Control Plane and Data Plane Operations
Learning Objectives
- Memahami OMP (Overlay Management Protocol) dan route types
- Menjelaskan pembentukan control plane connections
- Memahami data plane tunnels dan IPsec operations
- Menjelaskan BFD (Bidirectional Forwarding Detection) untuk tunnel health
Gambar 3.1 - Perbandingan Control Plane (OMP) dan Data Plane (IPsec) dalam SD-WAN
OMP - Overlay Management Protocol
OMP adalah protokol proprietary Cisco yang mengelola control plane untuk SD-WAN overlay network.
Gambar 3.2 - Tipe-tipe OMP Routes: OMP Routes, TLOC Routes, dan Service Routes
OMP Route Types:
| Route Type | Description |
|---|---|
OMP Routes |
Prefix routes (IPv4/IPv6) dari VPN |
TLOC Routes |
Transport Location - endpoint info untuk tunnels |
Service Routes |
Routes ke network services (firewall, etc) |
TLOC (Transport Location)
TLOC adalah identifier unik untuk setiap WAN transport pada edge device:
TLOC = System-IP + Color + Encapsulation
Example: 10.0.0.1 + biz-internet + ipsecControl Plane Connections
Connection Establishment Flow:
1️⃣ Edge → vBond
- Edge device initiates connection ke vBond
- vBond authenticates device certificates
- vBond provides vSmart dan vManage addresses
2️⃣ Edge → vSmart
- DTLS/TLS tunnel established ke vSmart
- OMP session comes up
- Route dan policy exchange dimulai
3️⃣ Edge → vManage
- Management tunnel established
- Configuration push dan monitoring aktif
Data Plane - IPsec Tunnels
Data plane menggunakan IPsec tunnels untuk secure transport antar edge devices.
Key Exchange Process:
- vSmart-mediated: vSmart memfasilitasi key exchange antar edges
- Symmetric Keys: AES-256-GCM untuk encryption
- Key Rotation: Keys di-rotate secara berkala untuk security
| Parameter | Value |
|---|---|
| Encryption | AES-256-GCM |
| Authentication | SHA-256 |
| Key Lifetime | Configurable (default varies) |
| Anti-Replay | Enabled by default |
BFD - Tunnel Health Detection
BFD (Bidirectional Forwarding Detection) digunakan untuk mendeteksi tunnel health dan mengukur path quality.
BFD Metrics:
Latency
Round-trip time measurement
Loss
Packet loss percentage
Jitter
Latency variation
BFD metrics digunakan oleh Application-Aware Routing untuk memilih best path berdasarkan SLA requirements.