Transcription
White PaperW H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 1VeloCloud DynamicMultipath OptimizationThis document discusses the key functionalities andbenefits of VeloCloud Dynamic Multipath Optimization(DMPO) that assures enterprise and cloud applicationperformance over Internet and hybrid WAN.
ContentsW H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 2Introduction3DMPO Key Functionalities3Continuous MonitoringDynamic Application SteeringOn-demand RemediationApplication Aware Overlay QoSBusiness Policy Framework and Smart DefaultsTraffic Class (Priority and Service Class)Network ServicesLink Steering345611111112DMPO Real World Results16Secure Traffic Transmission17Ports Used17Summary17VeloCloud Networks , Inc. is the Cloud-Delivered SD-WAN company, a Gartner Cool Vendor 2016,the Frost & Sullivan Product Leader in the SD-WAN Solution Market 2016, and a Best of Interop andBest of VMworld winner. The company simplifies branch WAN networking by automating deploymentand improving performance over private, broadband Internet and LTE links for today’s increasinglydistributed enterprises. VeloCloud SD-WAN includes: a choice of public, private or hybrid cloudnetwork for enterprise-grade connection to cloud and enterprise applications; branch office enterpriseappliances and optional data center appliances; software-defined control and automation; and virtualservices delivery. VeloCloud has received financing from investors including NEA, Venrock, March CapitalPartners, Cisco Investments and The Fabric, and is headquartered in Mountain View, Calif. For moreinformation, visit www.velocloud.com and follow the company on Twitter @Velocloud. 2 01 7 VE LOC LOU D NETWO RKS, I NC. ALL RI GHTS RESERVED.
IntroductionW H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 3VeloCloud Cloud-delivered SD-WAN solution enables Enterprise and Service Provider to utilize multiple WAN transports simultaneously, maximize the bandwidth,while ensuring application performance. The unique Cloud-Delivered architectureoffers these benefits for on-premise and cloud applications (SaaS/IaaS). This requires building overlay network, which consists of multiple tunnels, monitoring andadapting to the change in the underlying WAN transports in real time. To deliver aresilient overlay network that takes into account real-time performance of WANlinks, VeloCloud has developed the Dynamic Multi-Path Optimization (DMPO). Thisdocument explains the key functionalities and benefits of DMPO.DMPO Key FunctionalitiesDMPO is used between all of the VeloCloud components that process and forwarddata traffic: VeloCloud Edge (VCE) and VeloCloud Gateway (VCG). For connectivity within Enterprise locations (branch-to-branch or branch-to-hub), the VCEs establish DMPO tunnels between themselves. For connectivity to Cloud applications,each VCE establishes DMPO tunnels with one or more VCGs. The four key DMPOfunctionalities are discussed below.Continuous MonitoringAutomated Bandwidth DiscoveryOnce the WAN link is detected by the VCE, it establishes DMPO tunnels with oneor more VCGs and runs bandwidth test with the closest VCG. The bandwidth testis performed by sending short burst of bi-directional traffic and measuring thereceived rate at each end. Since the VCG is deployed at the Internet Points of Presence (PoPs), it can also identify the real public IP address of the WAN link in casethe VCE interface is behind a NAT or PAT device.Similar process applies to the private link. For the VCEs acting as the hub or headend, the WAN bandwidth is statically defined. However, when the branch VCE establishes DMPO tunnel to the hub VCEs, the bandwidth test procedures are similarto those between the VCE and the VCG on the public link.Continuous Path MonitoringDMPO performs continuous, uni-directional measurements of performance metrics - loss, latency and jitter of every packet on every tunnel between any twoDMPO endpoints, VCE or VCG. VeloCloud’s per-packet steering allows independentdecisions in both uplink and downlink directions without introducing any asymmetric routing. DMPO uses both passive and active monitoring approaches.When user traffic is present, the DMPO tunnel header contains additional performance metrics including sequence number and timestamp, thus enabling theDMPO endpoints to identify lost and out-of-order packets, and calculate jitter andlatency in each direction. The DMPO endpoints communicate the performancemetrics of the path between each other every 100 ms.When there is no user traffic, an active probe is sent every 100 ms and, after 5minutes of no high priority user traffic, the probe frequency is reduced to 500 ms.This comprehensive measurement enables the DMPO to react very quickly to thechange in the underlying WAN condition, resulting in the ability to deliver sub-second protection against brownout and blackout in the WAN.
