WAN. Re-invented.Technical Deep Dive

SD-WAN for Service Providers

Parag Thakore, Director Product Management

Kangwarn Chinthammit , Director of Solutions Marketing

Agenda

SD-WAN for SPs Enterprise Trends, Challenges, and Deployment Considerations

Top SD-WAN Considerations

SD-WAN Building Blocks & Deep Dive1. Unified Elastic Transport

2. Cloud On-Ramp

3. Flexible Deployments

4. Automation and Orchestration

Summary

3/21/2016 2

Businesses Blocked by WAN Challenges

3/21/2016 3

Application rollouts

inhibited by expensive

bandwidth

Branch deployments delayed

by IT complexity

Cloud migration not supported

by static architectures

X

X

X

Top SD-WAN Deployment Considerations

3/21/2016 4

Key Capabilities of SD-WAN (Source: Gartner)

1. Lightweight WAN CPE replacement that is transport agnostics

2. Allow for dynamic load sharing across multiple WAN

3. Dramatically simplify the complexity associated with management, configuration, and orchestration of the WAN

4. Provide secure VPN and ability to integrate additional network services and offload Internet traffic closer to the edge of the network

3/21/2016 5

Source: http://blogs.gartner.com/andrew-lerner/2015/07/07/sdwan/

SP’s SD-WAN Consideration Process

3/21/2016 6

What services can I offer?

• New services vs better existing services & ROI

How do I offer these services?

• Customer Experience, Reduce Truck-Rolls, Simplify Operations

How do I integrate into my network and operation?

• Flexible Deployment and Business Models, Fit SP topology, leverage SP network, integrate with OSS

VeloCloud SD-WAN Whole Offer - Building Blocks

3/21/2016 VeloCloud.com Company confidential. 7

Cloud

On-Ramp

Unified Elastic

TransportInternet

MPLS

Wireless

What to deliver ? How to deliver ?

Flexible

DeploymentsVNF

VNF

VNF

Automation &

Orchestration

Cloud-Delivered SD-WAN For NSP/CSP

83/21/2016

Dynamic Multi-path

Optimization

CE

Router

SaaS

SP

Cloud

Service

PRIVATE/MPLS

Cloud

DC

SP Orchestrator

INTERNET

PE

PE

Branch Site

Enterprise

DC

PE

SP Cloud

Gateways

SD-WAN CPE

Or Virtual Edge

1

3

2

• Public and private linksSecure Bonded Overlay

OnNet/Offnet support

• Gateway/VCO in SP cloud or

VeloCloud HostedDeliver Rich Services & Maintain Visibility

• WAN ExpansionNo RIP and Replace

• Scalable, Multi-tenant Architecture

• Thin branch, auto provisioned

• Direct path to Ent and cloud apps

3

Unified Elastic Transport

Dynamic Multi-Path Optimization

Assured Application performance over MPLS, Internet broadband and LTE circuits

Continuous Monitoring

Automatic capacity testing

Continuous link & path quality monitoring

MPLS Class-of-Service aware

Dynamic App Steering

App aware per Packet Steering

Virtualized: apps not tied to links

Aggregated bandwidth for single flows

Policies abstracted by link groups

Backup link policy

On Demand RemediationError & jitter correction

Automatic steering for brownouts/blackout

Case Study: 2500 Site Retail Hybrid WAN

•MPLS packet loss and outage

•Performance issues on CABLE

VeloCloud Delivers Excellent VOIP Quality

•Sub-sec steering of VOIP without call drops

•On-demand mitigation of packet loss & jitter

VeloCloud Networks | Proprietary & Confidential | © Copyright 2016

Customer base expansion with Offnet Deployments

17%of the time

single Internet link fails to

deliver expected application

performance

8.89

VQS >99%of the time

SD-WAN with dual Internet to

delivers predictable

application performance

VQS

9.96

Internet Cloud-delivered SD-WAN

Source: VeloCloud Internet Quality Report

Offnet Sites On-net Sites

TCP Flow Optimization

3/8/2016 12

TCP flow

optimization with

packet loss

occurring

Up to 20X better performance with SDWAN

Layer 7 Aware Stateful Application Firewall

• Granular application

policies for visibility and

control

• Firewall can also be

disabled in favor of

existing hardware

• ICSA certified by H216

3/8/2016 13

Cloud On-Ramp

Retail Case Study with UCaaS Provider

3/21/2016 15

• OTT service with hosted VOIP

• Cable simultaneously had critical performance issues

• Cloud-Delivered SD-WAN delivers app perf

• Policy based redirect (UC traffic only)

• OnDemand mitigation on Single Link

Voice/Video Optimization @ Retail Site

MOS: 2.1 @

2% Packet loss

MOS: 4.1 @ 2%

Packet loss

MOS: 3.3 @

33ms JitterMOS: 4.2 @ 33ms

Jitter

Legacy Vendor With SDWAN

Eliminiate NxN, High Performance Connection to VPC

VPC VPC VPC VPC

Connection to VPC requires either backhaul

to DC first or setting up IPSec tunnel from

every branch to VPC

Complicated and manual IPSec

configuration to VPC

Traditional WAN to VPC Connect to VPC with Cloud-delivered SD-WAN

High performance, secure connectivity to VPC

with Dynamic Multipath Optimization

Eliminate the mesh tunnels from branches to

VPC; only IPSec tunnels from the Cloud

Gateways are required

Automated IPSec configuration Cloud-

delivered SD-WAN

SD-WAN Automation and

Orchestration

SD-WAN Automation and Orchestration for ICOM

3/21/2016 19

*3 Tier Multi-Tenant * Role Based* RestFul APIs* Flexible Deployment Models*Velo/SP Hosted

