Secure SD-WAN

Packet Loss - Packet loss occurs when one or more packets of data travelling across a computer network fail to reach their destination. Packet loss is either caused by errors in data transmission, typically across wireless networks, or network congestion

Latency - is the delay between a user's action and a web application's response to that action, also referred to as total round trip time

Jitter - Jitter is when there is a time delay in the sending of these data packets over your network connection. This is often caused by network congestion, and sometimes route changes.

Basic Setup

Add SD-Wan members to zones (members are link / interfaces) (Logical interface groupings)

set a gateway - next hop for SD-WAN link

SD-WAN Rules

SD-WAN rules are define by traffic pattern or application with the preferred members and/or zones. These rules evaluated from top to bottom using the first match.

There is a implicit SD-Wan rule that just load balances the traffic across all SD-WAN members. (catch all rule if no custom define rule is matched)

There must be a valid route to allow the traffic to route through the SD-WAN and apply SD-WAN policy. There must also be an firewall policy define.

Session Flags

Policy Routes

Session table

Notes

SD-WAN controls egress traffic and not ingress!

AD-VPN (dynamic tunnels) Config policy inspection on the spoke (local site) as the traffic may not always go through the hub

CLI Love

diag sys sdwan member

diag sys sdwan zone