Category Archives: Onboarding and Provisioning

Priority Queuing – WAN Availability and QoS

Priority queuing (PQ) is a queuing method that establishes four interface output queues that serve different priority levels: high, medium, default, and low. Unfortunately, PQ can starve other queues if too much data is in one queue because higher-priority queues must be emptied before lower-priority queues. Custom Queuing Custom queuing (CQ) uses up to 16… Read More »

Link Efficiency – WAN Availability and QoS

With Cisco IOS, several link-efficiency mechanisms are available. Link fragmentation and interleaving (LFI), Multilink PPP (MLP), and Real-Time Transport Protocol (RTP) header compression can provide for more efficient use of bandwidth. Table 9-8 describes Cisco IOS link-efficiency mechanisms. Table 9-8 Link-Efficiency Mechanisms Mechanisms Description Link fragmentation and interleaving (LFI) Reduces delay and jitter on slower-speed… Read More »

Security and ISE – SD-Access Design

Cisco ISE is a secure network access platform that enables control, visibility, and consistency for users and devices accessing the network. Within the SD-Access fabric, Cisco ISE provides all the identity and policy services. Cisco ISE is a critical component of SD-Access for policy enforcement; it allows for the dynamic mapping of users and endpoints… Read More »

Large Site Design Considerations – SD-Access Design

Typically, a large site is designed with a three-tier network that consists of separate core, distribution, and access layers. These larger site networks are designed to support up to 50,000 endpoints. Multiple service exit points with dedicated data center connections, a shared services block, and Internet services are common. In a multi-fabric deployment, the headquarters… Read More »

SD-WAN Architecture – SD-WAN Design

Cisco SD-WAN is an enterprise-grade WAN architecture overlay that enables digital and cloud transformation for enterprises. It fully integrates routing, security, centralized policy, and orchestration into large-scale networks. It is a multi-tenant, cloud-delivered, highly automated, secure, scalable, and application-aware solution with rich analytics. The Cisco SD-WAN technology addresses the problems and challenges of common WAN… Read More »

Control Plane – SD-WAN Design

The vSmart component resides in the control plane. vSmart controllers provide routing, enforce data plane policies, and enforce network-wide segmentation. Because policies are created on vManage, vSmart is the component responsible for enforcing these policies centrally. It is the “brains” of the architecture. vEdge routers communicate their routing information with the vSmart controllers, not to… Read More »

Network/Headend Redundancy – SD-WAN Design

SD-WAN provides network/headend redundancy so that in the event of loss of connectivity via the primary network headend vEdge router at the data center, the vEdge router can connect to a redundant headend vEdge router (see Figure 11-6). Figure 11-6 Network/Headend Redundancy Controller Redundancy As mentioned previously, you can increase the number of vSmart controllers… Read More »

vEdge DHCP Server – SD-WAN Design

vEdge routers can be configured to provide DHCP server functionality to allow for host IP address assignments to be made directly from a vEdge device on a customer site. DHCP servers are configurable for the service side interface. DHCP relay (IP helper) functionality is also supported for forwarding requests from the service side network to… Read More »

VPN Topology Design – SD-WAN Design

Each VPN is independent of every other VPN. You might separate VPNs in order to separate business traffic from guest wireless traffic. Or you might want to separate manufacturing or extranet traffic. Some traffic might be site-to-site traffic, and other traffic might be site-to-data center traffic. VPNs can be configured with several different topologies: Figure… Read More »