Your web browser doesn't support some required capabilities.
This interactive simulation works best with the latest version of Chrome, Firefox, or Safari.
An error occurred. Please reload the page or report this error to:
hol-feedback@vmware.com
Unable to initialize the simulation player:
Please reload the page or report this error to:
hol-feedback@vmware.com
Drive it with your mouse, your finger, or just use the arrow keys.
Use Learn mode to learn the demo. The orange boxes show where to click.
Use Present mode to hide the orange boxes and notes.
Click a Shortcut to jump to a specific part of the demo.
This part of the lab is presented as a Hands-on Labs Interactive Simulation. This will allow you to experience steps which are too time-consuming or resource intensive to do live in the lab environment. In this simulation, you can use the software interface as if you are interacting with a live environment.
The orange boxes show where to click, and the left and right arrow keys can also be used to move through the simulation in either direction.
This demonstration will walk through the various features of the VMware NSX SD-WAN solution.
For the entirety of this demonstration we will be using the VMware NSX SD-WAN Orchestrator, which is an essential component of the solution where enterprise administrators can configure and monitor the deployment.
When a user logs into the Enterprise portal of the Orchestrator, a global overview is presented of all the branch locations and in that view the device state as the number of connected transport links is shown. This allows administrators to ascertain the state of the network in a single glance.
On the map you can zoom into an area to get a better understanding of where all the edges are located:
Now let's look at an individual location and see what detail is provided by the SD-WAN solution:
When looking at the details of the edge, one of the first items that will stand out is the inventory of transport links. All of the information you see in the Link Status section is automatically populated when an edge is activated. The system will discover the Service Provider as well as the bandwidth of the link, including the physical port that this capacity is connected to on the edge device.
There are also real time measurements available that characterize the links' latency, jitter and packet loss behavior.
This is a critical component to understand what the links are capable of transporting and what the impact of these conditions are on applications.
When on the Edge Overview page, the edges are also instructed to stream real time throughput numbers to the Orchestrator to give administrators a better sense of the utilization of the Edge.
Another way to determine the link quality is to look at the Quality of Experience (QoE) rating
The screen shows the VeloCloud Quality Sore (VQS) for each of the links and rates them on a scale from 0 through 10 on how well the links perform to carry a certain type of traffic (Voice in the default case)
It will show the score before SD-WAN services applied and the top bar shows the quality observed by end users after SD-WAN services were applied.
At a minimum, the solution can steer around brown-out conditions on an individual link. The solution is also capable of enabled packet duplication in order to mitigate effects of packet loss on all of the available links. In addition de-jitter buffering can normalize the effects of jitter on VOIP calls. All of the steering and mitigation techniques are dynamically enabled on a per-application basis. Steering of flows is done on a per-packet basis, ensuring sessions are preserved while protecting the quality of the session towards the end-users.
As you hover over sections of the time line, you can see what the system detected and what techniques have been employed to protect application traffic.
Let's look at the difference for another Traffic Type and see how the quality rating changes for an application that is more sensitive to network impairments.
Let's move over to the Transport visibility where administrators can seek to better understand the utilization of the individual links
Administrators can place an Edge in live mode in which it will stream real time updates to the Orchestrator. This is a tool that is valuable for troubleshooting and identifying network utilization pattern breakouts.
The Edges are also responsible for detecting the applications that are being used and have awareness of what the networking requirements are for each application. The embedded Deep Application Recognition (DAR) engine can detect around 3,000 applications.
Let's investigate why there is a sizeable volume of Youtube traffic on the branch network and eroding bandwidth.
The Top Applications infographics will show which devices are using Youtube and to which domains the flows are being sent.
Let's divert our attention to configuration of the SD-WAN solution, which has been designed to abstract complexity and focus on outcomes instead.
The solution works with the concept of profiles which provide a blueprint on how locations should behave in the larger enterprise network deployment.
Profiles contain common settings for the Device, Business Policies and Firewall rules. Let's first see what can be controlled with the Device settings.
Administrators can control a variety of network settings here, including but not limited to DNS, VPN, routing, addressing.
First, it should be noted that several of these settings operate in a Segment. Segments are strictly compartmentalized sections of the network that can operate with an independent set of policies and even topologies to carry traffic to its final destination. They are commonly used to comply to regulatory frameworks such as PCI DSS where there is a requirement to segregate Point of Sales (POS) terminals from the rest of the network.
The Global Segment is the default segment in which all configurations and resources are set up.
An important function the SD-WAN solution is the ability to connect the various branch locations through the overlay VPN and provide seamless connectivity to resources in remote locations. The NSX SD-WAN solution offers three main VPN controls:
Administrators can exert control over how branches connect with each other. By default NSX SD-WAN Gateways are leveraged as a point where branches exchange traffic. Optionally branches can be set to build tunnels directly to each other without use of the Gateways. This is a preferred option for latency sensitive applications.
Branch to Branch connectivity can also be facilitated through an existing branch site that can be nominated to be a hub site. Hub sites can both facilitate this interconnection as well as serve as a centralized breakout to the internet. This is commonly used to service chain additional security measures into a traffic flow that are hosted in the enterprise DC, hosting the hub site. When nominating a site as a hub, all edges in the profile will build direct overlay tunnels to the hub site to allow resources downstream of the hub site can be accessed in a reliable fashion.
Last, the Gateways also facilitate building standard based IPSec tunnels to non SD-WAN enabled sites that have existing VPN routers installed. Commonly these can be enterprise data centers or virtual private cloud providers such as Amazon Web Services, Azure, SoftLayer, etc ...
In this way, resources inside an existing data center can be made available to all SD-WAN enabled branches without the need of making infrastructure changes in the DC. Only a new tunnel needs to be configured in the DC.
Enter a subnet connected on the data center LAN, reachable through the NVS (Non VeloCloud Site) tunnel to other SD-WAN branches.
Next, we'll take a brief look at the routing capabilities of the branches. The solution allows OSPF and BGP to be configured at each of the branches so that Edges can act as a CE router when MPLS links are connected or can ingest routes from an already downstream Layer 3 device such as a L3 switch. This allows for flexible insertions of the edge in brownfield deployments.
Another critical building block of the SD-WAN solution is the Business Policy framework that allows administrators to intuitively define how an application should be treated on the network. In essence, administrators will only need to express which applications are business critical and the solution will adapt to prioritize resources and remediation mechanism to provides the highest end-user experience.
Business Policies abstract complexity and focus on outcomes. Administrators will not need to know what IP address and ports applications are active on, nor will they need to worry about queuing mechanisms and CoS settings. All of these are automatically set by the solution.
Let's add a low priority Business Policy. Assume Box storage is not an application that is used by the Enterprise and as such needs to be de-prioritized on the network
The VeloCloud Edge has an embedded statefull application aware firewall, which can be disabled in favor of an existing external, hardware firewall or to a VNF based firewall hosted on the edge hardware.
Overlay Flow Control (OFC) is a centralized routing table that will provide enterprise wide insight in which subnets (per segment) are attached to Edge locations. It will also create insight into knowing how routes are learned by the SD-WAN solution, which is both valuable from a planning perspective as well as from an audit angle.
To return to the lab, click the link in the top right corner or close this browser tab.