In the overlay network, the task of bringing up the routers occurs in the following sequence:

• The Cisco vManage, Cisco vBond Orchestrator, and Cisco vSmart Controller software starts on a server in the data center.
• Cisco vManage and vBond Orchestrator authenticate each other, then Cisco vManage and vSmart Controller authenticate each other, and the Cisco vSmart Controller and vBond Orchestrator securely authenticate each other.
• Cisco vManage sends configurations to the vSmart Controller and vBond Orchestrator.
• The routers then start in the network.
• The routers authenticate themselves with the vBond Orchestrator, Cisco vManage and vSmart Controller.
• Cisco vManage sends the total configurations to the routers.

You should be careful regarding the following points before the bring-up process starts:

• Only authenticated and authorized routers can access and participate in the Cisco SD-WAN overlay network. In order to deploy the highest level of security, Cisco vSmart Controller performs automatic authentication on all the routers first, then allows them to send data traffic over the network.

• Data traffic flow starts immediately after authentication, whether the routers are in a private address or in a public address space. A transport network, which connects all the network devices in the domain must be available in order to bring up the hardware and software components in a Cisco SD-WAN overlay network. Typically, all these components are placed in data centers and branch offices. The transport network can be of any type, including the Public Internet, MPLS, Layer 2 switching, Layer 3 routing, LTE, etc.

The Cisco SD-WAN zero-touch provisioning (ZTP) SaaS is used to bring up the hardware routers.