Glossary of Key Terms

A

App-Route Multiplier Determines how many App-Route poll intervals should be considered when making the determination about the SLA compliance of the tunnels. The default value is 6, and the maximum is 6. This value is configured per router.

App-Route Poll Interval Defines the period of time to collect Bidirectional Forwarding Detection (BFD) probes for analyzing the statistical performance of the SD-WAN tunnels and making a determination about SLA compliance. This value is configured per router.

Application Programming Interface (API) A flexible interface beyond the traditional user interface that can be used programmatically to manage and monitor an application, device, or operating system.

Artificial Intelligence (AI) The use of compute power to make human-like and informed decisions based on real-time data in the environment.

B

backup-sla-preferred-color An optional configuration argument that allows for the specification of a selected color or colors to use when forwarding a class of traffic in the event that no tunnels meet the required SLAs.

BFD Hello Interval Specifies how often a WAN Edge router will send a BFD probe on a tunnel. This value is configured per router, per color.

BFD Multiplier Specifies how many consecutive BFD probes can be sent without a response before the tunnel is declared to be down. This value is configured per router, per color.

Bring Your Own Device (BYOD) A common enterprise administrative policy that allows for employees to connect to enterprise networks or the Internet with personal devices such as phones and tablets.

C

Centralized Policy A centralized policy can affect the entire Cisco SD-WAN fabric and is activated on the vSmart controllers.

Certificate Authority (CA) An entity that is responsible for signing certificate requests and issuing SSL certificates. Since SD-WAN components are configured to trust the organization’s root CA, any certificate generated or signed by the root CA is also trusted. Hence, SD-WAN components will inherently trust the identity of one another since they share the same mutual trust of the signing root CA.

Cisco Application Centric Infrastructure (Cisco ACI) A software controller–based solution by Cisco that uses SDN to deploy, monitor, and manage enterprise data centers and clouds.

Cisco Software-Defined WAN (Cisco SD-WAN) A software controller–based solution by Cisco that uses SDN to deploy, monitor, and manage wide area networks.

Cloud Shared compute and application resources that exist in a domain away from the physical enterprise network, such as the Internet or a shared data center. Examples include Amazon Web Services (AWS) and Microsoft Azure.

Colocation A colocation (colo) is a data center facility in which a business can rent space for servers and other computing hardware. Typically, a colo provides the building, cooling, power, bandwidth, and physical security while the customer provides servers and storage.

Color An attribute that allows the solution to identify specific transports with a color and influence how the data plane is built.

Command Line Interface (CLI) Method of configuring network devices individually by inputting configuration commands.

Control Plane (vSmart) This element is where all control and centralized policy will be enforced. Calculation of the routing table and distribution of encryption keys are handled by the vSmart.

Control Policy A control policy manipulates routing information and can be used to affect how traffic is forwarded through a WAN Edge.

D

Data Plane (WAN Edge) The component where data traffic is terminated and encapsulated across the SD-WAN fabric. The data plane is only built between WAN Edges.

Data Policy A data policy directly impacts the forwarding of traffic flows through the WAN Edge router.

Direct Cloud Access Forwards SaaS traffic (such as Office 365, Salesforce, Box, Google, and so on) from the branch directly to the Internet or the backhaul path to the data center (DC) based on candidate path performance. It ensures the best SaaS application experience and also reduces the IT WAN cost.

Direct Internet Access (DIA) Accessing the Internet through local egress at the remote site rather than backhauling through a data center.

E–I

Extranet An extranet is a restricted communications network, typically used to allow business partners in different organizations to have a private and secure communication channel.

Forward Error Correction The process of including additional information, called parity, into a message so that if part of the message is lost or corrupted, the whole message can still be recovered.

IDS/IPS Intrusion detection systems (IDSs) analyze network traffic for signatures that match known cyberattacks. Intrusion prevention systems (IPSs) also analyze packets, but they can also stop the packets from being delivered based on what kind of attack is detected, thus helping stop the attack.

Inbound Control Policy A control policy that is applied to OMP updates sent from the WAN Edge to the vSmart and applied before the vSmart performs the best-path selection algorithm.

Infrastructure as a Service (IaaS) Virtualized hardware that is outsourced to providers and that typically runs in the cloud.

