1 到 100 - 掌握部署的所有步驟無縫集成和遷移大型SDA和SD-WAN網絡.pdf

《1 到 100 - 掌握部署的所有步驟無縫集成和遷移大型SDA和SD-WAN網絡.pdf》由會員分享，可在線閱讀，更多相關《1 到 100 - 掌握部署的所有步驟無縫集成和遷移大型SDA和SD-WAN網絡.pdf（46頁珍藏版）》請在三個皮匠報告上搜索。

1、#CiscoLive#CiscoLiveDhrumil Prajapati,Sr.Delivery ArchitectJeremy Bowman,Sr.Delivery ArchitectBRKENS-38341 to 100 Master all steps of Deployment,Integration,and Migration of large SDA and SD-WAN networks 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal n

2、otes hereCisco Webex App 3Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderate

3、d by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKENS-3834Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIntroductionDesign and Deployment Best PracticesSDA&SDWAN Integration100,000ft view on Multi-Domain Desi

4、gnDeployment and Migration Lessons Learned from Large Scale DeploymentsHaving a solid FoundationWhat is the migration process?Lessons LearntConclusion4BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWho are we?5Dhrumil PrajapatiDhrumil PrajapatiSr.Delivery Arch

5、itectTechnology and Transformation Group CX8+Years CiscoCCIE#28071(R/S,SP)CCDE#20210002Specialized in:SD-Access,SD-WAN,MPLS,Multi-Domain Networks,Cloud,AutomationDhruPrajapatiBRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWho are we?6Jeremy BowmanJeremy Bowman

6、Sr.Delivery ArchitectCisco CX8+Years CiscoCCIE#51241(R/S,Security)CCDE#2018:16Specialized in:Full Enterprise IBN with Security and ABRKENS-3834Design and Deployment Best Practices 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhy Multi-Domain?Individual architectures int

7、roduceSegmentationAutomationWithin a single enterprise domainMulti-Domain ArchitecturesExtend SegmentationUtilize orchestrationMake the entire enterprise one IBN enclave8BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat Is Involved In SDA&SDWAN Integration?S

8、tepsDNAC and vManage integrationvManage owns each cEdge and assigns to DNACProvision SDA specific changes through DNAC,SDWAN specific changes via vManageResultsSDA VNs and SDWAN Service VPNs tied togetherSDA SGT information propagated via SDWANcEdge participates in both fabric domainsConsistent appl

9、ication and security policyAPI based communication between DNAC and vManage9BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive10SDA and SDWAN IntegrationBRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveReally Really High-Leve

10、l View11BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public100,000 ft viewSDAEndpoints dynamically assigned SGTs and placed into VNsMacro and Micro-segmentationUnified wired and wireless networksSDWANExtends and bridges segmentationApplies DNAC per-VPN security and applicat

11、ion policy.Enables end-to-end segmentation12BRKENS-3834What did we learn from Large Deployments?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSDA and SDWAN DeploymentsToday available in partly manual“two-box”solutionTwo-box solution(non-integrated solution)Clear demarcat

12、ion between SDA and SDWAN architecturesSDA BNs can be ISR4K,ASR1K or Cat9K switches,SDWAN edges can be ISR4K or ASR1K series routersSDA and SDWAN designs can be implemented at a different pace14BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSDA and SDWAN Deplo

13、yments Contd.Majority of customers have employed two-box solution for modularity of deployment and flexibility in operationsMapping of VNs and VPNs is crucialInter-site traffic flow greatly depends on SDWAN tunnel design and SDWAN underlay.For Multi-Regional(Global)networks,consistency across multip

14、le DNAC clusters is key.Special consideration for inter-VN routing within the site15BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive16SDA to SDWAN Integration(Two-Box)Inline Tagging802.1QVLAN ID(12 bits)SGT(16 bits)BGPVRF-liteInline Tagging802.1QVLAN ID(12 bits

15、)SGT(16 bits)BGPVRF-liteCONTROL PLANEDATA PLANELISPSD-Access Fabric SiteVXLAN HeaderVNID(24 bits)SGT(16 bits)SD-Access Fabric SiteLISPVXLAN HeaderVNID(24 bits)SGT(16 bits)Cisco DNA CenterISEMANAGEMENT OMPIPSec HeaderMPLS LabelsVPN (20 bits)CMD HeaderSGT(16 bits)SD-WAN FabricWAN EdgeWAN EdgevBondvSma

