VMware SDWAN VCO and VCG tutorial for velocloud

DimasIsmanuardi 277 views 29 slides Sep 29, 2024
Slide 1
Slide 1 of 29
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29

About This Presentation

VMware SDWAN VCO and VCG

Size: 33.95 MB
Language: en
Added: Sep 29, 2024
Slides: 29 pages

Slide Content

VMware SD-WAN by VeloCloud Orchestrator and Gateway version 2.0

VMware SD-WAN Orchestrator VMware SD-WAN Gateway

VMware SD-WAN Orchestrator Also called Velocloud Orchestrator (VCO)

Orchestrator and Gateway are virtual machines running on x86 infrastructure Orchestrator and Gateway

Orchestrator Functions Centralized insight and management Configure Monitor Diagnose Policies Edge Provisioning Business Policies Link Quality Scoring Link Statistics Flow Statistics Remote Actions Remote Diagnostics Remote Packet Capture

All-In-One Orchestration Multi Tenant Managed Portal providing Enterprise wide visibility CLI Central Zero Touch Provisioning Profile oriented business policies Automatic link profiling (DMPO)

Central Visibility Link Data, Quality Scoring & Activity Insight into link metric and collected meta data Link Utilization Link Characteristics Link Quality Scoring

Central Visibility Applications & Device Activity Application Activity Device Activity Volume (up & down) and application category Volume (up & down), IP & MAC Address, OS Type

Three-tier Multi-tenant Orchestration Platform MSP & ISP Ready Management Infrastructure Operators Partners Customers Operator Partner A Partner B Partner C Customer A Customer B Customer C Customer D Operator (ISP) Portal vco.velocloud.net/operator MSP Portal vco.velocloud.net Enterprise Portal vco.velocloud.net

Global Orchestrator Coverage VMware Hosted service Regions 3 (2 Distinct AZ’s in US) Orchestrators 66+ Disaster Recovery enabled 99.99% Availability SLA SSAE16 Type II Audited Datacenters Cloud Scale Redundancy Orchestrator Region Gateway Region

Gateway Functions Cloud based packet forwarding Distributed Data Plane Link Characterization Cloud Onramp Cloud VPN Policies Edge Provisioning Business Policies Routing proxy Link Quality Scoring Link Statistics Flow Statistics IPsec tunnels to NVS Reliable access to SaaS NAT to public destinations Scalable Branch VPN Configuration less deploying

VMware SD-WAN Gateway Also called Velocloud Gateway (VCG)

Deployed in OTT service Reliable offramp to cloud NAT all traffic out Stateless Deployed on-premise Protecting (reliability) On-prem applications Access to MPLS core Traffic routed to either Internet using NAT MPLS backbone using 802.1q or QinQ Dual homed access to internet and private core Deployed in OTT service Facilitates dynamic routing Never carries traffic Used for link measure Gateway Roles Gateway wide behavior Cloud Gateway Partner Gateway Controller

VMware SD-WAN Controller Gateways with Control Plane only participation Data plane Control plane Gateway software has both data plane and control plane. By default both functions are enabled Data plane function (Optional) Handoff traffic to Non- VeloCloud site Handoff traffic to SaaS E2E Hub for Cloud VPN Control plane function (Mandatory) Bandwidth test Route update & distribution WAN IPs discovery & resolution Important control plane traffic protected by IPSec VMware SD-WAN Controller Same software as SD-WAN Gateway Has data plane functionality disabled Role controlled through Orchestrator

Internet SD-WAN Public Overlay VCG VCE HTTPS HTTPS in Overlay Management Path Heartbeat Mechanism VCO SMS email Traps Polling model simplifies the NAT/firewall requirement. Edges always initiate traffic toward the Orchestrator. Heartbeats sent via overlay by default Automatically switch to underlay if heartbeat through the overlay fails Heartbeat frequency is 30 secs Gateway NAT all the heartbeats toward the Orchestrator Orchestrator tracks state and generates alerts

Gateway (VCG) is Stateless, What does It Mean and Why? 16 VeloCloud by VMware Proprietary & Confidential Unlike typical CE-PE config, there is very little config on VCG (IP address, BGP peer, etc.) Biz policy is pushed to the VCE only from the VCO VCE tells the VCG how to process each flow by syncing policy Need more capacity, spin up another VCG & re-assign VCE to new VCG User configures policy on VCO, e.g. RTP = Real-time high, prefer particular link, etc. 1 2 Traffic Starts 3 Send Policy Sync OK, now I know how to process this flow

Gateway Pools 17 VeloCloud by VMware Proprietary & Confidential Gateway Pools are a container that various Gateways can be assigned to for the purpose of allocating Gateway to end customer by providing them access to that pool Gateways can be included in multiple pools Each Enterprise can only be assigned a single pool, any migrations to a new gateway pool must also contain any Gateways currently in use by that Enterprise

Gateway geographically closest to the Edge Used to measure link quality against (DMPO) as shown in the QoE screens Used for onboarding SaaS applications VPN exchange point for edges Primary & Secondary gateways assigned by the Orchestrator Any pair of edges can use a different set of VPN gateways Gateway of last resort VPN exchange point for edges in the event no common gateway is established Assigned by the Orchestrator at the approximate geographic center of the organization Gateway Functions Gateway behavior specific to an Edge Local Gateway VPN Gateway Super Gateway Edges always connect to multiple gateways, typically a redundant pair per role

