Uploaded byDimasIsmanuardi
PPTX, PDF387 views

VMware SDWAN VCO and VCG tutorial for velocloud

The document provides an overview of VMware's SD-WAN offerings, specifically the Velocloud Orchestrator and Gateway version 2.0. It details the functionalities of the orchestrator for centralized management, monitoring, and policy provisioning, as well as the architecture of the gateway, including its deployment scenarios, traffic routing, and redundancy measures. Additionally, it explains the roles and configurations for managing gateways, including various modes and gateway assignments to optimize network performance and reliability.

Embed presentation

Download to read offline
Confidential │ ©2018 VMware, Inc. VMware SD-WAN by VeloCloud Orchestrator and Gateway version 2.0
Agenda 2 Confidential ©2018 VMware, Inc. │  VMware SD-WAN Orchestrator  VMware SD-WAN Gateway
3 Confidential © │ 2018 VMware, Inc. VMware SD-WAN Orchestrator Also called Velocloud Orchestrator (VCO)
4 Confidential © │ 2018 VMware, Inc. • Orchestrator and Gateway are virtual machines running on x86 infrastructure Orchestrator and Gateway
5 Confidential © │ 2018 VMware, Inc. Orchestrator Functions Centralized insight and management ​ Configure ​ Monitor ​ Diagnose  Policies  Edge Provisioning  Business Policies  Link Quality Scoring  Link Statistics  Flow Statistics  Remote Actions  Remote Diagnostics  Remote Packet Capture
6 Confidential © │ 2018 VMware, Inc. All-In-One Orchestration Multi Tenant Managed Portal providing Enterprise wide visibility CLI  Central Zero Touch Provisioning  Profile oriented business policies  Automatic link profiling (DMPO)
7 Confidential © │ 2018 VMware, Inc. Central Visibility Link Data, Quality Scoring & Activity Insight into link metric and collected meta data Link Utilization Link Characteristics Link Quality Scoring
8 Confidential © │ 2018 VMware, Inc. Central Visibility Applications & Device Activity Application Activity Device Activity Volume (up & down) and application category Volume (up & down), IP & MAC Address, OS Type
9 Confidential © │ 2018 VMware, Inc. Three-tier Multi-tenant Orchestration Platform MSP & ISP Ready Management Infrastructure Operators Partners Customers Operator Partner A Partner B Partner C Customer A Customer B Customer C Customer D Operator (ISP) Portal vco.velocloud.net/operator MSP Portal vco.velocloud.net Enterprise Portal vco.velocloud.net
10 Confidential © │ 2018 VMware, Inc. Global Orchestrator Coverage VMware Hosted service Regions 3 (2 Distinct AZ’s in US) Orchestrators 66+ Disaster Recovery enabled 99.99% Availability SLA SSAE16 Type II Audited Datacenters Cloud Scale Redundancy Orchestrator Region Gateway Region
12 Confidential © │ 2018 VMware, Inc. VMware SD-WAN Gateway Also called Velocloud Gateway (VCG)
13 Confidential © │ 2018 VMware, Inc.  Deployed in OTT service  Reliable offramp to cloud  NAT all traffic out  Stateless  Deployed on-premise  Protecting (reliability)  On-prem applications  Access to MPLS core  Traffic routed to either  Internet using NAT  MPLS backbone using 802.1q or QinQ  Dual homed access to internet and private core  Deployed in OTT service  Facilitates dynamic routing  Never carries traffic  Used for link measure Gateway Roles Gateway wide behavior ​ Cloud Gateway ​ Partner Gateway ​ Controller
