100% Real Cisco CCNP Enterprise 300-415 Exam Questions & Answers, Accurate & Verified By IT Experts
Instant Download, Free Fast Updates, 99.6% Pass Rate
300-415 Premium File: 357 Questions & Answers
Last Update: Oct 22, 2023
300-415 Training Course: 112 Video Lectures
Cisco CCNP Enterprise 300-415 Practice Test Questions in VCE Format
DateNov 07, 2023
Cisco CCNP Enterprise 300-415 Practice Test Questions, Exam Dumps
Cisco 300-415 Implementing Cisco SD-WAN Solutions (ENSDWI) exam dumps vce, practice test questions, study guide & video training course to study and pass quickly and easily. Cisco 300-415 Implementing Cisco SD-WAN Solutions (ENSDWI) exam dumps & practice test questions and answers. You need avanset vce exam simulator in order to study the Cisco CCNP Enterprise 300-415 certification exam dumps & Cisco CCNP Enterprise 300-415 practice test questions in vce format.
In section one two we have to learn about theVH and Ch platform obviously related to SDWAN structure. Now, you can see that we have iOS XCode, Cisco, for example, ASR ISR, VIPTILLA boxes, V Edge 100,000, 2000, and in the diagram, we have an enterprise network compute system, cloud devices, and CSR thousand V. So we have a mix of both physical and virtual components. The important thing to consider here is where you intend to use all of these devices. So if your branch size is small, mid size big,if you want to use aggregator according to that, youhave to choose the VH 100 versus 1000 versus 2000versus 5000 versus ASR ISR et cetera. So the first thing is to decide which device will go to which branch, specifically based on the bandwidth requirement to that branch. Second, now that we know we have two different operating systems for the same purpose, we have iOS XE patched with Cisco SDWAN code and a natively wiped outer OS that is SDWAN from day one. You should also compare the features provided by the iOS web tele SDWAN operating system to those provided by the Cisco image, IOS XE. We should compare all the features before choosing the right hardware or the platform for our infrastructure. Now, let me quickly go and walk you through the internal processing. So here you can see that you have the ASR; that's the king of distributed architecture. We know that the ASR platform and the ISR platform are huge. They are huge in terms of their capability, but they are very popular because what they can achieve with other hardware from other vendors, they can't achieve with that. Why? Because if you go and check their internal structure, for example, ESR-1 K, you have the route processor where iOS 60 live in.Apart from that, you have CPP code, packet processing, and multiple engines. So here you can see that in ASR I have a 64-packet processing engine. It supports the crypto dispatcher packet buffer, and it comes with Q and scheduler. This is nothing but buffer, QC dealerBQS and this is embedded inside ESP. ESP is nothing but an embedded service processor. So when the packets arrive, they go through the internal architecture, which has multiple cores, a Qbuffer, and everything defined within the hardware. That's the important thing. We have this type of structure—this type of powerful hardware supported by software architecture—that you very rarely find with other vendors. Again, you can see that there are four 40-degree angles where you have the control plane. Inside that you have four course. Inside the data plane, you have 16 courses. So it depends again on how much throughput you have for that particular branch. According to that, you can go and choosethat how much code, how much processing dowe have any sock architecture etc. If we go to the lower end of ISR integrated devices, you have to choose for that specific branch again, so here you can see that you have 430-04200 ISR 1100 architecture and data plane. four course control plane two course so againnumber of course is decreasing because we don't have thatmuch throughput of data that is going on clearly youcan see the difference between 4331 and 4321 even ineverything is collapsed inside the same Linux so here youcan see that for control plane you have one coredata plan you have two core control plane again youhave one core it means the structure is a bitdifferent it's not the parallel or the symmetrical structure andthe number of course will decrease obviously according to thatprice will also go down and we are going tochoose these hardware again as per the Usability how muchdata is going to process through these hardware box nowwe have understanding that behind the scene what are thepacket processing units? How many cores do we have with the different hardware? Let's quickly learn about the memory