70,35 €*
Versandkostenfrei per Post / DHL
Lieferzeit 1-2 Wochen
Jason Gooley, CCIE No. 38759 (RS and SP), is a very enthusiastic and spontaneous person who has more than 25 years of experience in the industry. Currently, Jason works as a Technical Evangelist for the Worldwide Enterprise Networking Sales team at Cisco Systems. Jason is very passionate about helping others in the industry succeed. In addition to being a Cisco Press author, Jason is a distinguished speaker at Cisco Live, contributes to the development of the Cisco CCIE and DevNet exams, provides training for Learning@Cisco, is an active CCIE mentor, is a committee member for the Cisco Continuing Education Program (CE), and is a program committee member of the Chicago Network Operators Group (CHI-NOG), [...] Jason also hosts a show called MetalDevOps.
Dana Yanch, CCIE No. 25567 (RS,DC) CCDE No. 20130071, at the time of writing content for this book was a Global Technical Solutions Architect at Cisco focused on designing and deploying SD-WAN solutions for large enterprises around the world. Prior to spending the last six years working with Viptela and other SD-WAN technologies, Dana had a focus on fabric-based data center technologies. Dana has presented at several Cisco Live Events worldwide and has a passion for public speaking and mentorship. Dana can now be found at Aviatrix, the multi-cloud networking platform, designing cloud connectivity architectures every single day.
Dustin Schuemann, CCIE No. 59235 (R&S), is a Technical Solutions Architect at Cisco Systems. Within the Demo CoE organization, Dustin is a subject matter expert on all things SD-WAN, including development of SD-WAN demo offerings and CPOC labs for some of Cisco’s largest customers. He has been a distinguished speaker at Cisco Live multiple times, where he has presented on multiple topics around Cisco SD-WAN. Dustin has more than 17 years of experience in the network engineering field, and before Cisco he was a network architect for multiple firms within the manufacturing and financial industries. He is very passionate about giving back to the IT community and helping to mentor other network engineers. Dustin currently resides in Raleigh, North Carolina.
John Curran is a Technical Solutions Architect with Cisco’s Global Virtual Engineering team, where he assists customers and partners with the design of their next-generation networks. John is a subject matter expert in routing and SD-WAN and is excited to spend time teaching and training on these topics. John presents regularly at Cisco Live events around the world and has been repeatedly recognized as a Distinguished Speaker. In his prior role at Cisco, John worked as a Network Consulting Engineer for Cisco’s Advanced Services team, supporting government and education customers. John holds a Bachelor of Science degree in Computer Engineering Technology from the University of Cincinnati.
Introduction xix
Chapter 1 Introduction to Cisco Software-Defined Wide Area Networking (SD-WAN) 1
Networks of Today 1
Common Business and IT Trends 4
Common Desired Benefits 5
High-Level Design Considerations 7
Introduction to Cisco Software-Defined WAN (SD-WAN) 9
Transport Independence 10
Rethinking the WAN 12
Use Cases Demanding Changes in the WAN 13
Bandwidth Aggregation and Application Load-Balancing 13
Protecting Critical Applications with SLAs 14
End-to-End Segmentation 15
Direct Internet Access 15
Fully Managed Network Solution 16
Building an ROI to Identify Cost Savings 17
Introduction to Multidomain 18
Cloud Trends and Adoption 19
Summary 21
Review All Key Topics 22
Key Terms 22
Chapter Review Questions 22
Chapter 2 Cisco SD-WAN Components 25
Data Plane 27
Management Plane 32
Control Plane 34
Orchestration Plane 36
