What is the purpose of a VPN in Cisco SD-WAN, and how are data-plane tunnels established?

Study for the CCNP Software-Defined Wide Area Network (SD-WAN) Exam. Master key concepts with flashcards and multiple choice questions, each complete with hints and explanations. Gear up to ace your exam!

Multiple Choice

What is the purpose of a VPN in Cisco SD-WAN, and how are data-plane tunnels established?

Explanation:
In Cisco SD-WAN, a VPN is the way to logically segment traffic and apply per‑traffic policies across the fabric. It creates isolated data paths so different applications or sites can be treated differently, while still sharing the same physical underlay. The data-plane tunnels are IPsec tunnels that carry the actual user traffic between WAN edges. These tunnels are not created randomly; they are established based on the overlay policies you configure and the reachability/policy information exchanged via the Overlay Management Protocol (OMP). OMP distributes which edges can reach which VPNs and what paths and policies apply, so the correct endpoints become tunnel peers and traffic is steered over the chosen tunnels with the desired encryption and QoS. So the VPN’s purpose is traffic segmentation and policy application, while the data-plane tunnels provide encrypted, routed paths between edges to carry that traffic. It’s not limited to remote login, it doesn’t implement routing protocols by itself, and it isn’t solely about encrypting management traffic.

In Cisco SD-WAN, a VPN is the way to logically segment traffic and apply per‑traffic policies across the fabric. It creates isolated data paths so different applications or sites can be treated differently, while still sharing the same physical underlay.

The data-plane tunnels are IPsec tunnels that carry the actual user traffic between WAN edges. These tunnels are not created randomly; they are established based on the overlay policies you configure and the reachability/policy information exchanged via the Overlay Management Protocol (OMP). OMP distributes which edges can reach which VPNs and what paths and policies apply, so the correct endpoints become tunnel peers and traffic is steered over the chosen tunnels with the desired encryption and QoS.

So the VPN’s purpose is traffic segmentation and policy application, while the data-plane tunnels provide encrypted, routed paths between edges to carry that traffic. It’s not limited to remote login, it doesn’t implement routing protocols by itself, and it isn’t solely about encrypting management traffic.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy