EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

VMware SD-WAN Architecture and VeloCloud Components

VMware SD-WAN Architecture and VeloCloud Components

Posted on Jan 08, 2020 (0)

SD-WAN Architecture

VMware SD-WAN solution is transport independent, SD-WAN solution which provides secure overlay by using any transport medium like Broadband, LTE, and MPLS, to access all the application hosted on cloud and datacenter. All the component of SD-WAN VeloCloud can be managed by central orchestrator which also helps in automation and virtual service insertion.

VeloCloud Components:

There are three components of SD-WAN VeloCloud as mentioned below:

NSX SD-WAN Edge:

  • It is also said as Virtual Edge comes in Virtual as well as in Hardware provided by Dell
  • It can be deployed at customer perm or cloud and datacenter
  • It provides flexibility in deployment like Virtual Edge on cloud and insertion of various service platform for VNF

Below figure describe how different NSX Edge can be installed in different environment

For Micro to Small Branch: Edge can be Hardware CPE, with no local apps and cloud security embedded. There are 6-7 Models, each have same functions only number of ports is different

For Small to Mid-Size Branch: Edge with VNF integrated, for Security, URL/Content filtering, IDS/IPS Currently Palo-alto has been integrated as VNF and roadmap is Checkpoint and Fortinet.

Large Branch and DC: CPE device with local apps and Many VMs including network services are integrated.

These NSX Edge is used to optimize traffic between Branch, datacenter and on cloud locations. It is a thin device and is deployed on –premises which is zero-touch provisioned from cloud to provide secure and optimize connectivity to applications and data. It can also be used as Virtual network function (VNF) for instantiation on Virtual CPE platform.

Edge has feature called dynamic path Optimization (DMPO) and Deep application recognition (DAR) through with it aggregates multiple links and distributes traffic over best optimal link dynamically.

NSX SD-WAN Orchestrator

  • It is the Multitenant cloud based orchestrator for Management, Configuration and monitoring
  • It can be on VMware, or Service Provider hosted and can also be hosted on on-prim for enterprise
  • It uses various APIs to integrate with vendors
  • It enables fast deployment and provide zero touch provisioning of branch.
  • This is also used in testing and troubleshooting the NSX SD-WAN.
  • This cloud based Orchestrator is used to provision network related policies , enable service insertion and analyses the application performance.

NSX SD-WAN Gateways & Controller:

  • It is used as headend for Cloud destination ( Saas / Iaas )
  • Fully managed and operated by VMware and Service Provider
  • It support multi-tenant environment
  • All SD-WAN gateways can also optionally connect to global SD-WAN gateways to provide performance, security, and visibility for cloud services (SaaS, LaaS ) etc.
  • It is deployed on worldwide location and also on top-tier network PoPs
  • It has embedded Controller function which can perform the following:
    • Provide Route Distribution
    • It also resolve tunnel end point IP

Global Gateways:

Now let’s talk about global gateways. These Global gateway are not only responsible for Control plane but also responsible for data plane as it uses IPSEC tunnel to all non-VeloCloud locations (Customer not putting SD-WAN router on its premises or partner location.

VeloCloud has installed Cloud global gateways which is distributed throughout globe

They are used to optimize the SaaS access like office 365, sales force application, which means that Gateways optimize the branch traffic to closest Gateway entry point by knowing that from where branch traffic is trying to access the application.

These global gateways are present in approve 30+ regions, with more than 63 Orchestrator.

There are about 440+ global gateways distributed all across globe and it has 99.99% reliability SLA.

Core feature of SD-WAN Platform

There are seven core function of NSX SD-WAN platform, which is been discussed one by one below:

Zero-Touch Deployment:

When Edge are connected to internet, they automatically authenticates, connect and receive the configuration instruction from SD-WAN orchestrator and with the help of Edge redundancy protocol and OSPF it gets integrated with existing network

Dynamic Path selection:

With the Help of NSX SD-WAN DMO, it monitors the links, auto detect the provider and auto-configure the link characteristics, routing and QOS setting.

Link Steering & Remediation:

Based on intelligent application learning, business Priority and measured performance metric, link cost and on demand packet steering is performed.

Cloud VPN:

It used Site to site Cloud VPN (VPNC compliant IPSEC VPN) to connect NSX SD-WAN and non-SD-WAN sites. It delivers secure connectivity across all branches with PKI scalable key management, New Branches joins VPN network automatically and gets access to all other branch resources, enterprise datacenter, and 3 party datacenter like Amazon and AWS.

Multi-tenancy:

All SD-WAN component like Orchestrator and gateways are multi-tenant in nature

Segmentation:

It used to segment different types of traffic while maintaining business policies (example segmentation PCI traffic from corporate traffic and guest internet traffic. It helps customers to enable separate and unique topologies and rules for each segment.

Virtual Network Function:

On edge and gateways, various VNF can also be integrated for multiple services and security support.


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.