Preparing for an interview can be a little nerve-wracking. But we got you.
]This blog consists of a detailed list of SD-WAN frequently asked questions and answers. If you have a month or even less than a month’s time to prepare for your dream interview, don’t worry.
Nowadays, interviews are becoming a little tricky. Therefore, you need to have a good command over a subject to ace your interview.
We have made a list of the top 20 questions regarding Cisco SD-WAN. You can go through this exhaustive questionnaire to boost your interview prep.
All kinds of important questions have been listed in this blog to help you with cracking your interview.
Without further ado, let’s begin with our SD-WAN most-asked questions and answers.
With a lot of businesses adopting SaaS (Software-as-a-Service) and IaaS (Infrastructure-as-a-Service) applications in multiple clouds, the old Wide Area Network (WAN) could not cope with the heavy traffic from multiple sites. This created a need for the new-age WAN.
The Cisco SD-WAN is a software-defined approach to manage the WAN. With SD-WAN, you can use combinations of transport technologies such as 4G, MPLS, LTE, etc.
#2 Why is there a need for SD-WAN?
- With the arrival of Cloud applications, a lot of organizations started using Cloud applications.
- This caused a heavy explosion of traffic in the traditional WAN since it is limited to branches, enterprises and data centers.
- Also, an MPLS connection cannot cover long and remote distances.
- The SD-WAN is especially made for SaaS and IaaS applications.
- It can manage traffic and access applications from across the globe.
- SD-WAN uses a combination of transport services.
- It also takes care of the privacy of organizations sharing their data over servers.
#3 What are the benefits of using Cisco SD-WAN?
Using SD-WAN, IT can provide the following advantages:
- IT can deliver routing.
- Threat management.
- Efficient offloading of highly-priced circuits.
- Simplification of WAN network management.
Other benefits of SD-WAN for businesses include:
Better application experience:
- SD-WAN is highly available with a wide range of services for critical enterprise applications.
- Handles all types of network scenarios by creating hybrid active-active links.
- Improved user experience.
- Dynamically routed application traffic.
- Uses economical and flexible broadband such as secure VPN connections (rather than expensive MPLS).
- Application-aware policies make SD-WAN reliable.
- End-to-end segmentation and real-time access control.
- Integrated threat protection.
- Passage of traffic securely from broadband Internet to Cloud.
Optimized Cloud connectivity:
- Smooth extension of WAN to multiple public clouds.
- Real-time optimized performance for Salesforce, Microsoft 365 and other SaaS applications.
- Optimized workflows for cloud platforms like Amazon Web Services (AWS), etc.
- A single, concentrated cloud-managed dashboard for configuring and managing WAN, cloud, and security.
- Simplified management with vManage.
- Detailed report generation of application and WAN performance.
# 4 How do you manage and operate Cisco SD-WAN?
Cisco SD-WAN is managed centrally and has an orchestration layer at the heart of the solution. It is an operated solution with a cloud-hosted Graphic User Interface (GUI) management console called the vManage. It also has a provisioning platform called SD-WAN Controller.
Cisco SD-WAN Controllers:
- They are the central brain of the SD-WAN Solution.
- They implement policies and connectivity between SD-WAN branches.
- They help in changing routing information, access control, segmentation, service chaining and extranets.
- Cisco vManage takes care of and manages the whole solution.
- With the help of vManage, IT Managers and Network Operators can automate the configuration, management, and operation of the whole SD-WAN fabric at one place.
- It is a highly visual and vivid experience to have.
# 5 What is Cisco vManage?
Cisco vManage is the brain of the SD-WAN Solution. The whole Solution is managed by it. Cisco vManage provides a highly vivid experience that allows Network Administrators/ Operators to deploy, manage and automate networks and devices quickly across the SD-WAN fabric.
In short, vManage can be summed up as:
- Highly visual interface for easy use.
- Pre-configured templates automate the deployment of most of the use cases.
- A step-by-step configuration guide to speed up the deployment of onboarding devices.
- Smooth user experience across Cisco Solutions.
# 6 What is the vBond Orchestrator?
vBond is an orchestrator (automated configuration, coordination and management of computer systems) and a gatekeeper.
- The vBond automates the connectivity between vEdge routers and vSmart controllers.
- It ensures smooth SD-WAN fabric on-boarding.
- It consists of the information needed to verify vEdges that wish to join the SD-WAN fabric.
# 7 How is Cisco SD-WAN deployed at branch offices and data center networks and or regional hubs?
- Branch offices and regional hubs can be deployed and connected using either virtual or physical secure routers.
- Enterprise customers and service providers get services such as WAN optimization and firewall.
- They also get basic WAN connection for physical and virtual platforms across the branch, WAN or cloud as follows:
- Branch: Cisco IOS® XE and Viptela OS-based devices.
