Cisco Catalyst SD-WAN Service Insertion At a Glance

At a Glance

Available Languages

Download Options

  • PDF
    (783.0 KB)
    View with Adobe Reader on a variety of devices
Updated:December 5, 2023

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (783.0 KB)
    View with Adobe Reader on a variety of devices
Updated:December 5, 2023
 

 

Security requirements continue to grow

As traffic on-premises and in the cloud continues to increase, so does the need to monitor, inspect, and secure that traffic for your users. Inserting security services has traditionally been a complex operation, especially if multiple services need to be chained. Routing and forwarding policy, maintaining traffic symmetry, and service scaling are all challenges that make service insertion a daunting task for network operators.

Expanding on our secure networking portfolio, Cisco Catalyst SD-WAN is introducing service insertion capability, automating the flow of traffic to any service (physical or virtual, Cisco or third party) attached to Catalyst SD-WAN routers anywhere ‒ on-premises, in the cloud, or a colocation facility.

Save time and reduce complexity with Cisco Catalyst SD-WAN Service Insertion

SD-WAN Service Insertion abstracts and automates the on-demand chaining and insertion of services into the Catalyst SD-WAN fabric. The automation provides intent-based workflows to chain multiple services and enable traffic steering through service chain policy. This capability also offers the mechanisms to implement bidirectional traffic symmetry, as well as multiple ways to attach services, including IPv4, IPv6, dual-stack, and tunneling.

Automate and deploy service chains anywhere in SD-WAN fabric

Figure 1.            

Automate and deploy service chains anywhere in SD-WAN fabric

Benefits of Cisco Catalyst SD-WAN Service Insertion

      Simplified IT: Simplify configuration and management of service chains across the network.

      Reduced operations: Reduce operation cycles via automated service insertion and visibility of one or more services on any router located anywhere.

      Enhanced security: Bring your own service and enhance network security posture with consistent policy across multicloud and on-premises environments.

Key capabilities

      On-demand services insertion: Automation to easily insert services into the Catalyst SD-WAN fabric.

      Intent-based automation: Orchestration workflows capture and execute on the service insertion intent to build and attach the service chain.

      Service chaining: Chain up to four different services without the need to manually stitch them together.

      Any service: Bring any Cisco or third-party services to be inserted.

      Any location: Services can be located anywhere – on-premises, in colocation facilities, or in the cloud.

      Any form factor: Services can be virtual or physical in nature. Similarly, the SD-WAN router acting as the service chain hub can have a virtual or physical form factor.

      Flexible traffic selection for service application – Use control policy, data policy, and/or interface ACL to match traffic and steer it towards a service chain.

      Define once, deploy multiple times: Different service chain definitions and configurations can be created and used repeatedly to deploy the appropriate service chain at the desired location at the desired time.

How it works

Key steps for service insertion are:

1.     Define the service chain: Define the services in the chain and their sequence.

2.     Attach it to the hub router: Configure service chain parameters and attach it to the desired Catalyst SD-WAN router (service chain hub). Service chain reachability is thus advertised by the hub to the Catalyst SD-WAN controller.

3.     Define service chain policy: Define the policy to match traffic or routes and apply it to all traffic origin sites.

Once the above steps are completed, traffic is steered through the service chain hub and associated service chain in accordance with the service chain policy (Figure 2).

Steps for service insertion

Figure 2.            

Steps for service insertion

Learn more

To learn more, visit cisco.com/go/sdwan-security or contact your account representative.

 

 

Learn more