Internet of Things (IoT) A collection of nontraditional network-connected devices that are typically unmanned, such as manufacturing equipment, lighting, security cameras, and door locks.

L–M

Localized Policy A localized policy will only affect a single WAN Edge router and is configured in the device template.

Machine Learning A subset of artificial intelligence (AI) used to gather data and information from the network environment to constantly learn, adapt, and improve the accuracy of the AI.

Management Plane (vManage) The element where day-to-day administration of the SD-WAN fabric will be achieved. vManage is the single pane of glass where configuration, troubleshooting, software upgrades, and monitoring will be achieved.

Multidomain An end-to-end network architecture that comprises different types of solutions to fit the requirements of each individual environment, such as campus, WAN, data center, and cloud.

Multi-topology A network design where different VPN segments have different logical topologies. Some VPNs may be able to establish direct communication with each other, while other VPN segments may have to communicate indirectly via a third site, and other VPN segments may not be able to communicate at all.

N–O

NAT Fallback The process of forwarding traffic that would have been NAT’ed through a local egress interface across the SD-WAN fabric instead when no local interfaces are configured for NAT in an operational state.

OMP Route The route advertisement responsible for carrying information about data prefixes. These routes are usually LAN subnets.

Orchestration Plane (vBond) vBond is the glue that brings all the other components together. The orchestration plane distributes vManage and vSmart information to the WAN Edges and also authenticates all the Cisco SD-WAN components.

Originator A matching criterion that is used to select the WAN Edge that did the initial advertisement of a route or TLOC.

Outbound Control Policy A control policy that is applied to OMP updates that are sent from the vSmart to the WAN Edge and applied after the vSmart performs the best-path selection algorithm.

Overlay Management Protocol (OMP) The routing protocol of the fabric. OMP is utilized to distribute all routing information, encryption keys, and other policy information. OMP runs inside of a DTLS/TLS tunnel between the vSmart and WAN Edges.

P–R

Packet Duplication The process of forwarding a redundant copy of a traffic flow down a duplicate path in order to protect against packet loss.

Preferred Color An optional configuration argument that allows for the specification of a selected color or colors to use when 556forwarding a class of traffic, as long as these classes are compliant with the SLA Class.

Quality of Services (QoS) The categorization and prioritization of traffic in a network typically based on application type and requirements.

Role-Based Access Control (RBAC) A policy-neutral, access-control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role, and role-role relationships make it simple to perform user assignments.

S

Service Insertion The process of redirecting a network flow to an additional device for the purposes of performing a function on the traffic. Common network services include firewalls, load balancers, and caching engines.

Service Level Agreement (SLA) A commitment made by a service or application provider to customers for a minimum level of service or uptime.

Service Route A route that advertises a service, such as a firewall or intrusion prevention system, to the rest of the network. Policy can be deployed that forces traffic through these services.

SLA Class List A type of list that allows the administrator to specify the maximum loss, latency, and/or jitter on an SD-WAN tunnel that a specific class of traffic is forwarded across.

Software as a Service (SaaS) Software applications that are outsourced to providers and that typically run in the cloud.

Software-Defined Networking (SDN) A process by which network flows, rules, and operations are defined and deployed from a centralized controller rather than on each individual network device.

Strict An optional configuration argument that specifies that the class of traffic should be dropped rather than forwarded in the event that no classes meet the required SLA.

T

TLOC A route that distributes next-hop information and also connects the fabric to the physical underlay. Data plane deployment can be influenced by manipulating Transport Locator (TLOC) information.

tloc-list A list element that can contain references to one or more TLOCs described by their system IP, color, and encapsulation. It may also include the optional arguments of Weight and Preference.

Transit VPC Using a transit VPC is a common strategy for connecting multiple, geographically disperse virtual private clouds (VPCs) and remote networks in order to create a global network transit center. A transit VPC simplifies network management and minimizes the number of connections required to connect multiple VPCs and remote networks.

V–Z

Virtualization Applications and software that are abstracted from the underlying physical hardware resources and run as virtual instances.

vSmart vSmart is the control plane of the fabric. The vSmart acts as a Border Gateway Protocol (BGP) route reflector but is responsible for distributing encryption keys as well.

Zone A zone is a grouping of one or more VPNs.