Multi-Tenancy Options 38
Deployment Options 38
Summary 39
Review All Key Topics 39
Key Terms 40
Chapter Review Questions 40
References 42
Chapter 3 Control Plane and Data Plane Operations 43
Control Plane Operations 44
Overlay Management Protocol 47
OMP Routes 48
TLOC Routes 52
Service Routes 54
Path Selection 56
OMP Route Redistribution and Loop Prevention 58
Data Plane Operations 65
TLOC Colors 66
Tunnel Groups 70
Network Address Translation 73
Full Cone NAT 74
Symmetric NAT 75
Address Restricted Cone NAT 76
Port Restricted Cone NAT 77
Network Segmentation 81
Data Plane Encryption 83
Data Plane Encryption with Pairwise 86
Summary 88
Review All Key Topics 88
Key Terms 89
Chapter Review Questions 89
References 90
Chapter 4 Onboarding and Provisioning 91
Configuration Templates 93
Developing and Deploying Templates 97
Onboarding Devices 101
Manual Bootstrapping of a WAN Edge 102
Automatic Provisioning with PNP or ZTP 103
Summary 105
Review All Key Topics 106
Chapter Review Questions 106
References 107
Chapter 5 Introduction to Cisco SD-WAN Policies 109
Purpose of Cisco SD-WAN Policies 109
Types of Cisco SD-WAN Policies 110
Centralized Policy 110
Centralized Policies That Affect the Control Plane 111
Centralized Policies That Affect the Data Plane 112
Localized Policy 112
Policy Domains 113
Cisco SD-WAN Policy Construction 115
Types of Lists 118
Policy Definition 119
Cisco SD-WAN Policy Administration, Activation, and Enforcement 122
Building a Centralized Policy 122
Activating a Centralized Policy 125
Packet Forwarding Order of Operations 127
Summary 128
Review All Key Topics 129
Define Key Terms 129
Chapter Review Questions 129
Chapter 6 Centralized Control Policies 133
Centralized Control Policy Overview 134
Use Case 1: Isolating Remote Branches from Each Other 136
Use Case 1 Review 149
Use Case 2: Enabling Branch-to-Branch Communication Through Data Centers 149
Enabling Branch-to-Branch Communication with Summarization 150
Enabling Branch-to-Branch Communication with TLOC Lists 152
Use Case 2 Review 168
Use Case 3: Traffic Engineering at Sites with Multiple Routers 169
Setting TLOC Preference with Centralized Policy 171
Setting TLOC Preference with Device Templates 177
Use Case 3 Review 179
Use Case 4: Preferring Regional Data Centers for Internet Access 180
Use Case 4 Review 188
Use Case 5: Regional Mesh Networks 188
Use Case 5 Review 195
Use Case 6: Enforcing Security Perimeters with Service Insertion 195
Use Case 6 Review 202
Use Case 7: Isolating Guest Users from the Corporate WAN 202
Use Case 7 Review 206
Use Case 8: Creating Different Network Topologies per Segment 206
Use Case 8 Review 210
Use Case 9: Creating Extranets and Access to Shared Services 211
Use Case 9 Review 222
Summary 223
Review All Key Topics 223
Define Key Terms 224
Chapter Review Questions 224
Reference 226
Chapter 7 Centralized Data Policies 227
Centralized Data Policy Overview 228
Centralized Data Policy Use Cases 228
Use Case 10: Direct Internet Access for Guest Users 230
Use Case 10 Review 242
Use Case 11: Direct Cloud Access for Trusted Applications 243
Use Case 11 Review 253
Use Case 12: Application-Based Traffic Engineering 253
Use Case 12 Review 260
Use Case 13: Protecting Corporate Users with a Cloud-Delivered Firewall 261
Use Case 13 Review 269
Use Case 14: Protecting Applications from Packet Loss 269
Forward Error Correction for Audio and Video 270
Packet Duplication for Credit Card Transactions 274
Use Case 14 Review 280
Summary 280
Review All Key Topics 281
Define Key Terms 282
Chapter Review Questions 282
References 284
Chapter 8 Application-Aware Routing Policies 285
The Business Imperative for Application-Aware Routing 286
The Mechanics of an App-Route Policy 286
Constructing an App-Route Policy 287
