In this post I am going to discuss the CCNP Enterprise specialist exam, “Implementing Cisco SD-WAN Solutions (300-415 ENSDWI)”, and how I managed to pass it on my first attempt after 250 hours of preparation.

There is not a lot of information about this exam available currently so I will detail and comment on the resources that I used (both free and paid) to prepare for it. After I discuss these resources, I’ll then share my thoughts about the exam (while respecting NDA) before closing out with a reflection on the journey.

UPDATE 22 November 2020: I have uploaded memory exercises that I have developed for this exam to my GitHub [link]


Table of Contents

Tap on a section to jump straight to it.

  1. Disclaimer
  2. Special Thanks
  3. Exam Pre-Requisites
  4. Free Study Resources
  5. Paid Study Resources
  6. Exam Thoughts and Advice
  7. Journey Reflection

 


Disclaimer

I have written this post to adhere to Cisco’s certification exam NDA agreement.

Please do not contact me requesting:

  • Information about the exam which would violate the NDA;
  • Information about procuring or recommending certification exam dumps; or
  • The unauthorised sharing of paid training material(s).

I actively report individuals who attempt to dump certification exams. Cheating devalues the Information Technology industry and the hard work of individuals who try to pass these exams legitimately.

All resources recommended are those which I used. I do not endorse or recommend person(s), companies, or products that I have not personally paid for and used.

 


Special Thanks

I want to extend my thanks to the following people in the Cisco networking community who helped me conquer this exam:

Micronics Training

  • Terry Vinson: a phenomenal and supportive trainer who responded to my many emails and questions while also helping me figure out how to lab the technologies at home along the way.

RouterGods Online Community

  • Tim McConnaughy, Dustin Schuemann, Daniel Dib: thank you for helping me with all of my obscure questions in the CCIE-EI channel over the past 5 weeks, particularly during the week that NAT broke my brain.

CBT Nuggets Online Community

  • Knox Hutchinson: for being an excellent lab and study partner who threw exciting challenges at me to solve.
  • Chris Sanders: for producing excellent quick reference guides and helping me get ASAv nodes configured in CML2. You saved me a lot of time, and I could not have labbed service-chaining or NAT without your help here!
  • Jacob Whittle:  for holding me accountable with my lab and study schedule because it’s easy to get distracted by shiny things…

 


Exam Pre-Requisites

There are no formal or official exam pre-requisites for the Implementing Cisco SD-WAN Solutions exam.

However, I STRONGLY advise against attempting the exam without the following pre-requisites:

  • CCNP Enterprise ENCOR/ENARSI level of knowledge of:
    • BGP: eBGP topologies, route reflectors concepts and configuration, community attributes.
    • DMVPN: concepts and uses cases only to compare against SD-WAN
    • Filtering, Redistribution, and Summarization: you should understand and be confident with performing this with connected, BGP, OSPF, and static routes. For BGP/OSPF – understanding default route propagation is recommended for SD-WAN labbing purposes.
    • GRE Tunnels: encapsulation process, how to configure and troubleshoot tunnel interfaces.
    • MPLS: concepts and use cases only, particularly shared services and extranets.
    • OSPF: multi-area topologies, area types and their impact on operations, route advertisement types (Intra-area, Inter-area, External).
    • VRF-Lite: know what a VRF is, how to configure VRF-Lite, understand concepts of route distinguishers and route-targets.
    • VRRP: configure and troubleshoot VRRP, understand virtual MAC address assignment process and VRRP timers
  • Access to a lab environment which contains the following:
    • Minimum: 16 vCPUs, 32 GB RAM, 50GB storage space
    • Recommended: 24 vCPUs, 64 GB RAM, 100GB storage space
    • Images: Viptela (18.X+) and Cisco IOS-XE CSR1000v SD0WAN images (16.X+), preferably additional images to lab software upgrade processes
    • Note: You can lab this either on-premise or in a cloud environment with either an AWS/Azure trial OR you could try use the free DevNet sandbox CML2 environments
  • Basic understanding of virtual machine deployment in the following environments:
    • On-premise (VMware or KVM); and
    • Cloud (AWS, Azure)
  • Basic understanding of Public Key Infrastructure (PKI), X509 Certificates, and IPSec.
  • Basic understanding of what policies are and how they are used for configuration enforcement
    • E.g.: It would be beneficial to understand the concepts behind Windows Server group policy
  • Ideally, you will have experience supporting production networks or have dealt directly with Cisco SD-WAN in an implementation/support role. I drew a lot from my experience and “gut feeling” when in the exam (more on that later).

