VMware SD-WAN e02: VeloCloud Core Components

Dimitrie Sandu

9 Mar 202013:50

Summary

TLDRThis video introduces VMware SD-WAN, highlighting the shift from traditional WAN models to a cloud-optimized approach. It explores the three main components: the Edge, which connects local networks to the internet; the Orchestrator, a cloud-based management system; and the Gateway, which facilitates secure routing between edges. The video emphasizes the importance of security, efficient routing, and traffic optimization through encrypted tunnels, multi-path support, and error correction. Overall, it provides a high-level overview of VMware SD-WAN’s flexibility, security features, and the role of its components in improving WAN performance for modern networks.

Takeaways

😀 VMware SD-WAN introduces a new way of handling wide area networks, replacing traditional methods of private lines and backhauling traffic.
😀 Traditional networks are not optimized for cloud-based applications and cannot handle increased traffic from branches or devices.
😀 The VMware SD-WAN architecture includes three primary components: Edge, Orchestrator, and Gateway.
😀 The **Edge** is responsible for connecting local area networks (LANs) to the wider internet and can be physical or virtual, supporting a range of transport technologies.
😀 Edges can integrate security features like firewalls and VPN concentrators to secure traffic, especially when direct internet access is used.
😀 The **Orchestrator** is a centralized management system that handles edge configuration, monitoring, and data flow using a cloud-based solution hosted by VMware.
😀 The Orchestrator simplifies deployments through an easy-to-use UI and API, allowing users to provision and manage multiple edges efficiently.
😀 **Gateways** act as distributed controllers for route redistribution between edges, ensuring efficient and optimized traffic routing.
😀 Gateways can also serve as hubs to push traffic between branches, reducing unnecessary long-distance traffic and enhancing performance.
😀 Security is prioritized in VMware SD-WAN through encrypted tunnels (IPSec) for data and TLS for management and control communications.
😀 VMware SD-WAN provides flexibility with its deployment options, including hardware and software configurations, and supports service chaining with third-party security solutions.

Q & A

What is VMware SD-WAN, and how does it differ from traditional networking?
-VMware SD-WAN is a solution designed to optimize wide area networks (WANs) for cloud-based applications. Unlike traditional networks that rely on private lines and backhaul traffic to a central data center, SD-WAN enables direct internet access from branch offices, offering better performance, flexibility, and scalability for modern, cloud-centric workloads.
What are the key components of VMware SD-WAN discussed in the video?
-The key components of VMware SD-WAN discussed in the video are the edge, the orchestrator, and the gateway. The edge connects local area networks to the wider internet, the orchestrator manages the configuration and monitoring of the edges, and the gateway helps distribute routing information between edges and facilitates secure traffic handling.
What is the role of the SD-WAN edge in the network?
-The SD-WAN edge connects a local area network (LAN) to the wider internet, using transport-agnostic technologies such as broadband or private links. It serves as the interface for routing traffic, providing secure connectivity, and acting as a secure point for managing traffic between the network and the cloud.
How does VMware SD-WAN ensure security at the edge?
-Security at the edge is ensured through integration with next-generation firewalls and virtualized security solutions, such as those from vendors like Fortinet or Palo Alto. Additionally, traffic is encrypted using technologies like IPSec, and the edge integrates with security measures to protect against threats when using direct internet access.
What is the function of the VMware SD-WAN orchestrator?
-The VMware SD-WAN orchestrator is a centralized management tool that configures and monitors the SD-WAN edges. It is hosted primarily in the cloud and enables provisioning, real-time management, and monitoring of SD-WAN devices, ensuring seamless configuration updates and system health across the network.
What is the advantage of using a cloud-hosted orchestrator over an on-premise solution?
-Using a cloud-hosted orchestrator offers several benefits, including reduced management overhead (no need for on-premise patches or troubleshooting), scalability, and the ability to easily integrate with VMware’s cloud ecosystem. On-premise hosting requires more resources and expertise to manage, which could lead to higher operational costs.
How do SD-WAN edges authenticate and communicate with the orchestrator?
-SD-WAN edges authenticate with the orchestrator by building a secure TLS tunnel. Once authenticated, the edge pulls its configuration from the orchestrator and pushes real-time operational data and alarms back to it. This ensures centralized management and streamlined operations.
What is the role of the VMware SD-WAN gateway in the control plane?
-The VMware SD-WAN gateway acts as a route distributor, allowing SD-WAN edges to exchange routing information. It functions similarly to a BGP route reflector, enabling edges to share control information and optimize routing decisions across the network.
What additional role can SD-WAN gateways play beyond route distribution?
-Beyond route distribution, SD-WAN gateways can also act as traffic hubs for branch offices located in different regions. This eliminates the need for long-distance traffic to traverse the entire network, improving efficiency and reducing latency. They can also facilitate secure data plane traffic to services like cloud applications.
What is the significance of multi-path routing and encryption in VMware SD-WAN?
-Multi-path routing in VMware SD-WAN allows the network to use multiple transport paths to ensure optimal traffic routing, improving performance and reliability. Encryption standards like IPSec over UDP 24/26 ensure secure communication, protecting data as it travels across the internet and between network components.