Understanding SD-WAN Components and Connections

Sep 20, 2024

SD-WAN Terminology Lecture Notes

Introduction

  • Focus on important terminology related to SD-WAN.
  • Key terms include: T-Lock, OMP, color.

SD-WAN Controllers

  • Three main controllers in SD-WAN:
    • vManage: Management plane.
    • vSmart: Control plane, brain of the SD-WAN.
    • vBond: Orchestration plane.
  • WAN Edge (WANH): Data plane in SD-WAN.

Types of Connections

  • Control Connections: Secure connections between controllers and WAN Edges.
    • Example: Control connection over DTLS between vBond and vSmart.
  • Data Connections: IPSec connections for end-to-end communication between WAN Edges.
    • Example: Secure connections between vManage and WAN Edges.

Connection Types Overview

  • Control connections:
    • vBond to vSmart (DTLS)
    • vBond to vManage (DTLS)
    • vManage to vSmart (DTLS)
  • Data connections:
    • WAN Edges communicate over IPSec.

SD-WAN Components

  • vManage: Software-based only (VM).
  • vSmart: Software-based only (VM).
  • vBond: Software-based only (VM).
  • WAN Edge: Can be either software (VM) or hardware appliance.

Overlay Management Protocol (OMP)

  • OMP is used for:
    • Routing
    • Policy advertisement
    • Key exchange
  • OMP operates over secure connections (DTLS/TLS) between VSmart and WAN Edges.
  • OMP functions similarly to BGP in traditional routing.

OMP Neighborship

  • Automatically established when a secure connection (DTLS/TLS) is made between WAN Edges and VSmart.
  • Identifiers for OMP neighbors are based on System IP (unique identifier for devices).

System IP

  • Unique identifier for every SD-WAN device (e.g., vSmart, vManage, WAN Edges).
  • Example: System IPs can be 1111, 11110, 11120, etc.

Routing with OMP

  • OMP facilitates routing by allowing WAN Edges to send their routes to VSmart, which acts as the route repository.
  • WAN Edges advertise their connected routes to VSmart using OMP.

T-Lock (Transport Location)

  • T-Lock is a unique identifier for a circuit in SD-WAN, similar to next hop in BGP.
  • T-Lock includes:
    • System IP
    • Color (to uniquely identify T-Locks)
    • Encapsulation (IPsec or GRE)

Colors and Encapsulation

  • Color: Helps create unique identifiers for T-Locks. It can be public or private.
  • Encapsulation: Determines the type of connection security (IPsec recommended over GRE).

Data Plane Encapsulation Types

  • IPsec: Provides security (authentication, encryption).
  • GRE: No security features.

Summary of Routing in SD-WAN

  • WAN Edges send their routes to VSmart using OMP.
  • VSmart redistributes the routes to other WAN Edges.
  • OMP is proprietary and only functions within the SD-WAN overlay.
  • Redistribution of external routes (e.g., from OSPF, EIGRP) into OMP and vice versa is possible.

Redundancy and Load Sharing

  • Multiple VSmart instances can be deployed for redundancy.
  • In the event of receiving routes from multiple VSmart instances, a WAN Edge selects the route from the VSmart with the lower system IP.

Conclusion

  • Understanding of SD-WAN routing and components is important for implementation.
  • Further videos will provide more insights into these topics along with practical scenarios.