14 Confidential © │ 2018 VMware, Inc. VMware SD-WAN Controller Gateways with Control Plane only participation Data plane Control plane  Gateway software has both data plane and control plane.  By default both functions are enabled  Data plane function (Optional)  Handoff traffic to Non-VeloCloud site  Handoff traffic to SaaS  E2E Hub for Cloud VPN  Control plane function (Mandatory)  Bandwidth test  Route update & distribution  WAN IPs discovery & resolution  Important control plane traffic protected by IPSec  VMware SD-WAN Controller  Same software as SD-WAN Gateway  Has data plane functionality disabled  Role controlled through Orchestrator
15 Confidential © │ 2018 VMware, Inc. Internet SD-WAN Public Overlay VCG VCE HTTPS HTTPS in Overlay Management Path Heartbeat Mechanism VCO SMS email Traps  Polling model simplifies the NAT/firewall requirement.  Edges always initiate traffic toward the Orchestrator.  Heartbeats sent via overlay by default  Automatically switch to underlay if heartbeat through the overlay fails  Heartbeat frequency is 30 secs  Gateway NAT all the heartbeats toward the Orchestrator  Orchestrator tracks state and generates alerts
16 Confidential © │ 2018 VMware, Inc. Gateway (VCG) is Stateless, What does It Mean and Why? • Unlike typical CE-PE config, there is very little config on VCG (IP address, BGP peer, etc.) • Biz policy is pushed to the VCE only from the VCO • VCE tells the VCG how to process each flow by syncing policy • Need more capacity, spin up another VCG & re-assign VCE to new VCG User configures policy on VCO, e.g. RTP = Real-time high, prefer particular link, etc. 1 2 Traffic Starts 3 Send Policy Sync OK, now I know how to process this flow
17 Confidential © │ 2018 VMware, Inc. Gateway Pools  Gateway Pools are a container that various Gateways can be assigned to for the purpose of allocating Gateway to end customer by providing them access to that pool  Gateways can be included in multiple pools  Each Enterprise can only be assigned a single pool, any migrations to a new gateway pool must also contain any Gateways currently in use by that Enterprise
18 Confidential © │ 2018 VMware, Inc.  Gateway geographically closest to the Edge  Used to measure link quality against (DMPO) as shown in the QoE screens  Used for onboarding SaaS applications  VPN exchange point for edges  Primary & Secondary gateways assigned by the Orchestrator  Any pair of edges can use a different set of VPN gateways  Gateway of last resort  VPN exchange point for edges in the event no common gateway is established  Assigned by the Orchestrator at the approximate geographic center of the organization Gateway Functions Gateway behavior specific to an Edge ​ Local Gateway ​ VPN Gateway ​ Super Gateway Edges always connect to multiple gateways, typically a redundant pair per role
19 Confidential © │ 2018 VMware, Inc. Gateway Assignment & Selection Pri./Sec. Gateway Super Gateway SaaS Gateway NVS Gateway  Two VCGs selected in different PoPs closest to the edge  Typically these are VCGs in the same region, e.g. North America Region A Region B  One VCG per enterprise chosen as super gateway that all edges connect to based on least distance* (3.3 or above, two Super Gateway will be elected per enterprise)  Use as gateway of last resort for edge-to-edge VPN  Same as Primary Gateway  Use for traffic to the cloud, e.g. O365  When tunnel to Primary Gateway fails, Internet traffic is sent direct  Up to two VCGs selected from PoPs closest to customer DC  VCGs set up redundant IPSec VPN to customer DC  Support primary and secondary VCGs
20 Confidential © │ 2018 VMware, Inc. LA Denver Frankfurt Overlay to Primary GW Overlay to Secondary GW Traffic to SaaS LEGEND LA GW DEN GW CHI GW NYC GW FRA GW LON GW Overlay to Super GW Primary & Secondary Gateway Assignment