 

This is not an exam designed for people who are coming straight out of the CCNA and are jumping immediately into the CCNP!

 


Free Study Resources

The following are FREE study resources that I used to help prepare for the exam – I strongly recommend consulting all of them.

I credit David Peñaloza Seijas @ RecuseIT for his post “Resources for the Cisco SD-WAN exam” [link]. This post recommended some of the free and paid resources that I used. Please visit David’s post for additional resources and links that I have not covered in this section.

Official Cisco Resources

Download and add all documentation to your reading library, stream, or download Cisco Live presentations and the presentations.

Cisco SD-WAN Official Documentation

  • Cisco SD-WAN Design Guide [PDF link]
  • Cisco SD-WAN End-to-End Deployment Guide [PDF link]
  • Cisco SD-WAN High Availability Configuration [Web link]
  • vManage: Cluster Configuration [PDF link]
  • vManage: Clearing Stuck Tasks [Web link]

Cisco Live Presentations

  • 3 Steps to Design Cisco SD-WAN On-Prem by Prashantmani Tripathi and Andraz Piletic
    BRKRST-2559 @ CiscoLive Barcelona 2020
    [Session link]
  • 3 Steps to Deploy Cisco SD-WAN On-Prem by Prashantmani Tripathi and Andraz Piletic
    BRKRST-2559 @ CiscoLive San Diego 2019
    [Session link]
  • Building and Using Policies with Cisco SD-WAN by Stefan Olofsson
    BRKRST-2791 @ CiscoLive Barcelona 2020
    [Session link]
  • Cisco SD-WAN Troubleshooting by Gina Cornett
    DGTL-BRKENT-2477: CiscoLive 2020 Digital
    [Session link]
  • Next-Gen SD-WAN (Viptela) Deployment, Monitoring, and Troubleshooting by Oreste Pesselato III
    BRKRST-2093 @ CiscoLive 2020 Barcelona
    [Session link]
  • SD-WAN Routing Migrations by Syed Raza
    BRKRST-2095 @ CiscoLive Barcelona 2020
    [Session link]
  • Troubleshooting OMP by Juan Flores Cibrian
    DGTL-TSCENT-407 @ CiscoLive Digital 2020
    [Session link]


Cisco Resource Commentary

I do not recommend jumping straight into the Cisco official materials unless you possess a strong background in networking or have exposure to Cisco SD-WAN. These are excellent resources that you will need to reference, however, the community and paid resources provide better introductions to the technologies.

The most crucial piece of documentation by far is the Cisco SD-WAN Design Guide (“the design guide”) as it provides context regarding why specific designs are endorsed. I strongly recommend watching the “3 Steps to Design Cisco SD-WAN On-Prem” either as you read the design guide or after you have read it. The “Cisco SD-WAN End-to-End Deployment Guide” is more of a lab workbook than anything – I felt that it was OK, but I would not use it unless I did not have access to any lab topologies and workbooks.

If you do not support Cisco SD-WAN in a production environment, then you MUST watch the Cisco Live troubleshooting talks. Pay close attention to how you should approach common troubleshooting scenarios and the commands you will use.

Once you understand the fundamentals of policies and have deployed a couple in your lab – carve out an afternoon, get a big cup of coffee or pop an energy drink, and watch the CiscoLive talk “Building and Using Policies with Cisco SD-WAN”. This is by far the single best resource that I have consumed on advanced policies in Cisco SD-WAN and is what made policies “click” for me. It is a very technical and long talk, so do not be surprised if you have to re-watch it a couple of times. After labbing all of these use cases over 2 weeks I felt confident with finding the right policy given basic business requirements (this is reflected in my score report).

