VMware SD WAN Technical Overview EN

VMware SD-WAN™
by VeloCloud®
Technical Overview
Speaker Name
Role
Date
Confidential │ ©2019 VMware, Inc.

Agenda Why SD-WAN SD-WAN Routing
Solution Architecture Segmentation
Assure Application Performance PCI Compliance
Business Policy Service Insertion
Cloud VPN SD-WAN Design
Confidential │ ©2019 VMware, Inc. 2

“Before we start,
let’s learn some acronyms.

Related Acronyms
Official name: VMware SD-WAN™ by VeloCloud®️
VeloCloud®️ Orchestrator
VMware SD-WAN Orchestrator
(VCO)
VeloCloud®️ Gateway
VMware SD-WAN Gateway
(VCG)
VeloCloud®️ Controller
VMware SD-WAN Controller
(VCC)
VeloCloud®️ Edge
VMware SD-WAN Edge
(VCE)

Why SD-WAN

IT 1.0
C
MPLS
Branch Data center
Hardware-Driven Difficult Expensive

Challenges with Multiple Disparate Links and Cloud Migration
C
MPLS
Cable
DSL
Branch Data center
LTE
Cloud Services
Sub-optimal Complex
Inefficient
traffic flow to manage

Enterprise WAN Is Getting Increasingly Complex
50-80% backhaul
50% has hybrid WAN SaaS IaaS/PaaS
Dropbox
Lifting & shifting to cloud Salesforce.com
Office365
GCP AWS
DATA
LEASED LINES DATA CENTER
CENTER
• Control • Loss of control BRANCH BRANCH
• Visibility • Lack of visibility

• Cost • Higher cost BRANCH
BRANCH
• Security • Lack of consistent BRANCH
BRANCH
• Plan-driven security BRANCH

LEASED LINES
DATA CENTER
• Long cycle time • React to change

& no agility
BRANCH
• Shorter cycle time BRANCH
DATA CENTER
DR SITE

VMware SD-WAN Cloud-Delivered SD-WAN Advantages
Private /MPLS 3G/4G LTE
SD-WAN Overlay Multitenant cloud gateways
Branch edges Internet Broadband

Data center edges
Simplified WAN Assured application Managed on-ramp

management performance to the cloud
Transport independent
Zero touch deployments, Direct cloud access with
performance for the most
simplified operations, performance, reliability
demanding apps, leverages
one-click service insertion and security
economical bandwidth

Solution Architecture

VMware SD-WAN Cloud-Delivered SD-WAN
VMware SD-WAN’s network service consists of 3 key components
VMware SD-WAN
VMware SD-WAN
1
Orchestrator
1 Orchestrator
SaaS
2
Public
Internet
Branch site
with VMware Enterprise data center
2 Cloud Gateway SD-WAN Edges
Dynamic Multipath
via VMware SD-WAN
Optimization
Gateway
3
Private
Network/MPLs
3 Edge Enterprise data center

with on-premises VMware
SD-WAN Edge

VMware SD-WAN Edge – Wide Range of Hardware Platform
Edge 510 Edge 520 Edge 520v Edge 540 Edge 840 Edge 840v Edge 2000
4-Port GE 10-Port GE 10-Port GE 10-Port GE 6-Port GE 6-Port GE 6-Port GE

2-USB—LTE 2-Port SFP 2-Port SFP 2-Port SFP 2-Port SFP+ 2-Port SFP+ 2-Port SFP+
WiFi 4-USB—LTE 4-USB—LTE 4-USB—LTE VNF Ready
WiFi WiFi WiFi
VNF Ready
10 Mbps
50 Mbps
100 Mbps
500 Mbps 200 Mbps 200 Mbps
10 Gbps
1 Gbps 2 Gbps

VMware SD-WAN Edge – Multi Gigabit Software Offering
Bandwidth Tier 10 Mbps 50 Mbps 100 Mbps 500 Mbps 10 Gbps
CPU 2vCPU 2vCPU 2vCPU 4vCPU 8vCPU
Memory 4GB 4GB 4GB 8GB 8GB
Supported IaaS AWS - http://go.awspartner.com/esg-sd-wan-report

