Cisco is pivoting from traditional networking towards software-defined networking, and its target market is the industrial IoT sector.
A Paradigm Shift
Since the last decade, use of IIoT in verticals like clean energy grids, smart cities, utility, road and railways, have been blowing up, attracting investments from big corporations. A lot of these companies require capabilities like auto-VPN, next-generation firewall, cellular connectivity for remote sites, and in some cases, advanced routing.
“The industrial IoT customers are not using bleeding-edge technology. For them, what is important is availability,” said Emmanuel Tychon, Sr. Technical Marketing Engineer at Cisco.
When it comes to IIoT, there are three things that make the top of the list for networking vendors – operations at scale, security and ease of use.
But customers are willing to take a chance and sacrifice their security needs, if the trade-off is availability.
“The supply chain and even manufacturing plants are ready to balance a little bit of the security to make sure that the network is running all the time,” he noted.
The capabilities of SD-WAN align well with the demands of these sectors including smaller use cases like ambulance, fire trucks and police departments.
Back in 2018, Cisco started entering the SD-WAN space by making support available on a small, regularized platform with the IR1101. As SD-WAN gained prominence, Cisco expanded support, including other models from the portfolio.
A Dissection of Software-Defined WAN
Three elementary units make the SD-WAN – the underlay or the hardware infrastructure that provides basic IP connectivity via virtual tunnels, Service VPN that is responsible for natural segmentation and isolation, and the overlay that brings the two components together on a single plane and route traffic automatically.
“The overlay runs in software on top of the normal router and is building a software fabric. This fabric is a bunch of IPSec tunnels running between the edge routers,” Tychon explained.
These very capabilities compliment the set of requirements common across IIoT use cases.
“What is perfect for our OT case is that we want those routers to communicate with each other or with a hub with no configuration whatsoever. Who wants to configure IPsec tunnels manually?” With SD-WAN, it happens automatically
But SD-WAN, in its current form, is not equipped to meet all requirements to a tee. At Tech Field Day Extra at Cisco Live US 2024 Cisco talked about the ways it is working to improve SD-WAN’s applicability for IIoT use cases.
An SD-WAN Tailored for IIoT Use Cases
The Cisco SD-WAN solution packs targeted capabilities designed to meet the unique requirements of industrial networks. It brings countless capabilities to one dashboard and provides simplified and centralized management of edge devices.
Tychon highlighted security policy implementation. Pushing policies to the edge devices is a protracted process.
“If you want to run a security policy across a number of edge devices, even in autonomous mode, you’ll have to configure routers manually one by one, maybe use zone-based firewall, which is good, but there’s really no way to manage that from a central place, and also, it’s only just a firewall.”
The management plane for Cisco SD-WAN is the Catalyst SD-WAN Manager, formerly vManager. It’s a highly customizable dashboard that lets you see across the network, get intelligence and insights, leverage automation, and implement security policies based on threat data.
The Catalyst SD-WAN Manager uses NETCONF/YANG to talk to the data plane. “The advantage of a YANG model is that when you tell the router a new configuration, it is smart enough to just apply the difference and change one line or one IP address between the two.”
With CLI, it’s a much more complicated process.
The next-generation firewall offers a breadth of advanced security capabilities like signature scanning, malware detection, deep packet inspection, intrusion prevention and application awareness, that traditional firewall does not cover.
The integral component delivering these capabilities is Unified Threat Defense (UTD), a feature built into Cisco’s network operating system (NOS) IOS XE. Packed as an application in the NOS, UTD automatically loads and deploys on the router. The UTD appliance scans all traffic on the router, performing repeated security checks and enforcing policies.
The Alternative
All said and done, one can’t deny that SD-WAN is a novel paradigm that advocates a way of networking. It takes unlearning of the old ways and wisdoms, and breaking old habits to embrace it. With a “fear of change” culture dominating many organizations, this is an unsurmountable barrier for some.
“Not all customers are ready to move to SD-WAN. They’re not willing to redesign the network and would like to keep their existing configuration as much as possible,” told Tychon.
Cisco SD-Routing is a solution for those customers. A subset of SD-WAN, it is often referred to as the SD-WAN non-fabric. Unlike SD-WAN that constitutes multiple solutions, SD-Routing subsists on a single solution – the SD-WAN manager software. This provides the same operational agility and reduced OpEx for traditional routing deployments.
The only difference is the fabric and the functions that come with it. “The routers do not join the fabric.” SD-Routing runs IOS XE in autonomous mode, instead of controller mode..
Cisco SD-Routing makes a fitting solution for customers unwilling to take the leap for a few extra features, and can do without SD-WAN’s signature segmentation and auto-VPN capabilities. For them, it offers easy management, deep visibility and unified threat defense delivered in one solution.
Don’t miss Cisco’s other presentations from the Tech Field Day Extra at Cisco Live US 2024 at the Tech Field Day website. Also check out my colleague, Tom Hollingsworth’s article – The Legacy of Cisco Live – that captures the popularity and fervor of the event and the Cisco community in a short and engaging read.