VMware SD-WAN e12: Cloud Hosted vs Partner Gateway

Dimitrie Sandu

5 Jun 202022:11

Summary

TLDRIn this video, the presenter dives deep into the use of gateways within cloud-based SD-WAN solutions, covering the different types like primary, secondary, super, and partner gateways. It explains their roles in ensuring reliable, secure connections to various services like SaaS applications and third-party services via IPSec and tunnels. The video also highlights how service providers can host gateways on-premise for multi-tenancy and customer isolation, using BGP for efficient routing. Finally, the presenter demonstrates how to configure gateways and manage them within the orchestrator, offering insights on route management, encryption, and performance tuning for service providers.

Takeaways

😀 Cloud-hosted gateways connect edges to the internet and provide access to important SaaS applications like Office 365 and Zoom through secure tunnels.
😀 A primary gateway is used for control, while a SAS gateway helps direct traffic to SaaS applications via a secure tunnel.
😀 Super gateways allow for communication between edges that don't share primary and secondary gateways, providing enterprise-wide coverage.
😀 MPS gateways are used to connect with third-party services over IPSec, ensuring secure and reliable connections.
😀 Hosting gateways on-premise is beneficial for service providers to manage shared services between customers with client separation through multi-tenancy.
😀 The partner gateway model enables service providers to host gateways on-premise with two interfaces: one facing the internet and the other facing MPLS.
😀 In partner gateways, traffic can be routed using manual BGP assignments and VLANs for customer-specific services and security.
😀 Service providers can advertise routes using BGP, which helps distribute traffic efficiently across multiple gateways.
😀 Multi-tenancy is a key feature of partner gateways, allowing service providers to host gateways that serve multiple customers in a shared infrastructure.
😀 The current limitation (as of 2020) is that a deployment cannot mix both partner and cloud-hosted gateways — it's either one or the other.

Q & A

What is the role of a gateway in a cloud-based SD-WAN solution?
-Gateways in cloud-based SD-WAN solutions serve as control points to connect edges to the broader network. They help with managing traffic routing, ensuring secure data transmission, and facilitating communication with critical resources like SaaS applications and third-party services.
How do cloud-hosted gateways differ from on-premise partner gateways?
-Cloud-hosted gateways are managed and maintained by the service provider in the cloud, and they connect edges to the network through a public IP. On the other hand, partner gateways are hosted on-premise by service providers and offer more flexibility, such as supporting multi-tenancy, but require manual configurations and are more complex to manage.
What is a 'super gateway' and when is it used?
-A super gateway is used in SD-WAN solutions when edge devices don't share primary and secondary gateways. It acts as a centralized point of connection between multiple edges, ensuring communication across the enterprise even if those edges cannot directly connect with each other.
What is the purpose of a SaaS gateway in a cloud SD-WAN solution?
-A SaaS gateway is used to establish secure connections from the edge devices to important cloud-based resources, such as Office 365 or Zoom, through an encrypted tunnel. This ensures that traffic to SaaS applications is securely routed, reducing reliance on the public internet for sensitive data.
How does the primary gateway differ from the NPS gateway?
-The primary gateway connects the edge to the network for control functions, while the NPS gateway is specifically used for connecting to third-party services using IPSec tunnels. The NPS gateway is located closer to the third-party service, whereas the primary gateway manages internal routing and control.
What are the advantages of using partner gateways for service providers?
-Partner gateways allow service providers to host and manage gateways on-premise, enabling them to offer shared services to multiple customers. These gateways support multi-tenancy, can connect to both MPLS and internet connections, and can handle complex routing and service handoff to customers.
How do partner gateways manage multi-tenancy?
-Partner gateways are designed to support multiple tenants by isolating customer traffic through VLAN tagging or manual gateway assignment. This allows a single gateway to handle traffic from multiple customers without interfering with each other, ensuring secure and separated data paths.
Why is BGP recommended for routing with partner gateways?
-BGP (Border Gateway Protocol) is recommended for routing in partner gateways because it offers dynamic routing capabilities, which are more flexible and scalable than static routing. It allows for advertisement of routes between gateways and provides the ability to influence traffic flow through attributes like local preference and AS path.
What is the significance of using BGP communities in partner gateway configurations?
-BGP communities are used to influence routing decisions by grouping routes with similar characteristics. By setting different BGP communities for various customers, service providers can manipulate route preferences and control how traffic is routed between different edges and gateways.
What are the limitations of using both partner and hosted gateways in the same deployment?
-As of now, you cannot use both partner and hosted gateways within the same deployment. Each deployment must choose one or the other, as the configuration for each type of gateway is distinct, and they cannot interoperate within the same virtual cloud environment.