Dynamic Application SteeringApplication-aware Per-packet SteeringW H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 4DMPO identifies traffic using layer 2 to 7 attributes, e.g. VLAN, IP address, protocol, and applications. VeloCloud performs application aware per-packet steeringbased on Business Policy configurations and real-time link conditions. The BusinessPolicy contains out-of-the-box Smart Defaults that specifies the default steeringbehavior and priority of more than 2500 applications. Customers can immediately use the dynamic packet steering and application-aware prioritization withouthaving to define policies.Throughout its lifetime, a single traffic flow can be steered onto one or moreDMPO tunnels, in the middle of the communication, with no impact to the flow.A link that is completely down is referred to as having a blackout condition. Alink that is unable to deliver SLA for a given application is referred to as having abrownout condition. VeloCloud offers sub-second blackout and brownout protection. With the continuous monitoring of all the WAN links, DMPO detects brownout or blackout condition within 300-500 ms and ,immediately steers traffic flowto protect the application performance, while ensuring no impact to the activeflow and user experience. There is one minute hold time from the time when thelink brownout or blackout condition is cleared before DMPO steers the traffic backonto the preferred link if specified in the business policy.Intelligent learning enables application steering based on first packet of the application by caching classification results. This is necessary for application-basedredirection, e.g. redirect Netflix on to the branch Internet link, bypassing the DMPOtunnel, while backhauling Office 365 to the Enterprise regional hub or data center.Example: Smart Defaults specifies that Microsoft Lync is a High Priority and is aReal-Time application. There are two links with latency of 50 ms and 60 ms, respectively. All other SLAs are equal or met. In this scenario, the DMPO will choose the linkwith the lowest latency, i.e. link with 50 ms latency. If the current link to which theLync traffic is steered to experiences high latency of 200 ms, within less than a second, the packets for the Lync of the same flow is steered to another link which haslower latency of 60 ms.MPLS Class of Service (CoS)For a private link that has CoS agreement, DMPO can take CoS into account forboth monitoring and application steering decisions. SP will guarantee a differentSLA for each CoS on MPLS Link. DMPO can treat each CoS as a different link andcan take granular application-aware decisions for private link with CoS agreements.Example: For Service Provider (SP) that offers two Class of Services, CoS1 and CoS2,each with a distinct SLA, the link steering decision can be made to use CoS1 or Internet, CoS2 or Internet.
Bandwidth AggregationW H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 5For applications that can benefit from more bandwidth, e.g. file transfer, DMPOperforms per-packet load balancing, utilizing all available links to deliver all packetsof a single flow to the destination. DMPO takes into account the real-time WANperformance and decides which paths should be used for the flow. Additionally, theDMPL performs resequencing at the receiving end to ensure there is no out-of-order packets introduced as a result of per-packet load balancing.Example: Two 50 Mbps links deliver 100 Mbps of aggregated capacity for a singletraffic flow. Quality of Service (QoS) is applied at both the aggregate and individuallink levels.On-demand RemediationIn a scenario where it may not be possible to steer the traffic flow onto the betterlink, i.e., single link deployment, or multiple links having issues at the same time,the DMPO can enable error correction for the duration of the disruption. The typeof error correction used depends on the type of applications and the type of errors.Real-time ApplicationsReal-time applications, such as voice and video flows, can benefit from ForwardError Correction (FEC) during periods of packet loss. DMPO automatically enablesFEC on single or multiple links. With multiple links, DMPO will select up to two ofbest links at any given time for FEC. Duplicated packets are discarded and out-oforder packets are re-ordered at the receiving end before being delivered to the finaldestination. DMPO enables jitter buffer for the real-time applications when theWAN links experience jitter.TCP ApplicationTCP applications, such as file transfer, benefit from Negative Acknowledgement(NACK). Upon missing packet detection, the receiving DMPO endpoint informs thesending DMPO endpoint to retransmit the missing packet. Doing so protects theend applications from detecting packet loss and as a result, maximizes TCP window and delivers high TCP throughput during lossy condition.
