Cisco Software-Defined Wide Area Networks: Designing, Deploying and Securing

Description: Introduction xix Chapter 1 Introduction to Cisco Software-Defined Wide Area Networking (SD-WAN) 1 Networks of Today 1 Common Business and IT Trends 4 Common Desired Benefits 5 High-Level Design Considerations 7 Introduction to Cisco Software-Defined WAN (SD-WAN) 9 Transport Independence 10 Rethinking the WAN 12 Use Cases Demanding Changes in the WAN 13 Bandwidth Aggregation and Application Load-Balancing 13 Protecting Critical Applications with SLAs 14 End-to-End Segmentation 15 Direct Internet Access 15 Fully Managed Network Solution 16 Building an ROI to Identify Cost Savings 17 Introduction to Multidomain 18 Cloud Trends and Adoption 19 Summary 21 Review All Key Topics 22 Key Terms 22 Chapter Review Questions 22 Chapter 2 Cisco SD-WAN Components 25 Data Plane 27 Management Plane 32 Control Plane 34 Orchestration Plane 36 Multi-Tenancy Options 38 Deployment Options 38 Summary 39 Review All Key Topics 39 Key Terms 40 Chapter Review Questions 40 References 42 Chapter 3 Control Plane and Data Plane Operations 43 Control Plane Operations 44 Overlay Management Protocol 47 OMP Routes 48 TLOC Routes 52 Service Routes 54 Path Selection 56 OMP Route Redistribution and Loop Prevention 58 Data Plane Operations 65 TLOC Colors 66 Tunnel Groups 70 Network Address Translation 73 Full Cone NAT 74 Symmetric NAT 75 Address Restricted Cone NAT 76 Port Restricted Cone NAT 77 Network Segmentation 81 Data Plane Encryption 83 Data Plane Encryption with Pairwise 86 Summary 88 Review All Key Topics 88 Key Terms 89 Chapter Review Questions 89 References 90 Chapter 4 Onboarding and Provisioning 91 Configuration Templates 93 Developing and Deploying Templates 97 Onboarding Devices 101 Manual Bootstrapping of a WAN Edge 102 Automatic Provisioning with PNP or ZTP 103 Summary 105 Review All Key Topics 106 Chapter Review Questions 106 References 107 Chapter 5 Introduction to Cisco SD-WAN Policies 109 Purpose of Cisco SD-WAN Policies 109 Types of Cisco SD-WAN Policies 110 Centralized Policy 110 Centralized Policies That Affect the Control Plane 111 Centralized Policies That Affect the Data Plane 112 Localized Policy 112 Policy Domains 113 Cisco SD-WAN Policy Construction 115 Types of Lists 118 Policy Definition 119 Cisco SD-WAN Policy Administration, Activation, and Enforcement 122 Building a Centralized Policy 122 Activating a Centralized Policy 125 Packet Forwarding Order of Operations 127 Summary 128 Review All Key Topics 129 Define Key Terms 129 Chapter Review Questions 129 Chapter 6 Centralized Control Policies 133 Centralized Control Policy Overview 134 Use Case 1: Isolating Remote Branches from Each Other 136 Use Case 1 Review 149 Use Case 2: Enabling Branch-to-Branch Communication Through Data Centers 149 Enabling Branch-to-Branch Communication with Summarization 150 Enabling Branch-to-Branch Communication with TLOC Lists 152 Use Case 2 Review 168 Use Case 3: Traffic Engineering at Sites with Multiple Routers 169 Setting TLOC Preference with Centralized Policy 171 Setting TLOC Preference with Device Templates 177 Use Case 3 Review 179 Use Case 4: Preferring Regional Data Centers for Internet Access 180 Use Case 4 Review 188 Use Case 5: Regional Mesh Networks 188 Use Case 5 Review 195 Use Case 6: Enforcing Security Perimeters with Service Insertion 195 Use Case 6 Review 202 Use Case 7: Isolating Guest Users from the Corporate WAN 202 Use Case 7 Review 206 Use Case 8: Creating Different Network Topologies per Segment 206 Use Case 8 Review 210 Use Case 9: Creating Extranets and Access to Shared Services 211 Use Case 9 Review 222 Summary 223 Review All Key Topics 223 Define Key Terms 224 Chapter Review Questions 224 Reference 226 Chapter 7 Centralized Data Policies 227 Centralized Data Policy Overview 228 Centralized Data Policy Use Cases 228 Use Case 10: Direct Internet Access for Guest Users 230 Use Case 10 Review 242 Use Case 11: Direct Cloud Access for Trusted Applications 243 Use Case 11 Review 253 Use Case 12: Application-Based Traffic Engineering 253 Use Case 12 Review 260 Use Case 13: Protecting Corporate Users with a Cloud-Delivered Firewall 261 Use Case 13 Review 269 Use Case 14: Protecting Applications from Packet Loss 269 Forward Error Correction for Audio and Video 270 Packet Duplication for Credit Card Transactions 274 Use Case 14 Review 280 Summary 280 Review All Key Topics 281 Define Key Terms 282 