Azure
Supported VMware ESXi (OVA)

Hypervisor KVM (qcow2)
Provide same functionality as the physical appliance

Support both paravirtualized driver, e.g. vmxnet3, virtio, and SR-IOV
Tested on commerical whitebox CPE such as Juniper NFX250, Ciena 3906mvi
Support cloud-init for no touch bootstrapping & activation

Full Support for Cloud Deployment
3rd party AWS SD-WAN Buyer Guide available (http://go.awspartner.com/esg-sd-wan-report)

Simple – Deploy in “Minutes”
If you can connect to a Wifi Hotspot, you can deploy SD-WAN
Create config Install, authenticate

1 2 Device ships 3
& send key & pull config
IT admin adds a new VMware SD-WAN VMware SD-WAN Edge with Office admin plugs in the device and
Edge in the customer account. factory default config is shipped connects to the Internet through
to the remote site. VMware SD-WAN Edge WLAN/LAN
IT admin generates an activation key Office admin powers up the device Office admin clicks on activation link
and emails it to the installer. and connects it to the internet. in the email. Edge is activated.

Global PoP Coverage Q1CY18
Regions
29
AZ’s
32

VMware SD-WAN Gateway and Controller
Data plane Control plane
VMware SD-WAN Data plane function Control plane function Important control VMware SD-WAN
Gateway software has (Optional) (Mandatory) plane traffic protected Controller = Same
both data plane and Handoff traffic Bandwidth test by IPSec VMware SD-WAN
control plane to Non-VMware Route update & Gateway software with
SD-WAN site distribution data plane disabled
Handoff traffic to SaaS WAN IPs discovery
& resolution

Using VMware SD-WAN Gateway as SD-WAN Headend
for Cloud Destination
VMware SD-WAN Gateway requires no
configuration in order to process traffic
1 Policy config
VMware SD-WAN Gateway is also transparent
to the end enterprise
2 Traffic starts Business policy, e.g. QoS, steering,

is pushed to the VMware SD-WAN Edge
Once traffic starts, VMware SD-WAN Edge

synchronizes policy with VMware SD-WAN
3 VMware SD-WAN Edge Gateway on per-flow basis
informs the VMware
SD-WAN Gateway
the policy, DPI, etc. Very easy to rehome VMware SD-WAN Edge to
different VMware SD-WAN Gateway

VMware SD-WAN Gateway – Hosted by VeloCloud
Scalable, high performance connectivity to the cloud
SaaS Multitenant software appliance

operated by VeloCloud, now part of
VMware
IP Transit SaaS
Partner cloud services Leverage both colocation and public

cloud to host the gateway
IPSec
Provide cloud on-ramp

VPC or on premises VPN Headend
IPSec
99.99% Availability

VMware SD-WAN Orchestrator
Multitenant SD-WAN portal | SD-WAN configuration | Site drill down to link and app usage
CLI Zero touch

provisioning
Profile level
policies
Automatic
link profiling

VMware SD-WAN Orchestrator API and SDK Overview
Browsers, cURL
VMware JSON-RPC API over HTTPS transport
SD-WAN between the client and VMware SD-WAN
Orchestrator Orchestrator
API
Client can be web browser, curl, SDK
Use cases: monitoring, provisioning,

configuration
SDK is a wrapper of the API to make it easier

to program or interact with VMware SD-WAN
Orchestrator
Java Python API
SDK supports Python and Java languages

+ document + supported API
VMware SD-WAN
Orchestrator SDK

VMware SD-WAN Orchestrator Disaster Recovery
VMware VMware For on-premises deployment,

SD-WAN SD-WAN
Orchestrator A Orchestrator B
provide DR in case of VMware
Replica & Status
SD-WAN Orchestrator failure
Simple one-click DR pairing

Normal DR
Heartbeat Heartbeat
Operator initiated failover
to avoid split brain
VMware SD- VMware SD- Minimize data loss by replicating

WAN Branch WAN Gateway delta instantaneously
Edge

Three-tier Multitenant SD-WAN Service Orchestration
Different user types with role based access control
Operators
Operator (ISP) Portal