Consolidated Dashboard for complete lifecycle management

3/8/2016 20

SLA Measurements Remote Diagnostics

Monitoring

Software Defined Automation

• Remote cloud provisioning

• Group business level policies

• Automatic link profiling

• One-click VPN to DC and cloud

• Eliminate NxN manual tunnels

• Dynamic branch-to-branch

• Cloud services insertion

• No complex per node routing

• Backhaul to on-premise services

Simplified Configurations Zero Touch Branches Easy Services Insertion

VeloCloud Networks | Proprietary & Confidential | © Copyright 2016

Flexible Service Insertion –Policy-based Application Steering and Redirection

3/21/2016 22

Internet/MPLS1

2

3

4

Dynamic branch to

branch tunnel Traffic to other on-net sites or SP

services

Critical traffic to the

Internet, e.g. SaaS

Non-critical Internet traffic,

e.g. Netflix

SP PoP

SP Hosted GW

VeloCloud GW

Policy-based Application Steering and Redirection - Examples

3/21/2016 23

Legacy WAN: ACL, IP address, subnets

SD-WAN: App-level policy

Legacy WAN: Need to put application in the right

queue

SD-WAN: App-awareness to choose the right

queue

Legacy WAN: Complex routing tuning & PBR to

do split tunnel

SD-WAN: App-aware split tunnel policy & single

click

Legacy WAN: Routing protocol tuning, probes,

PBR

SD-WAN: Dynamic path selection

Flexible Deployment Options

VNF for SP Universal CPE/vCPE

Edge VNF can be service chained on SP

owned Universal CPE

Flexible Deployment Options

Runs on x86 COTS

Multi-tenant GW software can interoperate

with existing Provider Edge Routers

3/21/2016 25

COTS

VeloCloud

Gateway Software

VeloCloud

Edge VNF

VNF

VNF

VNF

VeloCloud

Edge HW

MPLS

Orchestrator

Flexible Branch and VPN Handoff types

CE

Router

INTERNET

Dynamic Multi-path

Optimization

IPSecExisting VPN

Headend

VRF

26

PE

Service Provider

Cloud Gateways

PE

PRIVATE/MPLS

NETWORK

VeloCloud

Edge

Supported Onboarding

Options

Supported VPN

Handoff Options

Option 1:

Internet-only

Option 2:

Hybrid WANHandoff Option 1:

IPSec over Internet

to customer VPN

headend, firewall

Handoff Option 2:

VRF/VLAN handoff

to PE router to reach

destination on MPLS

PE

3/21/2016

Headend Deployment Options

3/21/2016 2727

INTERNET

PRIVATE/MPLS

NETWORKBranch Headend/Hub

Option 1:

Overlay tunnels from branch to hub.

Dynamic Branch to Branch

Need SD-WAN edges at all sites

INTERNET

PRIVATE/MPLS

NETWORKBranchSP PoP

IPSec

VRF

Option 2:

Overlay tunnels from branch to SP PoP.

Dynamic Branch to Branch

SDWAN and Non-SDWAN connectivity via

Core

VeloCloud Edge

VeloCloud Edge VeloCloud Gateway

Flexible Deployment Options

VM

• Appliance, Software or Multi-tenant Cloud

Datacenter OptionsBranch Options

• Appliance or Virtual Software

Form

Facto

rIn

sert

ion M

odes

VM

• Branch Insertion: Overlay Flow Control, On-Net + Offnet

• Headend and Orchestrator:

• Multi-Tenant and Single Tenant Options

• SDWAN and Non-SDWAN Sites

• Flexible Business Models

• VeloCloud Hosted for quick TTM

• SP Hosted and integrated with PE

• On Customer Prem

Flexible options simplify and enable incremental deployments

VeloCloud Networks | Proprietary & Confidential | © Copyright 2016

Cloud NetworkOn premise and cloud delivery

Cloud Delivered SD-WAN Architecture

29

CABLE

DSLLTE

MPLS

Branch

Velocloud

Edge

VeloCloud DC

Edge

Enterprise DC

Dynamic Multi-Path

Cloud VPN

Smart QoS

App Firewall & Web Security

Application Performance Monitoring

Services Catalog & Ecosystem

Virtual Services Delivery

SD-WAN Services OrchestrationBusiness Policy Automation

Overlay flow control and

services insertion

Visualization

Cloud DC

Multi-tenant, cloud scale

Distributed Redundant Infra

VeloCloud

Gateways

VeloCloud Networks | Proprietary & Confidential | © Copyright 2016

www.velocloud.com/sd-wan-dummies

Thank You!