SD-WAN | NetworkAcademy.IO

LAB 5 - Cisco SD-WAN QoS

A common use case of localized data policies is to enable quality of service (QoS) on vEdge interfaces. QoS classifies incoming data flows by their importance for the enterprise into multiple user-defined forwarding classes. Then spread the classes across different output queues on the egress interface and schedule the transmission rate at which each traffic class is sent out.

LAB 4 - Traffic Policing

This lab lesson will examine another common use case for localized data policies: to create a traffic policer that controls the maximum rate of traffic sent or received on a specific vEdge interface.

LAB 3 - Explicit Access Control List (ACL)

There are two types of access lists in Cisco SD-WAN. As seen in the previous lesson, transport interfaces have implicit access lists applied by default, called services. The access lists that we configure using localized data policy are referred to as explicit access lists.

Intrusion Prevention System (IPS)

An intrusion detection system (IDS) is a network security function that performs real-time traffic inspection and detects network anomalies based on signatures, statistics, protocol analysis, etc.

LAB 2 - Implicit Access Control List (ACL)

By default in Cisco SD-WAN, each VPN0’s transport interface on every vEdge router has an implicit access list applied. Each implicit ACL allows or denies a specific type of network traffic referred to as a service.

Application-aware Enterprise Firewall

Nowadays, security is the topmost priority of every organization. Firewalling is one of the basic yet essential forms of network security that organizations rely on.

LAB 7 - Packet Duplication

Packet Duplication is an SD-WAN feature designed to overcome packet loss in network designs where a WAN edge router has multiple overlay tunnels to the next-hop vEdge router.

LAB 6 - Forward Error Correction (FEC)

The Forwarding Error Correction (FEC) feature allows critical applications to work well over unreliable WAN links, usually Internet circuits. The mechanism behind it is borrowed from RAID array logic.

LAB 5 - Application pinning

This lesson will look at the different Cisco SD-WAN data-policy actions that we can use to perform application pinning and traffic steering. We will specifically explain the difference between the Local TLOC selection and Remote TLOC selection options.

LAB 4 - Allowing DIA to trusted application only

In the previous lab lesson, we have enabled Direct Internet access (DIA) to employees in VPN 1. For the users at the remote branches, we have even provided a redundant Internet breakout path in case of local ISP failures. However, we have not examined the security side of things.