logo
Home Courses Plans Testimonials Blog About Us Webinars Digital Products Login
Contact us

SD-WAN from Scratch | 40 Hour Cisco Viptela Training with EVE-NG Labs | BridgeWhy

  • Let's learn how to design and implement Cisco SD-WAN solution

Created by Vishnu dutt

  • English and Hindi

About the course

For most of the last two decades,

the WAN looked like this. A few central data centers, a few large branches, a costly MPLS circuit terminating at each branch router, and all internet traffic backhauled to the data center for inspection. That picture made sense when applications lived inside the data center. It stopped making sense the day enterprises moved their applications to Microsoft 365, Salesforce, AWS and Azure. Suddenly the traffic that mattered most was the traffic going to the public cloud, and the legacy WAN was treating it as second class.


SD-WAN is the answer to that mismatch.

 It is not a new piece of hardware. It is a new way of building the WAN where the control plane (the brain that decides paths and policies) is separated from the data plane (the muscle that forwards the packets), so a small number of controllers can drive a very large number of edge routers in a consistent way. Once you separate the brain from the muscle, you can do things that the old WAN could never do. You can steer Office 365 traffic out of the branch directly to the internet. You can move a critical voice call from a degraded MPLS path to an LTE path in milliseconds. You can push the same policy to 5000 branches with one click. You can migrate from a 10 year old WAN to a new fabric without ripping out the existing circuits on day one.


This course teaches you SD-WAN from the absolute first principle. 

You will not be shown a vManage screen on day one and asked to memorise menus. You will first see what the legacy WAN looked like and what hurt about it. Then you will see the SD-WAN puzzle broken into pieces, with control plane and data plane on opposite sides of the whiteboard. Only after that picture is clear will you meet vBond, vManage and vSmart and understand exactly why three separate controllers were needed instead of one big box.


The course runs for 40 hours and is split into 30 lessons. 

Every lesson follows the same rhythm. First the why, told on a whiteboard with analogies. Then the how, shown in configuration. Then the verification, shown on EVE-NG. You will build your own SD-WAN lab from scratch on EVE-NG, bring up the three controllers, onboard edge routers, push device templates, watch OMP exchange routes, and verify TLOCs come up across multiple transports. You will then build control policies, data policies, application aware routing policies and tunnel restriction policies, and you will see each one take effect in the live lab.


Beyond the protocol, the course also teaches the design and deployment skills that interviewers actually test for. You will learn how to collect customer requirements before you draw a single diagram. You will learn how to write a High Level Design document that other engineers can read and execute. You will see migration patterns from legacy WAN to SD-WAN, including hybrid and parallel approaches, so you understand how this work happens in the real world where you cannot take a 4 day outage. You will also cover service chaining and Cloud OnRamp for IaaS and SaaS, which is the most modern part of the SD-WAN story and the part that hiring managers care about today.

The Package gives you both the Hindi and the English version of every lesson at one price.

The why first philosophy means you can take a concept in one language, then switch to the other language to lock it in. Many learners use the Hindi version to first understand the idea in their mother tongue and then switch to the English version for the exact terminology they will hear in an interview.


This is not a sales demo of vManage.

This is the course that explains why SD-WAN exists, builds the picture from zero, and leaves you able to design, deploy and troubleshoot Cisco SD-WAN with confidence. If you are coming from a routing background and you want to move into modern WAN, this is the course you have been looking for.


For deeper foundations, see Routing Fundamentals and BGP from Scratch. For comparison with the legacy WAN technology, see MPLS from Scratch.


what you will learn

Lesson 1: WAN History and problems associated with Enterprise Networks Part-1

You cannot appreciate SD-WAN until you feel the pain of the WAN it replaced. This opening lesson walks the timeline of enterprise WAN, from leased lines and Frame Relay to MPLS Layer 3 VPN. You will see what each generation solved and what it left unsolved, so the next lessons land on a prepared mind.

Lesson 2: WAN History and problems associated with Enterprise Networks Part-2

The cracks in the legacy WAN are not random. They follow a pattern. This lesson lists the specific problems: long provisioning times for MPLS circuits, vendor lock in, the cost per Mbps of MPLS compared to broadband, lack of central visibility, and the painful experience of backhauling SaaS traffic to the data center. By the end you will know exactly which problems SD-WAN must solve to be worth the move.

Lesson 3: Let us break SD-WAN Puzzle (Control Plane vs Data Plane) Part-1

SD-WAN looks intimidating because vendors throw twenty acronyms at you in the first slide. This lesson cuts through that by drawing one line on the whiteboard between control plane and data plane. Once that line is clear, every later acronym sits naturally on one side or the other.