21 Confidential © │ 2018 VMware, Inc. Super GW LA Denver Frankfurt Overlay to Primary GW Overlay to Secondary GW Overlay to Super GW LA GW DEN GW CHI GW NYC GW FRA GW LON GW Traffic to SaaS LEGEND Super Gateway Assignment
22 Confidential © │ 2018 VMware, Inc. NVS GW For connecting to Non-VeloCloud-Sites (NVS) LA Denver Frankfurt Overlay to Primary GW Overlay to Secondary GW Overlay to Super GW LA GW DEN GW CHI GW NYC GW FRA GW LON GW Tunnel to VPN GW LEGEND Secure VPN Gateway Assignment IPsec
23 Confidential © │ 2018 VMware, Inc. Viewing Gateway Assignment What Gateways is an Edge using and for what?
24 Confidential © │ 2018 VMware, Inc. Global Gateways Coverage 30 Regions globally 660+ Gateways available Instant failover to other gateways 99.99% Reliability SLA SSAE16 Type II Audited Datacenters Cloud Scale Redundancy Gateway Region VMware Hosted Gateway service
25 Confidential © │ 2018 VMware, Inc. VMware SD-WAN Gateway Deployments Default Mode (Cloud- Hosted) INTERNET IPSec PAT Partner Gateway Mode INTERNET/ MPLS PE VLAN/VRF IPSec PAT  Day 0 mode of a newly activated gateway with no changes, commonly known as cloud-hosted given the OTT nature  Standard offering for VMware hosted gateways  PAT traffic destined to the Internet using a single interface (eth0), e.g. SaaS  Gateway can terminate customer configured IPSec to non-VeloCloud site, e.g. AWS, customer DC  Gateways assignment driven by geo-location and happens automatically  Expanded role assigned to the gateway.  Used when a Cloud SP or Network SP deploys the VCG in their network for service access  Required if VRF/VLAN handoff is desired for service delivery  Gateway requires another interface (eth1) called handoff interface to perform VRF/VLAN handoff  Can also specify which subnets are handled by the VCG using static routes and the handoff mode (PAT or VLAN/VRF) associated with each  Can peer EBGP with the PE/core router via the handoff to learn specific prefixes  Gateway assignment is driven by manual process, is deterministic and static
26 Confidential © │ 2018 VMware, Inc. Partner Gateway Topology MPLS Backbone SD- WAN Edge SD- WAN Edge SD-WAN Partner Gateway SD-WAN Partner Gateway SD-WAN Partner Gateway SD-WAN Partner Gateway PE Router Two independent overlay domains Know about each other through BGP PE Router PE Router PE Router
MPLS Backbone SD-WAN Edge SD-WAN Partner Gateway GW11 SD-WAN Partner Gateway GW12 SD-WAN Partner Gateway GW21 SD-WAN Partner Gateway GW22 PE Router PE11 PE Router PE12 PE Router PE21 PE Router PE22 Internet *Note: VMCP tunnel to secondary partner gateway is not show for simplicity. SD-WAN Edge SD-WAN Overlay Underlay Routing Use Case #1
MPLS Backbone SD-WAN Edge Edge11 SD-WAN Partner Gateway GW11 SD-WAN Partner Gateway GW12 SD-WAN Partner Gateway GW21 SD-WAN Partner Gateway GW22 PE Router PE11 PE Router PE12 PE Router PE21 PE Router PE22 Internet Region 1 Region 2 *Note: VMCP tunnel to secondary partner gateway is not show for simplicity. SD-WAN Edge Edge21 CE Router CE21 L1 L1 SD-WAN Overlay Underlay Routing Use Case #2
MPLS Backbone SD-WAN Partner Gateway GW11 SD-WAN Partner Gateway GW12 SD-WAN Partner Gateway GW21 SD-WAN Partner Gateway GW22 PE Router PE11 PE Router PE12 PE Router PE21 PE Router PE22 Internet Region 1 Region 2 Assigned with partner gateway in region 1, that is GW11 and GW12 Assigned with partner gateway in region 2, that is GW21 and GW22 *Note: VMCP tunnel to secondary partner gateway is not show for simplicity. SD-WAN Edge Edge11 SD-WAN Edge Edge12 SD-WAN Edge Edge21 SD-WAN Overlay Underlay Routing Use Case #3
Confidential © │ 2018 VMware, Inc. Thank You