Monitoring Tunnel Performance 294
Liveliness Detection 295
Hello Interval 295
Multiplier 297
Path Quality Monitoring 298
App-Route Poll Interval 298
App-Route Multiplier 300
Mapping Traffic Flows to a Transport Tunnel 304
Packet Forwarding with Application-Aware Routing Policies 304
Traditional Lookup in the Routing Table 305
SLA Class Action 306
Summary 315
Review All Key Topics 316
Define Key Terms 316
Chapter Review Questions 316
Chapter 9 Localized Policies 319
Introduction to Localized Policies 319
Localized Control Policies 320
Localized Data Policies 334
Quality of Service Policies 338
Step 1: Assign Traffic to Forwarding Classes 339
Step 2: Map Forwarding Classes to Hardware Queues 341
Step 3: Configure the Scheduling Parameters for Each Queue 341
Step 4: Map All of the Schedulers Together into a Single QoS Map 342
Step 5: Configure the Interface with the QoS Map 343
Summary 346
Review All Key Topics 347
Chapter Review Questions 347
Chapter 10 Cisco SD-WAN Security 349
Cisco SD-WAN Security: Why and What 349
Application-Aware Enterprise Firewall 352
Intrusion Detection and Prevention 360
URL Filtering 367
Advanced Malware Protection and Threat Grid 372
DNS Web Layer Security 377
Cloud Security 381
vManage Authentication and Authorization 384
Local Authentication with Role-Based Access Control (RBAC) 384
Remote Authentication with Role-Based Access Control (RBAC) 387
Summary 389
Review All Key Topics 389
Define Key Terms 389
Chapter Review Questions 389
Chapter 11 Cisco SD-WAN Cloud onRamp 393
Cisco SD-WAN Cloud onRamp 393
Cloud onRamp for SaaS 394
Cloud onRamp for IaaS 412
Cloud onRamp for Colocation 429
Why Colocation? 432
How It Works 432
Service Chaining for a Single Service Node 434
Service Chaining for Multiple Service Nodes 436
Service Chaining and the Public Cloud 436
Infrastructure as a Service 438
Software as a Service 438
Redundancy and High Availability 440
Service Chain Design Best Practices 440
Configuration and Management 442
Cluster Creation 442
Image Repository 449
Service Chain Creation 449
Monitoring 454
Summary 455
Review All Key Topics 456
Define Key Terms 456
Chapter Review Questions 456
Chapter 12 Cisco SD-WAN Design and Migration 459
Cisco SD-WAN Design Methodology 459
Cisco SD-WAN Migration Preparation 460
Cisco SD-WAN Data Center Design 462
Transport-Side Connectivity 463
Loopback TLOC Design 465
Service-Side Connectivity 466
Cisco SD-WAN Branch Design 469
Complete CE Replacement—Single Cisco SD-WAN Edge 470
Complete CE Replacement—Dual Cisco SD-WAN Edge 471
Integration with Existing CE Router 475
Integration with a Branch Firewall 476
Integration with Voice Services 478
Cisco SD-WAN Overlay and Underlay Integration 480
Overlay Only 480
Overlay with Underlay Backup 481
Full Overlay and Underlay Integration 485
Summary 490
Review All Key Topics 490
Chapter Review Questions 490
Chapter 13 Provisioning Cisco SD-WAN Controllers in a Private Cloud 493
SD-WAN Controller Functionality Recap 493
Certificates 496
vManage Controller Deployment 501
Step 1: Deploy vManage Virtual Appliance on VMware ESXi or KVM 503
Step 2: Bootstrap and Configure vManage Controller 506
Step 3/4: Set Organization Name and vBond Address in vManage; Install Root CA Certificate 506
Step 5: Generate, Sign, and Install Certificate onto vManage Controller 511
vBond Controller Deployment 513
Step 1/2/3: Deploy vBond Virtual Machine on VMware ESXi; Bootstrap and Configure vBond Controller; Manually Install Root CA Certificate on vBond 514
Step 4/5: Add vBond Controller to vManage; Generate, Sign, and Install
Certificate onto vBond Controller 516
vSmart Controller Deployment 518
Step 1/2/3: Deploy vSmart Virtual Machine from Downloaded OVA; Bootstrap and Configure vSmart...
