vManage
- vBond
- On-Premise vs. Cloud-based Control Plane
- Requesting a Cloud based SD-WAN Controllers - Process
Module 2: Secure Control Plane Bring-Up
- Zero Trust Security Principles
- Secure Control Channels
- Establishing vEdge Router Identity
- Establishing Control Elements Identities (vBond, vSmart, Edge)
- Secure Control Channel between Edge Router and vBond
- Secure Control Channel between Edge Router and vSmart/vManage
Module 3: Secure Data Plane Bring-Up
- Limitations of traditional key exchange mechanisms (IKE)
- SD-WAN new centralized Encryption key distribution
- Traffic Encryption for data privacy
- Authentication Header for Data Plane Integrity
- Anti-Replay Protection (man-in-the-middle)
- Role of Bidirectional Forwarding Detection (BFD)
- Considerations about MTU and MSS
- End to End Segmentation (VPN’s)
- Role of Application Visibility and Recognition
- Infrastructure DDoS Mitigation
- Security Policies and Services
- Cloud Security: Secure Direct Internet Access
Module 4: Overlay Management Protocol (OMP)
- Definition of overlay routing
- Role and characteristics of Overlay Management Protocol (OMP)
- OMP Advertised Routes
- Route Redistribution (edge routing protocol to OMP and vice versa)
- Best Path Algorithm
Module 5: Using Templates
- Basic Elements in the configuration for any device
- Need for Templates
- Options to Apply Templates to Devices
- Overview of Feature Templates
- Categories of Feature Templates
- Workflow for Applying Templates to Devices
Module 6: Using Policies
- Policy Architecture
- Application Aware Routing Policies
- Control Policies
- Data Policies
- VPN Membership Policies
- Routing Policies
- Cflowd Templates
Module 7: Quality of Service (QoS)
- QoS Pipeline – vEdge Router
- Data Packet Flow
- Queueing Management
- Control Traffic Prioritization
- Random Early Detection (RED)
- Traffic Policing
- Traffic Shaping
- Marking and Remarking
- Class-Map
- QoS Scheduler
- QoS Map
- Applying QoS policies
Module 8: Basic Troubleshooting
- Troubleshooting Control Plane Bring Up
- GUI validation in vManage
- CLI validation with “Show” commands in vEdge Router
- Troubleshooting Data Plane
- Troubleshooting OMP
Module 9: Use Cases & Design
- Guest Wi-Fi
- Bandwidth Augmentation
- Cloud onRamp for SAAS
- Critical Applications SLA
- Regional Secure Perimeter
- Cisco SD-WAN Co-Locations
Module 10: SD-WAN Security
- Control Plane and Date Plane Security Overview
- Cisco SD-WAN Zero Trust Deployment (ZTD) Model
- Cisco SD-WAN Security Features
- Unified Threat Defense
- Firewall Policies
- Zone-Based Firewall
- Snort based IPS Policy configuration
- URL Filtering
- Cisco DNS Umbrella Integration
Module 11: Migration from Traditional WAN to SD-WAN
- Migrating from IOS-XE to SD-WAN XE – Configuration migration tool
- Migration Strategies for the DC/RSO
- Migration Strategies for the Branch
- Migration of current routing to SD-WAN Policies
Module 12: Automating the SD-WAN vBranch
- Deploying the SD-WAN Branch on Cisco ENCS
- Automating the Virtual Branch with Cisco DNA-C
- Deploying and Managing SD-WAN sites with Cisco NSO and Cisco MSX
- Cisco SD-WAN vManage Integration with REST APIs – Automating ad Monitoring
- Creating custom application scripts using Python. Ansible and node.js to fast track Branch Deployments
Lab Outline
- Lab 1: Add Edge Router to vManage Inventory
- Lab 2: Configure and Deploy Control-Plane Connectivity
- Lab 3: Configure and Deploy an Overlay Network
- Lab 4: Provision and Deploy vManage Templates
- Lab 5: Provision and Deploy vManage Policies
- Lab 6: Service Insertion using a FW
- Lab 7: Application Firewalling using Centralized Policies
- Lab 8: Application Aware Routing
- Lab 9: Prefer Data Center DC1 and DC2 for Different Set of Branches for Regional Internet Exit
- Lab 10: Deploying the SD-WAN branch using Cisco NSO
- Lab 11: vManage REST API Integration with custom Python Application
Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com
Request a Date