300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) Certification Video Training Course Outline
Describe Cisco SD-WAN Architectu...
Describe Cisco SD-WAN Architecture and Components
300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) Certification Video Training Course Info
Gain in-depth knowledge for passing your exam with Exam-Labs 300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) certification video training course. The most trusted and reliable name for studying and passing with VCE files which include Cisco CCNP Enterprise 300-415 practice test questions and answers, study guide and exam practice test questions. Unlike any other 300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) video training course for your certification exam.
Describe Cisco SD-WAN Architecture and Components
7. vEdge Features & terminologies used
In this section, we are going to learn about the V edge features. What specific features do we have with the V aged?In terms of underlay, we have T lock, IPsix, Webtiller out, and bi-directional forward detection. So one by one, I will go through and explain each and everything. First and foremost, let's go over the terminology we'll be employing. Here you can see that we have OMP, we have T Lock, and there is actually a conjunction between OMP and T Lock. That's the overlay management protocol and the Transport Locator. Transport locators are working as next hops. I'll show you how they work as a next step in the following slide. And OMP is your actual control plane. Suppose your OMP is down. That means your control plane is down. Then we have different SDWAN identifiers. IP.org is a colour site ID system. VPN is one of the terms you'll come across here. A site ID, for example, can be a group of the same devices in that specific site. System IP, which is similar to a loopback zero address or the router ID for BGP or OSPF, indicates that for that specific box, you have one system IP that is assumed to be always up or a name that is specific with the certificate, and you will learn and understand more about the organisation name during the bring up process. Finally, we have a VPN. VPN is nothing but VRF. So VRF and VPN are both the same. In Cisco SDW and webtilla withthey have started the term VPN. But in Cisco, you'll find that term is "VRF," or "virtualized routing and forwarding." But there is a lot inside this OMP and TLock that we will go over and discuss in upcoming sessions. One very important point to note here is that when we talk about the overlay management protocol and where it is running now because this is the protocol for V edge devices, they are pairing with OMP, and we have the OMP from via smart to V smart. Now the use case is big. Basically, in the OMP, they are exchanging the routing information, the security key information, and the policy exchange. Later on, we'll discuss more and more about that. But to simplify the SDWAN fabric and the routing security and policy infrastructure, we have OMP in between the dataplan device and the control plane. So in between the control and data plan devices, this OMP protocol is up and running. Now you can see the notes that explain the significance of the OMP. Obviously, they are running inside TLS or DTLs; they leverage address families. So, basically, they are routing, and they are exchanging control packages such as service routes, BFT, and uptown status. If you have any cloud on Ramp or Cloud Express, those are the features to track the SAS-based application's health. And if anything is down or it's not working,it can reroute or it can do the optimization. So these are the main important features. Again, you can see the IPsec encryption key exchange, and it will help for different types of policy exchange, whether it's centralised policy or localised policy, not all the localised policy, but you can tell central policy and routing policy, and in routing policy, again, you have the global and the local, etcetera. So later on, we'll go and discuss more and more about these policies, where you'll understand much more about the policy as well as the use of the OMP. Now this slide is also very important, and I put it here for some purpose. So let me try to explain here. And suppose you are coming from the Cisco Ivan world; you'll find that your device is facing the van. So you have two interfaces. Basically, one is a van-facing interface, and the other is an interface that may face land or any type of other service, maybe some third-party routers or maybe Cisco routers, non-SDM devices, et cetera. So you have a phishing interface that we are describing as a transport VPN. And then you have a non-van-facing interface that can be termed a service VPN. You have one other as well, for out-of-band management. You can also see the outer band management interface here, which allows you to manage the device when it is not in use. So here you can see that you have an untrust zone because this is the van-facing interface, and then you have a trust zone. Internally, you have different types of zones, and that is for a purpose. Now these VPNs that you are seeing here,they are nothing but they are the VR. And, once again, if you're coming from IvanWorld, intelligence, or Cisco