Operator vco.velocloud.net/operator
Partners
MSP Portal
Partner A Partner B Partner C vco.velocloud.net
Customers
Enterprise Portal
Customer A Customer B Customer C Customer D vco.velocloud.net

VMware SD-WAN SD-WAN Communication (Management)
TLS 1.2
JSON-RPC over HTTP
Heartbeat & authentication
Configuration update
Statistics & events upload

Management Plane Traffic (Heartbeat)
Polling model simplifies the NAT/firewall Automatically switch to underlay VMware SD-WAN Gateway NAT
requirement. VMware SD-WAN Edge if heartbeat through the overlay fails all the heartbeats toward
always initiates traffic toward VMware SD- the VMware SD-WAN Orchestrator
WAN Orchestrator.
VMware SD-WAN Orchestrator tracks

Heartbeats sent via overlay by default Heartbeat frequency is 30 secs state and generates alerts
HTTPS in Overlay HTTPS
Email
SD-WAN
public overlay Internet
SMS
VMware VMware SD-WAN VMware SD-WAN

SD-WAN Edge Gateway Orchestrator
Traps
SNMP

VMware SD-WAN SD-WAN Communication (Control & Data)
VMware SD-WAN Dynamic Multipath Data-plane only

Optimization™ (DMPO)
Control-plane + optional data-plane
UDP/2426
Data plane between VMware

SD-WAN Edges
Control plane + Optional data plane

between VMware SD-WAN Edge
and VMware SD-WAN Gateway
Complete separation of management,

control, and data planes

Deployment Options with VeloCloud
1-Hosted data (Gateways) 2-Hosted management only

3-All on-premises
Advanced Cloud, Enterprise Advanced, Standard
VMware SD-WAN VMware SD-WAN VMware SD-WAN VMware SD-WAN VMware SD-WAN
Orchestrator Controller Orchestrator Controller Orchestrator
Edges as Hub Edges as Hub Edges as Hub
Branch Edges
Branch Edges Branch Edges

(Includes VMware SD-WAN Controller)

SD-WAN for On-premises Enterprise Deployment
SD-WAN management
(VMware SD-WAN
Internet Orchestrator) and controller
DMPO
(VMware SD-WAN Controller)
on-premises
Branch Office
with VMware SD-WAN Edge Data center
Internet with VMware SD-WAN VMware SD-WAN Edge
EDGE (HUB)
(VMware SD-WAN Edge) on-
DMPO premises (physical or VNF)
MPLS
Branch Office VMware SD-WAN
with VMware SD-WAN Edge
Orchestrator Normally decision for
On-premises on premises is due to regulation
or security concern
LTE
DMPO
Branch Office No ability to leverage

with VMware SD-WAN Edge cloud gateway

Assure Application
Performance

Deep Application Recognition (DAR)
Deep Packet Inspection Learning database Cloud service directory

Application recognition Cached DPI result to assist Up-to-date database
& application metadata with first packet classification of cloud service IPs
2500+ Applications

Application Identification Decision Flow
New flow
Is this flow
Perform DPI
to a known destination?
Update the
dynamically
learned DB
Static Database Dynamically Learned
Is the flow going to known Is the flow going to destination

destination statically defined we have seen before?
in app-map?

Dynamic Multipath Optimization™ (DMPO)
Assured application performance on any transport
Continuous Link Monitoring
Drives automation and optimization
Dynamic per Packet Steering
Sub-second steering without session drops

Aggregated bandwidth for single flows
On Demand Remediation
Protects against concurrent degradation

Enables single link performance

Maintaining QoE – Unified Communication Services
Video conference over WAN link with 2% packet loss
Without VMware SD-WAN With VMware SD-WAN

Intelligent Aggregation for TCP Applications
Dual 20Mbps Links / 50 MB Box File Transfer

Without VMware SD-WAN VMware SD-WAN
No Less 22 sec 12 sec

2% Packet Loss 134 sec 13 sec
10x faster response time

Optimized Office365 Performance
O365 on a single link (brownout condition) from branch in Thailand to gateway in Singapore
VMware SD-WAN
Non-SD-WAN

Link Steering Options
Per-application traffic steering policy
Link A: Private Wired