More Related Content

PDF
5G-webinar from 5G-course, Anritsu, adcomm
bySaurabh Verma
 
PPTX
Charging architecture and principles
byMohamed Shokry
 
PDF
176960775-Huawei-MA5600T.pdf
bytaha karram
 
PPTX
Pbx presentation ingate_itexpoeast2014
bykwader Saudi
 
PPTX
5G seminar
byMuhammad Nauman Ali
 
PPTX
Network Architecture of 5G Mobile Tecnology
byvineetkathan
 
PDF
IoT Fundamentals.pdf
byVishnumayaN1
 
PPTX
IOT Unit-1 (Introduction to IOT) by Durgacharan
byDurgacharan Kondabathula
 
5G-webinar from 5G-course, Anritsu, adcomm
bySaurabh Verma
 
Charging architecture and principles
byMohamed Shokry
 
176960775-Huawei-MA5600T.pdf
bytaha karram
 
Pbx presentation ingate_itexpoeast2014
bykwader Saudi
 
5G seminar
byMuhammad Nauman Ali
 
Network Architecture of 5G Mobile Tecnology
byvineetkathan
 
IoT Fundamentals.pdf
byVishnumayaN1
 
IOT Unit-1 (Introduction to IOT) by Durgacharan
byDurgacharan Kondabathula
 

What's hot

PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
byssuser5824cf
 
PPT
Vp npresentation 2
bySwarup Kumar Mall
 
PDF
5G Core Network - ZTE 5g Cloude ServCore
byITU
 
PPTX
CompTIA Network+ Training Courses
byKRISHCB1
 
PPTX
Mobile computing-Unit 1,GSM
byPallepati Vasavi
 
PDF
5G and Internet of Things (IoT)
byAtifa Aqueel
 
PDF
Beginners: Open RAN Terminology – Virtualization, Disaggregation & Decomposition
by3G4G
 
PDF
Nb iot presentation
bymanoj pradhan
 
PDF
5G Technology Seminar Presentation.
bysnehithkumardhammoju
 
PDF
5G
byAssem mousa
 
PPTX
5G
byGaurav Kant Yadav
 
PPT
ngn overview , next generation network
byTushar Kumar
 
PDF
LTE (Long Term Evolution) - 4G
byRafael Berto
 
PPT
Broadband Internet Service
byArrowQuick Solutions
 
PPTX
IOT Chapter 2.pptx
bySubrahmanya6
 
PDF
3_Protokol Komunikasi IOT.pdf
bydioanugrah1
 
PDF
Ericsson transports 5G
byEricsson
 
PPT
Definisi kabel jaringan
byArimazulfia
 
DOCX
Abstract 5G Technology
byvishnu murthy
 
PDF
Why FTTH (Fibre To The Home)
byUniversity of Hertfordshire
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
byssuser5824cf
 
Vp npresentation 2
bySwarup Kumar Mall
 
5G Core Network - ZTE 5g Cloude ServCore
byITU
 
CompTIA Network+ Training Courses
byKRISHCB1
 
Mobile computing-Unit 1,GSM
byPallepati Vasavi
 
5G and Internet of Things (IoT)
byAtifa Aqueel
 
Beginners: Open RAN Terminology – Virtualization, Disaggregation & Decomposition
by3G4G
 
Nb iot presentation
bymanoj pradhan
 
5G Technology Seminar Presentation.
bysnehithkumardhammoju
 
5G
byAssem mousa
 
5G
byGaurav Kant Yadav
 
ngn overview , next generation network
byTushar Kumar
 
LTE (Long Term Evolution) - 4G
byRafael Berto
 
Broadband Internet Service
byArrowQuick Solutions
 
IOT Chapter 2.pptx
bySubrahmanya6
 
3_Protokol Komunikasi IOT.pdf
bydioanugrah1
 
Ericsson transports 5G
byEricsson
 
Definisi kabel jaringan
byArimazulfia
 
Abstract 5G Technology
byvishnu murthy
 
Why FTTH (Fibre To The Home)
byUniversity of Hertfordshire
 

Similar to VMware SDWAN VCO and VCG tutorial for velocloud

PDF
SD-WAN for Service Providers - VeloCloud
byVeloCloud Networks, Inc.
 