intelligent van, these are all front-door VRF, okay? These are nothing but front-door door VRF.So you have the physical interfaces tied here, and then you have the tunnel interfaces, and then you are creating the tunnel either with MPLS or the Internet. Okay? Here you have your global routing table, and here you have virtual routing for writing instances. So like that, you can go and compare them. Now we have one very important slide, and this is one of the most interesting and important slides. We have MSD and fabric, which gives you a clear picture of the relationship between the underlay and the overlay. OMP is my overlay protocol. T-Lock collaborates with OMP as an underlay. If you look at this diagram, you'll notice that you have a Vs device. This Vs device has two interface. For example, one is VPN zero interface, the otherone is service interface, that is VPN one. So here you can see VPN somewhere, and you are learning the prefixes. So here is your prefix: For example, X-1 is your prefix that you are advertising with your service-side VPN. Then here, you can see that you have VPN 0 that is tied to three different ISPs' Internet MPLS. And because I have three different ISPs, that's why I have three different colors. So now here you can see that green, orange, and blue one. They are referring to three different ISPs. Now later on in the T-Lok section, you'll come to know that T-Lock has a minimum of three main attributes. So they have system IP, they have color, and they have encapsulation. Third is encapsulation. So for example, the system IP for the box will be the same. Here you can see the system IP is 100 10.Then the encapsulation will also be IPsec. For example, we want IPsec tunnels. But how will we at Smart understand that the prefix is coming either via Internet transport or MPLS transport or 4G transport? So the deciding factor will become the color. So now, when the VA Smart learns X one-subnet, he has the option of going to overlay, which means that the underlying route should be advertised inside the Overlay protocol. That is nothing but OMP's overlay management protocol. But OMP will understand this. OMP is learning which T-lock to use. Remember, this T-lock is very similar to the BGP next hop. So when we are Smart will learn X one, hehas to resolve that next hop is internet or nexthop is MPLS or the next hop is 4G. Which particular transport? I am learning this now. Next stop is not just a next stop IP, but this is a combination of three things: the system IP, color, and encapsulation. And it's the conjunction—the relationship between the underlay and the overlay underlay—that tells the story. Hey, overlay. Since you have done your registration, since my data plan and your control plan are both up and running, and since I have the OMP relationship with the Vs Smart, I want to send my network via the underlay with the help of the OMP protocol to the Vs Smart. Now, the VS Smart is working as a route reflector. At the moment, Smart will learn the prefixes. He will reflect that routeto the different different sites. Assume that if you don't have policies, it will reflect on everyone. If you have policy, then it willreflect only to the selected sites. Okay? So that's the main thing we have here. And if you summarise this particular slide, you will understand what is meant by service-side VPN. So let me try to write here. What are the things we have? What are the important things we have? So you should understand that. Assume you have one device and he has his V route, where the V route is nothing but victory, say X one. And then suppose if you have three different transports—we know the routing is happening with the control plane. So somehow now these three transport for example MPLS,Internet and 4G, you have T lock associated tlockone, T lock two, T lock three. Again, T lock is nothing but system IP colour and encapsulation. So the prefix that the Vs. Smart will learn is "s." He will learn by default with each of the three different ISPs or colors. And since he's working as a route reflector who has registered with Vs. Smart as the OMP pair So whichever side you have as an OMP peer, he is also an OMP. So he will simply reflect that X peer to all of the OMP peers within specific VRS or VPNs. Suppose this is VPN One, so it will reflect all the devices on the fabric side of VPN One. And that's the way that T. Lockand and OMP are working in conjunction. All right?
8. Transport Locators TLOCs