now; memory is also an important factor. We know that we have different types of planes; we have a control plane. We have a data plan, we have a management plan, et cetera. Now here, you can see that the control plane What is the use of a control plane? Here, you can see I have control planes, for example, with four cores, and the Linux kernel is there; that's the operating system for the control plane. Now, what this control plane is doing is holding the databases like Rib. They hold the entire Linux plus architecture for 3004-200-1100, so they are obviously there to give the instructions for the data processing related to L three or possibly VLAN databases they are storing, then when it comes to the data plane, the data plane is obviously there for the actual data movement, so you have packet buffering, you have CPP. Again, these terms are not required to memorise just for our understanding; we are doing this; it will not appear on your exam; we are studying it for knowledge purposes because this is very much related to the tag; they must understand when the package will go and hit the control plane. When it reaches that specific bus system, it will proceed to the data plane and then to the exit. Some QS.ACL policies, et cetera, et cetera They must understand how the hardware inside the hardware processes the data behind the scenes, so you can see the data plane actually where the data lives or data will forward, so you have the feature invocation area that is the data plane entity that bolts on services to packet. Then you have different types of tables, like whatever dynamic entries you have (MPLS, Fib, Nat, Table, Jones, Firewall, et cetera, et cetera.So there are some tasks that my control plane is doing. There are some tasks that my data plane is doing. And for both the control and data plan, for example, you can see that in my control plane I have four courses. In my data plane, I have ten courses. It depends on architecture, architecture, and architecture. You have different types of architecture for different types of hardware, and it depends on how much code is going to be used. Again, remember, we have buffers, Q, and scheduling as well for the data plane. Now, how does memory grow? As you can see, if you have four GB of control plane RAM at the time, it is divided into specific areas that are simple to understand. From here, we can see that 750 MB for Linux and 750 MB for Linux Cash are free. Then again 750 MB Free and here you can see how it is growing. It is growing from left to right. That is your Linux operating system. Then you have your iOS daemon, iOS D, that is growing from right to left, and you have a total of 1.750 MB. Or I can tell, 1750 MB, lessthan two GB memory for iOS daemon. And you have more than two GB of memory reserved for Linux. And you can see that they are growing in this direction, correct? You have four cores, and here you can see the number. Of course, that is the control plane. Likewise, the data plane memory is growing. Suppose I have two GB of data plane Ram, 1.5 GB isreserved for CPP and then we have 5.2 for extended memory. So here, you can see that you have some reserve memory. Here you have some extended memory, and you can see the segmentation: 750 m before packet buffer, then CPP code, 40 m before extended memory. Four, seven to two m before extendedmemory as well with this particular hardware. So this is just one example with one of the specific hardware pieces where the memory in the control plane and data plane is growing and how much is reserved for the control plane and data plane. Clearly you can see that control plane, Ihave four core, data plane, I have tencore and this much memory is allocated. Great. So finally, let's conclude this. We have three main memory areas in enterprise network routers. We have IOSD. We have seen here that it is growing from right to left. Some 1.7 GB are reserved for that. We have Linux memory that is going from left to right. and then we have 2.25 GB of data located for that. And then finally, we have data plane memory that is inside data plane memory. In this case, we have, for example, a 2 GB reserve. Again, this is not mandatory that we know each and every term, and whatever we have done here is purely for TAC engineers. But if we know these internal things behind the scene,how it is happening, then obviously it is good. And in the future, if we have any memory leak issues, we can at least identify memory leaks in the Linux operating system, IOSD, dataplane issue, or CPU related to data, data plane, or the control plane, et cetera. So it is good for further troubleshooting if you have this type of memory or CPU issue in the future.