PDF
Understanding Cisco’ Next Generation SD-WAN Technology
byCisco Canada
 
PPTX
Using a secured, cloud-delivered SD-WAN to transform your business network
byNetpluz Asia Pte Ltd
 
PDF
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
byCisco Canada
 
PDF
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
byCisco Canada
 
PPTX
Logical_Routing_NSX_T_2.4.pptx.pptx
byAnwarAnsari40
 
PDF
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
byColt Technology Services
 
PDF
VMware vCloud Air: Networking
byVMware
 
PPTX
VMware Networking, CISCO Nexus 1000V, and CISCO UCS VM-FEX
byDavid Pasek
 
PDF
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
byAWS Summits
 
PDF
VMworld 2013: vSphere Networking and vCloud Networking Suite Best Practices a...
byVMworld
 
PDF
VMware Network Virtualization Design Guide
byEMC
 
PDF
Inteligentní řízení WAN konektivity
byMarketingArrowECS_CZ
 
PDF
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
byVMworld
 
PDF
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
byCisco Canada
 
PDF
Net1674 final emea
byVMworld
 
PDF
Cisco Connect Toronto 2018 consuming public and private clouds
byCisco Canada
 
PPTX
Building a Paper Trail: Let OVH show you how to secure and audit a Public Cloud
byOVH US
 
PDF
Presentation v cloud networking
bysolarisyourep
 
PDF
Tech r33
bySelectedPresentations
 
SD-WAN for Service Providers - VeloCloud
byVeloCloud Networks, Inc.
 
Understanding Cisco’ Next Generation SD-WAN Technology
byCisco Canada
 
Using a secured, cloud-delivered SD-WAN to transform your business network
byNetpluz Asia Pte Ltd
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
byCisco Canada
 
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
byCisco Canada
 
Logical_Routing_NSX_T_2.4.pptx.pptx
byAnwarAnsari40
 
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
byColt Technology Services
 
VMware vCloud Air: Networking
byVMware
 
VMware Networking, CISCO Nexus 1000V, and CISCO UCS VM-FEX
byDavid Pasek
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
byAWS Summits
 
VMworld 2013: vSphere Networking and vCloud Networking Suite Best Practices a...
byVMworld
 
VMware Network Virtualization Design Guide
byEMC
 
Inteligentní řízení WAN konektivity
byMarketingArrowECS_CZ
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
byVMworld
 
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
byCisco Canada
 
Net1674 final emea
byVMworld
 
Cisco Connect Toronto 2018 consuming public and private clouds
byCisco Canada
 
Building a Paper Trail: Let OVH show you how to secure and audit a Public Cloud
byOVH US
 
