Lesson 1: WAN History and problems associated with Enterprise Networks Part-1
The lesson opens with a question. Why did enterprises build the WAN the way they did? The answer takes you through leased lines, Frame Relay, ATM and finally MPLS Layer 3 VPN. You will see what each generation solved (deterministic bandwidth, predictable latency, vendor managed services) and what it left unsolved. The lesson uses a timeline on the whiteboard so you can place every legacy technology in context before any SD-WAN content appears.
Lesson 2: WAN History and problems associated with Enterprise Networks Part-2
Part 2 lists and explains the concrete problems that drove SD-WAN adoption. Long MPLS circuit provisioning times measured in months. High cost per Mbps compared to broadband. Vendor lock in at every branch. Lack of central visibility into how the network was actually being used. Painful user experience for SaaS applications when traffic had to be backhauled to the data center for inspection. Each problem is set up so the matching SD-WAN feature later in the course feels like a direct answer.
Lesson 3: Let us break SD-WAN Puzzle (Control Plane vs Data Plane) Part-1
SD-WAN starts to feel less mysterious once you draw one line on the whiteboard. This lesson draws that line. On one side sit the functions that decide things: which path to use, which policy to apply, which neighbour to trust. On the other side sit the functions that act on those decisions: forward the packet, encrypt the tunnel, count the bytes. The lesson stays at the conceptual level so the picture is clean before any vendor product is introduced.
Lesson 4: Let us break SD-WAN Puzzle (Control Plane vs Data Plane) Part-2
Part 2 maps the abstract control versus data line onto Cisco SD-WAN. You will see why putting all functions into a single integrated router cannot scale to thousands of branches and why separating the brain from the muscle is an architectural necessity, not a marketing choice. The lesson also previews the three controllers and the edge router and points out which side of the line each lives on.
Lesson 5: SD-WAN Controllers and Concept of Network Security Part-1
Three controllers exist in Cisco SD-WAN, each with a single job. vBond authenticates devices into the fabric. vManage provides the GUI, templates, policies and operational view. vSmart is the routing brain that distributes OMP routes and pushes policies. This lesson explains the role of each in plain English, and crucially explains why three separate boxes are better than one combined box.
Lesson 6: SD-WAN Controllers and Concept of Network Security Part-2
Part 2 introduces the security model. Every device that wants to join the fabric must authenticate with a certificate, and every control channel between devices is TLS protected. The lesson walks the trust chain, explains why this design closes the security gaps of the legacy WAN, and shows what happens at the protocol level when a new edge router comes online.
Lesson 7: TLS and IPSec Part-1
SD-WAN relies on two cryptographic protocols, and you cannot operate it confidently without knowing them. This lesson covers TLS at the working level. Handshake phases, certificates, asymmetric versus symmetric encryption, where session keys come from, and the exact role TLS plays between controllers and edges in SD-WAN.
Lesson 8: TLS and IPSec Part-2
Part 2 covers IPSec. IKE phase one and phase two, the difference between transport and tunnel mode, ESP, security associations, and how each piece is used inside an SD-WAN data tunnel between two edges. The lesson uses packet level diagrams to make the abstract pieces concrete so you can later read an IPSec debug and understand what each line means.
Lesson 9: Let us create SD-WAN lab from scratch Part-1
The lab build starts with the design. This lesson walks the topology choices for a learning lab: how many edges, which transports (MPLS and Internet), where vBond, vManage and vSmart sit, and how to plan IP addressing so the lab is easy to extend later. You also see how to pull the controller and edge images into EVE-NG.
Lesson 10: Let us create SD-WAN lab from scratch Part-2
Part 2 brings the lab up. You start vBond, vManage and vSmart in order, validate that they form their control connections, then onboard the edge routers one by one. By the end of this lesson you have a working SD-WAN fabric that you will use for the rest of the course.
Lesson 11: Initial Configuration and vManage Demonstration Part-1
With the lab live, the lesson covers Day Zero configuration on every device. System IP, site ID, organisation name, vBond address, certificate installation. Each setting is explained with the why behind it so you understand what each value controls in the fabric, instead of just copying it.
Lesson 12: Initial Configuration and vManage Demonstration Part-2
Part 2 walks the vManage GUI top to bottom. Dashboard, Devices, Monitor, Alarms, Events, Configuration, Templates, Policies, Maintenance and Administration. The lesson points out the screens you will use daily as an SD-WAN operations engineer and the ones you will only see during deployment.
Lesson 13: Templates, TLOC and OMP Part-1
SD-WAN is template driven, not CLI driven. This lesson covers Device Templates, Feature Templates and CLI Templates and explains the three layer template model. The lesson also introduces TLOC (Transport Location), the identifier that names every transport interface on every edge and becomes the building block for paths in OMP.
Lesson 14: Templates, TLOC and OMP Part-2
OMP is the Overlay Management Protocol and it is the routing brain of SD-WAN. This lesson introduces OMP from the why. Why a new protocol was needed instead of reusing BGP wholesale. The lesson explains OMP routes, TLOC routes and service routes, and shows how vSmart sits at the center distributing all three.
Lesson 15: Traffic Engineering and OMP Path Selection Part-1
OMP picks the best path using a defined algorithm with attributes checked in order. This lesson walks each attribute (origin, OMP route type, preference, AS path, and so on) and explains why each one was placed at that step. By the end you can predict which path will win before you check the route table on the edge.