This session is important because I'll show you a slide on which you can see and decide whether this particular branch, the throughput, and the type of hardware you want to use are important. And then next we'll discuss the virtual appliance use case. So let's just start. I have two almost same type of slide hereand you can take your decision depending upon whatwill be the throughput because see this Victoria Boxes are really good, but a customer or even Cisco wants us to move toward the Cisco device. Here you can see this is the Vedge next-generation ISR platform that is running with version nine, version two, or a higher Viptilla operating system. So if you want to stick with VIP tillerimage and you want to use all the Viptilla SDWAN features, you can go for these devices. Again, in Vietnam, we have vehicle number 5000 as well, and we'll see in the next slide what the throughput is for that. So if you're looking at 100 Mbps, one gig, ten gig, or if you want to use the same features inside the Cisco platform, you can use this hardware. Then we have the virtual branch as well. We are going to discuss this after three to four slides. Then we have the ISR and ASR platforms, where the scale or the throughput can be increased from 200 MP's up to 200 Gbps for ASR, having the highest throughput or high-performance devices there. Now let me quickly go and show you the next same-type slide. Again, you can see in these diagrams what the throughput supported by ASR devices will be. So starting with ASR thousand and one-seven Gbps, you get up to 30 Gbps. Then again, in the ASR, you can see starting with 230 Mbps up to 3.5 Gbps for SDWAN. Now we have nice Edge devices, and you can see that we have 5000. They are supporting 20 GBPS. Now all van transports are encrypted and secure because we know that they are forming the secure control and data plane tunnel. And then we have the application feasibility of this device. The DPI engine is costly, and in the eyes of devices, we know that we have the Cisco N-bar features enabled. Now let's go and discuss the virtualization and the virtualized hardware where we can have the virtual instances of those SDWAN images. One of the cool things we have and one of the cool platforms we have at the moment is En CS, which is Cisco's enterprise network compute system. The good thing about ENCs is that youmay have third party VNFs virtual network functions. So you may have Palo Alto, you may have five load balances, you may have any other third-party integration, and then everything is virtually added inside the ENCs compute system. So in that regard, your rack, stack, cooling, electricity, space, and all these things will get saved first of all. Second, you have less hardware, a smaller attack surface, et cetera, et cetera.So whatever advantages we have with virtualization imply that you have shared hardware. On top of that, you have different operating systems, so you can utilise the resource better. Then there are the standalone devices for everyone. Now there are pluses and minuses as well, and some design engineers can take it as a minus as well in a few use cases. But you'll find that with respect to investment and with respect to other operational costs, this EMC is gaining popularity, and that's why not only Cisco, but if you see other vendors as well, they are integrating with third-party services. Okay, so there are plus, there are minus withcompared to cons we have more number of positives. So in that regard the decision can be made what serieswe have, we have ENC is 5100, we have 5400. Again, with respect to the throughput and how much bandwidth my customer is looking for, they can go for either six cores or eight cores or twelve cores. Okay, you can see that the throughput is 500 Mbps for SDWAN. So what this virtualization will provide is a fully flexible branch methodology, meaning it will give you more options for your network design. You can quickly add and integrate with any third-party party services.Again, you can see that we have a tight integration with network services and we can do servicing. And inside the box now we havenew paradigm for maintenance, config and troubleshooting. Now we have non CLI based or now wehave the GUI based hypervisor and from few clickswe can do most of the operations. Actually, we are moving from CLI to GUI, and then again, we are moving towards API. So that's the move we're making at this point in time. CLI, GUI. At the moment, we are in between CLI and GUI. You will notice after some time, even now, for example, VeloCloudYesterday, that they do not support CLI. So you have only two options: GUI or API. You'll see that the chain will increase, and the company will offer GUI and then programming or API interfaces. All right, so we have two options at present: Isa with UCSI integration, or That is the traditional way to do virtualization. And now we have new offerings for Cisco that we can use on the CS platform; everything will be virtualized, and then we have the non-CLI hypervisor platform. Okay? So two very important things we learn inthis particular session is that what virtualization interms of SDWAN options we have and invirtualization we have third party integration as well. Yeah. And the second thing we have learned thatfor which particular branch, what device to takebecause obviously depending upon the throughput, you aregoing to choose the hardware.