- Branch: Cisco Catalyst® 8300 Series Edge Platforms and Cisco 1000, 1100, or 4000 Series Integrated Services Routers (ISR)
- Branch, regional hub or data center: Cisco Catalyst 8500 Series Edge Platforms and Cisco ASR 1000 Series Aggregation Services Routers (ASR).
- SD-Branch: Cisco 5000 Series Enterprise Network Compute System (ENCS) and Integrated Services Virtual Router (ISRv).
- Network Hub: Cisco Cloud Services Platform 5000, Catalyst 8000V Edge Software, and Cloud Services Router (CSR) 1000V Series.
Public Cloud (IaaS):
- Amazon Web Services.
- Microsoft Azure.
- Google Cloud Platform.
#8 Is Cisco SD-WAN Solution secure to use?
Yes, Cisco SD-WAN Solution is 100% secure to use. It is true because of the use of TPMs, pre-staged certificate installation and registration of devices.
Traditional SD-WANs lack an effective built-in security protocol.
How is SD-WAN a game changer?
- It not only improves application performance but improve connectivity, they also take care of the traffic.
- SD-WAN makes sure that the policy enforcement is smooth and consistent.
- SD-WAN provides a security-driven approach. Business organizations can use this approach to reach their performance goals.
- With SD-WAN, you do not need to worry about cyberattacks.
#9 Is Network Segmentation supported by SD-WAN Solution and what are the benefits?
Yes, SD-WAN Solutions does support Network Segmentation. The main overlay network is a segment itself called VPN0. Each branch site can have its own Virtual Private Network (VPN). It can be called anything as VPN1 and VPN2.
The benefits of the Network Segmentation are as follows:
- Increased security as the network is protected against outside attackers.
- It creates a secure separation between multiple application segments.
- Acquisitions can be collected on a parent network and yet they can be separated.
- The policies play a regulatory role. They keep a check on what applications a company can access.
- Guest Wi-Fi
#10 Does SD-WAN support APIs?
Yes, SD-WAN supports APIs. The vManage works on APIs.
#11 What is TLOC?
- TLOC stands for Transport Locator.
- It is a point where a Cisco WAN edge device connects to a WAN transport.
- It is used as a static identifier in a Cisco vEdge device.
- TLOC routes separate transport locations.
- TLOCs are the sites in an ‘overlay’ SD-WAN network that connect to a physical transport.
- It is similar to a routing locator.
- A TLOC is the only operation in the Overlay Management Protocol (OMP) domain that is seen by the underlay network.
- TLOC consists of three components:
- Encapsulation type
#12 What does it mean if there is a DCONFAIL or a DTLS connection failure?
It is because of the connectivity problem between vEdge and controllers.
#13 Can the Cisco SD-WAN Solution give optimization for SaaS or IaaS platforms like AWS, Office 365, Salesforce, Cisco Webex or Microsoft Azure?
The function of the Cisco SD-WAN fabric is to connect a user at a branch to various cloud applications in a smooth and easy way. Cisco is able to provide this service for Software-as-Service and Infrastructure-as-a-Service (IaaS) applications with Cisco Cloud OnRamp.
This service is currently available with the SD-WAN solutions.
The benefit of Cloud OnRamp:
- The Cisco Cloud OnRamp helps the SD-WAN fabric to continuously look after the performance of a specific application accessed by a branch.
- It does so through the paths allowed by that branch such as MPLS, Internet, and 4G LTE.
- This allows the SD-WAN to choose the best possible path by making real-time decisions based on the performance.
#14 What is a Domain ID?
- It is a logical classification of vEdge routers and vSmart controllers.
- It defines the span of control for a vSmart controller.
- Each domain is known by a unique integer called the Domain ID.
- You can only configure one domain in a Viptela Overlay Network.
- There is a complete sync of routing information among the vSmart controllers and vEdge routers within a domain.
- An organization can divide its network into domains for work purposes.
#15 What is Site ID?
- A site is a particular physical location in a Viptela Overlay Network.
- It can be a branch office, a campus or a data center.
- Each site has a unique integer called the Site ID.
- Each Viptela device at a site is known by the same Site ID.
- For example, in a data center, all vSmart controllers and vEdge routers are identified by the same Site ID.
- A branch office usually has a single vEdge router.
#16 Explain in brief the Cisco SD-WAN Solution architecture.
A Cisco SD-WAN is made up of the following components:
- Data planes
- The orchestration plane helps in the automatic onboarding of SD-WAN routers into the SD-WAN overlay.
- The management plane looks after central configuration and monitoring.
- The control plane maintains and builds the network topology and makes decisions on the flow of network.
The data plane helps in forwarding the packages based on the decisions made by the control plane.
