SDWAN Interview Questions

SDWAN Interview Questions

Ques 1. What are typical challenges in a WAN setup for any organization?

Below is list of common challenges faced with a WAN setup –

1. Insufficient bandwidth
2. Limited Application Awareness
3. Fragmented Security
4. No Cloud App Readiness
5. Limited Scale
6. High Cost
7. Complex Operation

Ques 2. What are the benefits that SDWAN Viptela solution provides?

The key benefits that SDWAN Viptela solution renders are 

1. Centralized routing intelligence and segmentation.
2. Secure the network automatically.
3. Managed via Central managed engine vManage.
4. Influence reachability through centralized policy.
5. Cloud readiness.

Ques 3. What is vManage NMS?

The vManage Network Management System is a centralized NMS that lets you configure and manage the whole overlay network from a simple GUI dashboard.

Ques 4. What is vSmart Controller?

The vSmart controller is the centralized engine of the Viptela solution, controlling and analysing the flow of data traffic throughout the network. The vSmart controller works with the vBond orchestrator to authenticate Viptela edge devices as they join the network and to orchestration connectivity among the vEdge routers.

Ques 5. What is vBond Orchestrator?

The vBond orchestrator automatically orchestrates connectivity in between the vEdge routers and the vSmart controllers. If the vEdge router or vSmart controller is behind a NAT, the vBond orchestrator also serves as an initial NAT-transversal orchestrator.

Ques 6. What are vEdge Routers?

The vEdge routers sit at the perimeter of a site (such as remote offices, branch, campuses, data centers) and provide connectivity among the sites. They can be either hardware devices or software called a vEdge cloud router that runs as a virtual machine. vEdge router handles the transmission of data traffic.  

Ques 7. Explain SDWAN architecture?

 Cisco SD-WAN uses an abstracted architecture and is divided into the control plane and the forwarding plane. The SD-WAN architecture moves the control plane to a centralized location like an organization’s headquarters to manage SD-WAN devices for central management. By doing so network can be managed remotely without the need for an on-premises support. 

• Data Plane: Cisco SD-WAN solution refer to data plane as a WAN edge. WAN edge could be CISCO vEdge router or CISCO XE SD-WAN router. Data plane device are deployed at branch, data center, Large campus, colocation facilities. The vEdge routers are placed at the perimeter of a site (such as remote offices, branch, campuses, and data centers) and provide connectivity among the sites. vEdge can be either hardware devices or software that runs as a virtual machine. vEdge router handles the transmission of data traffic.
• Management Plane: vManage manages the management plane in SD-WAN. It can be utilized for onboarding, provisioning, policy creation, S/W management, troubleshooting and monitoring. vManage also supports communication via REST and NETCONF. Each WAN edge will form a single management plane connection to vManage.
• Control Plane: vSmart provides control plane functionality. vSmart is responsible for implementing control plane policies, centralized data policy and VPN topologies. vSmart learns all its routing information. It is the centralized control engine of the SD-WAN solution, controlling the flow of data traffic throughout the network. The vSmart controller works with the vBond orchestrator to authenticate SD-WAN devices as they join the network and to orchestration connectivity among the vEdge routers.
• Orchestration Plane: vBond manages orchestration plane in SD-WAN. The vBond orchestrator automatically orchestrates connectivity between vEdge routers and vSmart controllers with secure tunnel

Ques 8. Explain entire Cisco SD-WAN system bring up process?

Below is the step by step process of SD-WAN solution process :

•  Install hypervisor (KVM) on the server.
• Spin-up virtual machine on the server.
• Install images for vManage, vBond, vSmart and vEdges on the VMs.
• Create a minimal configuration for vManage (Deploy vManage) device.
• Create a minimal configuration for vBond (Deploy vBond) device.
• Create a minimal configuration for vSmart (Deploy vSmart) device.
• Enable connectivity between controllers.
• Generate CSR for each controller (overlay connection).
• Sign certificate to validate and authenticate the controller.

Ques 9. Explain in simple steps on how to bring up vEdge?

• Create a minimal configuration for vEdge and establish IP connectivity into the WAN circuits.
• Verify the vEdge router can reach the controller.
• Authenticate the vEdge router with vManage.
• Register each vEdge router with vManage.
• Verify that the vEdge are up in the vManage GUI dashboard.

Ques 10. What is the process of establishing Tunnel between vSmart/vManage/vBond?

