What is it?
SD-Routing bridges the ‘in between’ from a traditional WAN and SD-WAN. I think of it as in the middle, so you’re not quite ready to jump on the SD-WAN train 🚅 but would like to move on from traditional WAN.

Traditional WANs, you configure devices via CLI, and if you had 20 branches you’d end up with Notepad++. With SD-Routing, you can configure traditional features of a WAN but via GUI (SD-WAN Manager). I learnt the hard way by configuring SD-Routing using v20.13 realising certain features are missing. With v20.14, I can actually configure devices and pushing them out via Configuration-Groups. 🌟

On top of configuration, you can monitor your devices/WAN with SD-Routing.

I have managed to lab SD-Routing and hope to talk about this more in my next/future posts!

This is just a high-level and I have included some slides that illustrate SD-Routing, next post should be demonstrating how to configure SD-Routing. As usual, I hope this helps! 😁

AAR in Catalyst SD-WAN allows enterprises to prefer a set or specific underlay Transports over another based on thresholds. So for example an organisation may prefer to route a branch with two transports (LTE and Lease line) but preferring the lease line over LTE. The threshold is measured based on:

✨ Latency ms
🥐 Jitter ms
🍿 Packet loss %

You would configure within the Groups of Interest in SD-WAN Manager initially to determine what the threshold should be. So if an application is experiencing 10% packet loss which breaches the threshold , you can configure to fallback to the LTE for just that specific application and drop everything else. Or alternatively to route all traffic over to LTE transport.

I have attached some screenshots that illustrate how to configure AAR.

Hope this helps! 😁

One of the great features with SD-WAN is that you take away a lot of the manual tasks with the ability to group a specific action and apply to multiple devices.

For example, with traditional routing (with no automation involved) you have upgraded a new image across to 10 devices and all require a reboot. Instead of manually rebooting each device one by one (CLI ‘reload’ command with Cisco devices) you can just login to Cisco SD-WAN Manager and reload all the devices.

Simple yet effective! 😃

Hope this helps! 😁

In my previous post, I configured my WAN Edge devices and onboarded via SD-Routing.

With v20.14 and v17.14, you are now able to fully utilise Configuration Groups with full feature profiles:

😎 System Profile
🍎 Transport & Management Profile
🌰 Service Profile
🍠 CLI Add-on Profile

🙉 In v20.13 and v17.13, you can create Configuration Groups but with only System and CLI Add-On Profile.

🤖 If you are unsure what Configuration Groups are, it enables you to configure your WAN edge devices such as, IP addresses, Interfaces, TLOCs etc.

😎 This capability allows organisations to simplify and streamline when deploying an configuring multiple devices. Traditionally, you would configure routers via CLI and using notepad as an example.

With SD-Routing, organisations may not want to fully migrate to SD-WAN but want the simplicity of SD-WAN, this is where SD-Routing can bridge the gap! 🌉

Ever deploying Config-Groups/Templates or Policies and the ‘task’ gets stuck or takes a long time if there was an error midway deploying? Which means you have to wait until the task times out waiting for roll back? 👷‍♂️ 🕵‍♀️

I recently found a way using API’s to stop any tasks midway through deployment. 🙌

You can use the Browser to call the API or use alternative like Postman 📮

1 – https://SD-WAN_Manager_IP:8443/dataservice/device/action/status/tasks and look for the specific task which includes a name of the task being deployed. Something like this…..deploy_config_group-83752a36-bf40-4d67-b32f-aea75845ed8c

2 – Open a new tab and copy the Process id to the following link:
https://SD-WAN_Manager_IP:8443/dataservice/device/action/status/tasks/clean?processId=deploy_config_group-83752a36-bf40-4d67-b32f-aea75845ed8c

3 – You should then see a return with Success : True.

🧗‍♀️ Following steps:

1 – Ensure when you login to the Smart Account to create your license or PnP portal to select Autonomous and not Controller.

2 – Make sure the underlay is ready to go and can communicate with your SD-WAN Fabric.

3 – Add the license file and update the WAN Edge list, you should see (SD-Routing) screenshot attached.

4 – Configure your WAN Edge devices either via Bootsrap or Manual or PnP. My example, I have configured this manually with the following:

netconf-yang
sd-routing
organization-name JHOANG65511
site-id 77
system-ip 77.77.77.77
vbond ip 192.168.10.3
wan-interface GigabitEthernet1

request platform software sd-routing activate chassis-number CHASSIS token ID

I will lab up how to setup AMP using Cisco’s built in SD-WAN Security.

Cisco SD-WAN Advanced Malware Protection (AMP) is a security feature integrated into the Cisco SD-WAN solution to enhance network security by providing protection against malware and other threats.

AMP is designed to detect, analyse, and prevent malware from entering the network through various entry points, including endpoints, branch offices, and the cloud.

URL Filtering with Cisco Catalyst SD-WAN!

Cisco Catalyst SD-WAN URL filtering is a security feature that helps control and monitor web access in a network. It allows Organisations to block or permit access to specific websites or categories of websites based on their URLs.

You can actually utilise Cisco’s built-in Security features such firewall, IPS, TLS Proxy, Advance Malware Protection if you prefer not to use SSE. With remote smaller branches that doesn’t justify a fully fledged SSE solution, you can utilise built in security.

I’ve included a few screenshots in how to configure URL Filtering.

Cisco Catalyst SD-WAN with 3rd Party SASE Integrations!

Did you know that with Cisco Catalyst SD-WAN you can integrate with other SSE Providers?

With Catalyst SD-WAN you can have the flexibility with choosing your own SSE Provider.

Zscaler – SD-WAN Version 20.6 or above
Netskope – SD-WAN Version 20.9 or above
PaloAlto – SD-WAN Version 20.9 or above
Cloudflare – SD-WAN Version 20.9 or above

I am sure many who have experienced labbing with Catalyst SD-WAN is familiar with Templates, Cisco recently added a new feature called Configuration Groups too!

Now, I have learnt there is another method in creating Templates via Network Design!

Network Design allows you to build your Topology in SD-WAN Manager and then configure Parameters such as WAN, LAN and Management.

In a nutshell, you can create/modify Templates underNetwork Design as well as Templates.