The next important topic is transportation locator, also known as T-lock. Later in the routing section, we'll learn more about transport locators in this session. Let's at least understand: what is the use of this T-Lock lock? How? T-Lock is very important and significant in the SDW solution. Now, here you can see that all the devices have their own T log, which means they have their own system, IP, color, and encapsulation. At least these are the three attributes of T. Lock. But there are more as well. These are the main three attributes. Now, what these devices are doing with the help of the OMP session that they have with V Smart is sending their local T lock to V Smart. Again, this Vsmart is working as a route reflector, so we can redistribute the T-lock across all the devices. Okay? So that's why you can see here that we are smart. They are advertising the T-Lock to all the devices and the Smart Lock to Via Smart via the OMP. And all these devices have their own local transport locators. Now, in the next diagram, it will get much more clear. So, now you can see here that I have the transportation locators, and we have the colours green and yellow. just to show you that you have to transport. So, for example, MPLS and the Internet, as well as all of these local T-locks that are collected via We Smart and then distributed throughout, okay? Because, as previously stated, Via Smart is acting as a routereflector until policy is established; they will distribute or advertise these locks or routes to all. Again, we have the significance. So, let me explain to you first about this color. Because all the time we are talking about colours, what exactly does each colour mean? This colour is just an abstraction used to identify individual van transports. So, the meaning of this colour is an abstraction to identify the van link. Now, here, you can see that colour has two parts. Color can be both private and public. And these are the fixed things. So, I have private colors. Say, for example, private one, private two, up to six. So, in addition to MPLS and Metro Ethernet, I can provide six private colors. These are the fixed private colors. Suppose I want some custom-made color; that option is not there. You have these options. Similarly, for public color, you have options such as 3G LTE, business, internet, and so on. These are the fixed colors. And here you can see sometimes we do mistakethat we are thinking that colour is a label. But colours are a keyword. They are not labels. They are not marking or tagging. They are the keyword. They are the transport abstraction. Okay? Now, these T-locks are coloured because one of their attributes is color. This T-Lock is nothing but the next hop. So this T-Lock is nothing more than the next hoptype of an advanced attribute and such. And with this T-lock, you have the system IP colour and encapsulation. You can see here and here. So let me quickly go back, and let me show you the diagram. You'll find it very interesting in the telo that assumes you're forming the IP SEC connection on top of the T lock. Now suppose if you have two internet connections: the local T lock for this guy is T one and T two, and the local T lock for this guy or this VH is T three and T 4. Now here, you can see that T1 can form an IPC connection with T three.T One can form an IPC connection with T Four. Like t two, t two can form t three and t four. If you are both on the same website. Suppose the site ID is 100, and they are not forming the IPsec connection. Suppose if you have multiple devices in samesite, obviously they have their own T lock,but they will not form the IPsec connection. Likewise, other different site, by default they canform the IPsec connection until unless you havethe use case that you want, that samesite will form the IPsec tunnel. By default, they will not form. Now, here is a nice example. We have that. For example, if you have different transport, you can see in this diagram that you want an IPsec connection with T1 and N3. T one Nt three are Internet, t two and T four. They are representing MPLS. So, you can do this means samecolor can form the IPsec tunnel. However, if you want that different colour from your IPsec connection as well, So you do not use the restriction. Suppose if you use the "colour restrict" keyword, then the same colour will form the IPSE connection. If you are not using the colour and then the restrict keyword, then different colors For example, T one can form IPsec with T four,t three can form IPsec channel with T two. Or, at least, they can try. If they are different colours without the restrict keyword, they will form the IP section, or they will try to form the IPSC tunnel. That's the significance. Now, we have one small example here. Let me quickly show you so how we can identify. Suppose I have one branch called branch two. This branch has two connections. One is going towards MPLS, this blue link, and one is going towards the Internet, that green one. So, what will the T lock be? We know that system IP is ten 40 oneencapsulation for both the transport having IP SEC. But the T one, for example, this is representing T one. So one will be, for example, MPLS. That's the colour that we are using. Likewise, if you want to write the Ttwo, what will be the T two information? So T two will be T two will be ten 40 one. Then colour is ipsick. And then finally, the encapsulation is, for example, the colour of "bills Internet." That's the color. So you can identify the transport locator in this manner, and they will be advertised to ViaSmart, who will then advertise or redistribute to the other side devices. All right, so I hope you understand what the significance and importance of T Lock are, what the main building blocks of T Lock are, and how to lock. That is the underlay. Or you can say that the guy who isdoing the communication between the underlying and overlay. So T-Lock is responsible for communicating with the OMP that is your overlay. So how things are connected in the SDWAN fabric.