Mandatory
Pin an application to a path even when the overlay fails

PCI Link B Example: PCI
Link A: Private Wired Preferred

Prefer application on a path but steer away
if cannot meet SLA
VolP Example: VoIP
Link B
Available
Link A: Private Wired
Prefer application on a path but steer away
if the overlay fails
Example: Web Browsing
Web
Browsing Link B

Simplify Business Policy Using Transport Group
Abstraction of the actual interface

to logical name used in policy
Interface > Transport Group auto-assignment
Make single policy for different HW models possible
Example: Enterprise deployment
Small branch GE3 – MPLS (AT&T) GE4 – Internet (Comcast)
Small branch GE3 – Internet (Comcast) GE4 – Internet (AT&T)
Med branch GE1 – MPLS (AT&T) GE2 – Internet (Comcast)
Regional hub GE5 – MPLS (AT&T) GE6 – Internet (AT&T)

Application Aware Overlay QoS Scheduling
Offer 9 traffic classes
Enterprises or SPs can specify guaranteed

and max BW for each class
Each rule in business policy maps to a traffic class
High Normal Low High Normal Low
Business
Collaboration
Audio/Video
35 15 1
Real-Time Real-Time
Infrastructure,
Authentication, IM, Web, Proxies,
Remote Desktop,
Business App
Management,
Network Services,
Games, Media,
Social
20 7 1
Transactional Tunneling Transactional
Email File Sharing

Storage/Backup,
P2P 15 5 1
Bulk Bulk

Business Policy

Simplify WAN Management – Business Policy Framework
Legacy WAN: ACL, IP address, subnets

SD-WAN: App-level policy
Legacy WAN: Need to put application in the right

queue by marking and configuring QoS
SD-WAN: App-awareness to choose the right queue
Legacy WAN: Complex routing tuning & PBR

to do split tunnel
SD-WAN: App-aware split tunnel policy & single click
Legacy WAN: Routing protocol tuning, probes, PBR

SD-WAN: Dynamic path selection

App-aware Traffic Redirection
Choosing Internet exit per application
Critical SaaS
2 applications & Internet
backhaul to CWS
Non-critical Internet
1 traffic, e.g. Netflix
Direct
Multipath to
closest gateway
Internet/MPLS
Branch edge
Backhaul to
selected VMware
SD-WAN Edges
Hub edge On premises

3 applications
& Internet
backhaul

Default Rules in Business Policy
Control the default behavior for unknown or unclassified traffic
DPI takes a few packets to determine what application really is

App
TCP 3-Way Handshake
TCP
First flow to a destination may not take the right policy
if match criteria is L7
TLS Exchange
SSL
Utilize default policy for destination seen for the first time
SalesForce.com
SFDC
Once destination to app is known, next flow can be identified
in the first packet

Cloud VPN

One-Click VPN
Provide simple to configure, secure connectivity across every transport
PKI based IKEv2 authentication between

two VMware SD-WAN Edges and with
IPSec
VPC Router
Static tunnel to VMware SD-WAN
Edge Hubs
Branch Site Enterprise
IPSec
Internet DC
Dynamic
E2E Dynamic tunnel between branch
tunnel Enterprise VMware SD-WAN Edges for scale
data center
Redundant Cloud Gateways provide

aggregation point to non-VMware SD-
Enterprise WAN sites
Branch Site data center
• IPSec IKEv1/v2
• Routed or Policy mode VPN

Dynamic Edge-to-Edge VPN Traffic Flows
C
Initial traffic
After dynamic E2E is up
E2E with VMware SD-WAN Gateway E2E with Hub
Leverage distributed VMware SD-WAN Gateways to facilitate For security conscious and hybrid sites
E2E traffic Define list of hubs to facilitate E2E traffic
VMware SD-WAN Gateway used for both data/ VMware SD-WAN Gateway used for control plane only
control plane
Initial traffic hairpins to hub while dynamic E2E tunnel is built
Initial traffic goes through VMware SD-WAN Gateway while
dynamic E2E tunnel is built