The “SD-WAN Routing Migrations” CiscoLive talk is probably one that you can skip. I found the presentation shared valuable context around how and why Viptela designed the product before their acquisition. I would save this talk for the end of your studies as you will appreciate it more after labbing everything on the blueprint.


Community Created Content

These free resources have been created by the wider Cisco networking professional community. Please be sure to visit their websites. If you want to make their day then share a nice comment about how their content helped you learn.

Content Creators

Handy:

  • CodingPackets: Cisco SD-WAN Command Comparison Cheat Sheet [Web link]

Topic: Building a Cisco SD-WAN Lab

  • Neckercube: Cisco SD-WAN Basic Configuration Lab [Web link]
  • CodingPackets: Cisco SD-WAN Self Hosted Lab [Part 1] [Part 2]
  • CodingPackets: Viptela Control Plane Setup [Web link]
  • poc::v:lab: Cisco SD-WAN – Controllers Onboarding [Web link]
  • poc::v:lab: Cisco SD-WAN – Edges Licensing and Onboarding [Web link]
  • ether-net: CCIE #6 – Labbing Cisco SD-WAN in CML2 [Web link]
  • Carpe DMVPN: SD-WAN: vManage Self-Signed Cert Expiring! [YouTube link]

Topic: Cisco SD-WAN Architecture

  • Carpe DMVPN: Cisco SD-WAN (Viptela): A Guide to Getting Started [Web link]
  • CodingPackets: Viptela SDWAN Overview [Web link]
  • Carpe DMVPN: Cisco SD-WAN with Viptela Zero Trust Model [YouTube link]
  • Carpe DMVPN: SD-WAN Deep Dive: Cisco vManage [Web link]
  • Carpe DMVPN: Cisco SD-WAN: The Management Plane Videos [Part 1] [Part 2] [Part 3]
  • Carpe DMVPN: SD-WAN Deep Dive: vBond Orchestrator [Web link]
  • Carpe DMVPN: Cisco SD-WAN: The Orchestration Plane [YouTube link]
  • Carpe DMVPN: SD-WAN Deep Dive: vSmart Controller [Web link]
  • Carpe DMVPN: SD-WAN Deep Dive: WAN Edge Routers [Web link]

Topic: Templates

  • Carpe DMVPN: SD-WAN Deep Dive: Templates [Web link]


Community Created Content Commentary

A lot of this content that has been created by the Cisco networking community is EXCELLENT. There are no better free resources out there that tell you how to set up your own lab environment (provided you have access to the software images). You can provision your lab environment within an hour if you follow these guides, have access to the Cisco SD-WAN images, and are familiar with either VMware or KVM.

I consider Tim McConnaughy’s deep-dive articles and YouTube videos at Carpe-DMVPN as ESSENTIAL reading and viewing. I found that his video, “Cisco SD-WAN: vBond Orchestrator”, helped me understand how SD-WAN controllers and wEdge devices behave when behind NAT. Please go to the Carpe-DMVPN YouTube channel and subscribe to it if you use Tim’s videos – it’s a free and criminally underrated technical resource that I leaned on heavily in my journey.

 


You do not need to buy all of the resources here to pass the exam, particularly if you supplement items with free resources.

All prices are listed in USD unless otherwise specified.

I paid for all resources “out of pocket” and was refunded ~75-85% of the expense cost via Australia’s tax system.


Official Cisco Resources & Training Partners

Books:

  • Cisco Software-Defined Wide Area Networks: Designing, Deploying and Securing Your Next Generation WAN with Cisco SD-WAN
    • Authors: Jason Gooley, Dana Yanch, Dustin Schuemann, John Curran
    • Amazon: $59.95 (book) or $52.49 (kindle) [Amazon link]
    • Cisco Press: $55.99 (book or ebook), $80.49 (book + eBook bundle) [Cisco Press link]
    • O’Reilly Learning: FREE (10 or 30 day trial), $49.95 p/m or $499.95 p/a (monthly or annual subscription), $75-149 p/a via ACM Membership [O’Reilly link] [ACM Sign Up]

eLearning:

  • Implementing Cisco SD-WAN Solutions (SDWAN300) v1.0 @ $750 [link]

Partner Learning:

  • Micronics: Advanced SDWAN-ADV [link] @ $2995 (Cisco Learning Credits Accepted)
    • Instructor: Terry Vinson [LinkedIn]
    • Duration: 5 days of at least 8-hour classes, expect to work outside of class
    • Materials: 1x practical workbook + 2x theoretical workbooks + access to lab environments for the duration of the course (generally extended access where possible)
    • Note: This is not an official certification boot camp – this course is focused more on learning, in great detail, how Cisco SD-WAN works “behind the scenes”.