Lesson 16: Traffic Engineering and OMP Path Selection Part-2
SD-WAN traffic engineering is different from MPLS Traffic Engineering. There are no explicit RSVP tunnels. Instead, you influence path selection through OMP attributes and policies. This lesson covers common business requirements (prefer MPLS for voice, prefer Internet for backup, load share for bulk data) and translates each into the right OMP behaviour.
Lesson 17: Template, OMP Demonstration and NAT Part-1
This lesson is hands on. Templates are pushed to the edges, OMP convergence is watched live, and the route tables on the edges are inspected as paths come and go. You see exactly what happens in the fabric when you make a configuration change.
Lesson 18: Template, OMP Demonstration and NAT Part-2
NAT appears in SD-WAN in places where you may not expect it. This lesson covers NAT on the WAN transport, NAT for Direct Internet Access, and the interaction of NAT with OMP. The lesson configures and verifies each scenario inside vManage so you see the cause and effect chain.
Lesson 19: DIA, TLOC Extension and Restricting Tunnels Part-1
DIA (Direct Internet Access) lets a branch reach the internet directly instead of backhauling through the data center. This lesson covers the why (cost, performance, user experience), the how (configuration on the edge), and the policy controls that decide which traffic goes DIA and which stays in the tunnel.
Lesson 20: DIA, TLOC Extension and Restricting Tunnels Part-2
TLOC Extension lets one edge use the transport that is physically connected to a neighbouring edge. This lesson explains when this is useful (small branches with a single circuit, dual edge sites) and how to configure it. The lesson also covers tunnel restriction techniques so you can build hub and spoke, regional mesh or full mesh instead of accepting the default full mesh behaviour.
Lesson 21: AAR and Customer Requirement Collection Part-1
Application Aware Routing is the feature that sells SD-WAN. This lesson explains AAR end to end. How SD-WAN measures loss, latency and jitter on every tunnel using BFD. How SLA classes are defined. How a policy maps an application to an SLA class. How traffic is moved to a better path the moment the SLA is breached.
Lesson 22: AAR and Customer Requirement Collection Part-2
A great AAR policy starts with a clear customer requirement. This lesson covers the structured conversation you must have with a customer before you write a single policy line. Which applications matter most. What loss, latency and jitter values are acceptable for each. What the customer considers a fallback. The same skill is asked in every SD-WAN design interview.
Lesson 23: SD-WAN Requirement Collection and HLD Part-1
A design is only as good as the questions you asked. This lesson walks the full requirement gathering process for an SD-WAN project. Stakeholders to interview (network team, security team, application team, business owners). Current state items to document (sites, transports, applications, security tools). Constraints to capture (budget, timeline, compliance).
Lesson 24: SD-WAN Requirement Collection and HLD Part-2
The output of the requirement phase is a High Level Design document. This lesson walks the HLD section by section. Overview, design principles, controller placement, transport design, site templates, routing design, policy design, security design, monitoring and operations. Each section is given a structure you can reuse on real projects.
Lesson 25: SD-WAN Policies deep dive Part-1
Policies are where SD-WAN delivers both its power and its complexity. This lesson covers the policy hierarchy. Localized policies (applied on the edge) versus centralized policies (applied on vSmart). Inside centralized, control policy, data policy, and application route policy. Each one is positioned by the design problem it was built to solve.
Lesson 26: SD-WAN Policies deep dive Part-2
This lesson runs each policy type live in the lab. Control policy is used to steer traffic between regions. Data policy is used to override OMP behaviour for specific application flows. Application route policy is used to honour SLA based routing for voice and video. The lesson shows each policy taking effect on real traffic so policies stop being abstract.
Lesson 27: Old WAN to SD-WAN (Migration Considerations) Part-1
In the real world you never deploy SD-WAN onto a green field. There is always an existing WAN to migrate from. This lesson walks migration patterns. Parallel migration (old and new running side by side). Hybrid coexistence (SD-WAN over a single transport while MPLS handles the rest). Gradual cutover (one site at a time). Each pattern is matched to the business situation that fits it.
Lesson 28: Old WAN to SD-WAN (Migration Considerations) Part-2
Migration mistakes are expensive. This lesson covers the common pitfalls and how to avoid them. Forgetting routing policy on the legacy side. Underestimating internet bandwidth at branches. Mishandling Active Directory, DNS and authentication during cutover. Not having a rollback plan ready before you start. The lesson also covers communication with the business so they understand what good and bad look like during cutover.
Lesson 29: Service Chaining and Cloud OnRamp for IaaS, SaaS Part-1
Modern enterprises run applications in AWS, Azure and SaaS providers, and the SD-WAN fabric must carry that traffic intelligently. This lesson covers service chaining, where you insert firewalls and IPS into the SD-WAN forwarding path without changing the fabric. You see how service chains are defined in vManage and how OMP carries the service routes.
Lesson 30: Service Chaining and Cloud OnRamp for IaaS, SaaS Part-2
Cloud OnRamp is the bridge between the SD-WAN fabric and the public cloud. This lesson covers Cloud OnRamp for IaaS, which extends the fabric into AWS and Azure with controllers managing virtual edges in the cloud. It also covers Cloud OnRamp for SaaS, which lets branches measure path quality to Office 365 and other SaaS apps and pick the fastest internet exit dynamically. Both are configured and verified in the lab.
