DTLS control plane connection: Each edge router has a permanent DTLS connection to Cisco vSmart Controller. A permanent connection is established after successful device authentication, and an encrypted payload is carried between the edge router and the vSmart Controller. Route information necessary for the vSmart Controller to determine the network topology is the content of the payload, and calculate the best routes to destinations and distribute this route information to the edge routers.

OMP (Overlay Management Protocol): OMP runs inside the DTLS tunnel carries the routes, next hops, keys, and policy information, required to establish the overlay network. OMP runs between the edge router and vSmart Controller, which carries only control information.

Protocols: Standard protocols, like OSPF, BGP, VRRP, and BFD are supported by the edge routers.

RIB (Routing Information Base): Routing tables of edge routers are populated automatically with direct interface routes, static routes, and dynamic routes (BGP and OSPF). Route policies will decide which routes are to be placed in the RIB.

FIB (Forwarding Information Base): The CPU on the edge router uses FIB to forward packets.

Primary Cisco SD-WAN Components

Netconf and CLI: Netconf is used by Cisco vManage to provision an edge router. Each edge router provides local CLI access also.

Key management: Secure communication with other edge routers is established using symmetric keys generated by edge routers, using IPsec protocol.

Data plane: Data plane functions, like IP forwarding, IPsec, BFD, QoS, ACL, PBR (Policy Based Forwarding) are provided by edge routers.

.The OMP session with the Cisco vSmart Controller forwards the RIB in the edge router, providing the reachability information necessary to build the overlay network. There is a Trusted Board ID chip in the hardware edge router, which is a secure cryptoprocessor, containing both the private key and public keys, along with a signed certificate. All this information is used for device authentication. When an edge router initially starts, we need to enter minimal configuration information, such as the IP addresses of the edge router and the Cisco vBond Orchestrator. With all this information, the edge router authenticates itself and establishes a DTLS tunnel with the vSmart Controller, and receives and activates the full configuration from Cisco vManage. Alternatively, a configuration file can be downloaded manually or create a new configuration on the edge router using a console connection.