#17 Explain the SD-WAN Topology.
- A topology usually consists of two sites and two public transport technologies (such as MPLS and LTE).
- The SD-WAN controllers, the vSmart controllers and the vBond orchestrator along with vManage are reachable through these transport technologies.
- Each site consists of vEdge routers that are directly connected to available transport technologies.
- Color represents an individual WAN transport.
- Different WAN transports are given different colors. This means different color for MPLS, LTE, business-Internet, etc.
- The vEdge routers make a Datagram Transport Layer Security (DTLS) or Transport Layer Security (TLS).
- The vEdge routers of one site securely connect with the vEdge routers of the other site with IPsec tunnels.
- The Bidirectional Forwarding Detection (BFD) protocol allows the detection of path failures or any loss.
#18 What is VPN?
- Virtual Private Network (VPN) provides segmentation in an SD-WAN network overlay.
- Each VPN is separated from one another.
- Each VPN has its own forwarding table.
- The VPN number is a 4-byte integer.
- It can be anywhere between 0 to 65530.
- VEdge devices and controllers have two VPNs by default called the VPN0 and the VPN512.
- VPN0 is a transport VPN.
- It consists of interfaces that connect to the WAN transports.
- This VPN forms secure DTLS/ TLS connections between vSmart and vBond controllers or to the vSmart.
- VPN512 is the management VPN.
- It transports the out-of-band management traffic to and from the Cisco SD-WAN devices.
- This VPN is absent on the overlay network.
#19 How can a vEdge be brought into an overlay?
If a vEdge wants to join an overlay network, it needs to do the following two things:
- It needs to build a secure connection to the vManage to receive full configuration.
- It also needs to build a secure connection with vSmart controller to participate in an overlay network.
- The vEdge discovers the vManage and vSmart controller automatically.
- It is built by making a secure network to the vBond orchestrator.
The following steps need to be followed to bring vEdge into an overlay:
- The vEdge router will first authenticate the vBond orchestrator through an encrypted DTLS connection.
- When authentication occurs, the vBond orchestrator sends the IP addresses of the vManage Network Management System (NMS) and the vSmart controllers.
- The vEdge router starts building secure DTLS/ TLS connections with vManage and vSmart controllers.
- It then breaks the connections with vBond orchestrator.
- Once vManage NMS is authenticated, the vManage pushes the full configuration to the vEdge router (if available).
- Then the vEdge tries to make a DTLS/ TLS connection to the vSmart controllers over each transport link.
- After authentication, it makes an OMP session and learns the routes along with policies, TLOCs and encryption keys.
- Then the vEdge router establishes an IPsec tunnel to TLOCs over each transport.
- BFD will then begin to work over these connections.
#20 What is a Zero Touch Provisioning (ZTP) process?
- ZTP is an automatic provisioning process.
- It starts when the vEdge router is powered on for the first time.
- The vEdge will then attempt to connect to a ZTP server with the host name ztp.viptela.com
- It gets the vBond orchestrator information from there.
- Once the information is received, it can then make connections with vManage and vSmart controllers to get full configuration.
- It then joins the overlay network.
#21 Name the device template components.
The device plate section includes system, logging, OMP, AAA, BFD, security, archive and NTP feature templates.
Transport and management VPN:
- This region contains the templates used to configure VPN0 and VPN512.
- It includes BGP, OSPF, VPN interface, VPN interface GRE and VPN interface PPP feature templates.
- This region consists of the templates used to configure the service VPNs.
- It consists of the BGP, IGMP, Multicast, OSPF, PIM, VPN interface, VPN interface bridge, VPN interface GRE, VPN interface IPsec, VPN interface Natpool and DHCP server feature templates.
- This region includes banners.
- It consists of Simple Network Management Protocol (SNMP), bridge, localized policy and cellular feature templates.
#22 What is the traffic symmetry of DPI?
- Deep Packet Inspection (DPI) is used by Application-Aware routing.
- It is responsible for matching applications within the policy.
- It is important for the vEdge router to see the traffic in both directions in order for DPI to classify most application traffic.
- It is not so possible for the traffic to be directed to the same vEdge router in both the LAN-to-WAN direction.
- It is preferred to set up routing so that the traffic prefers one vEdge over the other. This is helpful to maintain symmetric traffic.
That’s All About It!
This list of the SD-WAN interview questions is evergreen. I recommend you to go through these questions thoroughly. This would also allow you to brush up on your SD-WAN concepts.
A lot of candidates appear for the SD-WAN interviews yet they fail because they have weak basic concepts. I have especially emphasized the basic concepts of SD-WAN.
Follow these SD-WAN interview questions and answers to clear your SD-WAN interview like a pro.
I wish you all the best!