• Certificates are exchange and mutual authentication take place.
• vBond validates vSmart controller and vManage certificate and serial number against authorized white-list added.
• vSmart controller and vManage validate vBond orchestrator certificate organization name against locally configured one.
• DTLS/TLS secure connection is established

 

Ques 11. How does vEdge router establish identity on controllers?

• Private and Public keys are generated on the vEdge router.
• Certificate is generated.
• Certificate is signed by Avnet.
• Certificate is saved in the TPM-lite chip on the vEdge router.
• vEdge router has a root CA trust chain certificate.

Ques 12. What is TPM and what is its role?

TPM Chip is Trusted Platform Chip. TPM chip is used to load certificate on the vEdge router.

Ques 13. Illustrate the step by step secured connection establishment between SDWAN components?

• Certificates are exchange and mutual authentication takes place between vBond and vEdge – over IPSec encrypted tunnel.
• vBond validates vEdge router serial number and chassis ID against authorize vEdge whitelist.
• vEdge router validates vBond certificate organization name against locally configured one.
• Provisional DTLS/TLS tunnel is established between vBond and vEdge.
• vBond returns to vEdge a list of vSmart controller and vManage.
• vBond notifies vSmart and vManage of vEdge router public IP address.
• Provisional DTLS/TLS tunnel terminated between vBond and vEdge.

Ques 14. How is connection secured between vEdge router and vSmart controller and vManage?

• Certificates are exchange and mutual authentication takes place between vSmart, vManage and vEdge.
• vSmart and vManage validates the vEdge router’s serial number and chassis id against the authorize vEdge white-list.
• vEdge router validate vSmart and vManage certificate organization name against locally configured one.
• Permanent DTLS/TLS tunnel established between vEdge, vSmart and vManage

 

Ques 15. Does SD-WAN deployment play important role in cloud-based and SaaS applications?

Yes, SD-WAN plays important role in Cloud-based and SaaS Applications.

Ques 16. Which of the main drivers for SD-WAN deployment?

• SD-WAN has ability to add edge branch sites more quickly
• SD-WAN meets the need for better connectivity to cloud applications using various links.
• Efficient network use resulting in cost savings.

Ques 17. What’s the difference between do-it-yourself (DIY) SD-WAN and managed SD-WAN deployment?

• DIY SD-WAN, enterprises purchase SD-WAN products directly from vendors and deploy the service themselves.
• Managed SD-WAN, enterprises purchase services through providers, rather than product vendors, and the providers manage the networks for the enterprises.

 

Ques 18. Which security features are most common to SD-WAN products?

• Traffic encryption
• Firewall capabilities
• Network segmentation.

 

Ques 19. Is Scalability an important feature when it comes to SD-WAN deployment?

Yes

 

Ques 20. What are the basic SD-WAN features?

• Application-aware routing policy for best path selection and failover.
• Centralized management and real-time monitoring.
• SD-WAN is able to use multiple WAN connections, i.e. MPLS and broadband internet.

Ques 21. Does SD-WAN deployment limit hardware throughout at branch sites?

No

Ques 22. What are the prerequisites for SD-WAN deployment?

• A wide area network.
• A physical or virtual SD-WAN appliances at each site.
• Knowledge of existing WAN traffic patterns and existing WAN links.

 

Ques 23. What is the principle underlying technology behind SD-WAN technology emerge?

SD-WAN stemmed from SDN technology that separates the control plane from the data plane and centralizes control and management.

Ques 25. What is the Cisco SD-WAN Solution? Traditional Wide Area Networks (WAN) was designed using Multi-Protocol Label Switching (MPLS) for connectivity where majority of branch office traffic flows within an enterprise’s intranet boundary. This infrastructure change creates a new requirement for security, application performance, cloud connectivity, WAN Management, and operations. Cisco SD-WAN offers a new way to manage and operate WAN Infrastructure and it is a cloud based solution that delivers a secure, flexible, and rich services architecture and scalability

• General  Interview Preparation
• Network Phone Interview Questions
• Network F2F Interview Question
• Company Interview Questions 
• Troubleshooting  Questions
• How to Own an Interview
• Wireless Interview Questions
• Security Interview Questions
• Technical Scenario Interview Tips
• Company Projects for Interviews
• SDWAN Interview Questions
• Cyber Interview Questions
• Network Automation Interview Questions