9. IPSEC Data Plan Security
The next important topic is IPsec. Now, see how my edge devices are forming the IPsec tunnel. What is the significance and what is the change? So, when comparing traditional or existing network work to SDWAN, what is the difference we have inside this new setup, inside this new SDWAN fabric? Now, you can see that in the traditional network, and it's actually nicely explained here. If you have IPsec tunnel and suppose if you have 12345six devices, so what these devices will do, all these devices,they will try to send their IPsec key and they tryto form the IPsec tunnel with each other. So in this case, the overall key complexity will be something in squares, or approximately any square. So six devices means yourkey exchange complexity is 36. Suppose you have 6000 devices, so you can understand 6000 square. That's the key to complexity because there is no central authority to whom you are sending these parameters, these values, and who can exchange all this information with the other devices. So what does it mean that there is no V Smart type of controller where all these devices are connected and assume they are one hop away from Vs Smart and then they send their key to the Vs Smart and it is the Vs Smart's responsibility to exchange the key? Now, if we do like this as shown hereso at that time the key exchange complexity willreduce to end only because all the devices theyare sending their key just one time or periodicallythey are sending their key to the Vs Smart. And it's the responsibility of Via Smart to work as a key manager to manage all the keys. So now, what is happening behind the scenes is that, if you have two edge devices, suppose this one and this fifth, they want to form an IPsec connection. Obviously you have transportation in between—they have their local T lock.We know T lock is system IP colorencapsulation what they want, they want the key. So obviously they have their local key and they have a remote; they want a remote key as well. But in a very simplistic manner, they have a local T-lock; they have a key. What they are looking for is the remote T-lock information. Now this key information and remote T lock informationthe Vsmart will send because you are sending toVsmart and then Via Smart exchanging with other device. So he also has local T-lock, he also has his local key, and he wants remote T-lock information. You have sent your information to Via Smart. We will send to other sites like that through Smart. Whatever information Smart has, he will send to the other site, and then only they will form the IP set tunnel over the different transports. This is 100% optimised and we don't need to doany or write any type of code for data plane. At the moment you bring up the control plane and the data plane, they will form the IPC tunnel. Now here again, you can see how it is happening behind the scenes. Behind the scenes, we are sending the OMP T-Lock update. We know that inside the OMP update we are sending not only the T lock information but the key as well. So once he has the key, he will exchange with other devices, and then these devices will form the IPsec tunnel. So what are the things that are going to be triggered by default? Once your control plane is up, which means once your DTLs and TLS are up, then obviously we are smart and VS devices, and they have, for example, via smart and VS devices, an OMP peer up and running. Then they will start exchanging the values. So they will exchange the T lock,they will exchange the key parameters. The IPsec tunnel will be formed once they have exchanged all of these values and are reachable to their destination. Once the IPsec tunnel has been automatically formed, BFD will start tracking these channels. BFD is again a big topic. It's bi-directional forward detection. By default, after every 1 second, they will send their hello packet, and maybe they multiply six seconds or maybe seven seconds—just a multiplier. So they will send the packet 12345-6, and after 6 seconds they will determine the remote end is not responding. So tear down the tunnel. Again, the OMP update will go to the Vsmart, but the remote end is not responding. I want to tear down the tunnel, and Smart will send an update. Okay, tear down the tunnel, and if you have an alternate path, you can go via the alternate path. Okay, so these are the steps that are happening. You can see from 00:21 to 0:6 or 0. These are the things happening behind the scenes. Again, let's try to understand the same thing with some different diagrams. Here, you can see that you have the key. You can see you have the local key. And to form the IPsec, you need the remote key. You have the local key. To form the IPsec tunnel, you need the remote key. Obviously, you want to exchange the T lock as well. So you have local T lock,you need remote T lock information. Once you have all the information you can seeinside the OMP update, the keys are coming. Once these devices have the reachableVPN Physical Interface IP, they will travel over the transport and form the IP set tunnel. Okay, so this is the way they are forming the IPC tunnel. Here you can see the data plane tunnel has the highest bit of encryption: advanced encryption, standard AES 256. And this control plane also has AES 256 GCM encryption. Okay, so these are things that are happening. Everything is fully optimized. We don't need to worry about this until our control plane and data plane are operational; bring them up, and they will form the IPsec tunnel once more. You can see that you have the control plane tunnel, and you have the IP header. I just wanted to draw an example here: Suppose your service side VPN IP is tenone one, and your interface IP, for example, is one one one. That is the outer header IP. The other side IP is, for example, 2222 These are only VPNs, with no IPS. andthen again you have service side VPN that let's say forexample VPN ten where you have IP 21 one again thisis your VPN or VR f ten so how the packetformat will look like? It's very important and interesting the packet format will look likethat you should have the inner IP header where your sourceIP is ten one one then your destination IP is 21one this is your inner inner header then you should haveyour outer header so let me try to draw here sothen you have the outer header where you have the sourceIP 111 and then destination IP is two two two thenyou have IP again this IP I have already done thenyou have the UDP based IPsec encapsulation so you have UDPencapsulation then you have ESP encapsulation and then the packet willmove so this point of time the encryption will happen atthis end at the front door or at the transport sideVPN zero side and then once the package will reach herehere the decryption will happen they will strip off all theseencapsulation and the source and destination will reach or your packetwill be hand off so this is the way that thedata plane tunnel will come into the picture it is highlysecure so irrespective of what transport we are using our dataeither same Pls 4G or broadband it's a secure now again this is little bit advanced discussion that we have multiple VRFor VPN so we know that we have VPN zero thatis termed as a transport VPN we have VPN 12511 andagain from 513-26-5530 these are nothing but service VPN and thenfinally you have VPN five one two that is termed asa management VPN so these VPNs you have but later we'lldiscuss that our SDWAN solution they are supporting full multi topologysegmentation and what does it mean by multi topology segment solutionor multi topology segmentation? We can discuss later on later on wecan discuss suppose if you have VPN ten. VPN 20. VPN 30.VPN 40 or VR 20. 30.40 VPN ten can work as a hub and spoke20 can work as a full mesh 30 can workas a for example partial mesh or maybe you cando service redirection they can work as a service sharing40 can work as a guest user where I wantto enable the direct internet access pi so it's amulti topology support because the control authority is with thevia smart and the full fledged support is there. Again, if you want to see the data encapsulationand decapulation at least the encapsulation will happen atVPN side they will do the encapsulation, they willput the outer header and then they will sendthe packet with the label. So here you can see that if the packet is originating via the VPN Ten label and the destination is also inside VPN Ten, then they should propagate the label throughout the path. So obviously, you can see we have different labels inside the IPsec tunnel; they are propagating the label from the source to the destination, and then the handoff will happen. And you can see it's a scalable solution because the key complexity is just N, which is the number of devices, and it's highly secure, and the solution itself has this segmentation by default; it says segmented multi topology and end-to-end secure SDWAN solution. All right, so let's just stop here.