Lesson 4: Let us break SD-WAN Puzzle (Control Plane vs Data Plane) Part-2

With the control versus data line drawn, you now map real Cisco components onto each side. You will see why a single integrated router cannot scale to 5000 sites and why splitting the brain from the muscle is not a marketing slogan but an architectural necessity.

Lesson 5: SD-WAN Controllers and Concept of Network Security Part-1

Three controllers exist in Cisco SD-WAN, and each one has a job. This lesson introduces vBond, vManage and vSmart, and explains the why behind having three separate boxes instead of one. You will also see how the controllers stay in touch with hundreds of edges without becoming a bottleneck.

Lesson 6: SD-WAN Controllers and Concept of Network Security Part-2

Security in SD-WAN is not bolted on at the end. It is the first thing that gets built. This lesson covers the certificate trust model, why every device must authenticate to vBond before it joins the fabric, and how this design closes the security holes that haunted the legacy WAN.

Lesson 7: TLS and IPSec Part-1

SD-WAN tunnels are not magic. They are TLS and IPSec, the same protocols that protect your bank transactions. This lesson explains TLS at the level you need: handshake, certificates, asymmetric versus symmetric encryption, and why TLS is used between controllers and edges.

Lesson 8: TLS and IPSec Part-2

IPSec sits inside every SD-WAN data tunnel. This lesson walks IKE phase one and two, ESP, transport versus tunnel mode, and shows the exact role IPSec plays between two SD-WAN edges. You will leave this lesson able to read an IPSec debug instead of guessing.

Lesson 9: Let us create SD-WAN lab from scratch Part-1

Reading does not equal knowing. This lesson builds a real SD-WAN lab on EVE-NG from a blank canvas. You will design the topology, plan the transports and pull the vBond, vManage and vSmart images into the lab.

Lesson 10: Let us create SD-WAN lab from scratch Part-2

With the topology drawn, you now bring the lab up. This lesson onboards the three controllers, brings up the edge routers, validates control connections and gives you a working SD-WAN fabric you will use for the rest of the course.

Lesson 11: Initial Configuration and vManage Demonstration Part-1

Once the lab is live, you need to understand vManage end to end. This lesson covers the Day Zero configuration on every device and walks the vManage dashboard top to bottom so you know where to look when something breaks.

Lesson 12: Initial Configuration and vManage Demonstration Part-2

Templates, devices, monitoring, alarms and events all live in vManage. This lesson takes you through each menu, shows what each panel is telling you, and points out the screens you will use daily in an operations role.

Lesson 13: Templates, TLOC and OMP Part-1

SD-WAN is template driven. This lesson covers Device Templates, Feature Templates and CLI Templates, and explains the why behind the three layer template model. You will also meet TLOC, the Transport Location identifier that names every transport on every edge.

Lesson 14: Templates, TLOC and OMP Part-2

OMP, the Overlay Management Protocol, is the routing brain of SD-WAN. This lesson introduces OMP and shows how it shares routes between vSmart and the edges. If you know BGP, OMP will feel familiar, and the lesson points out exactly where the two protocols overlap and where they differ.

Lesson 15: Traffic Engineering and OMP Path Selection Part-1

OMP picks the best path using a defined algorithm. This lesson walks each attribute OMP looks at, in order, and explains why each one was placed at that step. You will leave able to predict which path will win before you even check the route table.

Lesson 16: Traffic Engineering and OMP Path Selection Part-2

Traffic engineering in SD-WAN is not the same animal as MPLS Traffic Engineering. This lesson shows the SD-WAN way to influence paths using OMP attributes and policies, and walks examples of common business requirements translated into OMP behaviour.

Lesson 17: Template, OMP Demonstration and NAT Part-1

Theory becomes muscle through demonstration. This lesson pushes templates to edges, watches OMP converge, and shows the routing table on the edge as paths come and go. You will see the fabric react in real time to changes you make.

Lesson 18: Template, OMP Demonstration and NAT Part-2

NAT shows up in SD-WAN in unexpected places. This lesson covers when and where NAT is needed in an SD-WAN deployment, including DIA scenarios, and shows how to configure and verify it inside vManage.

Lesson 19: DIA, TLOC Extension and Restricting Tunnels Part-1

Branches now have local internet. That changes the design. This lesson covers DIA (Direct Internet Access), why backhauling internet was wasteful in the legacy WAN and how SD-WAN lets the branch reach the internet directly with policy control.

Lesson 20: DIA, TLOC Extension and Restricting Tunnels Part-2

Not every site needs a tunnel to every other site. This lesson covers TLOC Extension and the tunnel restriction techniques that let you build hub and spoke, regional mesh or full mesh as the design requires, instead of accepting the default.

Lesson 21: AAR and Customer Requirement Collection Part-1

Application Aware Routing is the killer feature of SD-WAN. This lesson explains AAR from the why down to the configuration. You will see how SD-WAN measures loss, latency and jitter on every tunnel and how it moves applications to the path that meets their SLA.

