ENCOR

Question 1

SD WAN - what is the controller

Answer 1

vManage

Question 2

vManage is what type of itnerface

Answer 2

HTTP website

Question 3

vSmart

Answer 3

Control plane

Pushes policies down to edge

Question 4

vEdge

Answer 4

Edge Router in SD_WAN

Question 5

vBond

Answer 5

Orchestrator - Zero-touch provisioning

Question 6

Newer cisco verison of vEdge

Answer 6

cEdge

Question 7

SD-WAN - what topologoes is enabled with the most basic liences?

Answer 7

Hop and spoke

Question 8

SDWAN topologies

Answer 8

Hub and Spoke
Partial Mesh
Full mesh
PTP

Question 9

In SD-WAN - What technologies enable application aware SLA(service-levelagreement)?

Answer 9

DPI

6-Tuple

Question 10

DPI stands for

Answer 10

Deep Packet Inspection

Question 11

6-Tuple refers too

Answer 11

6 Tuple is inspection of :

• S,D IP
• S,D Port
• QoS -DSCP
• IP protocol

Question 12

SD-WAN enables a user to deal with multiple WAN links, such as a leased line and MPLS circuit. What are the different SD-WAN configurations avaliable?

Answer 12

Active-Active
Active-Active (weighted)
Active-Standby (pinning)
Application-Aware SLA

Question 13

SD-WAN : multiple WAN’s - Active-Active

Answer 13

Load balance across multiple WAN connections

Question 14

SD-WAN : multiple WAN’s - Active-Active (weighted)

Answer 14

Weighted Load balance across multiple WAN connections

Question 15

SD-WAN : multiple WAN’s - Active-Standby (pinning)

Answer 15

some applications always use one link, others (such as voice) always use one link

Question 16

SD-WAN : multiple WAN’s - Application-Aware SLA

Answer 16

Tracking metrics and responding

Question 17

SD-WAN - Protocol between vSmart and vEdge

Answer 17

OMP - Overlay Management Protocol

Question 18

OMP is responsible for telling …

Answer 18

telling vEdge/cEdge on how to create IPsec tunnels

Question 19

OMP uses what protocols

Answer 19

TCP/TLS

Question 20

bVond - Important considerations

Answer 20

Must have a public IP address

1:1 NAT

Question 21

Why is NAT traversal required in SD-WAN

Answer 21

IPsec tunnels are L3 so there is NO port numbers for the NAT to grab onto

Question 22

If NAT-T is enabled, what does SD-WAN do when it detects NAT is enabled

Answer 22

Switches from IPsec headers to UDP 4500

Allows NAT traversal

Question 23

What does vBond push new devices to vManage

Answer 23

Admins must approve new devices to ecosystem

Gets pushed to vSmart

Question 24

Why is vBond needed?

Answer 24

vSmart and vEdge don’t know about each other

Question 25

How does vBond help with NAT travesal?

Answer 25

Both vEdge/cEdge on a side of a NAT firewall vBond sends packets at same time (knows public/private addresses) to each device which builds that NAT mappings OR vBond sends dummy packets

Question 26

SD-WAN Controller Deployment Models

Answer 26

Pyblic Hybrid Hybrid w/ private IPs

Question 27

SD-WAN Controller Deployment Model - Public

Answer 27

Use AWS or other public cloud providor | vSmart/vBond and vManage in multiple AWS regions

Question 28

SD-WAN Controller Deployment Model - Hybrid

Answer 28

Some vSmart/Manage/Bond in cloud others in private data centers Avoids issue of WAN circuits going down

Question 29

SD-WAN Controller Deployment Model - Hybrid w/ Private IP addresses

Answer 29

Some vSmart/Manage/Bond in cloud others in private data centers Private IP addresses used in PERSONAL Wan circuits

Question 30

Is it RECOMMENDED vSmart and vManage be behind 1:1 NAT

Answer 30

Yes, but not enforced

Question 31

Example of hardware SD-WAn can be deployed on

Answer 31

ISR&ASR series ENCS 5000 series CSR 1000V

Question 32

SD-WAN - zero touch provisioning

Answer 32

Devices (vEdges and cEdges) configured automatically (without involvement) when joining the network. Compoennts:

Question 33

What components allow ZTP in SD-WAN

Answer 33

Template configuraiton | Whitelist on vManage

Question 34

ZTP Router turn on process

Answer 34

1) Turns on 2) Connect to “ZTP Cloud Server” – Cisco Server 3) Gets vBond address ZTP uses certificates for security of vManages and vSmarts