10. SDWAN vRoute or Service side vpn Routes
So what is the V route? The V route is nothing but the Teller route. And actually, it has several names. So, what are the different names for this V route? Vroud may be referred to somewhere as OMP, or it may be referred to somewhere as a service-side VPN route. Now, if I have a diagram, let me quickly draw one diagram before going further in the slides. Let me try to explain where exactly it exists. Assume you have your VPN set to zero. That is nothing but your transport VPN. At this point, do you have to lock routes or T locks? Then you have suppose for example, you have VPN ten. At this point, you have a V route. So whatever prefixes you are learning, maybe you're running some OSPF, some BGP, or any underlying protocol. Those prefixes that you are learning as IGP have terms such as retailer route, romp route, or service side VPN route. So that's the meaning we have. Now, let me go and show youthis big diagram that we have. very complex, but it's very informative. Now, here again, you can figure out that your servicesite VPN route will belong to VPN 1. So the site one prefixes are nothing but V routes. They want to reach the site's ten prefixes. Or maybe here we have the source, and here we have the destination. These are nothing but the V routes. how they will reach So, once you have the OMP registration, you are sending the update once you are registered with the Vs. Smart. Actually, OMP is sending the update. There is one command that you are always running: OMP advertise. for example, static or connected. So via these commands, these routes will get richor somehow they will reach to the VF smart. VF Smart is working as a route reflector. He'll look into the T locks or any next hop paths I have. We know that T-locks are nothing but the next hop. So, what is the T lock to reach certain attributes, a certain prefixor, or a certain destination? Can I go by T lock one, T lock two, or T lock three, and then they can do some sort of ECMP if all the attributes are the same? So that's a significance.Now, you may understand the logic behind this and why I overlay service-side VPN routes and other service-side VPN routes. This is the methodology by which the routes are getting exchanged. Until you have a control policy, until you have a policy at the level of smart, they will advertise, they will receive, and they will send everything. All right, so what are three important OMP routes we have? Ads Vroutes, or service-side VPN routes, are OMP routes. We have service routes. Now, these service routes are belonging to services likeFirewall, VPN, IPS, IDs, et cetera, et cetera. Then you have transportation routes. This is also very important information that weSmart need to get with the help of OMP. So all these routes that you are seeing are reaching with the help of OMP to the VsSmart, and then further, the VsSmart is taking the action because that is the intelligence behind the fabric. Now we have one diagram. In this diagram, you can easily identify all three different types of routes. Here, you can see that you have service-side VPN routes, which are nothing but the V routes. In addition to the V routes, you have a firewall as well. So these Firewall advertisement means this Firewall IP at leastthat will get advertised and reach to V Smart. So, once again, intelligent can perform service shining or service redirection. He should know the firewall or the service routes. So for example, this is one. This is one. This is one, and this is one type of route. Then you have another type of route that is nothing but your firewall, so suppose this is two, and then finally you have the third type of route that is nothing but the transport-located route, so here you can see the T-locks that are associated with the Egress interface, or it's very much like the next top attribute. So these are the three, and only these three, types of routes you have that my OMP needs to get, and then he can take any type of decision if you have any type of policy. So in that regard, if you have a policy and have all the information at the level of VRSmart, then we at Smart can go and take a routing decision or any type of traffic engineering service chaining or any type of control decision.