Medium: | Taschenbuch |
---|---|
ISBN-13: | 9780136533177 |
ISBN-10: | 0136533175 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: |
Gooley, Jason
Yanch, Dana Schuemann, Dustin Curran, John |
Hersteller: | Pearson Education |
Maße: | 224 x 188 x 35 mm |
Von/Mit: | Jason Gooley (u. a.) |
Erscheinungsdatum: | 07.10.2020 |
Gewicht: | 0,983 kg |
Jason Gooley, CCIE No. 38759 (RS and SP), is a very enthusiastic and spontaneous person who has more than 25 years of experience in the industry. Currently, Jason works as a Technical Evangelist for the Worldwide Enterprise Networking Sales team at Cisco Systems. Jason is very passionate about helping others in the industry succeed. In addition to being a Cisco Press author, Jason is a distinguished speaker at Cisco Live, contributes to the development of the Cisco CCIE and DevNet exams, provides training for Learning@Cisco, is an active CCIE mentor, is a committee member for the Cisco Continuing Education Program (CE), and is a program committee member of the Chicago Network Operators Group (CHI-NOG), [...] Jason also hosts a show called MetalDevOps.
Dana Yanch, CCIE No. 25567 (RS,DC) CCDE No. 20130071, at the time of writing content for this book was a Global Technical Solutions Architect at Cisco focused on designing and deploying SD-WAN solutions for large enterprises around the world. Prior to spending the last six years working with Viptela and other SD-WAN technologies, Dana had a focus on fabric-based data center technologies. Dana has presented at several Cisco Live Events worldwide and has a passion for public speaking and mentorship. Dana can now be found at Aviatrix, the multi-cloud networking platform, designing cloud connectivity architectures every single day.
Dustin Schuemann, CCIE No. 59235 (R&S), is a Technical Solutions Architect at Cisco Systems. Within the Demo CoE organization, Dustin is a subject matter expert on all things SD-WAN, including development of SD-WAN demo offerings and CPOC labs for some of Cisco’s largest customers. He has been a distinguished speaker at Cisco Live multiple times, where he has presented on multiple topics around Cisco SD-WAN. Dustin has more than 17 years of experience in the network engineering field, and before Cisco he was a network architect for multiple firms within the manufacturing and financial industries. He is very passionate about giving back to the IT community and helping to mentor other network engineers. Dustin currently resides in Raleigh, North Carolina.
John Curran is a Technical Solutions Architect with Cisco’s Global Virtual Engineering team, where he assists customers and partners with the design of their next-generation networks. John is a subject matter expert in routing and SD-WAN and is excited to spend time teaching and training on these topics. John presents regularly at Cisco Live events around the world and has been repeatedly recognized as a Distinguished Speaker. In his prior role at Cisco, John worked as a Network Consulting Engineer for Cisco’s Advanced Services team, supporting government and education customers. John holds a Bachelor of Science degree in Computer Engineering Technology from the University of Cincinnati.
Introduction xix
Chapter 1 Introduction to Cisco Software-Defined Wide Area Networking (SD-WAN) 1
Networks of Today 1
Common Business and IT Trends 4
Common Desired Benefits 5
High-Level Design Considerations 7
Introduction to Cisco Software-Defined WAN (SD-WAN) 9
Transport Independence 10
Rethinking the WAN 12
Use Cases Demanding Changes in the WAN 13
Bandwidth Aggregation and Application Load-Balancing 13
Protecting Critical Applications with SLAs 14
End-to-End Segmentation 15
Direct Internet Access 15
Fully Managed Network Solution 16
Building an ROI to Identify Cost Savings 17
Introduction to Multidomain 18
Cloud Trends and Adoption 19
Summary 21
Review All Key Topics 22
Key Terms 22
Chapter Review Questions 22
Chapter 2 Cisco SD-WAN Components 25