3rd Party Training

eLearning:

  • Lab Minutes: Cisco SD-WAN (Basic) Video Bundle @ $189 [link]
  • Lab Minutes: Cisco SD-WAN (Advanced) Video Bundle @ $274 [link]

 

Paid Study Resource Commentary

The Cisco Press textbook “Cisco Software-Defined Wide Area Networks: Designing, Deploying and Securing Your Next Generation WAN with Cisco SD-WAN” is essential reading, especially If you do not have a lot of money to spend on training resources. The book provides an excellent introduction to each component of Cisco SD-WAN that is on the exam blueprint before exploring practical deployment scenarios. I found the chapter quizzes were fantastic, and when taken in one sitting acted as a great practice exam. Note the lack of “Official Certification Guide” in the title – it is an important distinction to note as the book does go deeper than what the ENSDWI exam requires. However, this is a good thing for the reasons disclosed in the “Exam Thoughts” component of this article.

The Cisco eLearning course “Implementing Cisco SD-WAN Solutions (SDWAN300) v1.0” was “okay”. There is nothing particularly outstanding about the course, aside from the fact that you can access labs via it and completing it provides continuing education (“CE”) points. I think that my biggest gripe with the course is its price tag – $750 is steep. Unless you need the CEs for recertification purposes, then you should skip this one and either wait for CBT Nuggets to release their Cisco SD-WAN course OR reference the free Cisco Live talks alongside some of the Lab Minutes videos (more on those in a moment).

Micronics “Advanced SDWAN-ADV” boot camp led by Terry Vinson was phenomenal. Let’s address the elephant in the room immediately – it is not cheap nor is it required to pass this exam, HOWEVER, because Micronics is an official Cisco Learning Partner you can request payment via Cisco Learning Credits. I found Terry to be an excellent and very likable trainer who goes above and beyond to help his students. Under Terry’s tuition, I learnt how the Cisco SD-WAN fabric is established, as well as how all components facilitate secure end-to-end routing across multiple transport networks. I believe this course helped me understand how to translate my “traditional” networking skills into a Cisco SD-WAN environment. I think that this course has a lot of value if you are about to be thrown into the Cisco SD-WAN world and need to know a lot on the theoretical side but do not want to suffer “death by whitepapers” or “death by PowerPoint”. If you are a CCIE Enterprise Infrastructure candidate and only want to learn SDWAN from an “I need to pass the lab” perspective, then I recommend Micronics CCIE EI Bootcamp [link], as Terry tailors the Cisco SD-WAN topics to be more lab focused in his sessions there. More on that boot camp in another future post…!

Finally, let’s wrap things up by talking about Lab Minutes. Lab Minutes is a unique vendor as they set out to show the practical aspects of technology without straying too hard into theory. Unlike a lot of other vendors, Lab Minutes allows you to purchase their video downloads (yes, downloads – not streamed!) on either a video-by-video basis OR in bulk bundles. Due to the price variations resulting from their flexible business model, it’s difficult to discuss “value for money” here. I do not recommend their “Cisco SD-WAN (Basic) bundle”, as I think that a lot of the content covered in this series is taught better in the freely available Cisco Live talks, in Tim McConnoughly’s Carpe-DMVPN website and YouTube channel, or the Cisco Press textbook. I do recommend picking up two videos from this series individually though, which include: “RS0138 – SD-WAN ISR 4K Installation” and “RS0147 – SD-WAN Upgrades”, as these topics are not taught elsewhere. The Lab Minutes “Cisco SD-WAN (Advanced)” bundle is something I would recommend; however, I have reservations about the cost as it’s $274. This is not cheap, particularly when you consider that CBT Nuggets is producing a Cisco SD-WAN course. Despite the fact that I found Lab Minutes useful, I cannot recommend either of their series at this point. I think that you should see what CBT Nuggets has to offer and then maybe pick up a handful of Lab Minutes videos to address any deltas between the two courses.