16、rtvManageMANAGEMENT BRKENS-3834Migrating The Beast!2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive18BRKENS-3834Having a Solid Foundation 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive5 Pillars and a BedrockMigration TeamCustomerPMOPDI/AMOPartn

17、erAutomation20BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePlan Design Implementation/AMODesign&DriveDesign&DriveDNAC ISE IntegrationAAA Certificates Fabric DomainSGT VN Policy ProfilingKT and Pilot Sites Templates&ToolsTemplates&ToolsGolden SDWAN TemplatesE

18、ndpoint Discovery Delta&Underlay ConfigsTesting&ValidationTesting&ValidationTesting XL,L,M+,SM,XS DesignSnowflakes ValidationL2BN functionality Post MW HypercarePost MW HypercareFirst 24hr hypercare support21BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive22PMO

19、:Build The CityPMO:Build The CityBringing stakeholders togetherSetting realistic schedulesChase timelines and engineer requestsBridging the gap and ensuring good customer sentiment22BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMigration TeamNetwork Design Do

20、cumentBoM PreparationMoP PreparationTarget DesignSite ReadinessPre-Migration WindowMigration WindowDNAC ConfigurationStaging of DevicesUATDiscover&ProvisionAdd to Fabric L2/L3External NetworksHost Onboarding&Post Check23BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Ci

21、scoLiveCustomerSite Readiness TasksSite Readiness TasksPrePre-MigrationMigrationMigration WindowMigration WindowPostPost-MigrationMigrationCircuit ID and Handoff Type Site Technical POCSite Survey InformationDecommission of Old CircuitUser Acceptance Testing Circuit Provider Ticket if requiredCorrec

22、t DNS on DHCP ScopesSite Remediation CompletedAdequate Power&ConnectorsRack space&unmanaged devicesPost Migration UATCoordination with Cisco for wireless/wired Testing24BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePartnerVerify on-site inventory Rack,Stack,P

23、owerCable all DevicesCable Moves as per MoPAP mountingDevice Cleanup&DecommissionMW&Post MWStagingPre-MWCode UpgradeLicense&eWLC packageLoad BootstrapvManage ReachabilitySFP:Copper&FiberCables:Console,Patch CordFibers:SMF,MMFEquipment:Label MarkerReadiness25BRKENS-3834 2023 Cisco and/or its affiliat

24、es.All rights reserved.Cisco Public#CiscoLiveAutomation In SDA/SDWAN 26100%Why is it needed?Why is it needed?Large Site can have over 15000 endpoints Validation&UAT can miss a lot of endpointsAutomation Possibilities Automation Possibilities Legacy Hardware Readiness&Assessment ToolsEndpoint Discove

25、ry&Site Overview DNAC Site Hierarchy Push Fabric Fusion Config Generator Pre&Post Ping Sweep and Routing DeltaHow Automation HelpsHow Automation HelpsUnderlay Config generator reduced MOP timeReduced Migration Time with Fabric Config GeneratorSite Snapshot&Overview of endpoints26BRKENS-3834What is t

26、he Migration Process?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMigration Pit stops/Checkpoints Site Survey&Predictive Model Review Site Survey&Predictive Model Review BOM Approval&Remediation BOM Approval&Remediation NDD&BOM CreationNDD&BOM CreationMOP PreparationMOP

27、 PreparationSite Services ReadinessSite Services ReadinessRack,Stack,UATRack,Stack,UATSite Staging(Bootstrap)Site Staging(Bootstrap)Push SDWAN Template&Core SDAPush SDWAN Template&Core SDAHost Onboarding&endpointHost Onboarding&endpointvalidation validation UAT&HandoverUAT&Handover1External Connecti

28、vity with SDAExternal Connectivity with SDAPrePre-MW ChecksMW ChecksISE&NAD Group UpdateISE&NAD Group Update234567891011121328BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSingle StepMove from current state to end state in 1 Maintenance WindowSuited for Small

29、 SitesProcess:Move to SD-WANReplace and/or upgrade LAN switches to SDAMigrate SDA WirelessMigration ApproachesMultiple StepMove from current to end state in multiple Maintenance WindowsSuited for Medium to Large sitesProcess:Day 1:SDWAN,Fusion and BN/CPsDay 2+:Replace and/or upgrade targeted LAN clo

30、sets to SDAMigrate SDA Wireless29BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBroadcast Legacy SSIDMPLSInternetCNF/DC with WLCBroadcast newfabric enabled SSIDSDWANInternetMPLS/SDWANFabricCNF/DCBroadcast newfabric enabled SSIDSDWANInternetMPLS/SDWANCNF/DCOROR

