In today’s fast-changing world of business networking, Software-Defined Wide Area Networks (SD-WAN) are a key tool for companies. They help businesses connect their offices and systems in a way that’s flexible, affordable, and efficient. SD-WAN makes it easier to manage networks, direct traffic smartly, and keep everything running smoothly. But there’s a big challenge: keeping the network safe without slowing it down. Goutham Sunkara, an experienced network security expert who worked at Cisco Systems, has done important work to solve this problem through his efforts on Cisco Integrated Services Routers (ISR). His ideas about testing and improving SD-WAN features provide helpful lessons for keeping networks both fast and secure.
From 2018 to 2021, Goutham Sunkara worked at Cisco Systems as a Software Engineer III. His job was to help design, test, and check Cisco ISR 4K and 1K routers, as well as Catalyst 8K platforms. He worked closely with teams handling data and control functions to make sure these routers were safe and could handle large networks. SD-WAN, which smartly directs traffic over different connections like MPLS, broadband, or LTE, needs thorough testing to work well and stay secure. Sunkara tackled this by creating detailed test plans that checked how the routers performed, handled large amounts of traffic, and stayed secure.
One of Goutham Sunkara’s main achievements was thoroughly testing SD-WAN features, especially how they worked with security tools like IPsec, MPLS, and Dynamic Multipoint VPN (DMVPN). These tools are essential for keeping data safe as it moves through SD-WAN networks, which often use untrusted connections like the internet. Sunkara’s testing focused on checking encryption, ensuring data wasn’t tampered with, and confirming secure access. This ensured Cisco ISR routers could handle heavy traffic without security risks. For example, he tested IPsec tunnels to make sure they could resist attacks, like someone trying to intercept data, while keeping the network fast and reliable—important factors for business networks.
Goutham Sunkara also worked on checking for weaknesses in tunneling protocols like GRE and DMVPN, which SD-WAN uses to create secure connections. By testing these protocols with real-world attack scenarios, he found problems like poorly set up access control lists (ACLs) or weak encryption. He then teamed up with developers to fix these issues. This careful approach made sure Cisco’s ISR routers followed top security standards while still performing well for SD-WAN networks.
Automation was a key part of Goutham Sunkara’s testing strategy. He knew that checking SD-WAN features in different network conditions was complex, so he created Python scripts using Cisco’s PyATS tool on Linux systems. These scripts made it easier to test security features like firewall rules, VPN security, and network protocols such as MPLS, Multicast, and IPv4/IPv6 routing. By automating repetitive
Another critical aspect of Sunkara’s work was designing secure test environments that mirrored real-world SD-WAN deployments. He created testbeds for Layer 2 to Layer 7 protocols, including DMVPN, IPsec, NAT, HTTP, and routing protocols like OSPF and BGP. These testbeds allowed him to evaluate how ISR routers performed under diverse conditions, from small branch offices to large enterprise campuses. By integrating security testing into these environments, Sunkara ensured that the routers could withstand threats like unauthorized access or data leaks while supporting advanced features like Network-Based Application Recognition (NBAR) and Web Cache Communication Protocol (WCCP).
Sunkara’s cross-functional collaboration with development, feature, and marketing teams further enhanced the security and performance of Cisco’s ISR platforms. By providing insights into test results and customer issues, he helped shape secure product designs from development to deployment. His work on regression testing ensured that new features did not introduce vulnerabilities or degrade performance, a critical consideration in SD-WAN environments where updates are frequent.
The lessons from Sunkara’s work underscore the importance of a holistic approach to SD-WAN security. Balancing performance and security requires meticulous planning, from designing robust test environments to leveraging automation for efficiency. His emphasis on vulnerability assessments and protocol validation highlights the need to anticipate threats in dynamic network environments. For organizations deploying SD-WAN, Sunkara’s strategies offer a roadmap for ensuring that Cisco ISR routers deliver both high performance and ironclad security, enabling secure connectivity in an increasingly distributed world.