Presentation v cloud networking
bysolarisyourep
 
Tech r33
bySelectedPresentations
 

Recently uploaded

PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 

VMware SDWAN VCO and VCG tutorial for velocloud

  • 1.
    Confidential │ ©2018VMware, Inc. VMware SD-WAN by VeloCloud Orchestrator and Gateway version 2.0
  • 2.
    Agenda 2 Confidential ©2018 VMware,Inc. │  VMware SD-WAN Orchestrator  VMware SD-WAN Gateway
  • 3.
    3 Confidential © │ 2018VMware, Inc. VMware SD-WAN Orchestrator Also called Velocloud Orchestrator (VCO)
  • 4.
    4 Confidential © │ 2018VMware, Inc. • Orchestrator and Gateway are virtual machines running on x86 infrastructure Orchestrator and Gateway
  • 5.
    5 Confidential © │ 2018VMware, Inc. Orchestrator Functions Centralized insight and management ​ Configure ​ Monitor ​ Diagnose  Policies  Edge Provisioning  Business Policies  Link Quality Scoring  Link Statistics  Flow Statistics  Remote Actions  Remote Diagnostics  Remote Packet Capture
  • 6.
    6 Confidential © │ 2018VMware, Inc. All-In-One Orchestration Multi Tenant Managed Portal providing Enterprise wide visibility CLI  Central Zero Touch Provisioning  Profile oriented business policies  Automatic link profiling (DMPO)
  • 7.
    7 Confidential © │ 2018VMware, Inc. Central Visibility Link Data, Quality Scoring & Activity Insight into link metric and collected meta data Link Utilization Link Characteristics Link Quality Scoring
  • 8.
    8 Confidential © │ 2018VMware, Inc. Central Visibility Applications & Device Activity Application Activity Device Activity Volume (up & down) and application category Volume (up & down), IP & MAC Address, OS Type
  • 9.
    9 Confidential © │ 2018VMware, Inc. Three-tier Multi-tenant Orchestration Platform MSP & ISP Ready Management Infrastructure Operators Partners Customers Operator Partner A Partner B Partner C Customer A Customer B Customer C Customer D Operator (ISP) Portal vco.velocloud.net/operator MSP Portal vco.velocloud.net Enterprise Portal vco.velocloud.net
  • 10.
    10 Confidential © │ 2018VMware, Inc. Global Orchestrator Coverage VMware Hosted service Regions 3 (2 Distinct AZ’s in US) Orchestrators 66+ Disaster Recovery enabled 99.99% Availability SLA SSAE16 Type II Audited Datacenters Cloud Scale Redundancy Orchestrator Region Gateway Region
  • 11.
    12 Confidential © │ 2018VMware, Inc. VMware SD-WAN Gateway Also called Velocloud Gateway (VCG)
  • 12.
    13 Confidential © │ 2018VMware, Inc.  Deployed in OTT service  Reliable offramp to cloud  NAT all traffic out  Stateless  Deployed on-premise  Protecting (reliability)  On-prem applications  Access to MPLS core  Traffic routed to either  Internet using NAT  MPLS backbone using 802.1q or QinQ  Dual homed access to internet and private core  Deployed in OTT service  Facilitates dynamic routing  Never carries traffic  Used for link measure Gateway Roles Gateway wide behavior ​ Cloud Gateway ​ Partner Gateway ​ Controller
  • 13.
    14 Confidential © │ 2018VMware, Inc. VMware SD-WAN Controller Gateways with Control Plane only participation Data plane Control plane  Gateway software has both data plane and control plane.  By default both functions are enabled  Data plane function (Optional)  Handoff traffic to Non-VeloCloud site  Handoff traffic to SaaS  E2E Hub for Cloud VPN  Control plane function (Mandatory)  Bandwidth test  Route update & distribution  WAN IPs discovery & resolution  Important control plane traffic protected by IPSec  VMware SD-WAN Controller  Same software as SD-WAN Gateway  Has data plane functionality disabled  Role controlled through Orchestrator
  • 14.
    15 Confidential © │ 2018VMware, Inc. Internet SD-WAN Public Overlay VCG VCE HTTPS HTTPS in Overlay Management Path Heartbeat Mechanism VCO SMS email Traps  Polling model simplifies the NAT/firewall requirement.  Edges always initiate traffic toward the Orchestrator.  Heartbeats sent via overlay by default  Automatically switch to underlay if heartbeat through the overlay fails  Heartbeat frequency is 30 secs  Gateway NAT all the heartbeats toward the Orchestrator  Orchestrator tracks state and generates alerts
  • 15.
    16 Confidential © │ 2018VMware, Inc. Gateway (VCG) is Stateless, What does It Mean and Why? • Unlike typical CE-PE config, there is very little config on VCG (IP address, BGP peer, etc.) • Biz policy is pushed to the VCE only from the VCO • VCE tells the VCG how to process each flow by syncing policy • Need more capacity, spin up another VCG & re-assign VCE to new VCG User configures policy on VCO, e.g. RTP = Real-time high, prefer particular link, etc. 1 2 Traffic Starts 3 Send Policy Sync OK, now I know how to process this flow
  • 16.
    17 Confidential © │ 2018VMware, Inc. Gateway Pools  Gateway Pools are a container that various Gateways can be assigned to for the purpose of allocating Gateway to end customer by providing them access to that pool  Gateways can be included in multiple pools  Each Enterprise can only be assigned a single pool, any migrations to a new gateway pool must also contain any Gateways currently in use by that Enterprise