We are in the middle of the discussion about which particular hardware will suit my infrastructure, and we have discussed the throughput of the virtualization level. Let's go and discuss the security aspect as well. So in this section we are going to discuss aboutthe security aspect to choose the hardware as well. And then we are going to summarise whatever we have studied in the previous two to three sessions. The diagram shows how we traditionally work, and in SD we have the control plane and the data plane. So we have FIA feature invocation arrays where we have packet processing engines. You can see you have cryptography, and you have so many cores. It depends on which hardware, how much CPU core, which hardware, how much data plane core, the control plane core, and the data plane core. In SDWAN, we have multiple features, including new ones like ZTP app route smart, QScloud management segmentation, IPsec tunnel monitoring with VFP, T lock extension, overlay management protocol, application recognition engines, and various types of security integration. Here you can see that you have the Cedge, and it is managed by Net Conf. Obviously we know that communication between we manage andrest of the devices are via the net protocol. In terms of security, assume that there is now 20% to 24% of traffic. We want to use dia. Now, if directly are going to dim, if directlyyou're going to internet and accessing the resources. So at that time, you should go and enable the features. Obviously, those are next-generation firewall features. That's why we are calling this a next-generation generation Firewall.So we should go and enable the features such as Amp and TG IPS or IDs, Cisco umbrella integration, and obviously the firewall with lots of application awareness. So actually, the popular term is application-aware firewalling. If we're using Dia and have guest access, we should have a web or URL filtering firewall option. If we have compliance, then we can use a combination of firewall, IPS, amp, and DG. So here you can see that in Dia, my ISI devices, or my iOS XE, should support all the security features. If as a company, my company Idon't want to spend on Firewall. So I don't want to add an extra level of firewall or extra firewall, and then I purchase the hardware. I pay for the licence instead of having it inside Cisco's device. I have the ability to enable the firewall feature, and I can use it now, while enabling the feature. It's very important that we consider how much RAM or how much memory I have for those security features. So suppose if I enable my Snort engine andI don't have that much memory or processing withme, so obviously the overall performance will get decreased. So we should understand which security feature we are enabling and, if I enable this particular feature, how much memory could I need? Otherwise, the performance will be badly degrade it.What type of features are supported? If you go and log into the Manage dashboardyou can see that you can go and enablecompliance, guest access, direct cloud access, direct internet accessand suppose if you want to mix and matchyou have the custom option where you can addfirewall plus DNS, plus URL et cetera. So here are the features: we have 82+ web category support, advanced malware plus TG thread gateways, you can have local caching or you can send the file to the cloud for further analysis. Now this slide is important. You can see that we have the edge devices and the ASR thousand, and they can obviously do application firewalling, which means you can create the June and the application firewall rules, and we can also do integration and integrate with DNS or Ciscombrella. In this case, if my network architecture includes V-Edge devices or devices that do not understand the advanced security suit or advanced security features, you can redirect that traffic to the central hub or data center, ensuring that the service redirection or service chaining option is always available in SDVAN. Here you can see in the list that you can use ECS or CSR, and obviously these are for the virtualization purpose; all the features are supported in UNCS even though we can use third-party firewall integration or service integration as well. The ISR 4000 and IS are supporting all the features that we have in the security suit as well. So now this ISI devices may be your choice forfew of the branches where you want to redirect thetraffic, you can use your Vs devices where you wanthighest level of throughput you can use ASR where youhave your virtualization for the branches, you can use ENCsand even you can install the virtual V edge plusvirtual CSR over the public cloud as well. So now you have plenty of optionsthat you can choose your hardware with. Again, this slide is also important; it is telling us that if you have eight GB of RAM, so here we can see that in Isa 110-06-4221 and 4321 we have eight GB of RAM, so we can go and use these rules, and that's the reason you have the metrics. So before choosing the feature, make sure you have the hardware that will support everything, but still, if you enable that feature, it will require more and more memory and processing. So you should go check the data set, this hardware, and this memory to see how many rules I can create and how much it can support. For example, if we have cloud lookup, that means for IPS ideas or TV you are sending the package towards the cloud. So at that time you need eight GB of bootflash, eight GB of memory, and one core for SP. Again eight GB, eight GB memory and two core for SP. So here you can see the mix andmatch the IPS, URL, filter, amp, file, hashing,and then you can see the hardware. So in this regard you can go and create the roof. Assume you have