Chapter Review Questions 282 References 284 Chapter 8 Application-Aware Routing Policies 285 The Business Imperative for Application-Aware Routing 286 The Mechanics of an App-Route Policy 286 Constructing an App-Route Policy 287 Monitoring Tunnel Performance 294 Liveliness Detection 295 Hello Interval 295 Multiplier 297 Path Quality Monitoring 298 App-Route Poll Interval 298 App-Route Multiplier 300 Mapping Traffic Flows to a Transport Tunnel 304 Packet Forwarding with Application-Aware Routing Policies 304 Traditional Lookup in the Routing Table 305 SLA Class Action 306 Summary 315 Review All Key Topics 316 Define Key Terms 316 Chapter Review Questions 316 Chapter 9 Localized Policies 319 Introduction to Localized Policies 319 Localized Control Policies 320 Localized Data Policies 334 Quality of Service Policies 338 Step 1: Assign Traffic to Forwarding Classes 339 Step 2: Map Forwarding Classes to Hardware Queues 341 Step 3: Configure the Scheduling Parameters for Each Queue 341 Step 4: Map All of the Schedulers Together into a Single QoS Map 342 Step 5: Configure the Interface with the QoS Map 343 Summary 346 Review All Key Topics 347 Chapter Review Questions 347 Chapter 10 Cisco SD-WAN Security 349 Cisco SD-WAN Security: Why and What 349 Application-Aware Enterprise Firewall 352 Intrusion Detection and Prevention 360 URL Filtering 367 Advanced Malware Protection and Threat Grid 372 DNS Web Layer Security 377 Cloud Security 381 vManage Authentication and Authorization 384 Local Authentication with Role-Based Access Control (RBAC) 384 Remote Authentication with Role-Based Access Control (RBAC) 387 Summary 389 Review All Key Topics 389 Define Key Terms 389 Chapter Review Questions 389 Chapter 11 Cisco SD-WAN Cloud onRamp 393 Cisco SD-WAN Cloud onRamp 393 Cloud onRamp for SaaS 394 Cloud onRamp for IaaS 412 Cloud onRamp for Colocation 429 Why Colocation? 432 How It Works 432 Service Chaining for a Single Service Node 434 Service Chaining for Multiple Service Nodes 436 Service Chaining and the Public Cloud 436 Infrastructure as a Service 438 Software as a Service 438 Redundancy and High Availability 440 Service Chain Design Best Practices 440 Configuration and Management 442 Cluster Creation 442 Image Repository 449 Service Chain Creation 449 Monitoring 454 Summary 455 Review All Key Topics 456 Define Key Terms 456 Chapter Review Questions 456 Chapter 12 Cisco SD-WAN Design and Migration 459 Cisco SD-WAN Design Methodology 459 Cisco SD-WAN Migration Preparation 460 Cisco SD-WAN Data Center Design 462 Transport-Side Connectivity 463 Loopback TLOC Design 465 Service-Side Connectivity 466 Cisco SD-WAN Branch Design 469 Complete CE Replacement-Single Cisco SD-WAN Edge 470 Complete CE Replacement-Dual Cisco SD-WAN Edge 471 Integration with Existing CE Router 475 Integration with a Branch Firewall 476 Integration with Voice Services 478 Cisco SD-WAN Overlay and Underlay Integration 480 Overlay Only 480 Overlay with Underlay Backup 481 Full Overlay and Underlay Integration 485 Summary 490 Review All Key Topics 490 Chapter Review Questions 490 Chapter 13 Provisioning Cisco SD-WAN Controllers in a Private Cloud 493 SD-WAN Controller Functionality Recap 493 Certificates 496 vManage Controller Deployment 501 Step 1: Deploy vManage Virtual Appliance on VMware ESXi or KVM 503 Step 2: Bootstrap and Configure vManage Controller 506 Step 3/4: Set Organization Name and vBond Address in vManage; Install Root CA Certificate 506 Step 5: Generate, Sign, and Install Certificate onto vManage Controller 511 vBond Controller Deployment 513 Step 1/2/3: Deploy vBond Virtual Machine on VMware ESXi; Bootstrap and Configure vBond Controller; Manually Install Root CA Certificate on vBond 514 Step 4/5: Add vBond Controller to vManage; Generate, Sign, and Install Certificate onto vBond Controller 516 vSmart Controller Deployment 518 Step 1/2/3: Deploy vSmart Virtual Machine from Downloaded OVA; Bootstrap and Configure vSmart Controller; Manually Install Root CA Certificate on vSmart 519 Step 4/5: Add vSmart Controller to vManage; Generate, Sign, and Install Certificate onto vSmart Controller 520 Summary 523 Review All Key Topics 524 Define Key Terms 524 Chapter Review Questions 524 References 526 Appendix A: Answers to Chapter Review Questions 527 Appendix B: Example 7-17 539 Glossary of Key Terms 553 Index 557

Price: 45.66 GBP

Location: Gloucester

End Time: 2024-11-01T07:40:54.000Z

Shipping Cost: 26.2 GBP