Lesson 22: AAR and Customer Requirement Collection Part-2

A great AAR policy starts with a clear customer requirement. This lesson covers the questions you must ask before you write a single policy line: which apps matter, what their SLA is, what the customer considers acceptable. The same skill is asked in every SD-WAN design interview.

Lesson 23: SD-WAN Requirement Collection and HLD Part-1

A design is only as good as the questions you asked. This lesson walks the full requirement gathering process for an SD-WAN project, including stakeholders to interview, current state to document, and constraints to capture.

Lesson 24: SD-WAN Requirement Collection and HLD Part-2

The output of the requirement phase is a High Level Design document. This lesson walks the HLD section by section, shows what each section must contain, and gives you a structure you can reuse on real projects.

Lesson 25: SD-WAN Policies deep dive Part-1

Policies are where SD-WAN gets both its power and its complexity. This lesson covers the policy hierarchy: localized versus centralized policy, control policy, data policy, application route policy. You will see how each policy type fits the design problem it solves.

Lesson 26: SD-WAN Policies deep dive Part-2

This lesson does each policy live. You will see control policy steer traffic between regions, data policy override OMP behaviour for specific apps, and application route policy honour an SLA. By the end, policies stop being a black box and start being a tool.

Lesson 27: Old WAN to SD-WAN (Migration Considerations) Part-1

In the real world you never start with a blank slate. This lesson walks migration patterns: parallel migration, hybrid coexistence with MPLS, gradual cutover, and explains when each pattern fits.

Lesson 28: Old WAN to SD-WAN (Migration Considerations) Part-2

Migration mistakes are expensive. This lesson covers the common pitfalls: forgetting routing policy on the old WAN side, underestimating internet bandwidth at branches, mishandling Active Directory and DNS during cutover, and the rollback plan you must have ready before you start.

Lesson 29: Service Chaining and Cloud OnRamp for IaaS, SaaS Part-1

Modern enterprises run apps in AWS, Azure and SaaS providers. This lesson covers service chaining, which lets you insert firewalls and IPS into the SD-WAN forwarding path without changing the fabric.

Lesson 30: Service Chaining and Cloud OnRamp for IaaS, SaaS Part-2

Cloud OnRamp is the bridge between SD-WAN and the public cloud. This lesson covers Cloud OnRamp for IaaS (extending the fabric into AWS and Azure) and Cloud OnRamp for SaaS (giving branches the fastest path to Office 365 and similar). You will see both configured and verified in the lab.


Curriculum


Class-1: WAN History and problems associated with Enterprise Networks Part-1
Preview
Class-2: WAN History and problems associated with Enterprise Networks Part-2
Preview
Class-3:Let’s break SD-WAN Puzzle (Control Plane vs Data Plane) Part-1
Class-4: Let’s break SD-WAN Puzzle (Control Plane vs Data Plane) Part-2
Class-5: SD-WAN Controllers and Concept of Network Security Part-1
Class-6: SD-WAN Controllers and Concept of Network Security Part-2
Class-7: TLS and IPSec Part-1
Class-8: TLS and IPSec Part-2
Class-9: Let’s create SD-WAN lab from scratch Part-1
Class-10: Let’s create SD-WAN lab from scratch Part-2
Class-11: Initial Configuration and vManage Demonstration Part-1
Class-12: Initial Configuration and vManage Demonstration Part-2
Class-13: Templates, TLOC and OMP Part-1
Templates, TLOC and OMP Part-2
Traffic Engineering and OMP Path Selection Part-1
Template, OMP Demonstration and NAT Part-1
Template, OMP Demonstration and NAT Part-2
DIA, TLOC Extension and Restricting Tunnels Part-1
DIA, TLOC Extension and Restricting Tunnels Part-2
AAR and Customer Requirement Collection Part-1
AAR and Customer Requirement Collection Part-2
SD-WAN Requirement Collection and HLD Part-1
SD-WAN Requirement Collection and HLD Part-2
SD-WAN Policies deep dive Part-1
SD-WAN Policies deep dive Part-2
Old WAN to SD-WAN (Migration Considerations) Part-1
Old WAN to SD-WAN (Migration Considerations) Part-2
Service Chaining and Cloud OnRamp for IaaS, Saas Part-1
Service Chaining and Cloud OnRamp for IaaS, Saas Part-2
Hands-on Lab
GCP Overview (Build your own SD-WAN lab)
Image upload and Topology Building
Controllers Bring Up (vManage, vSmart, vBond)1
Controllers certificate and jump host installation
vEdges Onboarding
SD-WAN Policies Hands On
Creating Hub and Spoke Topology
9-sd-hands-on
10-sd-hands-on

Know your instructor


Frequently asked Questions


What does this BGP course cover from start to finish?