onbox lookup and want to enable all of its features. So at that time, you need 16 GB of memory plus two cores of SP with 433 or 1435. One means you can check the hardware core, and according to that, you should enable the features; otherwise, performance will get decreased.Now again, this slide is also very important. So you can make your decision based on this slide. This slide, this slide plus one of the others that we have seen early—actually two slides we have seen early—shows that hardware and overall throughput. Now, in this slide with SDWAN specifics, you can see what features I want. Remember, SDWAN can simplify your routing and your IPsec VPN, or you can scale your IPsec VPN. But apart from that, you can add security, you can add optimization, and it can be multi-domain supported. So these are actually the advanced features we have in the SDWAN. A few of the features even they are notthere in other vendors that Cisco is offering. So be very careful if you are choosing the hardware and what features you're going to use. Now, let me quickly explain and highlight some of the features highlighted here highlighted.So here you can see if you want routing scalability, IPsec, if you want DNS integration or GSC integration, or you have normal application firewall rules. You can go with this if you want high scalability and throughput in terms of VPN. In terms of routing, you can use ISR and ASR if you have a medium number of branches and want to enable advanced security and optimization, as well as voice integration and multi-domain support. Okay? So remember you have to categorise your branches, like, for example, bronze, silver, gold, and platinum, and according to that, you can categorise the throughput. The throughput is one Gbps, two Gbps,ten Gbps, 20 Gbps et cetera. Then you should categorise the number of security features you're going to use, the number of applications you are going to use, or what type of optimization you are going to use. And plus, in the future, if you have anything related to integration, so you want to integrate your SDWAN with ACI and DNA, then that is also something you can keep in mind while choosing the device. So all the vendors obviously Cisco also they will tell,okay, we are supporting everything, you can do everything, butby the end of day your hardware should support orthe performance further will go and decrease. Now this is the summary slide. Let's quickly summarize. So you have SDWAN, ASR, ISR, and VS devices where you have everything centralized, so you can add features. Remember features related to routing. These are the big things. Features related to the VPN IPsec VPN I'll describe IPsec VPN scalability features related to optimization. This is also a huge area where we can decrease the cost. I can run my services over broadband or the Internet—high-speed Internet. So optimization. But when you increase the optimization, obviously numberof cycles CPU core will utilise more. And the same is the case with the security feature. When you add IPS ideas to the picture, your service profile, or the number of cores in your security suit, the CPU utilisation skyrockets because they have to check. And that's why you have, actually, two paths. One is going towards IPS ideas. It will do what it must, and again, it will come to the data path. Okay, so these are the main factors based on which we should choose our hardware. And finally, obviously, we have virtualization in mind also. So if you want a simplified solution, you want to run everything in a box. Everything refers to the optimization of your routing, firewalling, and load balancing. You want a very simple type of GUI option to manage all your services. You can directly go with the ENCs as well. All right, so this recording becomes a little bit big. Let's stop here. You can check the last two or three recordings, including this, to choose your hardware. Obviously I'm going to upload these documents as well. That can be the reference point not only for our example perspective but for the real-world implementation of the solution and the design and the architect. These points are actually very important.
We have successfully completed Section One. Now we move to Section Number Two, which is actually very important, and actually all the sections are important. Even section number three is very important to understand SDWAN's built-in SDWAN fabric, the controller deployment, and subsequent sections related to data plane deployment. So let's first discuss what topics we have here. You can see that we are going to discuss a lot about the controller deployment. So for example, over the cloud, if the cloud is okay, you can tell Cisco I want controllers over your cloud, and they will provide you the controllers, which means they will provide you with smart V bond management, and then you can build your infrastructure, which means now you are offloaded. Now you don't have to worry about whatever features you want related to the controller. Whatever features mean you want the controller in multi-tenancy mode, high availability zone, et cetera, Everything will be taken care of by Cisco if we have a cloud deployment. Now when we are talking about on-premises, there are customers who have compliance issues and don't want to host anything over the cloud. And there are use cases: some services want to be hosted in the cloud, but some countries don't want their data to be sent to other countries until they cross their firewalls, and so on. So for those cases of on-premises deployment, you have to deploy that over the computer, over the ESXi or hypervisor, because all the controller devices are actually purely software. So obviously, you need the computer to install them. We'll go and