Data Plane 27
Management Plane 32
Control Plane 34
Orchestration Plane 36
Multi-Tenancy Options 38
Deployment Options 38
Summary 39
Review All Key Topics 39
Key Terms 40
Chapter Review Questions 40
References 42
Chapter 3 Control Plane and Data Plane Operations 43
Control Plane Operations 44
Overlay Management Protocol 47
OMP Routes 48
TLOC Routes 52
Service Routes 54
Path Selection 56
OMP Route Redistribution and Loop Prevention 58
Data Plane Operations 65
TLOC Colors 66
Tunnel Groups 70
Network Address Translation 73
Full Cone NAT 74
Symmetric NAT 75
Address Restricted Cone NAT 76
Port Restricted Cone NAT 77
Network Segmentation 81
Data Plane Encryption 83
Data Plane Encryption with Pairwise 86
Summary 88
Review All Key Topics 88
Key Terms 89
Chapter Review Questions 89
References 90
Chapter 4 Onboarding and Provisioning 91
Configuration Templates 93
Developing and Deploying Templates 97
Onboarding Devices 101
Manual Bootstrapping of a WAN Edge 102
Automatic Provisioning with PNP or ZTP 103
Summary 105
Review All Key Topics 106
Chapter Review Questions 106
References 107
Chapter 5 Introduction to Cisco SD-WAN Policies 109
Purpose of Cisco SD-WAN Policies 109
Types of Cisco SD-WAN Policies 110
Centralized Policy 110
Centralized Policies That Affect the Control Plane 111
Centralized Policies That Affect the Data Plane 112
Localized Policy 112
Policy Domains 113
Cisco SD-WAN Policy Construction 115
Types of Lists 118
Policy Definition 119
Cisco SD-WAN Policy Administration, Activation, and Enforcement 122
Building a Centralized Policy 122
Activating a Centralized Policy 125
Packet Forwarding Order of Operations 127
Summary 128
Review All Key Topics 129
Define Key Terms 129
Chapter Review Questions 129
Chapter 6 Centralized Control Policies 133
Centralized Control Policy Overview 134
Use Case 1: Isolating Remote Branches from Each Other 136
Use Case 1 Review 149
Use Case 2: Enabling Branch-to-Branch Communication Through Data Centers 149
Enabling Branch-to-Branch Communication with Summarization 150
Enabling Branch-to-Branch Communication with TLOC Lists 152
Use Case 2 Review 168
Use Case 3: Traffic Engineering at Sites with Multiple Routers 169
Setting TLOC Preference with Centralized Policy 171
Setting TLOC Preference with Device Templates 177
Use Case 3 Review 179
Use Case 4: Preferring Regional Data Centers for Internet Access 180
Use Case 4 Review 188
Use Case 5: Regional Mesh Networks 188
Use Case 5 Review 195
Use Case 6: Enforcing Security Perimeters with Service Insertion 195
Use Case 6 Review 202
Use Case 7: Isolating Guest Users from the Corporate WAN 202
Use Case 7 Review 206
Use Case 8: Creating Different Network Topologies per Segment 206
Use Case 8 Review 210
Use Case 9: Creating Extranets and Access to Shared Services 211
Use Case 9 Review 222
Summary 223
Review All Key Topics 223
Define Key Terms 224
Chapter Review Questions 224
Reference 226
Chapter 7 Centralized Data Policies 227
Centralized Data Policy Overview 228
Centralized Data Policy Use Cases 228
Use Case 10: Direct Internet Access for Guest Users 230
Use Case 10 Review 242
Use Case 11: Direct Cloud Access for Trusted Applications 243
Use Case 11 Review 253
Use Case 12: Application-Based Traffic Engineering 253
Use Case 12 Review 260
Use Case 13: Protecting Corporate Users with a Cloud-Delivered Firewall 261
Use Case 13 Review 269
Use Case 14: Protecting Applications from Packet Loss 269
Forward Error Correction for Audio and Video 270
Packet Duplication for Credit Card Transactions 274
Use Case 14 Review 280
Summary 280
Review All Key Topics 281
Define Key Terms 282
Chapter Review Questions 282
References 284
Chapter 8 Application-Aware Routing Policies 285
The Business Imperative for Application-Aware Routing 286
The Mechanics of an App-Route Policy 286
Constructing an App-Route Policy 287
Monitoring Tunnel Performance 294
Liveliness Detection 295
Hello Interval 295
Multiplier 297
Path Quality Monitoring 298