The course starts with the reason BGP was invented and the role of AS numbers. From there it builds up to neighborship, messages, states, multihoming, iBGP, attributes, the best path selection algorithm, route reflectors, communities, and regular expressions. Every concept is explained why first, then shown in an EVE-NG lab.

Is this course suitable for the internet scale BGP or only enterprise BGP?

Both. The course teaches BGP the way it actually runs on the internet and inside large enterprises. The why behind each feature is universal. The labs use EVE-NG topologies that mirror real ISP and enterprise designs.

Does this course cover iBGP and eBGP both?

Yes, both in depth. eBGP is covered from lesson 1 through lesson 5. iBGP is covered from lesson 6 through lesson 9, with a special focus on the rules that confuse most learners.

How deep does the course go into BGP attributes?

Two full lessons are dedicated to attributes (lessons 10 and 11), and the entire lesson 12 is the best path selection algorithm which uses these attributes. You will know every common attribute, when each one matters, and which ones travel across AS boundaries.

Does this course cover route reflectors and communities?

Yes. Lesson 15 covers route reflectors with whiteboard diagrams. Lessons 16 and 17 cover communities and regular expressions with real designs that service providers use.

What should I know before starting BGP from Scratch?

You need basic routing knowledge: IP addressing, subnetting, static routes, and how a router uses a routing table. Completing Routing Fundamentals gives you exactly the right base.

Do I need to complete OSPF before BGP?

No, but it helps. OSPF makes you think in terms of an interior protocol, which then makes BGP feel different in a useful way. If you want a strong routing foundation, the OSPF Package  is a good warm up.

Is this course suitable for someone who has just finished CCNA?

Yes. CCNA gives you the routing basics. This course is the natural next step into the world of large scale routing. If you came from the Hindi CCNA path, Be Job Ready in Computer Networking is the equivalent base. If you came from the English path, CCNA for Know Nothing Learner is your base.

What is the language of instruction?

The Package includes both Hindi and English versions. You can watch either at any time.

If I buy the Package, do I get both Hindi and English access?

Yes. The Package is the only version that gives you both languages at one price. The standalone English and Hindi pages exist for learners who want only one language.

Which version should I watch first, Hindi or English?

Whichever is your stronger language. Many learners watch the difficult concepts first in their stronger language and then watch the same lesson in the other language for reinforcement.

Does this course help with CCNP certification?

Yes. CCNP Enterprise covers BGP in depth, and the syllabus of this course aligns with that. The why first approach also makes you ready for CCIE level questions that the official material rarely answers directly.

Will I get a completion certificate from BridgeWhy?

Yes. On course completion you receive a BridgeWhy certificate that you can add to your LinkedIn profile and resume.

Can I add this course to my LinkedIn profile?

Yes. Many learners list BridgeWhy courses on LinkedIn, and the certificate is meant to be shared.

Does this course prepare me for BGP interview questions?

Yes. The why first method directly answers the conceptual questions interviewers ask, such as why iBGP needs full mesh, why BGP uses TCP, or why best path selection has so many steps. For dedicated practice, pair this course with the Interview Preparation Series.

Are real interview scenarios discussed in the lessons?

Yes. Across the course, the instructor brings up the kinds of trick questions that are asked in interviews and explains how to answer them from first principles.

Which platform are the labs done on?

All labs are demonstrated on EVE-NG. EVE-NG is the standard in the networking industry for hands on practice with real router images.

Do I need to install EVE-NG to follow the labs?

You do not need to install it to learn the concepts, because the lab demonstrations are recorded for you to watch. If you want to practice the configurations yourself, installing EVE-NG is recommended.

Can I run the labs on GNS3 or Packet Tracer?

GNS3 will work for most labs because it also supports real router images. Packet Tracer has limited BGP support and will not be enough for advanced lessons.

How long do I get to access the course?

Access depends on the plan you choose. BridgeWhy offers a 3 Month Plan, a 1 Year Plan, and a Lifetime Access Plan. The Lifetime Plan gives the best value for serious learners.

Can I download the videos for offline viewing?

The videos stream from the platform and are not available for download. You can watch them as many times as you want during your access period.

Can I watch on mobile and tablet?

Yes. The platform works on phones, tablets, laptops, and desktops.

Who is the instructor?

The instructor is Vishnu Dutt, with 19+ years of experience at Cisco. He has taught networking to 15000+ learners across 100+ countries. Read more on the About Us page.

Which course should I take after BGP from Scratch?

After BGP, the natural next steps are MPLS from Scratch, SD-WAN from Scratch, and VXLAN with BGP-EVPN. These three courses use BGP as their foundation, so the order makes the learning curve much gentler.

Enroll Now