check what the steps are to install that. So that's why we have this section two A, twoB and after that we have two two C wherewe have to discuss about the scalability and redundancy andthen how certificate works, we have to discuss about that. Although they are working, we have option that weare doing the manual or the automatic way todo the certification, but automation is also there. The good thing about SDWAN fabric is that once you bring up the control plane, you have the option of manual operation, installation of a certificate, bringing up your control plane, automation, etc. So once you bring up the control plane and the data plane, the control plane tunnel will obviously form and the data plane tunnel will obviously form automatically. And then what you have to do is go and add the policies. So planning phase actually in this SDWANarchitecture or in this SDWAN solution, theplanning phase is quite important. You have to plan the steps before implementing the implementation.If your planning is very good, then the implementation and the operation parts will become less of a headache or will become easier. And those guys who are taking care of the operations or even the implementation as well—someone has created the template, implemented one site like that, and other sites can be implemented or deployed. So design is important. If good design means better design, then implementation, deployment, and optimization will be easy. And in that case, we have troubleshooting. Finally in the section twofour we have the troubleshooting. We have to go and check the control plane tunnel and see if there is any issue related to it or what type of issue we are commonly going to get in case the control plane channel is not forming or if you have issues with the control plane or the controllers. or with the controllers. Remember, the control plane is V for smart controllers. Perhaps we are intelligent; that is the control plane we manage; that is the management plane vs. bond; that is the orchestration plan or the orchestrator. Okay, sometimes somewhere you'll find that control plane referring to all three components. But technically that is not too technicallymy Vs smart is the control plane. So let's start with point number two, which describes the controller cloud deployment. We have options, and that's the one recommended. I have seen that customers they are choosing Ciscocloud to host their controllers and once we areusing Cisco Cloud so everything they will take carelike iOS upgrade, multi tenancy, any type of failure,et cetera, et cetera, they will take care. The second option is the managed service provider, someone on behalf of the operational organisation from which I am taking the services. So managed service providers can also work. There are so many managed service providers that can work on behalf of the customer and the vendor. Then you may have on-premises deployments. Actually, this is the third variant of cloud—that is, a private cloud. So maybe you have deployed your controllerover the private cloud as well. All these three options are actually related to clouds. Then, on the next recording, we will discuss the premise as well. So that's the thing. Now let's quickly go and discuss the technicality behind this. Once you are deploying the devices or controllers over the cloud, you will obviously get a console, which you can manage from there. So there is no match that you are making here. However, if you want to know how much interface management, interface, virtual interface, and so on. We can understand those things from here. So now you can see, for example, that we have three different types of devices or controllers. Let me quickly draw this. So we'll easily understand what is happening. So starting with that, we manage. Now we know that if you have any of these boxes, this particular software should have a minimum of two interfaces. One is transport, that is, a VPN. One should be used for out-of-band management; that is nothing but VPN five one two. But later on, we are going to discuss the V management and whether the high availability and redundancy that we manage should be part of a cluster. So that means you should have three V-managed, hosted, or three W-managed servers in a cluster. Again, in high-availability scenarios, you may have an active, managed cluster; you may have a standby, unmanaged Vanage cluster in one DC and another DC, and then they are replicating the databases. This is again one of the use cases. But you should have one other Venia that is used for messaging; that is, for Enter, we manage communication. They're something like a message bus. Okay? So, remember, for we manage, you need three distinct and plus, because we manage is also a server. So how can I explain this thing? I'll try to explain. In other words, suppose if I ask you that,what is the main difference between Van and Stvan or what is the main difference between anyexisting network, any existing infra plus the STM basednetwork, what's the main difference? Even though Van is doing what we are doing in the St software defined Van, they are both performing the same function; their goal is to provide application routing, security optimization, and so on. The main difference between the Van and the SD Van is the database. Now, all the Sdn solution, they have the database. For example ACI Cisco.ACI.ACI application centric infrastructure ACI. Obviously they are doing the management,but they have the database. Whatever controllers we have from where we are doing the management, they have the database. And that's the truth. With we manage as well. So, while you're doing the deployment for Vanage, you should have a minimum, say, five GB, but you can check the data sheet