Application Aware Overlay QoSW H I T E PAP E RVeloCloudDynamicMultipathOptimizationIn the VeloCloud Cloud-Delivered SD-WAN network, the DMPO tunnels are established between VCE and VCG, or between VCE and VCE. VeloCloud ManagementProtocol (VCMP) header is added to the packet before leaving the VCE and itadds an overhead of 59 bytes. Once the traffic reaches the VCG or the VCE on thereceiving end, all tunnel headers (VCMP, IPSec) are removed and the original userdata is passed to the next hop router, which can be another Provider Edge (PE) forSP scenario or L3 switch/router for Enterprise scenario.Page 6QoS SchedulingA Traffic Class is defined with a combination of Priority (High, Normal, or Low) andService Class (Real-Time, Transactional, or Bulk) resulting into 3x3 matrix with 9Traffic Classes. Application/category and scheduler weight can be mapped ontothese Traffic Classes. All applications within a Traffic Class will be applied with theaggregate QoS treatment, including scheduling and policing. All applications in agiven Traffic Class will have a guaranteed minimum aggregate bandwidth duringcongestion based on scheduler weight (or percentage of bandwidth). When thereis no congestion, the applications are allowed to burst up to the maximum aggregated bandwidth. A policer can be applied to cap the bandwidth for all the applications in a given Traffic Class.Default Application/Category and Traffic Class MappingThe Business Policy contains the out-of-the-box Smart Defaults functionality thatmaps more than 2,500 applications to Traffic Classes. Customers can immediately use application-aware QoS without having to define policy. Each Traffic Class isassigned a default weight in the scheduler. These parameters can be changed in theBusiness Policy. Below are the default values for the 3x3 matrix with 9 Traffic Classes.
W H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 7Default Weight and Traffic Class MappingExample: The customer has 90 Mbps Internet link and 10 Mbps MPLS on the edgeand the aggregate Bandwidth is 100 Mbps. Based on the default weight and TrafficClass mapping above, all applications that map to Business Collaboration will have aguaranteed bandwidth of 35 Mbps and all applications that map to Email will have aguaranteed bandwidth of 15 Mbps. Business policies can be defined for entire category (e.g., Business Collaboration), applications (e.g. Skype for Business) and moregranular sub-applications (e.g., Skype File Transfer, Skype Audio, Skype Video).CoS MarkingWhen traffic arrives at the VCE, the Differentiated Service Code Point (DSCP)values marked by the customer can be left “as-is” or modified before sending outto the tunnel. The outer DSCP value on the tunnel header can also be modified orcopied from the inner packet.Example: In the diagram above, there are two traffic flows, one is voice which is considered important, and another one is data which is considered less important. Forinner packet DSCP tags, the customer decides to leave DSCP tags “as-is” for bothvoice and data. For outer packet DSCP tags, customer decides to copy DSCP valuesto outer packet for voice but changes outer packet DSCP tag to DSCP 0 for data.
Policing Traffic ClassW H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 8In legacy WAN networks, Service Providers and Enterprise have the ability to allocate bandwidth or police traffic based on CoS offered by Service Provider. WithSD-WAN, there is a need to apply similar concept to the WAN overlay that mayinclude one or more transports from multiple Service Providers. IT administratormay want to police high priority Business Collaboration traffic on the aggregatedoverlay tunnel to ensure a Service Provider offered SLA is honored or proactivelypolice non-critical applications for security or QoS compliance reasons. To accommodate these use cases, policing can be defined for Traffic Class (i.e., Service Classand Priority).Example: A customer has 90 Mbps Internet and 10 Mbps MPLS in the network and theaggregated bandwidth is 100 Mbps. Based on the default weight and Traffic Classmapping described in the QoS Scheduling section above, all applications within Business Collaboration categories will be guaranteed a bandwidth of 35 Mbps; at the sametime, SP can enable policer on this Traffic Class, so all the applications included in thisTraffic Class will be policed at 35 Mbps when there is no congestion in the network.Policing MPLS CoSFor a private link that has CoS agreement with MPLS provider, SP will guaranteea different SLA for each CoS on MPLS Link. DMPO can treat each CoS as a different link and can take granular application aware decisions for private link with CoSagreements. A policer can be defined for a MPLS CoS underlay to ensure ServiceProvider committed bandwidth SLAs are being honored by the customer.Example: The customer branch edge has 10 Mbps MPLS and SP offers 40% bandwidth SLA for CoS1 (DSCP EF, CS5) which is for real time traffic and 60% is for therest of the traffic. SP will police their PE with aggregate rate of 10 Mbps and alsopolice rate for CoS1 traffic to not exceed (DSCP EF, CS5) 4 Mbps. If CoS1 trafficvia MPLS underlay exceeds 4 Mbps, packets will be dropped by Service Provider, thusimpacting quality of service. A 4 Mbps policer for CoS1 on Edge ensures traffic in thatclass never exceeds 4Mbps. The rest of the traffic can burst up to link speed if no congestion exists and is guaranteed a minimum bandwidth during times of congestion.
