Architecture

This section describes the architecture of SD-WAN and its core components.

image0

The figure above shows the logical layout of the partner network, management server, aggregator, private WAN router, bonder/CPE, and customer/end-user network.

Key concepts and features

  • Routing and tunneling: SD-WAN is a sophisticated VPN that transports IP packets between bonders, aggregators, private WAN routers, datacentre routers, and premise routers and firewalls.

  • Private WAN: SD-WAN can send traffic between groups of sites in an isolated, secure manner, making it simple and inexpensive to deploy an advanced private WAN. SD-WAN can replace or integrate with MPLS networks.

  • Tunnel security and encryption: packets sent between sites can be configured with a variety of security and encryption options

  • Bandwidth adaptation: leg speeds can be adjusted automatically based on real-time performance data measured by the bonders and aggregators.

Organizational constructs

There are a number of organizational constructs available in SD-WAN, as follows:

  1. Spaces: The main way to organize a SD-WAN environment, spaces allow bonds, aggregators, users, and other components to be placed into distinct groups. Spaces can have their own IP subnet assignments, user interface branding options, and private WAN settings. Spaces are arranged in a hierarchy, similar to a directory structure, where one root space can have multiple child spaces, and each child space can have their own child spaces, and so on.

  2. Routing groups: Represent closely-related groups of aggregators and private WAN routers. In general, a datacentre should be represented by one routing group. Routing groups are a core component of IP management.

  3. IP allocations and delegations: IP subnet records used to manage the assignment of IP addresses to bonds and private WAN spaces.

  4. Authorization groups: Groupings of application permissions to which users are assigned. For example, an authorization group could have permission to view, add, change, and delete bonds and legs, and any users allowed to manage bonds and legs could be assigned to that group.

Servers

SD-WAN uses four types of servers:

  1. Management server: Hosts management and monitoring applications. A partner has only one management server, but one management server can control multiple spaces, aggregators, bonders, and private WAN routers.

  2. Aggregation server or aggregator: Powerful hosts with a single high-speed connection to the Internet. Aggregators split traffic bound for customers into multiple streams for each leg and recombine traffic from each leg before sending it on to its final destination on the Internet. An aggregator can host multiple bonders.

  3. Private WAN router: Controls configuration of private WAN routing on aggregators and routes private WAN traffic between aggregators in a routing group, to private WAN routers in other routing groups, and to external gateways for access to the Internet and other networks.

  4. Bonder or Customer Premises Equipment (CPE): Bonders are located at customers’ sites and have multiple connections to the Internet. They split traffic bound for the Internet into multiple streams for each leg, sending that traffic to an aggregation server, and recombine traffic from an aggregator to each leg and then send it on to its final destination on the customer’s LAN.

Components

  1. Bond: A collection of legs, connected IPs, CPE NAT IPs, and routes, and responsible for transporting traffic between a bonder and an aggregator.

  2. Leg: A single Internet connection at the customer’s site.

  3. Connected IP: A network used for communication between the bonder and the customer’s local network.

  4. CPE NAT IP: A way to assign a single public IP to a bond using network address translation.

  5. Route: A subnet routed from an aggregator to the customer’s network.