VMware recently acquired VeloCloud which is a company specialized in SD-WAN technology and added it under its NSX umbrella offering.
In this Introductory blog, I will be talking more about the fundamentals of the NSX SD-WAN By VeloCloud focusing on Architecture and Use Cases.
What is SD-WAN?
SD-WAN enables enterprises to support application growth, network agility and simplified branch implementations while delivering optimized access to cloud services, private data centers and enterprise applications simultaneously over both ordinary broadband Internet and private links. Think about SD-WAN as the onion routing that connects Enterprise DC to Branches and Private/Public Clouds.
1. Managing and scaling Connectivity of workloads on any Cloud:
Just like any SD-WAN technology, the main use case would be connecting workloads across any clouds whether private and/or public with the ability to scale and connect in the minutes. The Orchestration also provides offers recognition and classification of 2,500+ applications and sub applications without the need to deploy separate hardware or software probes within each branch location. The solution intelligently learns applications as they are seen on the network and adds them to the NSX SD-WAN cloud-based application database. Services such as firewall, intelligent multipath, and Smart QoS may be controlled through the solution’s application-aware business policy control.
2. Zero-Touch Provisioning
A huge differentiator for Velo Cloud from other competitors is their Zero-touch branch deployments. NSX SD-WAN Edge appliances automatically authenticate, connect, and receive configuration instructions once they are connected to the Internet in a zero-touch deployment.
3. Dynamic Path Selection
Dynamic Multipath Optimization comprises of automatic link monitoring, auto-detection of Internet Service Provider and auto-configuration of link characteristics, routing and QOS settings.
This means that you could dedicate traffic of a certain high priority application via an available ISP , while perhaps traffic of low priority applications will be routed to ISP2. Think of a case where you have 2 links from 2 different ISPs with one having a higher Bandwidth.
4. Link Steering and Remediation
This is another VeloCloud differentiator where an admin can do on-demand Per-packet link steering based on the measured performance metric, intelligent application learning, business priority of the application, and link cost to improve application availability. Remediates link degradation through forward error correction, activating jitter buffering and synthetic packet production.
This will be extremely beneficial for very sensitive applications (say video conferencing) where same packet will be duplicated across all available ISPs/MPLS links on the sender site while the destined site will simply reassemble the packet flow from all circuits available improving performance irrespective of jitter and drops on a given ISP link.
5. Cloud VPN (VeloCloud sites to non VeloCloud Site connectivity)
One-click site-to-site cloud VPN is a VPNC-compliant IPSec VPN to connect NSX SD-WAN and non-NSX SD-WAN sites while delivering real-time status and health of VPN sites. Establish dynamic edge-to-edge communication for all types of branches based on service level objectives and application performance.
Stateful and context-aware (application, user, device) integrated next generation firewall delivers granular control of micro-applications, support for protocol-hopping applications, such as Skype and other peer-to-peer applications (e.g., disable Skype video and chat, but allow Skype audio). The secure firewall service is user- and device OS-aware with the ability to segregate voice, video, data, and compliance traffic. Policies for BYOD devices (Apple iOS, Android, Windows, MAC OS, etc.) on the corporate network are easily controlled.
7. Deep Packet Inspection
Granular classification of 2,500+ applications enables smart control. Out-of-the-box defaults set the Quality of Service (QoS) policies for common business objectives with IT required only to establish traffic priority. Knowledge of application profile enables automation of QoS configurations and bandwidth allocations.
What are the layers of VeloCloud SD-WAN:
VeloCloud Technology is based on 3 Core layers: Management layer for Orchestration, a Control Plane Distributed Gateways and Data Plane on-premises Edges.
Velo-Cloud Orchestrator (VCO):
A multi-tenant Orchestrator which provides centralized enterprise-wide installation, configuration and real-time monitoring in addition to orchestrating the data flow through the cloud network. The VCO enables one-click provisioning of virtual services in the branch, the cloud, or the enterprise datacenter.
Velo-Cloud Gateways (VCG):
This layer constitutes of distributed network of service gateways deployed at top tier cloud datacenters around the world, providing scalability, redundancy and on-demand flexibility.
VCGs provide optimized data paths to all applications, branches and datacenters along with the ability to deliver network services from the cloud.
They are typically considered a distributed Control Plane that can optionally participate in the data-plane.
Velo-Cloud Edge (VCE):
A Zero-touch enterprise-class appliances that provide secure optimized connectivity to private, public and hybrid applications, compute and virtualized services. VCEs perform deep application recognition, application and packet steering, performance metrics and end to end quality of service in addition to hosting virtual network function (VNF) services.
They can be deployed as Hardware appliance or a Virtual Appliance running on an OVA Virtual Machine.
SD-WAN is the next Generation MPLS networking for Enterprise and Cloud Providers. It resembles the vision of connecting any cloud any workload anywhere in minimum configuration making scaling branches a smooth and flawless process.
The technology allows Links remediation and packet steering to achieve highest Quality of Service.