31、Migration Approach Single Step30BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFabricFabricFusionSDWANMPLSInternetLegacy SiteFusionSDWANMPLSInternetLegacy SiteMigration Approach Multiple Step31BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Ci

32、sco Public#CiscoLiveLegacy SiteFusionSDWANFabricMPLSInternetFlow 1Flow 2Flow 3Flow 4Any migrated subnet traffic between Legacy and Fabric will traverse through Layer 2 Border Node(L2BN)Any migrated subnet traffic between legacy and remote location will traverse through L2BN BN/CP Fusion SDWANAny mig

33、rated subnet traffic from legacy to non-migrated subnet in legacy network will traverse through L2BN BN/CP Fusion Legacy siteAny non-migrated subnet traffic from legacy to remote location will traverse directly through Fusion SDWANMulti Step Migration with L2BN Traffic Flow32BRKENS-3834 2023 Cisco a

34、nd/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFusionSDWANFabricMPLS SDWANInternetCNFDCSDA Capable devices will be on boarded into the fabricAny temporary configurations will be cleanedLocal C9800 WLC will be enabled for fabric mode and re-provisioned with fabric SSIDsAll the APs wil

35、l be provisioned to broadcast the fabric enabled SSIDs.Migration Approach Final Step33BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSD-Access&SD-WAN Migration Steps34Push SD-WAN Pre-SDA template1Turn on routing between cEdgeand BNs2Discover BNs from DNAC3Conf

36、igure SDA Site specific tasks and BN External Handoff4Push SD-WAN Post-SDA template5Confirm all BGP peers are up and reachability to all networks and VNs6Final infrastructure and UAT testing7Any configuration cleanup8BRKENS-3834Lessons Learned From Large Scale Migrations 2023 Cisco and/or its affili

37、ates.All rights reserved.Cisco Public#CiscoLiveTechnical Learnings75%55%BeforeExtensive UATExtensive UATInterface&TunnelInterface&TunnelMismatch(SDWAN)Mismatch(SDWAN)PresencePresence of Hubsof HubsGUEST Portal LoginGUEST Portal LoginReusable VLANSReusable VLANSExternal External ConnectivityConnectiv

38、ity3850 License 3850 License Static EndpointsStatic EndpointsDNAC Site LocationDNAC Site LocationAutomationAutomationAfter36BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTechnical Learnings ContinuedCircuit TaggingSDWAN Template IssueFusion&Legacy CoreDHCP Op

39、tion 43L2BN VLAN 1Bandwidth ShapingvManage GUIcEdge in CLI modeASR1002-HX Cert FailISE and DNAC Sync37BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOperational IssuesOn-SiteAd-HocLimitationsCircuit Testing,Circuit Handoff&labellingRack,Stack,Mount APs in Adva

40、nceBoM Lead TimeSpare SFPs,CablesCOVID,Travel&Security GuidelineProject Milestones&RACISnowflakes per RequestScoping&Resourcing Site Variations&Consolidation changesUnknown devices Platform LimitationHigh burnout rateAccountabilityEndpoint VisibilityUnmanaged SwitchesOthersCross Team DependencyHardw

41、are UpgradesStaging Facility ComplianceTimely Approvals38BRKENS-3834Conclusion 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveKey TakeawaysOrder of operations is key!Underlay of SDA and Trusted VN needs to be bridged to overlay of SDWANDC first approach get those cEdge he

42、adends built firstAt branch,install SDWAN first,test it and then proceed with SDAInfrastructure and UAT testing is very criticalTrustSEC needs to be configured on SDWAN first and then SDA BNFor sub-interfaces,TrustSEC must be enabled on physical and all sub-interfaces40BRKENS-3834 2023 Cisco and/or

43、its affiliates.All rights reserved.Cisco Public#CiscoLiveKey TakeawaysSD-Access and SD-WAN migrations can be done at rapid paceConsistency in design is key for at-scale migrationsYou are getting one chance to re-do the network take that opportunity!Remember those 5 pillarsAutomation is crucial for e

44、fficiency and accuracyBEAST is not as scary as it seems!Cisco CX is always there to work with you and accomplish success together.41BRKENS-3834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session su

45、rveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!42These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.BRKENS-3834 2

46、023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at

47、 www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive45Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123445 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKENS-3834#CiscoLive