 


Exam Thoughts and Advice

I sat the exam on September 11 at 10:30 am in a Pearson Vue Testing Center. The exam was 90 minutes in duration and comprised of 60 questions. I finished the exam with ~40 seconds left on the clock because I found that 2/3 of the question pool required me to think very carefully about my answers. Excluding a handful of questions, I felt that the exam was fair; however, the blueprint domains did not feel weighted as stated. I think that this exam is difficult if you do not implement or support Cisco SD-WAN regularly because some questions feel like they need you to draw upon experience instead of “book knowledge” to answer. Overall I felt satisfied with the exam quality and would rate it a 7/10 – it’s a fair and thorough exam, but it does need adjusting. If anyone from Cisco is reading this section then PLEASE update the exam blueprint so it is clear what version of code candidates are tested upon as the product has evolved a lot over the past year.

You need core networking skills to pass this exam. This may sound like common sense, but the “Exam Pre-Requisites” section in this article details everything you should be comfortable with before preparing for this course. Configuring and understanding the fundamentals of routing and switching within the WAN edge portion of a network is assumed knowledge. Do not forget that for the overlay network to even be established a functional underlay is required! At the end of the day, Cisco SD-WAN is just networking done in a different style.

Remember that this exam wants you to IMPLEMENT SD-WAN. Try to approach all questions with the mindset that you are either deploying Cisco SD-WAN in a greenfield (read: new) or brownfield (read: migration project) environment. When preparing for the exam, try to think about how you would structure your tasks if this were at a client’s site. You would review the intention behind your task, schedule and implement a change, and then verify the post-change state of the environment before either rolling back or closing the change off. I found that reminding myself of the exam’s purpose helped me answer 2-3 questions where I felt torn between selecting an answer.

You will fail this exam if you do not configure, troubleshoot, and verify every topic on the blueprint! I think that this is an exam that you cannot pass without labbing everything on the blueprint thoroughly. You need to know how to work across the Cisco IOS-XE SDWAN CLI, the “Viptela” CLI, and within the vManage GUI. I strongly recommend adopting the following workflow when labbing: (1) configure via CLI and Template / Policy; (2) use show commands and vManage “Monitor” pages to verify the configuration; (3) break the configuration; and (4) troubleshoot through CLI and vManage tools. This workflow is especially critical if you do not administrate a Cisco SD-WAN deployment regularly. It is worth noting that you will need to understand Cisco SD-WAN hardware platforms and capabilities (e.g., What makes/models support the solution? What equipment would you use if you required cellular/LTE connectivity?), be familiar with the differences between Cisco IOS-XE SDWAN and “Viptela” code, and aware of how to troubleshoot common issues encountered when onboarding a wEdge device (e.g., how can you verify DTLS issues are connection-oriented or certificate related? What do PnP and ZTP rely upon?).

You will fail this exam if you do not understand ALL policies inside out! I strongly suggest picking up a copy of the Cisco Press textbook and paying VERY CLOSE attention to ALL of the policy chapter scenarios, and then go watch the Cisco Live talk “Building and Using Policies with Cisco SD-WAN” I linked earlier in the article. You need to know what policy to pick to meet a business objective, the impact that specific policies have on routing, where you would go in vManage to configure a particular policy, and how to interpret policy defined via CLI. vManage config output and config diff tools are fantastic tools to use while labbing to develop these skills. I suggest approaching any policy-related questions with the following workflow: (1) Identify if the policy needs to impact the control plane or the data plane; (2) determine whether the policy affects the whole network (centralised) or just individual sites (localised); and (3) if stuck at any point think about list(s) required to create the policy to assist with ruling out incorrect answers.

