VMware Velocloud: The core functions of an SD-WAN

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello my name is Anna's cross and this is my favorite way to describe what is an ST Vaughan Software Defined while area network okay because imagine that you have a bunch of physical locations so here is your main data center maybe you have a secondary data center maybe you have a small office somewhere maybe you have a factory another office so you have a bunch of physical locations they have the need to communicate with each other in the uplink direction there are a bunch of different alternatives so depending on where in the world you are you connect your sites in the uplink direction using MPLS internet connection internet connection from some other provider 4G 4G or whatever is the ability that you have per physical location so in the middle here we have connection different ways to connect to each other MPLS we said internet we said internet from another provider we said 4G maybe 5g and whatever you have here in an ST one kind of approach then we look at the available bandwidth here as as I just just way to community to communicate so you can look at it like this let's just do a circle so these are the physical locations that you manage we call it the long side these are uplinks technologies that you buy or acquire from someone let's call this the van side the bomb side in developed world solution you put something to each individual individual physical location and we call it an edge an edge is a software thing that might run in a virtualized hypervisor or it might want unemployment's it doesn't matter it's the function of the edge software that we are looking for so in my picture the edge is over here and again for the sake of the argument it doesn't matter if this is a VM or if it's just a software that runs somewhere on a hypervisor because from an uplink point of view each physical location and the edge is connected in uplink to one of these up links or maybe multiple a little bit depending on of course so maybe it's looking like this okay so first of all if you have an Esteban software and this is managed by the orchestrator so in my picture here there is an Orchestrator somewhere so this is me using the orchestrator and I just orchestrate everything all my edges so these are my edges edge can put a little cable here like this okay first of all what topology can I use well you can use basically any topology this is software so you can create a full mesh you can create a partial mesh you can create a Hubble spoke you can do it multiple times in multiple layers it doesn't matter this is a software more or less you can create an anthropology of your choice but an Estevan is much more than just a managed IPSec thing in an esteban there's a lot of intelligence so first of all when you connect an edge to uplinks what the edge will do then is quality measure so every edge will quality measure every uplink so we will of course check the bandwidth we will check the latency we will check the jitter we will look at bit errors and we will look at faulty frames and we know the quality on all the up links so once now when we start to use our Estevan we know exactly what is the quality of the uplinks available on all of our edges here so now I have applications here so imagine that I have an application here talking to an application over there or someone over here talking to someone over there doesn't matter what we will do them from an edge perspective is that we will use something that we refer to as deep application recognition so we will look at the behavior of the traffic we will look at the destination IP range we will look at the layer protocol we will look at information within the certificate we will try to identify and there are hundreds and hundreds of different applications that we can identify from a quality perspective so depending on if this is a real-time service is the voice stream is the transactional service does it mean a lot of bandwidth what is the profile prioritizing different applications on my edge then I will use either maybe this link or this link or both links depending on if I need bandwidth or if I prioritize low latency or whatever and if something changes then I might do per packet link steering because we will quality measure continuously all the uplink so if the uplink is silent and we will prove it every now and then just to make sure what is the quality at this very moment if we have traffic on an uplink then we will piggyback with the quality report so we know the quality of all the up links on all the edges at every every instance in time so now I have the ability to communicate in east-west direction and if this is a transactional service that needs a lot of bandwidth then I can aggregate so if I have 2 1 gig up links then actually one single transaction application can use 2 gigs of data more or less if this is something that moves maybe this edge is within I don't know within an ambulance or in the submarine or within the car self-driving car or whatever is our use case an unstable network then I can do a per link packet steering if if this is desired depending on how I created my profile in the orchestrator okay so right now on the board I have taken care of what we refer to as the east-west traffic so traffic between entities that I manage so this is my infrastructure and I consume the bandwidth from a logical point of view this is my Esteban taking care of of any communication and within the Esteban if I have bit errors I will retransmit I can do jitter buffering I can do forward error correction I can do a lot of things making this overlay looks better to look better than the actual on the link is because I do the forward error correction I do the link steering I do the aggregation or when I do the transmission or whatever I do depending on the settings in my profile but the north-south traffic use case is also something that we need to take care meaning that a manager of a user here and this user is consuming something out on internet so maybe we are using office 365 or something so there's an internet service somewhere out on internet that means that this application needs to do break out out from the Estevan I am not communicating between stuff within my management I am talking from inside to outside from born to learn to learn to voyage there then I must do a break out and there are different a couple of different ways that you can you do break out so imagine that this is an application and we go towards the edge the edge uses the publication recognition then we can say that okay according to the settings this application should do a local breakout so directly on the edge on the local edge we do a breakout and basically we go outside of the Estevan towards the whatever that we are consuming out on internet for it the downside of local breakout is that if you do local breakout you are vulnerable from attacks in the reverse direction so you may be attacked that means that you should have from a security point of view you should have firewall capabilities so if you have a bunch of sites you need to have equally many firewalls per site otherwise you are vulnerable if you allow local breakout the alternative to local breakout is to do backhauling centralized breakout so let's say that this is your primary data center in your primary data center there is a really fancy firewall from some vendor then of course what you then may do is that from your application you go to the edge the edge recognize this application as something that should do a back hold back out so we are using the st1 to get to the data center we reach the firewall the firewall is doing something some kind of filing and then the firewall is the entity that lets this traffic out on internet so backhauling or or centralized breakout the downside of centralized breakout is that you get happening and you get a choke point where you're fine while your main fine one needs to find what a lot of stuff you bring a lot of traffic from from around your network into a centralized data center I need you need to cope with it there so the third option that is kind of Estevan specific is that you do distributed breakout because there is one more node here or no the infrastructure that we refer to as gateways so VMware has placed a lot of gateways out on internet so it's symbolically I just put some dots here and the dots represents the hundreds and hundreds of gateways that are out on basically every every major data center all over the globe so what you may do if you want to is that you identify your application you take the esteban you take the esteban as far as you can then you do a breakout on the gateway infrastructure that is not managed by you but consumed by you and from there you do a breakout as close to the destination as possible this means that you have used all the good things from the Estevan and by the good things I mean the link steering the quality retransmission forward error correction and all of that so we are using all of all of this and this may be combined with a distributed firewall service and there are a number of different companies that does this meaning that when you break out even though you break out from a gateway not managed by you but only consumed by you you can have a corresponding distributed firewall service that takes your traffic and firewalls it before it goes out on internet that means that you use the estaban you use all the good things with the esteban you break out as close to the destination as possible per identified application and thereby you avoid happening and you still get the firewalling but it's performed by the distributed firewall okay so this is just one way to describe an Esteban the infrastructure is managed by you on the outside the available up links those are just lower bandwidth something for you to consume with an estimate we can consume it as intelligent as possible

Info

Channel: Anders Krus

Views: 2,582

Rating: 5 out of 5

Keywords: VMware, Velocloud, SDN, SD-WAN, Cloud, AndersKrus, Krus

Id: CJOFZGLEvCM

Channel Id: undefined

Length: 13min 5sec (785 seconds)

Published: Wed Mar 11 2020