Rate-Limiting an Applicationor CategoryW H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 9Rate limiting is offered in both inboundand outbound directions for a specificapplication. When a rate limit for the outbound/inbound traffic is applied, undercongestion, the traffic will be queued andwhen the queue is full, the packets willbe dropped.Example: Customer users try to accessHulu traffic. Outbound request traffic issmall and most of the traffic is inbound.In traditional WAN, by the time traffic gets to the edge router it is too late to knowthat the link doesn’t have enough bandwidth and WAN link can get congested. VeloCloud Cloud-Delivered SD-WAN inbound QoS can request a streaming applicationto back off and ensure Hulu traffic doesn’t exceed configured inbound bandwidth.Multi-Source Inbound QoSVeloCloud Cloud-Delivered SD-WAN enables multi-source inbound QoS which proactively measures the bandwidth usage with multiple remote peers, and will beginto regulate the traffic before congestion. Additionally, available bandwidth will befairly distributed between direct internet traffic and all remote peers based on thequantity and priority of traffic that each remote device has to transmit.Example: Consider a customer with the hub and spoke topology with the dynamicbranch-to-branch functionality enabled. If an important video call is initiated fromBranch 1 to Branch 2, these branches can talk over a dynamically established overlaytunnel. The challenge with the traditional WAN technologies is that the hub is unaware of the high priority video call between the two branches. This might result inthe hub sending low priority traffic towards the Branch 1 and causing quality issuesfor the important video sections. With VeloCloud Cloud-Delivered SD-WAN multisource inbound QoS enabled, Branch 1 will proactively inform the hub to slow downthe low priority traffic.
DMPO Tunnel Shaper for Service Providers with Partner GatewayW H I T E PAP E RVeloCloudDynamicMultipathOptimizationService Providers may offer SD-WAN services at lower capacity compared to aggregated capacity of WAN links at the local branch. For instance, customers mayhave purchased a broadband link from another vendor and SP offering SD-WANservices and hosting VeloCloud Partner Gateway has no control over the underlaybroadband link. In such situations, in order to ensure that the SD-WAN service capacity is being honored and to avoid congestion towards Partner Gateway, SP canenable DMPO tunnel shaper between the tunnel and the Partner Gateway.Page 10Example: As shown in the diagram above, the VCE has dual links, 20 Mbps Internetand 20 Mbps MPLS, with 35 Mbps SD-WAN service from SP. To ensure the traffictowards Partner Gateway doesn’t exceed 35 Mbps (X in the topology above), SP canplace a tunnel shaper on the DMPO tunnel.Business Priority MonitoringBased on designated priority, the application traffic can be monitored in real-time,and historical data can be retrieved. It can be viewed in the format of Bytes Received and Sent, Packet Received and Sent, and Average Throughput.
W H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 11Business Policy Frameworkand Smart DefaultsIT administrator controls QoS, steering,and services to be applied to the application traffic through the Business Policy.Smart Defaults provides out-of-the-boxBusiness Policy that supports over 2,500applications. DMPO makes steering decision based application type, real-time linkcondition (congestion, latency, jitter, andpacket loss), and the Business Policy.Each application is assigned a category.Each category has default action, whichis a combination of Traffic Class (Priorityand Service Class), Network Service, andLink Steering. In addition to the defaultapplication list, customer applications canbe defined manually. At right is an example of Business Policy.Traffic Class (Priority and Service Class)An application/category is assigned to Traffic Class based on the combinationof Priority and Service Class and aggregated QoS treatment is applied to all theapplications that fall into the same Traffic Class, including scheduling and policing(See the Application Aware Overlay QoS section for details).Network ServicesThere are 4 types of Network Services – Direct, Multi-path, Cloud Proxy and Internet Backhaul. By default, an application is assigned one of the default NetworkServices, which can be modified by the user.ɚɚ Direct: Typically used for non-critical, trusted Internet applications thatshould be sent directly, bypassing the DMPO tunnel. An example is Netflix, aservice that is considered to be a non-business, high bandwidth applicationand should not be sent over the DMPO tunnels. The traffic sent directly canbe load-balanced at the flow level. By default, all the low priority applications are assigned to the Direct Network Service.ɚɚ Multi-Path: Typically given to important applications.Multi-Path serviceassignment sends the Internet-based traffic to the VCG. Table 1 shows thedefault link steering and on-demand remediation technique for a givenService Class. By default, high and normal priority applications are giventhe Multi-Path action for Network Service.ɚɚ Cloud-Proxy: Redirects the application flow to a cloud proxy, such as WebSense (now ForcePoint).ɚɚ Internet Backhaul: Redirects the Internet applications to the specified Enterprise location that may or may not have the VCE. The typical use caseis to force important Internet applications through a site that has securitydevices such as firewall, IPS, and content filtering before the traffic is allowed to exit to the Internet.
