Most enterprises deploy both private MPLS and public broadband Internet to some or all of their branch offices. The right SD-WAN solution will dramatically improve the utilization, performance and ease of management of the these hybrid deployments. Review this presentation for a detailed understanding of the architectural details of Cloud-Delivered SD-WAN for hybrid WAN deployments. You’ll leave with a clear understanding of how hybrid deployments can be designed, implemented and maintained for a secure, optimal and high quality wide area network.

1. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
A Better Architecture
for Hybrid WAN
Steve Woo, VP Products & Co-founder, VeloCloud

2. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
hybrid network
noun / hy – brid net - work
: combination of two or more different types of networks
: typically referring to combination of private
and public WAN transport

3. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Challenge the Definition
Private WAN
Hybrid WAN
• Hybrid WAN bar is pretty low
• Also only looking at one dimension of network – the transport

4. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Hybrid Transport - Tiers

5. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Bar is pretty low
Hybrid WAN
-use both public and private
-BUT DISPARATE or
-BACKUP ONLY

6. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Yes, Simplify
SD-WAN Hybrid
-unified usage of links
-simplified policy
BUT CRITICAL TRAFFIC RELIES
ON PRIVATE SLA

7. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Shoot for the…
… Optimized Performance
TRANSPORT INDEPENDENT
PERFORMANCE
-Enable the use of any
transport even for critical,
network sensitive applications

8. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Hybrid WAN versus True Transport Independence
Policy Managed Hybrid
Priority Site-2-site
traffic
Private
Normal Site-2-site
traffic
Load balance private
and Internet
Cloud traffic Direct to cloud over
Internet
True Transport Independence
Site-2-site traffic:
Priority and
Normal
Dynamic Multi-Path Opt to automatically
select link, on a per-packet basis, based on
priority, app type and link performance
Cloud traffic
Priority and
Normal
Dynamic Multi-Path Opt over Internet links,
based on priority and link performance
• Most technologies simplify policy assignment of critical traffic to MPLS
– Utilize broadband for low priority
– May also deploy local QoS

9. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Simplicity of Transport Independence
 Abstract actual interface/WAN links from the
business policy
Automatic [default]
All Transport
 Based on:
 Business priority for app
 App-specific network SLAs
 Real-time link conditions
 Automatically steer each app
onto a suitable available link
 Per-packet re-steer a session
mid-flow if changing link
conditions necessitate

10. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Advanced SD-WAN for Hybrid
Assured Application performance over MPLS, Internet broadband and LTE circuits
Continuous Link Monitoring
Drives automation and
optimization
Dynamic Per Packet Steering
Sub-second steering
without session drops
Aggregated bandwidth for
single flows
On Demand Remediation
Protects against
concurrent degradation
Enables single link
performance

11. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Policy Based Link Steering Overrides
 Pin an application to a path
even when the link fails
e.g. > PCI to compliant provider
 Prefer application on a path but
steer away if cannot meet SLA
e.g. > Prefer high bandwidth
video conferencing on broadband
 Prefer application on a path but
steer away if the link fails
e.g. > Wired to wireless
 Add metered usage of wireless
 Abstract actual interface/WAN links from the
business policy
Mandatory
Private
Available
Public Wired
Preferred
Public
Internet
Public-Wireless
Private
Public
Public-Wired
Private

12. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Target Advanced SD-WAN Hybrid
Private WAN
Hybrid WAN
• Much more possible with hybrid transport
SDWAN
Advanced
SDWAN

13. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Expanded
Dimensions for
Hybrid Network
Services
Private WAN
Hybrid WAN
SD-WAN
Advanced
SDWAN

14. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Shoot for the…clouds

15. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Legacy Hybrid Compute: Backhaul
Datacenter
BranchBranch
• Not optimized for migration to cloud
• Backhaul performance penalty
• Congests datacenter WAN
Internet
MPLS/Private

16. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Legacy Hybrid Compute: Best Effort Direct
Datacenter
BranchBranch
• “Direct” to Internet
• Best effort for availability and performance
• Manual, two-sided secure tunnel setup
Internet
MPLS/Private

17. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
SD-WAN
SD-WAN On-Premises
SaaS / IaaS
SD-WAN
Edge
Enterprise DC
Edges in “hub” role at enterprise datacenters and regional hubs
On-premises Orchestrator and Controllers
Direct breakout to Internet for non-backhaul traffic
SD-WAN
Orchestrator
&
Controllers
Régional Hubs
Branch
Web
SD-WAN
Edge
SDWAN
Edge

18. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
SD-WAN
Cloud-Delivered SD-WAN
SaaS / IaaS
Enterprise DCBranch
Web
Cloud
Gateways
Pre-installed at cloud doorstep
Delivered as-a-service
Performance, Reliability & Security
SD-WAN extended to cloud for hybrid applications, compute and services
SD-WAN
Edge
SD-WAN
Orchestrator
&
Controllers
SD-WAN
Edge

19. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Hybrid Services Insertion
Branch Site
Enterprise Hub
On Premises
Security
Other Web traffic
Salesforce.com
Web email
Internet
• Backhaul to on-premises services
– Regional and central
• Forwarding to cloud services, with SD-WAN performance
Cloud
Security
Services
SD-WAN service chaining for hybrid services

20. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Hybrid Network - Topologies

21. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
SD-WAN
Hybrid “Parallel” Topology
MPLS/Private
Internet
 MPLS and Internet to destination
 Use both links in active/active or
active/backup
 On-premises [bottom] purely OTT end-
to-end solution – not in SP network

22. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
SD-WAN
Hybrid “Off Net to On Net” Topology
MPLS/Private
 Private core / backbone
 Last mile / access is SD-WAN Internet or hybrid
 Access to private network via enterprise regional
hub or service provider SDWAN gateway
 SD-WAN in the (SP) network provides value-add
and strategic on-ramp

23. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
SD-WANSD-WAN
Hybrid “Regional WAN” Topology
MPLS/Private
 Private network connects regional
SD-WAN domains
 Branches cross regions via private net
 Dynamic branch to branch only within a
region

24. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
SD-WAN
Hybrid “Mixed Sites” Topology
Silver Site / SD-WAN Hybrid
Existing SP MPLS Router
New SD-WAN Edge
Legacy Site / Hybrid
MPLS with
VPN backup
Bronze Site / SD-WAN
Internet
Single/dual
Internet
MPLS/Private
Internet
Legacy and SD-WAN hybrid and Internet sites can co-exist

25. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Advanced Services

26. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Engineered Performance vs SLA
>99% of the time SD-WAN
delivers quality VOIP over
the Internet

27. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Unified OTT Security
Branch Site
Enterprise DC
Hub Edge
Branch
Edge
Enterprise DC
Traditional
Private
Datacenters
INTERNET
Cloud Gateways
Private - MPLS
IPsec VPN
Same IPsec VPN, whether public or private transport – to Ent and cloud DCs

28. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Simplified Cloud VPN
Branch Site
Enterprise DC
Enterprise DC
 Cloud traffic not backhauled to enterprise datacenter
 Cloud gateway provides automated branch VPN to
aggregated cloud connection

29. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Full Potential of SD-WAN Hybrid Networks
Services
Cloud-
Delivered
SD-WAN
Network (as
a) Service
On-Premises
SD-WAN
Enterprise
Apps
Hybrid Apps
SaaS / IaaS
Private WAN
Hybrid WAN
SD-WAN
Advanced
SD-WAN
On-Premises
Services
• Flexibility
• Synergy

30. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Next:
Maximizing SD-WAN Architecture with
Service Chaining
Live webinar on Aug 17 at 10am

31. VeloCloud Networks, Inc. | Proprietary & Confidential | © Copyright 2016
Thank You