The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This white paper describes how Cisco Catalyst SD-WAN can be implemented virtually via Equinix Network Edge and connected using Equinix Fabric™ for site-to-site and site-to-cloud use cases. It also provides an outlook for automation and integration innovations.
With applications and workloads moving to multiple public clouds, the rise of the global value chain, and ever-expanding traffic, enterprises are facing increasing challenges to adapt their network to meet today’s needs for secured access that scales quickly and efficiently. The pandemic has amplified this challenge with the continuous need for hybrid work arrangements. Cisco® Catalyst SD-WAN offers a unique capability for enterprises to deploy SD-WAN virtually in minutes via Equinix Network Edge, with the advantage of consistent Cisco product quality, management, and licensing control. Equinix Network Edge is packaged with Equinix Fabric, which provides global metro-to-metro connectivity and a cloud edge to connect to multiple public clouds. By using Cisco Catalyst SD-WAN with Equinix, you get the best of SD-WAN and global connectivity.
With applications and workloads moving to multiple public clouds, the rise of the global value chain, and ever-increasing traffic, enterprises face the following problems:
● Low-quality connectivity over the public internet across different geographical regions (long delays, significant packet loss, high latency)
● Lack of visibility into cloud service provider backbones
● Inability to perform proper application-aware routing across multiple clouds and providers
Site-to-cloud use case diagram
Site-to-site use case diagram
Solution: Cisco Catalyst SD-WAN with Equinix
Overview
Implementing the solution involves executing the following five simple steps:
1. Create, in Cisco Catalyst SD-WAN Manager, a configuration template for virtual SD-WAN routers, which will be running in the Equinix facilities.
2. Export the day-0 configuration from SD-WAN Manager for virtual routers as a .cfg file.
3. In the Equinix Fabric portal, create SD-WAN virtual routers and upload the day-0 configuration in the .cfg file. Once booted, the SD-WAN virtual routers will join your SD-WAN fabric automatically.
4. Now, in the Equinix Fabric portal, you can create point-to-point connections between related SD-WAN routers. SD-WAN routers will establish SD-WAN tunnels over Equinix connections automatically.
5. As a last step, in SD-WAN Manager configure an SD-WAN control policy to steer the traffic based on your requirements.
Example: Enabling site-to-site connectivity between one branch located in Los Angeles and a second branch in Singapore.
The following screen shot shows how to generate and download a day-0 configuration for SD-WAN virtual routers in Cisco Catalyst SD-WAN Manager as a cloud-init file.
This cloud-init .cfg file with the day-0 configuration contains details such as UUID, token, and SD-WAN configuration, which are needed to join the SD-WAN fabric. You can simply download the whole file and then import it into the Equinix portal as shown below:
Once you have Cisco Catalyst SD-WAN virtual routers running in all required Equinix locations and successfully joined to the SD-WAN fabric, you can create dedicated point-to-point links between different locations using Equinix, as shown in the following screen shot:
The final step is to create a control policy in Cisco Catalyst SD-WAN Manager, which will steer traffic as needed.
Packet flow
● Instead of using an SD-WAN tunnel over the public internet between two regions, the packets will be sent from the branch to the closest Equinix data center where a Cisco Catalyst SD-WAN router is running.
● Then the virtual Cisco Catalyst SD-WAN router will forward the packets using another SD-WAN tunnel over the Equinix Fabric’s global backbone.
● The Cisco Catalyst SD-WAN virtual router on the receiving side will forward the packets to the final destination.
A simple SD-WAN policy can be used to redirect only critical applications over this optimized path. You can also utilize your telco network contract to supplement Equinix Fabric. Noncritical applications can still be sent to a different region over the public internet.
In the example below, the control policy matches on IP address prefixes for illustration purposes. A traffic data policy can instead match and set the Transport Locator (TLOC) based on critical applications.
Custom automation
All actions in Cisco Catalyst SD-WAN Manager are implemented with REST API calls, which enables custom automation. For example, use of the device template configuration or SD-WAN control policy on Cisco Catalyst SD-WAN Controller can be automated.
The best documentation source for API calls into SD-WAN Manager can be found on SD-WAN Manager itself – simply add apidocs to the IP address of your SD-WAN Manager: https://<vManage IP address>/apidocs/
Performance and scale
Cisco Catalyst SD-WAN virtual routers scale from few hundred Mbps to 10 Gbps or more, depending on VM instance type and feature set used. The virtual router throughput is a function of the number of vCPUs and memory. Currently you can select a Cisco Catalyst SD-WAN router in the Equinix Fabric portal with two, four, or six virtual CPUs.
If the performance of a single Cisco Catalyst SD-WAN virtual router is not enough, a horizontal scale model can be used. In this model several virtual routers will be created, and the traffic will be load-balanced across all available routers.
Security
Thanks to Cisco Catalyst SD-WAN’s zero trust model, the whole bring-up process and operation of virtual SD-WAN routers in Equinix data centers has the same industry-leading security standards as every Cisco Catalyst SD-WAN deployment.
By using IPsec encryption on SD-WAN tunnels over Equinix, we make sure that the communication meets the highest security standards.
Agility – it takes only minutes to go live
The entire setup process takes just a few minutes. By using Cisco Catalyst SD-WAN Manager to generate a day-0 SD-WAN router configuration and using the configuration during SD-WAN router creation in the Equinix Fabric portal, you will eliminate any manual configuration steps. The new SD-WAN router will join the SD-WAN network automatically within a few minutes.
Cisco SD-WAN Cloud Interconnect with Equinix available in Cisco IOS XE Release 20.6/17.6
This document lists the steps for the configuration through Cisco Catalyst SD-WAN Manager and the Equinix portal. With Cisco SD-WAN Cloud Interconnect available starting from Cisco IOS XE Software Release 20.6/17.6, all of the configurations can be done through the SD-WAN Manager portal. Please refer to the Cisco Online Documentation for details: https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/cloudonramp/ios-xe-17/cloud-onramp-book-xe/m-cloud-onramp-sdci.html#sdci-equinix.
Cisco SD-WAN Cloud Interconnect provides a simplified automated user experience to enable programmable end-to-end connectivity from an SD-WAN site to another site or cloud in minutes, with reliable and high-performance connections using middle-mile providers' infrastructure.
The Cisco Catalyst SD-WAN solution deployed at Equinix offers a cloud-based agile, scalable, secure and service provider-agnostic solution for site-to-site and site-to-cloud use cases today.
The combined capabilities allow you easily spin up an underlay network over Equinix Fabric and use SD-WAN intelligent traffic steering capabilities to route, for example, only critical application traffic to a specific cloud over this path and forward noncritical traffic over the public internet.
Cisco and Equinix are working together to provide automation in a later phase to further simplify the solution.
Start with a small pilot across a few sites by creating a network using Equinix Fabric and using it as an underlay for Cisco Catalyst SD-WAN with intelligent traffic control.
Refer to the online documentation and release notes for more information on Cisco SD-WAN, Equinix Fabric and Equinix Network Edge.
Contact your Cisco and Equinix local sales support for details.