Branch to Hub Tunnel Setup
Step 1
VMware SD-WAN VMware SD-WAN Edge receives a list of VMware SD-WAN Gateway
Gateway IP and Bandwidth, ISP discovery,
and hub IPs to connect to IPs and hubs from VMware SD-WAN Orchestrator
list of hubs
VMware SD-WAN Edge builds the control tunnel to the VMware SD-
WAN Gateway to learn about its bandwidth, ISP, and hub IPs to
connect to
Internet
MPLS
Branch Hub Step 2
Branch VMware SD-WAN Edge initiates the tunnel to the hub

over the different paths
VMware SD-WAN Edge branch to branch traffic can use
direct dynamic tunnel
Internet
Tunnel to VMware SD-WAN Gateway can be used for data traffic
Branch Hub based on configurable policy
MPLS

Tunnel Connectivity Options
1 Separation between private and public tunnels
Full mesh tunnels between

2
all the public interfaces
3
Separation between different private tunnels by
tagging each private network with different name
MPLS1 MPLS2 Internet

Edge to Edge VPN with Hub
Hub Hub Hubs are configured in the VMware

SD-WAN Orchestrator. VMware SD-
WAN Orchestrator notifies all the
List of Hubs VMware SD-WAN Edges about hubs.
VMware SD-WAN Edges build static

multipath tunnels to hub.
VMware SD-WAN Edges still use

VMware SD-WAN Gateway to
distribute route.
E2E traffic is first sent to the hub

based on routing table. If dynamic
Branch Branch E2E is configured, VMware SD-WAN
Edges establish direct tunnels

Non-VMware SD-WAN Sites
Closest VMware SD-WAN Gateway to

the destination is chosen
DMPO IPSec
DMPO between VMware SD-WAN

Edge and VMware SD-WAN Gateway
IPSec but standard IPSec to
the Non-VMware SD-WAN site
• Support IKEv1 and IKEv2
• Support both routed and policy
modes IPSec
IPSec
Use IKE DPD to detect IPSec tunnel
failure and notify the VMware
SD-WAN Edge

SD-WAN Routing

Full Routing Stack and Integration with SD-WAN Overlay
Routing Hub
Protocol
Routing Route
L3 SW Protocol Redistribution
Overlay Route Update

Branch
Support overlay and underlay Underlay route options: OSPF and/or BGP underlay Underlay routes are
routes over the same interface static (with IP SLA), OSPF, BGP routing protocol at each site redistributed to the overlay
and vice versa while retaining
the BGP attributes

Challenges with SD-WAN Overlay Networking
I can reach A I can reach A
I can reach A
MPLS MPLS SD-WAN

Overlay
I can reach A
A A
Before SD-WAN After SD-WAN
Simple and deterministic routing Need careful routing plan to avoid asymmetric
and sub-optimal routing
This is due to mixing overlay and underlay networking, not
VeloCloud or SD-WAN issue

Options for Connecting SD-WAN with Non-SD-WAN Sites
Non-SD-WAN sites Non-SD-WAN sites
MPLS MPLS
SD-WAN SD-WAN SD-WAN SD-WAN
Hybrid Branch Transit Site Hybrid Branch Transit Site
SD-WAN SD-WAN
Overlay Overlay
Through SD-WAN Hub Site Directly from SD-WAN Branch Site
• Traffic to/from non-SD-WAN sites go through hubs • Traffic to/from non SD-WAN sites go directly to MPLS
to reach SD-WAN sites
• May be preferred if there is a lot of communication
• Simple to control policy. Eliminate BGP from branch between SD-WAN and non-SD-WAN sites
• If non-SD-WAN sites are high BW, allow SD-WAN sites • Utilize uplink feature on the BGP neighbor toward MPLS
to use combined link BW cloud to stop a branch from being transit
• May introduce latency due to backhauling

Using Transit Site vs Going Direct to MPLS
Hub site Hub site
BGP BGP
A MPLS Internet A MPLS Internet
Legacy site Legacy site

BGP
Branch site Branch site

B B
From To Next Hop From To Next Hop
Branch A Overlay to hub Branch A MPLS (BGP)
MPLS B Hub (BGP) MPLS B Branch (BGP)