App-Route Poll Interval 298
App-Route Multiplier 300
Mapping Traffic Flows to a Transport Tunnel 304
Packet Forwarding with Application-Aware Routing Policies 304
Traditional Lookup in the Routing Table 305
SLA Class Action 306
Summary 315
Review All Key Topics 316
Define Key Terms 316
Chapter Review Questions 316
Chapter 9 Localized Policies 319
Introduction to Localized Policies 319
Localized Control Policies 320
Localized Data Policies 334
Quality of Service Policies 338
Step 1: Assign Traffic to Forwarding Classes 339
Step 2: Map Forwarding Classes to Hardware Queues 341
Step 3: Configure the Scheduling Parameters for Each Queue 341
Step 4: Map All of the Schedulers Together into a Single QoS Map 342
Step 5: Configure the Interface with the QoS Map 343
Summary 346
Review All Key Topics 347
Chapter Review Questions 347
Chapter 10 Cisco SD-WAN Security 349
Cisco SD-WAN Security: Why and What 349
Application-Aware Enterprise Firewall 352
Intrusion Detection and Prevention 360
URL Filtering 367
Advanced Malware Protection and Threat Grid 372
DNS Web Layer Security 377
Cloud Security 381
vManage Authentication and Authorization 384
Local Authentication with Role-Based Access Control (RBAC) 384
Remote Authentication with Role-Based Access Control (RBAC) 387
Summary 389
Review All Key Topics 389
Define Key Terms 389
Chapter Review Questions 389
Chapter 11 Cisco SD-WAN Cloud onRamp 393
Cisco SD-WAN Cloud onRamp 393
Cloud onRamp for SaaS 394
Cloud onRamp for IaaS 412
Cloud onRamp for Colocation 429
Why Colocation? 432
How It Works 432
Service Chaining for a Single Service Node 434
Service Chaining for Multiple Service Nodes 436
Service Chaining and the Public Cloud 436
Infrastructure as a Service 438
Software as a Service 438
Redundancy and High Availability 440
Service Chain Design Best Practices 440
Configuration and Management 442
Cluster Creation 442
Image Repository 449
Service Chain Creation 449
Monitoring 454
Summary 455
Review All Key Topics 456
Define Key Terms 456
Chapter Review Questions 456
Chapter 12 Cisco SD-WAN Design and Migration 459
Cisco SD-WAN Design Methodology 459
Cisco SD-WAN Migration Preparation 460
Cisco SD-WAN Data Center Design 462
Transport-Side Connectivity 463
Loopback TLOC Design 465
Service-Side Connectivity 466
Cisco SD-WAN Branch Design 469
Complete CE Replacement—Single Cisco SD-WAN Edge 470
Complete CE Replacement—Dual Cisco SD-WAN Edge 471
Integration with Existing CE Router 475
Integration with a Branch Firewall 476
Integration with Voice Services 478
Cisco SD-WAN Overlay and Underlay Integration 480
Overlay Only 480
Overlay with Underlay Backup 481
Full Overlay and Underlay Integration 485
Summary 490
Review All Key Topics 490
Chapter Review Questions 490
Chapter 13 Provisioning Cisco SD-WAN Controllers in a Private Cloud 493
SD-WAN Controller Functionality Recap 493
Certificates 496
vManage Controller Deployment 501
Step 1: Deploy vManage Virtual Appliance on VMware ESXi or KVM 503
Step 2: Bootstrap and Configure vManage Controller 506
Step 3/4: Set Organization Name and vBond Address in vManage; Install Root CA Certificate 506
Step 5: Generate, Sign, and Install Certificate onto vManage Controller 511
vBond Controller Deployment 513
Step 1/2/3: Deploy vBond Virtual Machine on VMware ESXi; Bootstrap and Configure vBond Controller; Manually Install Root CA Certificate on vBond 514
Step 4/5: Add vBond Controller to vManage; Generate, Sign, and Install
Certificate onto vBond Controller 516
vSmart Controller Deployment 518
Step 1/2/3: Deploy vSmart Virtual Machine from Downloaded OVA; Bootstrap and Configure vSmart...
Medium: | Taschenbuch |
---|---|
ISBN-13: | 9780136533177 |
ISBN-10: | 0136533175 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: |
Gooley, Jason
Yanch, Dana Schuemann, Dustin Curran, John |
Hersteller: | Pearson Education |
Maße: | 224 x 188 x 35 mm |
Von/Mit: | Jason Gooley (u. a.) |
Erscheinungsdatum: | 07.10.2020 |
Gewicht: | 0,983 kg |