to see how much minimum data store you actually need. They should need some sort of data store. Okay, that's the one thing here: two of the controllers, for example, via Smart and Vone, only need two Nicks. One is for transport, and the other is for management, out of band management; this is VPN 5.2. So let me quickly go and show you the slides. And the slide will say the same thing that we are discussing here. And slowly we are digging deep, and slowly we are increasing the label as well. So you can see in Vone that you have VPN, VPN five one two. In vsmart. We have a VPN as well as a VPN. Five, one, two. But in the case of vanish, you have one cluster interface, and that will be used, for example, to do the cluster management of V manage.Now, these devices can be hosted over ESXi, KVM, AWS, and MS, and likewise, you can see all the diagrams now. When we are doing the controller deployment, how these controllers are going to communicate now must not be behind them. Now, it's not the requirement, it's not amandatory thing that all the controllers, they arebehind the firewall and they have one toone net and they are communicating. But in this case, if they are behind the netdevice, they should do one-to-one to one net.Now, here you can see that all the controllers so Ihave my Vs smart, I have this Vsmart and vanity. You can see that they are doing the post-net work. For example, I have my V one doing the prenet behind the private network. Or you can think that your VPN is a device that should communicate with the public cloud, at least so it can get some information from the cloud. In this example, everything is hosted over thecloud and to communicate to each other. For example, if you see point number one, So we manage two V bonds. We have the one to net panel. In short, all the control plane devices have a one-to-one net to do the communication. Obviously, you should have a minimum configuration. So what does it mean by "minimum configuration?" You should have a minimum configuration. So while you are doing the deployment and this thing we are going to discuss a lot, if you see the configuration, what you will find is that you should have the minimum configuration in terms of system-wide configuration. So you should have a minimum system-wide configuration, you should have a minimum VPN zero plus VPN five one two configuration, and you should have some policy, some basic policy. These are the minimum configurations we are talking about. Okay? So once you have the minimum configuration and VPN interfaces are behind the net or VRF interfaces are behind the net, we should do the one-to-one NAT in between. That correct. Later on we'll discuss more about the minimum configuration related to all the devices. Correct. Finally, how are they going to communicate with the vij? So, once your control plane is up and running, my data plane will try to catch up. Now this data plan device may be behind the private cloud or maybe behind a private ISP, such as MPLS; maybe it is connected to the internet. So, for MPLS, you should have some sort of route leak to reach the public-hosted controller, and you should have some kind of code number enabled inside the firewall to do this communication between the controllers and the controller to the edge devices. We have some definite, defined ports that we should open if the devices are behind the firewall. Obviously, if you want to go to the public cloud, if you want to access the internet, those devices are behind the firewall, so you need to enable such ports. So you can see that we have two different colours from MPLS, and I can access all of the controllers via the internet. Also, I am reaching out to all the controllers because I want control over all the transport. I want the data connection over all the transports. All right, so this was the public cloud deployment. It's actually very easy to do. You tell Cisco or your service provider, a managed service provider, that I need controllers over the cloud, and they will provide them. The next task we should have to do is ensure that my data plan device reaches an appropriate firewall port.
In upcoming series of videos we'll goand discuss about on prem deployment. So here you can see that we havetwo dot, two described controller on Prem deploymentinside that hosting platform over KVM or ESXi,installing controllers scalability redundancy configure and verify thecertificate and void listing. So these are the series of videos that I'm going to record, and you will see that these actually are the building blocks for on-premises deployment. So one by one, let's discuss. Now, starting with the pre-deployment, what methodology do we have? Obviously, we are going to discuss in much more detail the configuration, configuration steps, deployment, and each and everything except how it looks like.So here you can see that now all these controllers are behind the firewall, which means at least your VBond is hosted inside the DMG firewall, and then you have a one-to-one net between the V manager and the V bond. We manage to be smart. Here you can see we manage to via Smart, youhave private means, you have PreNet with private color. And then in between we manage toV One and via Smart to Von. In the case of Onprem, we're doing one Nat. When you add the Edge device, communication will take place via two links on the edge device. One is going via the MPLS, and then it is reaching these private, private to private color.Because you have to reach via your media, via yourISPs to your controllers to form the control connection. And that's why you can see that you haveprivate color, you have public colour MPLS and theinternet and how they are reaching to the controlplane devices to build the control