11. SDWAN Bidirectional Forwarding Detection BFD
Next, a very important topic is BFT bidirectional forward detection. Actually this is very important to understand thatBFE not only they are tracking or dataplane tunnel but they are one of thekey components for application aware routing policy. So let's try to understand first of all: what are the flavours we have related to BFD in the SD van? And then we'll go and check the use cases. So BFD, first of all, you have three flavors. One is BFD Hello, and that is per tunneler panel, meaning that whatever panels you have So for example, I have my VS device, and one interface is going towards MPLS and another is going towards the internet. So you have two physical connections over which you are creating two overlay channels. So you have two channels per channel. You have the BFT Hello packet going on to track the tunnel statistics, at least the liveliness of the channel, which is nothing but a BFD Hello packet. Then, second, you have something called the Paul interval. Now, in this Paul interval, you have one bucket, one big bucket, and you are putting the samples in by default. You are putting the 600 bft in this bucket. 600 BFT, which means 600 seconds. That means ten minutes. So you're taking the sample size, or you're taking the samples, or you're collecting the BFT for ten minutes. And that ten-minute BFT will give you average loss, latency, and jitter. And that's the reason this fall interval is per device. Remember, BFD Hello is per tunnel, but this fall interval is per device. Now, what is the use case? Suppose you want to check the history of loss, latency, and jet. So in that case, this fall interval has a multiplier, and we have the multiplier of say, six. Suppose you have six buckets. That is what you are doing. So please pay attention once more. So you'll understand. So what you are doing here is, first of all, you are collecting, or you have a BFD per tunnel. So BFD. Hello? Then, second, you have Paul's interval of 600 BFD or 602nd. That is nothing but ten minutes. That is again described as a bucket. So you have a bucket of 600 samples. Likewise, you have a multiplier of six. So 600 seconds into six is approximately That is exactly 1 hour or 60 minutes. So for 60 minutes, you have the history of lost latency jitter. This will give you the average of lost latency jitter, and this will collect the history of that. Now, when we are talking about the hello interval, that's the first case. Let me draw one more time on this. So what is happening in this case when you are sending the hello packet per channel? Here, you can see that you have multiple channels. Suppose this is one of the ranches, this is one of the branches, and this is one of the datacenters where you have one IPsec tunnel. You have this type of IP sectional because you have created this type of control policy. If you don't have any control policy, or if you don't have any policy by default, they will work as a full mesh. So you can see that your health package is every 1 second now. You can decrease or increase the default, which is 1 second, but it is in milliseconds as well. And then you have the multiplier of six as well. So that means you will send six hello packets, six BFT hello packets, or six BFT packets. If you do not receive a response, TenEL will be marked as down. You will update the VS smart that this panel is not responding, and then the VS smart will remove all the routes attached to that particular destination. And that's the way the routing is also working. Now here, you can see that we have the Paul interval. Here, you can see this is the BFE color. This is nothing but the Hello Timer. Later on in the app route section, I will explain this. Even in the device configuration section, I will show you what configuration options we have related to BFD Hello Packet. But if I go to the next slide, you'll see that you have not only the hello packet per channel, but also bucket. You have an average of latency jitter per device as well. You can also see the 600 BFT hello packets that we are inserting into the bucket. And then finally, you have the multiplier as well. So you're actually doing the collection by default ten times in ten minutes. And then six into ten will become 60 minutes. Here you have the summary that whatever we havestudied so far, you can see that what arethe tunable option or tuning option we have. So we have a hello interval of 1 second. That range can be seen as 126–5535. You can go and check the CLI command, BFD color, and hello interval. Then you have the call interval of ten minutes, which is nothing but 600 BFD or collecting. The CLI equivalent command is then BFD up route Paul interval. Finally, you have the multiplier for Paul's interval of six. That is the default. And then you have the BFD app route multiplier—that's a CLI command—that you can go and check. So again, this BFD is up at the moment your control plane data plan is up and your IPC panel is up. BFD will start tracking the liveliness of that particular channel. But BFD is not stopping just at this point in time. The next ask for BFD is to provide a SLA, which is the lost latency jitter for the application-aware routing policies. All right, so let's stop here.
Pay a fraction of the cost to study with Exam-Labs 300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) certification video training course. Passing the certification exams have never been easier. With the complete self-paced exam prep solution including 300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) certification video training course, practice test questions and answers, exam practice test questions and study guide, you have nothing to worry about for your next certification exam.