Below are the default values for Network Service action. Note that the VPN trafficis always sent through the tunnels (specifying Direct action for Network Servicedoes not apply to VPN traffic).W H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 12PriorityDestination: Internet(e.g. SaaS, Web traffic)Destination: Within Enterprise VPNHighMulti-Path (through DMPO tunnels)Multi-Path (through DMPO tunnels)NormalMulti-Path (through DMPO tunnels)Multi-Path (through DMPO tunnels)LowDirectMulti-Path (through DMPO tunnels)Link SteeringIn the Business Policy, there are four link steering modes: auto, by transport group,by WAN link and by Interfaces.Link Selection: AutoBy default, all applications are given the automatic Link steering mode. This meansDMPO automatically picks the best links based on the application type and automatically enables on-demand remediation when necessary. There are four possiblecombinations of Link Steering and On-demand Remediation for Internet applications. As mentioned earlier, traffic within the Enterprise (VPN) always goesthrough the DMPO tunnels, hence it always receive the benefits of on-demandremediation.Service ClassReal-TimeTransactionalBulkDestination: InternetNetwork Service: Multi-PathLink Steering: AutoDestination: InternetNetwork Service: DirectLink Steering: AutoLink SelectionBehaviorPer-Packet SteeringFlow Based Load BalancingOn-demandRemediationFEC and Jitter BufferLink SelectionBehaviorPer-packet Load BalancingOn-demandRemediationNACKLink SelectionBehaviorPer-packet Load BalancingOn-demandRemediationNACKFlow Based Load BalancingFlow Based Load Balancing
The following examples explain the default DMPO behavior for different application types and link conditions.W H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 13ScenarioExpected DMPO Behavior1At least one link that satisfies the SLAfor the application.Pick the best available link.2Single link with packet loss exceedingthe SLA for the application.Enable FEC for the real-time applications sent onthis link.3Two links with loss on only one link.Enable FEC on both links.4Multiple links with loss on multiple links.Enable FEC on two best links.5Two links but one link appears unstable,i.e. missing three consecutive heartbeatsMark link un-usable and steer the flow to the nextbest available link.6Both jitter and loss on both links.Enable FEC on both links and enable jitter buffer onthe receiving side. Jitter buffer is enabled when jitteris greater than 7 ms for voice and greater than 5 msfor video. The sending DMPO endpoint notifies thereceiving DMPO endpoint to enable jitter buffer. Thereceiving DMPO endpoint will buffer up to 10 packetsor 200 ms of traffic, whichever happens first. Thereceiving DMPO endpoint uses the original timestampembedded in the DMPO header to calculate the flowrate to use in de-jitter buffer. If flow is not sent at aconstant rate, the jitter buffering is disabled.Link Steering byTransport GroupDifferent locations may have different WAN transports (e.g. WANcarrier name, WAN interface name);DMPO uses the concept of TransportGroup to abstract the underlyingWAN carriers and interfaces fromthe Business Policy configuration. The Business Policy configuration can specify thetransport group (public wired, public wireless, private wired, etc.) in the steering policy so that the same Business Policy configuration can be applied across differentdevice types or locations, which may have completely different WAN carriers andWAN interfaces. When the DMPO performs the WAN link discovery, it also assignsthe transport group to the WAN link. This is the most desirable option for specifyingthe links in the Business Policy because it eliminates the need for IT administratorsto know the type of physical connectivity or the WAN carrier.
Link Steering byWAN LinkW H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 14The WAN interface is connected to a WAN carrier,which is specific to the location of the VCE. DMPOautomatically detect theWAN carrier by doingGeoIP lookup, or the ITadministrators can specifythe WAN carrier. Additionally, link steering can alsobe based on private lineCoS, which is specified onthe WAN overlay.Example: The customer MPLS CoSagreement includes three Classes ofService: CoS1 (CS5, EF), CoS2 (AF41,CS4) and CoS5 (AF21, CS2) withguaranteed bandwidth of 60%, 20%and 20% respectively defined on theWAN overlay. MPLS CoS 1 ensures amaximum bandwidth of 60%.In the Business Policy, link steering can be selected between Internet, MPLS - CoS1,CoS2 or CoS5.Link Steering by InterfaceThe link steering policy can be applied to the interface, i.e., GE2, GE3,which will be different dependingon the VCE model and the location.This is the least desirable option touse in the Business Policy becauseIT administrators have to be fullyaware of how the VCE is connectedto be able to specify which interface to use.