connection. And later on they will go and build the IPsec panels. All right, here you can see what ports you need to open; the default ports are ones to six. The interesting thing here is that they will jump by default, and they will jump five times. So, if your base port is 12346 and they jump by 20 five times, the next time it will be 66, then 86, and so on. Likewise, they will go, and they will reach up to this point. So if I jump by 2025 times, means if Iadd 100, I can see that all these devices, theyhave their TCP different port and UDP different port. We have options to do the offset as well, but it's better if we go ahead and refer to the data set by default. This is the nature12346 jump of 24 or five times in the case of UDP. And again, you can go and check the TCPport numbers for all the devices. So in between V One and two other devices, V One will always form DTLs, which are nothing but UDP-based SSL. And for V Smart, which we manage here, you can see in the diagram as well that we have options. even with the edge devices we have option they canfrom on the UDP or TCP channel as well. However, no configuration is possible here. You have to do the configuration changes at the label of the control plane devices or the controller devices. All right? So if these devices are behind the firewall, you have to go there and open the related port. Otherwise, the control connection plus the data connection will not look like this after the deployment. Here, you can see that you have a cluster of three. We manage. Now I have two interfaces. One is going towards the ISP—that is my transport interface. So here, you can see all the devices. They have their transport interfaces. Inside VPN zero, I have an out-of-band management interface. Everything is going to the DMG firewall, and only bandmanagement or the admin can access all the devices. Now, once you are connected to the transport subnet, there are chances that you may have multiple types of transport. This is an on-premises controller deployment, as shown here. Similarly, you could have your controller hosted in the cloud. This is one type of summary type of diagram where, for example, we have on-premises and cloud-deployed controllers as well. Now, in all those cases, you can see that you have the transport. So you have your MPLS hub, you have the internet hub, and you have the data plane devices going and communicating with the branch. Suppose I have my branch here and you can see that I have internet, say MPLS and internet, and then I can go to the MPLS hub. These are nothing but, for example, transit hubs. So while you're doing the migration at that time, you must have a transit hub that can communicate from SDWAN to non-SDWAN, non-SDWAN to SDWAN, or SDWAN to SDWAN. Okay, so here you can see what terms we have and how the traffic will flow. So I have my IPsec channel from branch to branch; communication will form like that. But for the control plane, you should have DTLs or TLS tunnels towards your controller or control plane devices. So that's why they're going through MPLS or the internet here; they're getting there and forming the control connection with the controllers. So you have the public IPS or default route to the controller, the transport specifications, transit hubs, and ST Van hidden; all of these are nothing but transit. Then you have the firewall; you may have it at any point. So at the moment, you're facing either the public cloud or public transport, or maybe private transport as well. It depends on what security measures you have. You can set the firewall to do the netting and the default routing as well. So we're using both purposes—we're netting—or maybe we have some really default routes as well. Then we have the panels' interfaces with these things. We know we have the cluster, and we have the outer band management. So this is the active data centre where you have the public address and the private address. You can see in the diagram you have thepublic and the private addresses and same you mayhave for the backup data centres as well. All right, so this is the way that after theappointment the thing will look like even in our lab. Also, we are going to do a certain deployment, and you can easily see and understand the topology, but different networks have different topologies and require different types of deployment. But the thing is that some common things are there that will not change for all the deployments. That means, first of all, you have to choose whether you want the cloud-hosted controller or one on-premises. So a customer may have A or B. Now once you are going with A, say cloud-hosted, then you have to think about how my data centre migration will happen because the order is this: deploy the cloud controllers or on-premise controllers. So first of all, deploy the controller, then deploy or migrate the data centre devices to migrate the data centre devices from Van or from existing Van to SDWAN, and then proceed parallel to the migration for the branches. All right, so let's stop here and we'll continue this.
Go to testing centre with ease on our mind when you use Cisco CCNP Enterprise 300-415 vce exam dumps, practice test questions and answers. Cisco 300-415 Implementing Cisco SD-WAN Solutions (ENSDWI) certification practice test questions and answers, study guide, exam dumps and video training course in vce format to help you study with ease. Prepare with confidence and study using Cisco CCNP Enterprise 300-415 exam dumps & practice test questions and answers vce from ExamCollection.
Cisco 300-415 Video Course
Top Cisco Certification Exams
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from email@example.com and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.