  • 17.
    18 Confidential © │ 2018VMware, Inc.  Gateway geographically closest to the Edge  Used to measure link quality against (DMPO) as shown in the QoE screens  Used for onboarding SaaS applications  VPN exchange point for edges  Primary & Secondary gateways assigned by the Orchestrator  Any pair of edges can use a different set of VPN gateways  Gateway of last resort  VPN exchange point for edges in the event no common gateway is established  Assigned by the Orchestrator at the approximate geographic center of the organization Gateway Functions Gateway behavior specific to an Edge ​ Local Gateway ​ VPN Gateway ​ Super Gateway Edges always connect to multiple gateways, typically a redundant pair per role
  • 18.
    19 Confidential © │ 2018VMware, Inc. Gateway Assignment & Selection Pri./Sec. Gateway Super Gateway SaaS Gateway NVS Gateway  Two VCGs selected in different PoPs closest to the edge  Typically these are VCGs in the same region, e.g. North America Region A Region B  One VCG per enterprise chosen as super gateway that all edges connect to based on least distance* (3.3 or above, two Super Gateway will be elected per enterprise)  Use as gateway of last resort for edge-to-edge VPN  Same as Primary Gateway  Use for traffic to the cloud, e.g. O365  When tunnel to Primary Gateway fails, Internet traffic is sent direct  Up to two VCGs selected from PoPs closest to customer DC  VCGs set up redundant IPSec VPN to customer DC  Support primary and secondary VCGs
  • 19.
    20 Confidential © │ 2018VMware, Inc. LA Denver Frankfurt Overlay to Primary GW Overlay to Secondary GW Traffic to SaaS LEGEND LA GW DEN GW CHI GW NYC GW FRA GW LON GW Overlay to Super GW Primary & Secondary Gateway Assignment
  • 20.
    21 Confidential © │ 2018VMware, Inc. Super GW LA Denver Frankfurt Overlay to Primary GW Overlay to Secondary GW Overlay to Super GW LA GW DEN GW CHI GW NYC GW FRA GW LON GW Traffic to SaaS LEGEND Super Gateway Assignment
  • 21.
    22 Confidential © │ 2018VMware, Inc. NVS GW For connecting to Non-VeloCloud-Sites (NVS) LA Denver Frankfurt Overlay to Primary GW Overlay to Secondary GW Overlay to Super GW LA GW DEN GW CHI GW NYC GW FRA GW LON GW Tunnel to VPN GW LEGEND Secure VPN Gateway Assignment IPsec
  • 22.
    23 Confidential © │ 2018VMware, Inc. Viewing Gateway Assignment What Gateways is an Edge using and for what?
  • 23.
    24 Confidential © │ 2018VMware, Inc. Global Gateways Coverage 30 Regions globally 660+ Gateways available Instant failover to other gateways 99.99% Reliability SLA SSAE16 Type II Audited Datacenters Cloud Scale Redundancy Gateway Region VMware Hosted Gateway service
  • 24.
    25 Confidential © │ 2018VMware, Inc. VMware SD-WAN Gateway Deployments Default Mode (Cloud- Hosted) INTERNET IPSec PAT Partner Gateway Mode INTERNET/ MPLS PE VLAN/VRF IPSec PAT  Day 0 mode of a newly activated gateway with no changes, commonly known as cloud-hosted given the OTT nature  Standard offering for VMware hosted gateways  PAT traffic destined to the Internet using a single interface (eth0), e.g. SaaS  Gateway can terminate customer configured IPSec to non-VeloCloud site, e.g. AWS, customer DC  Gateways assignment driven by geo-location and happens automatically  Expanded role assigned to the gateway.  Used when a Cloud SP or Network SP deploys the VCG in their network for service access  Required if VRF/VLAN handoff is desired for service delivery  Gateway requires another interface (eth1) called handoff interface to perform VRF/VLAN handoff  Can also specify which subnets are handled by the VCG using static routes and the handoff mode (PAT or VLAN/VRF) associated with each  Can peer EBGP with the PE/core router via the handoff to learn specific prefixes  Gateway assignment is driven by manual process, is deterministic and static
  • 25.
    26 Confidential © │ 2018VMware, Inc. Partner Gateway Topology MPLS Backbone SD- WAN Edge SD- WAN Edge SD-WAN Partner Gateway SD-WAN Partner Gateway SD-WAN Partner Gateway SD-WAN Partner Gateway PE Router Two independent overlay domains Know about each other through BGP PE Router PE Router PE Router
  • 26.
  • 27.
    MPLS Backbone SD-WAN Edge Edge11 SD-WAN Partner Gateway GW11 SD-WAN Partner Gateway GW12 SD-WAN Partner Gateway GW21 SD-WAN Partner Gateway GW22 PE Router PE11 PE Router PE12 PE Router PE21 PE Router PE22 Internet Region 1Region 2 *Note: VMCP tunnel to secondary partner gateway is not show for simplicity. SD-WAN Edge Edge21 CE Router CE21 L1 L1 SD-WAN Overlay Underlay Routing Use Case #2
  • 28.
    MPLS Backbone SD-WAN Partner Gateway GW11 SD-WAN Partner Gateway GW12 SD-WAN Partner Gateway GW21 SD-WAN Partner Gateway GW22 PE Router PE11 PE Router PE12 PE Router PE21 PE Router PE22 Internet Region 1 Region2 Assigned with partner gateway in region 1, that is GW11 and GW12 Assigned with partner gateway in region 2, that is GW21 and GW22 *Note: VMCP tunnel to secondary partner gateway is not show for simplicity. SD-WAN Edge Edge11 SD-WAN Edge Edge12 SD-WAN Edge Edge21 SD-WAN Overlay Underlay Routing Use Case #3
  • 29.
    Confidential © │ 2018VMware, Inc. Thank You