Know All the Routes, Where They Are From
Route learning
from legacy
Overlay flow control
protocol, e.g.
OSPF, BGP
Control Plane
Exchange
through
overlay
Show the VMware

Aggregated view
SD-WAN Edge that
of all the routes
learns the routes and
in the enterprise
the metrics they see
Route learning from legacy protocol,
e.g. OSPF, BGP

End-to-End Segmentation

Segmentation Overview
IP Packet Received from
IP Packet Sent in Voice Segment VMware SD-WAN Multipath
Voice Segment
Enterprise ID
Source IP Source IP Source IP
“Customer A”
Data Data Data
Destination
Destination IP Segment ID “Voice” Destination IP
IP
Voice
Guest VMware SD-WAN Management Protocol
PCI VMware
VMware SD-WAN
SD-WAN Edge
Gateway
Enable segmentation globally per customer Overlay tunnel is shared by all segments for scalability
16 segments per customer Default “Global Segment”
Enterprise ID and Segment ID are automatically

assigned and embedded in the VCMP header

Enterprise-Wide Segmentation
Segment aware policies
VMware SD-WAN
Orchestrator and Controller
Corp
10.1.0.0/24
Segment aware
topology insertion
Data center
Branch 1
Media
Signaling
Overlapping IP
in different segments
Corp SBC
10.2.0.0/24
Guest Corp
10.2.0.0/24
Branch 2
VMware
SD-WAN Edge Guest
Guest
10.3.0.0/24
PCI
PCI PCI
Network
10.3.0.0/24 Retail Store

PCI Compliance

PCI Compliance SD-WAN
Management
Multitenant
On-premises deployment is ready for PCI audit
TLS 1.2
Role-based access control / Radius
2-Factor authentication
VMware SD-WAN optional PCI Certified (AOC) Event and firewall logs / APIS
Built-in certification server
hosted Orchestrator and Controller
Partner Gateway Data Plane

IPsec with AES 256
PKI
Local access control
Segmentation for hosted Controller
Direct IPSec
EntA-Branch PCI Network
GUEST PCI
EntA-Hub

Service Insertion

Service Insertion Points
SaaS
Public
Internet
Enterprise data center

via Cloud Gateway
Private /MPLs
Enterprise data center

with on-premises VMware
SD-WAN Edge

Cloud Web Security Integration
VMware SD-WAN Gateways

are in close proximity to the
partner Cloud Web Security
PoP. Leverage DMPO for
performance.
IPSec
IPSec
Per-app service insertion
when connect through
IPSec
Simplify tunnel configuration to
cloud web security

VMware SD-WAN Virtual-Ready Platform
Firewall VNF on Physical Leverage best-of-breed

Available VMware SD-WAN Edge VNF with SD-WAN
NOW
SD-WAN Orchestration
Simple, one-click
Firewall
service insertion
SD-WAN
VNF
Available
2H/2018 Automate VM lifecycle
SD-WAN Virtual Services Platform
and registration
LAN Ports WAN Ports
Branch LAN Branch VMware SD-WAN Edge Internet and MPLS
Virtual Ready (V) Edges

SD-WAN Site Design

VMware SD-WAN Hybrid WAN Architecture
SD-WAN CPE
VRRP
with VRRP To Core Switch
(Campus/DC)
SD-WAN with L3 MPLS
SW and routing
protocol VMware SD-WAN
Edge Cluster
OSPF/BGP
SD-WAN CPE SaaS
….
Hybrid Site
Non-SD-WAN Site Internet
SD-WAN CPE
Internet only Data center/Regional Hub

Hybrid Sites – Routing Options
BGP BGP
PE
PE PE
MPLS MPLS MPLS
OSPF BGP
Internet Internet Internet
No routing protocol BGP to the PE, OSPF to LAN All BGP
During transition, use the hub as transit to Run BGP with PE Run BGP with PE
reach non-SD-WAN sites Run OSPF with enterprise LAN Run BGP with enterprise LAN
Static route & connected subnets Redistribute between BGP, OSPF, Redistribute BGP into overlay
automatically advertised into overlay and overlay Preserve BGP attributes: community, AS-
path, local-pref, MED

