[Part 6] Cisco SDWAN - vSmart Controller
Control Plane - Empowering Network Intelligence
Introduction
In the world of software-defined wide-area networking (SD-WAN), the control plane plays a crucial role in managing network intelligence and ensuring seamless connectivity. One of the key components responsible for control plane functionality is the vSmart controller.
In this article, we will delve into the details of vSmart and its role in the Cisco SD-WAN fabric, exploring its capabilities, benefits, and operational mechanisms.
The Brain of the SD-WAN Fabric
vSmart acts as the central intelligence hub of the SD-WAN fabric, providing control plane services to orchestrate network operations. Its highly scalable architecture allows it to handle up to 5,400 connections per vSmart server, making it suitable for large-scale deployments.
With vSmart, organizations can efficiently implement control plane policies, centralized data policies, service chaining, and VPN topologies, while ensuring robust security and encryption through key management.
Simplifying Network Operations
By separating the control plane from the data and management planes, the Cisco SD-WAN solution achieves greater scalability and simplifies network operations.
Unlike traditional routing protocols, if you look at traditional link states routing protocols such as OSPF and IS-IS, each router knows about the state of the whole network and calculates its own routing table based on the link state database information.
This can be very CPU intensive and offers only a limited, autonomous view of the network. vSmart enables comprehensive network state visibility for efficient path calculations and reduced complexity. This ensures optimal routing decisions across the network.
vSmart leverages the Overlay Management Protocol (OMP) to communicate and manage network information. OMP goes beyond routing and encompasses key management, configuration updates, and more. It runs between vSmart and the WAN Edges within a secure tunnel. Policies built through the management plane are distributed to vSmart via NETCONF, and vSmart disseminates these policies to the WAN Edges through OMP updates.
OMP is the main exchange control information protocol using in Cisco SDWAN control plane.
The separated detailed article about OMP will come later.
Intelligent Routing and Topology Management
Similar to a BGP route reflector in iBGP, vSmart receives routing information from each WAN Edge and applies policies before advertising the information to other WAN Edges. vSmart defines different topologies per VPN, allowing flexible modification of routes and data plane construction.
This centralization of control enables efficient management of the network's routing and topology, ensuring optimized performance and reduced complexity.
The Cisco SDWAN Policies will be explain detail in the next parts.
Enhanced Security and Key Management
The control plane is responsible for fabric encryption, and vSmart plays a crucial role in ensuring secure communication. In legacy WAN technologies, each device computed its own encryption keys and distributed them using protocols like ISAKMP/IKE.
In Cisco SD-WAN, key exchange and distribution are centralized in vSmart.
WAN Edges compute transport-specific keys, which are then distributed and rekeyed by vSmart. This approach increases scalability and simplifies key management.
High Availability and Redundancy
To ensure network stability, it is recommended to deploy at least two geographically dispersed vSmart controllers. These controllers should have identical policy configurations to avoid routing issues and potential traffic blackholing.
vSmart controllers maintain a full mesh of OMP sessions among themselves, allowing synchronization of control and routing information. In case of vSmart controller failure, control connections from WAN Edges are dynamically rebalanced across the remaining controllers.
Key Takeaways
The vSmart controller in Cisco SD-WAN acts as the brain of the network, orchestrating control plane operations, optimizing routing decisions, and ensuring secure communication. By leveraging the power of OMP and centralized control, organizations can achieve scalable, intelligent, and highly available networks.
vSmart Controller
The brain of the Cisco SDWAN Network
Centralized Routing, Topology control (like iBGP reflector)
Centralized encryption key distribution
Recommend to deploy with geographical redundancy.
My name is Nam who loves to talk and share knowledge related to Networking, Automation, and so on. More about me: nam-nguyen.me
Hope you enjoy the blog and don't forget to join the Tech-Learner-Hub to get more and more valuable content.