For link steering by transport group, by interface and by WAN Link, there are threepossible link steering sub options – Preferred, Mandatory, and Available.W H I T E PAP E k SteeringPin an application to a patheven when the link fails.Example: PCIPage 15PreferredLink SteeringPrefer application on a pathbut steer away if it cannotmeet SLA. Example: VoIPAvailableLink SteeringPrefer application on a pathbut steer away if the linkfails. Example: Web BrowsingMandatoryPin the traffic to the link or the transport group. The traffic is never steered awayregardless of the condition of the link, including outage. On-demand remediation istriggered to mitigate brownout conditions, such as packet loss and jitter.Example: Netflix is a low priority application and is required to stay on the publicwired links at all times.PreferredPick the preferred link as long as the SLA is met, and steer traffic to other linksonce the preferred link cannot deliver the SLA needed by the application. In thesituation when there is no available link to steer to, e.g. all links fail to deliver theSLA needed by the application, on-demand remediation is enabled. Alternatively,instead of steering the application away as soon as the current link cannot deliverthe SLA needed by the application, DMPO can enable the on-demand remediationuntil the degradation is too severe to be remediated, at which point the DMPO willsteer the application to the better link.Example: Customers prefer to have the video collaboration application on the Internet link until it fails to deliver the SLA needed by video, then steer to the private link.AvailablePick the available link as long as the link is up. If the link fails to deliver the SLA,DMPO enables the on-demand remediation. DMPO will not steer the applicationflows to another link unless the original link is completely down.Example: Web traffic is backhauled over the Internet link to the hub site using theInternet link as long as the link is active, regardless of SLA.
DMPO Real World ResultsW H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 16Scenario 1: Branchto-Branch VoIPCall on Single LinkResults here demonstratebenefits of on-demandremediation using FEC andjitter remediation on a singleInternet link with traditionalWAN and VeloCloud SDWAN.Scenario 2: FileTransfer fromBox.com onDual LinksResults here demonstratebenefits of bandwidth aggregation and on-demandremediation for a 50MB filedownload from Box.com ondual 20Mbps links with traditional WAN and VeloCloudSD-WAN.Scenario 3: Branchto-Branch Video Callon Dual LinksResults here demonstratebenefits of sub-secondblackout protection bysteering application flowsonto Internet links andon-demand remediationat the same time on theInternet link with VeloCloudSD-WAN.
Secure Traffic TransmissionW H I T E PAP E RVeloCloudDynamicMultipathOptimizationPage 17For private or internal traffic, DMPO encrypts both the payload, which contains theuser traffic, and the tunnel header with IPSec transport mode end-to-end. DMPOsupports AES128 and AES256 encryption standards and SHA2/SHA1 algorithms forintegrity. IKEv2 is used for key management and PKI - for authentication.Ports UsedBoth data and control traffic uses UDP port 2426.SummaryVeloCloud Dynamic Multi-path Optimization (DMPO) enables application-awaredynamic per-packet steering, on-demand remediation and overlay Quality of Service; DMPO ensures optimal SD-WAN performance for the most demanding applications over any transport (Internet or Hybrid) and any destination (On-Premisesor Cloud).
VeloCloud Networks, Inc., the Cloud-Delivered SD-WANTM company,Gartner Cool Vendor 2016 and a winner of Best Startup of Interop,simplifies branch WAN networking by automating deploymentand improving performance over private, broadband Internet andLTE links for today’s increasingly distributed enterprises. For moreinformation, visit www.velocloud.com and follow the company onTwitter @Velocloud. 20 17 V E LO C LO UD NE TWOR KS, INC . ALL R IGH TS R ESERVED.
data traffic: VeloCloud Edge (VCE) and VeloCloud Gateway (VCG). For connectiv-ity within Enterprise locations (branch-to-branch or branch-to-hub), the VCEs es-tablish DMPO tunnels between themselves. For connectivity to Cloud applications, each VCE establishes DMPO tunnels with one or more VCGs. The four key DMPO functionalities are discussed .