The Management and Operations domain topics are going to be difficult if you do not work with Cisco SD-WAN. The questions in this domain caught me off guard and honestly irritated me. I had to recall elements of the vManage GUI (where would I go to achieve X? what would you click on to do Y?) and some of the questions felt awful. As much as I would like to complain about this domain I can’t because they do test whether you have operations experience with the product. Do not skip over vManage alarm and event management, vManage NMS services, local and remote device logging, what each log is responsible for in vShell /var/log, and be familiar with common failure codes listed in the “show control connections-history” command. I cannot be too specific but the Cisco Live troubleshooting talks will be of great assistance here.

From a non-technical perspective – you need to understand brownfield migrations to Cisco SD-WAN and the importance of “good” design. This is not a design exam yet the “Cisco SD-WAN Design Guide” and the Cisco Live talk “3 Steps to Design Cisco SD-WAN On-Prem” are important resources. It is vital that you understand the implications of poor design and how Cisco SD-WAN interoperates with existing “traditional” WAN deployments. For example, could you answer how a non-SDWAN and SDWAN site would exchange routes and communicate with each other? Do you know what limitations exist with Cisco SD-WAN routers (e.g., unified comms)? Can you compare the pros and cons of on-prem vs. cloud deployments for controllers? Can you compare the different certificate signing and distribution methods? Do you know how to implement redundancy across controllers? Do you know the complexities and capability issues that NAT environments introduce? These are all examples of information that you will need to know that the design guide provides context on.

From an “exam strategy” perspective – pay very close attention to the question and answer wording, ESPECIALLY if it is a policy question. This was probably the most surprising element of the exam to me. It’s difficult to describe this without outright breaking NDA, so bear with me! This is not a pop trivia exam where it is fairly simple to speed through the exam. While it may sound a tad silly, reading the questions is critical as you need to pay close attention to the keywords and phrasing used. I found that some questions felt like they had easy answers but upon rereading them I would spot a single keyword which changed my answer. This is especially true for some of the policy questions where it feels like they have more than one correct answer! If you find yourself stuck then try to rely upon your lab and work experience as it will assist with working through the more complex questions. Finally, if in doubt with policy questions then reason thing out! If you think about whether vSmart is involved from a deployment or enforcement perspective most of the incorrect answers will be eliminated almost immediately.

 

SD-WAN Score Report

Can you tell which exam domain I underestimated? Oof.

 


Journey Reflection

I believe that learning Cisco SD-WAN is simultaneously an easy yet difficult process. This is due to how well vManage, vBond, and vSmart abstract the complexity of implementing and maintaining the solution. It is a technology that can be grasped at a high level relatively easy but requires a lot of study, practice, and thought when diving deep into understanding how things work behind the scenes. This is especially true if you do not work with the Cisco SD-WAN technology regularly. It took me 250 hours of substantial study to go from no knowledge of Cisco SD-WAN to feeling exam-ready, which is 50 hours shy of the total time I invested in my CCNP Routing & Switching certification!

If I were to repeat this journey again, there are a couple of things that I would do differently. I would start my journey by seeking to understand the architecture and problems that Cisco SD-WAN aims to solve. I would then watch a simple on-prem deployment, pausing to understand how each step in the process works, followed by watching a discussion on design considerations. I had a lot of questions surrounding controller placement and manipulating the control/data plane which, if I researched earlier, would have saved me from a lot of confusion in my more complex labs. I would next seek to understand in great detail how routing between the service and transport networks via the SD-WAN overlay works. This would have allowed me to know how I could translate my “traditional” Cisco IOS networking skillset into the Cisco SD-WAN world, which would have simplified studying OMP and all of the policies. Finally, I would have forced myself to stick to the labbing workflow of: (1) configure via CLI and then vManage templates and policies; (2) verify the configuration with “show commands” and vManage Monitoring pages; (3) break the configuration; and (4) troubleshoot via through CLI or vManage tools. This would have significantly reduced the effort required to recall elements of the vManage GUI during the exam.

I am happy to close this chapter of my CCIE Enterprise Infrastructure lab exam preparation and look forward to moving onwards to the next topics!

 

SDWAN Certificate