Gateway Assignment & Selection Pri ./Sec. Gateway Super Gateway SaaS Gateway NVS Gateway Two VCGs selected in different PoPs closest to the edge Typically these are VCGs in the same region, e.g. North America Region A Region B One VCG per enterprise chosen as super gateway that all edges connect to based on least distance* (3.3 or above, two Super Gateway will be elected per enterprise) Use as gateway of last resort for edge-to-edge VPN Same as Primary Gateway Use for traffic to the cloud, e.g. O365 When tunnel to Primary Gateway fails, Internet traffic is sent direct Up to two VCGs selected from PoPs closest to customer DC VCGs set up redundant IPSec VPN to customer DC Support primary and secondary VCGs

LA Denver Frankfurt Overlay to Primary GW Overlay to Secondary GW Traffic to SaaS LEGEND LA GW DEN GW CHI GW NYC GW FRA GW LON GW Overlay to Super GW Primary & Secondary Gateway Assignment

Super GW LA Denver Frankfurt Overlay to Primary GW Overlay to Secondary GW Overlay to Super GW LA GW DEN GW CHI GW NYC GW FRA GW LON GW Traffic to SaaS LEGEND Super Gateway Assignment

NVS GW For connecting to Non- VeloCloud -Sites (NVS) LA Denver Frankfurt Overlay to Primary GW Overlay to Secondary GW Overlay to Super GW LA GW DEN GW CHI GW NYC GW FRA GW LON GW Tunnel to VPN GW LEGEND Secure VPN Gateway Assignment IPsec

Viewing Gateway Assignment What Gateways is an Edge using and for what?

Global Gateways Coverage 30 Regions globally 660+ Gateways available Instant failover to other gateways 99.99% Reliability SLA SSAE16 Type II Audited Datacenters Cloud Scale Redundancy Gateway Region VMware Hosted Gateway service

VMware SD-WAN Gateway Deployments 25 VeloCloud by VMware Proprietary & Confidential Default Mode (Cloud-Hosted) INTERNET IPSec PAT Partner Gateway Mode INTERNET/ MPLS PE VLAN/VRF IPSec PAT Day 0 mode of a newly activated gateway with no changes, commonly known as cloud-hosted given the OTT nature Standard offering for VMware hosted gateways PAT traffic destined to the Internet using a single interface (eth0), e.g. SaaS Gateway can terminate customer configured IPSec to non-VeloCloud site, e.g. AWS, customer DC Gateways assignment driven by geo-location and happens automatically Expanded role assigned to the gateway. Used when a Cloud SP or Network SP deploys the VCG in their network for service access Required if VRF/VLAN handoff is desired for service delivery Gateway requires another interface (eth1) called handoff interface to perform VRF/VLAN handoff Can also specify which subnets are handled by the VCG using static routes and the handoff mode (PAT or VLAN/VRF) associated with each Can peer EBGP with the PE/core router via the handoff to learn specific prefixes Gateway assignment is driven by manual process, is deterministic and static

Partner Gateway Topology MPLS Backbone SD-WAN Edge SD-WAN Edge SD-WAN Partner Gateway SD-WAN Partner Gateway SD-WAN Partner Gateway SD-WAN Partner Gateway PE Router Two independent overlay domains Know about each other through BGP PE Router PE Router PE Router

MPLS Backbone SD-WAN Edge Edge11 SD-WAN Partner Gateway GW11 SD-WAN Partner Gateway GW12 SD-WAN Partner Gateway GW21 SD-WAN Partner Gateway GW22 PE Router PE11 PE Router PE12 PE Router PE21 PE Router PE22 Internet Region 1 Region 2 *Note: VMCP tunnel to secondary partner gateway is not show for simplicity. SD-WAN Edge Edge21 SD-WAN Overlay Underlay Routing Use Case #1

MPLS Backbone SD-WAN Edge Edge11 SD-WAN Partner Gateway GW11 SD-WAN Partner Gateway GW12 SD-WAN Partner Gateway GW21 SD-WAN Partner Gateway GW22 PE Router PE11 PE Router PE12 PE Router PE21 PE Router PE22 Internet Region 1 Region 2 *Note: VMCP tunnel to secondary partner gateway is not show for simplicity. SD-WAN Edge Edge21 CE Router CE21 L1 L1 SD-WAN Overlay Underlay Routing Use Case #2

MPLS Backbone SD-WAN Partner Gateway GW11 SD-WAN Partner Gateway GW12 SD-WAN Partner Gateway GW21 SD-WAN Partner Gateway GW22 PE Router PE11 PE Router PE12 PE Router PE21 PE Router PE22 Internet Region 1 Region 2 Assigned with partner gateway in region 1, that is GW11 and GW12 Assigned with partner gateway in region 2, that is GW21 and GW22 *Note: VMCP tunnel to secondary partner gateway is not show for simplicity. SD-WAN Edge Edge11 SD-WAN Edge Edge12 SD-WAN Edge Edge21 SD-WAN Overlay Underlay Routing Use Case #3
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 277
  • Slides 29
  • Age 428 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category