Manage SD-WAN Service VPN IDs
Private Preview
Cisco SD-WAN network segmentation is implemented at layer 3 in the form of Virtual Private Network (VPN) which logically divides the overlay fabric into multiple end-to-end virtual network segments. Cisco SD-WAN segmentation is done at the edges of the SD-WAN network on the WAN Edge routers, and the segmentation information is carried in the packets in the form of a unique VPN-Identifier (VPN-ID aka VPN label) and a per-VPN routing table is maintained for a complete control plane separation. The use of imbedded VPN labels in the packets allows segment connectivity across the SD-WAN overlay fabric without reliance on the underlay transport, hence achieving underlay transport independence.
Ingress WAN Edge routers apply VPN labels before performing IPSec encryption and egress WAN Edge routers use VPN labels to perform route lookup in the appropriate VPN routing table after the packet had been decrypted. Cisco SD-WAN VPN implementation follows the standards defined in RFC 4023 and operates in a similar fashion to MPLS L3VPN.
The VPN labels are automatically advertised and distributed by the Cisco Catalyst SD-WAN Controller between the ingress and egress WAN Edge routers as part of the Overlay Management Protocol (OMP) route attributes. With the separation between the control plane and data plane, the Cisco SD-WAN solution enables a unique capability for building per-VPN topology by means of Centralized Topology Policy. By default, all VPNs are full mesh; however, by using Centralized Topology Policy, common network topologies such as hub and spoke, partial mesh, and even point to point can be provisioned on a per-VPN basis.
For complete information about Cisco SD-WAN network segmentation and VPN IDs, see the Cisco Catalyst SD-WAN Segmentation Configuration Guide.
Delete an Internal Network Resource < Manage SD-WAN Service VPN IDs > Manage Destination Lists
Updated 6 months ago