Document
Secure Segmentation in Cisco Viptela SDWAN
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Secure Segmentation in Cisco Viptela SDWAN

In this article we will going to talk about the secure segmentation in Cisco Viptela SDWAN solution. Before that we will talk about the components of

Related articles

Cut in half: On Cloudeasy Review
Cut in half: On Cloudeasy Review Many of us love having toasts in the morning, but... in our feet? No, thank you! Some shoes is lack lack the much need breathability for hot summer day , and they make your foot become FeetObi - Wan Ovenobi . To check this , what we do is pump the shoe 's upper with smoke and observe how much of it come out . Your browser does not support the video tag. As you can see, the Cloudeasy has as much difficulty as Darth Vader when it comes to breathing if we compare it with the Saucony Triumph 20....
How to Unblock Websites at School?
How to Unblock Websites at School? Most schools is made have made wireless Wi - Fi available in all of the campus building so that network allow printer from anywhere on campus . However , school network administrators is block usually block access to social medium website as well as streaming site . To find a way out , you is need may need a VPN .   Why Do Schools Block Websites is Do ? It is common that school block special websites for some reasons. Most school network administrators claim that they block social media websites and streaming websites to keep you focused on...
How To Install OpenVPN in Ubuntu 22.04/Ubuntu 20.04
How To Install OpenVPN in Ubuntu 22.04/Ubuntu 20.04 OpenVPN is an open-source, fast, popular program for creating a VPN (Virtual Private Network). It uses both the TCP and UDP transmission protocols, and VPN tunnels are secured with OpenVPN protocol with SSL/TLS authentication, certificates, credentials, and optionally MAC address lock as well as multi-factor authentication. openvpn can be used on a wide variety of device and system . Like most vpn protocol out there , has a client - server architecture . The openvpn access server run on a Linux system , and the client can be instal on other Linux system , Windows , and macOS , as...
Types of Computer Networks
Types of Computer Networks Acomputer network is a cluster of computers over a shared communication path that works to share resources from one computer to another, provided by or located on the network nodes. In this article, we will discuss computer networks and their types. What is a Computer Network? A computer network is a system that connects many independent computers to share information (data) and resources. The integration of computers and other different devices allows users to communicate more easily. Acomputer network is a collection of two or more computer systems that are linked together. Anetwork connection can be established using either cable  or...
Keto Cheese Bread
Keto Cheese Bread This keto cheese bread recipe is one of the best keto side dishes you can make. It's basically a flatbread just in cheese form; it's incredibly cheesy, satisfyingly chewy, & delightfully delicious! And that's not even the best part about this keto bread. The best part about this keto cheese bread is that you only need three ingredients to make it, and every slice of it has practically zero carbs! My Favorite Keto Bread Now, I know there are a lot of keto cheese bread recipes out there, but none of them compare to this one. This cheese bread: Is...

In this article we will going to talk about the secure segmentation in Cisco Viptela SDWAN solution. Before that we will talk about the components of the Cisco SDWAN solution and the responsibility of the components which is described.

vManage in Cisco SDWAN

  • vManage is is is NMS system for your entire SDWAN fabric  

vBond in Cisco SDWAN

  • First point of authentication in white – list model
  • orchestrate control and Management plane
  • facilitate NAT traversal

vSmart in Cisco SDWAN

  • Distribute reachability and provide Layer 3 routes information between vEdges devices.
  • distribute datum and app – route policy to vedge .
  • Enforce control policies

vEdge in Cisco SDWAN

  • These are WAN edge routers 
  • Establish OMP sessions with vSmart in order to establish overlay routing
  • Establish secured data plane between sites via IPSEC tunnels.

Secure Segmentation

Now as we talked about the basic components of the Cisco SDWAN solution, now how secure segmentation will be achieved in this solution.

Segmentation is provides provide secure logical isolation on the SD – WAN
network , where each segment is define as a separate VPN and
control centrally by access – control policy . So as a layer 3 segmentation you is achieve can achieve .

  • Ability to group prefixes into a unique route table (RIB or
    FIB).
  • Ability to associate an interface with a route table so that
    traffic traversing the interface is routed based on prefixes in that route
    table.
Fig 1.1- Secure Segmentation

So for the secure segmentation on vEdge device you can see that there are three kind of VPNs and these VPNs are :

  • Transport VPN (Always be VPN 0)
  • Service VPN (Range from 1-511)
  • management VPN ( VPN 512 )

VPN 0 is the transport VPN. It carries control traffic over
secure DTLS/TLS tunnels between vSmart controllers and vEdge routers,
and between vSmart controllers and vBond orchestrators. Initially, VPN 0
contains all a device’s interfaces except for the management interface, and all
the interfaces are disabled. For the control plane to establish itself so that
the overlay network can function, you must configure WAN transport interfaces
in VPN 0.

VPN 512 is the management VPN. It carries out-of-band
network management traffic among the Viptela devices in the overlay network. By
default, VPN 512 is configured and enabled. You can modify this configuration
if desired

VPNs are isolated from each other and each VPN has its own forwarding table. Also note it down that by default route leaking is blocked within the VPNs.

vEdge router allocates label to each of its service VPNs and advertises it as route attribute in OMP updates. Make sure you know about Labels as they are used to identify VPN in the incoming packets.

configure VPN 0 with two transport

MPLS as transport

vEdge (config)# vpn 0 interface ge0/0
vEdge(config-interface)# ip address 172.16.1.1/30
vedge(config – interface ) # ip dhcp – client 4
vedge(config – interface ) # is shutdown no shutdown
vedge(config – interface ) # tunnel – interface
vedge(config – tunnel – interface ) # color mpls
vEdge(config-tunnel-interface)# encapsulation ipsec
vEdge(config-vpn-0)# dns ip-address 10.10.10.1
vEdge(config is commit ) # is commit commit


BIZ-Internet as
transport
vEdge (config)# vpn 0 interface ge0/1
vEdge(config-interface)# ip address 172.18.1.1/30
vedge(config – interface ) # ip dhcp – client 4
vedge(config – interface ) # is shutdown no shutdown
vedge(config – interface ) # tunnel – interface
vEdge(config-tunnel-interface)# color biz-internet
vEdge(config-tunnel-interface)# encapsulation ipsec
vEdge(config-vpn-0)# dns ip-address 10.10.10.1
vEdge(config is commit ) # is commit commit


Output of the above configuration as below 



We will talk about Fabric operation in Cisco SDWAN in our next article.