Editor's Notes

  • #9 There's a lot of uncertainty about what VMware is going to do with VeloCloud. It's a bit of wait and see to understand. Do they let VeloCloud run independently? Are they going to integrate it tightly with NSX, which means there's going to be a lot of changes? Are they going to support service providers or not? Are they going to attach the enterprise with it? There's a lot of questions there. So how we will react is, we're going to continue doing what we're doing, which is winning in the enterprise channel – working with enterprises to understand what it is they want to do with their WAN to address their cloud-first initiatives. So in pretty much every case, the overarching thing that's driving the business is people moving their applications to their cloud, either by adopting SaaS or moving custom apps into AWS or Azure. By working closely with enterprises and tailoring our solution to their needs, we plan to continue to be the leader in the enterprise. As far as VeloCloud and VMware go, lots of different things fall under the SD-WAN category. When you dissect it a little bit, each SD-WAN solution is actually quite different and often has a different set of use cases. In contrast to us, where we focus on the enterprise use case and router replacement use case, VeloCloud was more focused on service providers and had hub-based architecture where traffic is drawn in from a remote location to a hub. That's somewhat different from the other players. It let them get an early foothold in some service providers, especially carrying voice-over broadband for some voice-based service providers. It will be interesting to see where it leads now that they're acquired by VMware. VeloCloud has a stronger service provider go-to-market, VMware has a stronger enterprise go-to-market. How those two match up I'm not too sure.
  • #10 Our flexibility also is supported by our existing offering Of our SDWAN in a Virtual Edge as a VNF, with the APIs and SDKs for integration into our partners virtual CPEs. ATT with their Flexware solution is a leading example of this. Additionally from our security ecosystem partners, Fortinet will also add our SDWAN VNF option to their FortiHypervisor [ now ]
  • #20 For every VCE, VCE assigns two VCGs (primary and secondary) Primary VCG is generally the closest to VCE Secondary VCG is the second closest to VCE BW test is done with primary VCG Traffic to SaaS is sent to primary VCG Primary and Secondary VCGs are used for distributing routes
  • #21 For every enterprise, VCE picks another VCG which is the closest to ALL VCEs. This is called Super GW. All VCEs will build tunnel to this VCG – ensure any-to-any for control plane Question may come up what if the Super GW fails or any GW fails as a matter of fact, will we have single point of failure. Note that the failure of GW has no impact to data forwarding. VCE can continue to operate without a GW. In addition, GW is a monitored infrastructure. Our ops will immediately be notified of such a failure and they can immediate take the failed GW offline from VCO. VCO will then reassign a new super GW and everything continues.
  • #22 When a Non-VeloCloud Site (NVS) is created and assigns to a profile, all VCEs belong to that profile will build tunnel to this VCE (if there isn’t one already)
  • #24 Our flexibility also is supported by our existing offering Of our SDWAN in a Virtual Edge as a VNF, with the APIs and SDKs for integration into our partners virtual CPEs. ATT with their Flexware solution is a leading example of this. Additionally from our security ecosystem partners, Fortinet will also add our SDWAN VNF option to their FortiHypervisor [ now ]