High Availability Deployment
MPLS Internet MPLS Internet MPLS Internet
High Availability (HA) VRRP Enhanced HA
Hitless upgrades VRRP between VMware SD-WAN Edge Eliminates L2 switch/router

Sub-second failover and convergence and 3rd party router requirement on WAN
Overlay tunnels on both WAN links Automatically detect and switch between
Requires Modem with 2 ports
HA and enhanced HA mode
or external switch

Hub Cluster Design
Common deployment in
BGP the data center with dual
core switches
Branch VMware SD-WAN

…… Edge is assigned a hub
. VMware SD-WAN Edge by
Cluster of VMware SD-WAN Edges the controller
MPLS Internet

Thank You
Confidential │ ©2019 VMware, Inc.

SWITCH DMPO GATEWAY ORCHESTRATOR EDGE/HUB
CLOUD
BRANCH (uses stroke, DATA CENTER/DC
change weight as you see fit)

VMware SD WAN Technical Overview EN

Uploaded by

Copyright:

Available Formats

VMware SD WAN Technical Overview EN

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VMware SD WAN Technical Overview EN

Uploaded by

Copyright:

Available Formats

VMware SD-WAN™

Confidential │ ©2019 VMware, Inc.

Solution Architecture Segmentation

Assure Application Performance PCI Compliance

Business Policy Service Insertion

Cloud VPN SD-WAN Design

Confidential │ ©2019 VMware, Inc. 2

Confidential │ ©2019 VMware, Inc. 3

Confidential │ ©2019 VMware, Inc. 4

Confidential │ ©2019 VMware, Inc. 5

Branch Data center

Hardware-Driven Difficult Expensive

Confidential │ ©2019 VMware, Inc. 6

Confidential │ ©2019 VMware, Inc. 7

• Control • Loss of control BRANCH BRANCH

• Visibility • Lack of visibility

• Plan-driven security BRANCH

• Long cycle time • React to change

Confidential │ ©2019 VMware, Inc. 8

Private /MPLS 3G/4G LTE

SD-WAN Overlay Multitenant cloud gateways

Branch edges Internet Broadband

Simplified WAN Assured application Managed on-ramp

Confidential │ ©2019 VMware, Inc. 9

Confidential │ ©2019 VMware, Inc. 10

3 Edge Enterprise data center

Confidential │ ©2019 VMware, Inc. 11

4-Port GE 10-Port GE 10-Port GE 10-Port GE 6-Port GE 6-Port GE 6-Port GE

500 Mbps 200 Mbps 200 Mbps

Confidential │ ©2019 VMware, Inc. 12

Bandwidth Tier 10 Mbps 50 Mbps 100 Mbps 500 Mbps 10 Gbps

CPU 2vCPU 2vCPU 2vCPU 4vCPU 8vCPU

Memory 4GB 4GB 4GB 8GB 8GB

Supported IaaS AWS - http://go.awspartner.com/esg-sd-wan-report

Supported VMware ESXi (OVA)

Provide same functionality as the physical appliance

Confidential │ ©2019 VMware, Inc. 13

3rd party AWS SD-WAN Buyer Guide available (http://go.awspartner.com/esg-sd-wan-report)

Confidential │ ©2019 VMware, Inc. 14

Create config Install, authenticate

Confidential │ ©2019 VMware, Inc. 15

Confidential │ ©2019 VMware, Inc. 16

Data plane Control plane

Confidential │ ©2019 VMware, Inc. 17

2 Traffic starts Business policy, e.g. QoS, steering,

Once traffic starts, VMware SD-WAN Edge

Confidential │ ©2019 VMware, Inc. 18

SaaS Multitenant software appliance

Partner cloud services Leverage both colocation and public

Provide cloud on-ramp

Confidential │ ©2019 VMware, Inc. 19

CLI Zero touch

Confidential │ ©2019 VMware, Inc. 20

Client can be web browser, curl, SDK

Use cases: monitoring, provisioning,

SDK is a wrapper of the API to make it easier

SDK supports Python and Java languages

Confidential │ ©2019 VMware, Inc. 21

VMware VMware For on-premises deployment,

Simple one-click DR pairing