Tech Field Day: SD-WAN Fabric Integration
David Klebanov, Director of Technical Marketing, gives an overview of the Viptela SD-WAN solution. This solution scales across the entire enterprise spectrum. David shows the journey of their service from initial implantation, down to the end-user experience. He finishes by demoing the company management plane, vManage.
Recorded at Tech Field Day in Silicon Valley.
Senior infrastructure technologies professional with over 15 years of extensive experience in designing and deploying complex multidisciplinary networking environments.
Tom: Hello, I’m Tom Hollingsworth and you are watching Networking Field Day 13. We are here in San Jose, California with Viptela. We have invited a group of networking bloggers, speakers, pod castors and luminaries of the community to take part in this discussion to offer their opinions, ask questions and add their voice to the conversation about software-defined-wide-area networking.
If you would like to learn more about Tech Field Day including how to become a presenter or a delegate please join us at our website techfieldday.com. If you would like to see more videos about this and other exciting technologies please check out our YouTube channel at youtube.com/techfieldday.
David: So let me just set the stage the way that we’re going to do it. I’m going to be dancing a little bit. We’re going to transition from slides to explain to you a little bit more in depth what the technology is and how it works and then there’s going to be a slide that is going to set up for the demo itself. You’re going to see the topology and then I’m going to sit down and just show you how it works.
So we’ve decided to integrate and not to have two separate pieces when we talk theory and then show you the demo. We want you to connect sort of immediately the theory to practice. That sounds good to you? And I know you guys are not shy to ask questions and so I encourage you to ask questions. We have all of the expertise to answer any questions that you have either in person or anything that comes online.
So let me first kind of walk you through a customer journey. So as I mentioned and enterprise-grade customer, diverse set of requirements. A large scale. Maybe medium scale. It doesn’t really matter. The same type of philosophy applies across small, medium, large and extra large. It’s the same type of philosophy. So what I’m going to walk you through in here is what is the customer journey to enable services and then we’re going to dissect one by one and that’s what we’re going to show you first, the theory and then immediately the demonstration.
So the first thing is bringing up a hybrid WAN site, right? So you saw that we started off with having one site and one data center and we want to add another site, which would be for example named here Site 2 which is bringing a hybrid site. How do I bring up a site? Today I may be an MPLS customer. I’m trying to get into the hybrid environment. Maybe my final goal is to get to old broadband and I’m not there. It’s going to take me maybe years to get there. I’m stuck in a limbo in between of how do I operate my environment today as I keep introducing hybrid sites or broadband-only sites. There is no Greenfield or go as far as just saying there is no Greenfield environment. Everything is Brownfield.
So on Site 1 we’re going to show how that joins the network, how we can take the site through a bring of process, and how we are going to transition it from an MPLS-only site to an MPLS-plus broadband site. You see, it’s all based on Viptela the edge technology. There’s no other device in here that needs to be in here. There are no Legacy routers whatsoever that participate in a hybrid WAN setup.
The second is – I said there is no Greenfield and so what we’re going to do is we’re going to assume there is a traditional router. We’re going to use SCR 1000V which is connected to one of my MPLS networks and now I want to be able to communicate from Site 1 to the Legacy site straight through the MPLS network. So I’m going to explain to you a little bit more in detail how powerful that is. We’re talking about going straight in the underlay from the [V-edge] device. I’m not talking about LAN connections that go back into the ampules network. Single interface that carries both overlay and underlay traffic. No backend connections. VGP with a service provider directly on the WAN interface coming back to an enterprise-grade customer.
The next thing is we’re going to transition to cloud services. I think we might have spent enough time – Zscaler. The whole purpose of Zscaler is getting from the branch office to the Zscaler POP as fast as possible so the Zscaler POP can send you to the internet so you can access your [SaaS] service. Not every SaaS service would welcome Zscaler. For example, Office 365 will be against it. Some others will be more tolerant and they will say it’s okay for you to hop through a Cloud-based service to get to us first.
Our option here is what we’re trying to say go as fast as possible. No backhauling to either data center or regional facilities. We’ll talk about that there is an option to go through a regional facility but there’s also an option to straight to Zscaler. We want to optimize the performance of a SaaS application through Zscaler security.
The next one; service insertion. Okay, this big. You see two services. This is not service insertion, this is service chaining. So what we’re going to do is we’re going to chain through two services, Palo Alto and Snort IDS. Completely transferred independent, completely IP address independent, completely geographically dispersed. Services can live anywhere in your network. You insert them based on where they are. My firewall can be in Phoenix and my IDS can be in San Jose. Different locations, [ir-respectable] IP addressing or topologies.
Then we’re going to talk about bringing partner connectivity. [Ramesh] mentioned segmentation. Extremely important. I want to bring an external entity into my network yet I need it to be securely broad. Segmentation, service insertion; all of it ties together. Extranet service that we call extranet and we’re going to walk through that, a very interesting twist grounded in a lot of experience and expertise in routing. Router distribution. Route leaking. Routing is tough business. To know what you’re doing it’s not an off and on button.
Then we’re going to talk about a Cloud. Amazon Web Services inherits part of the Fabric. The same service that I consume from the branch I can consume in AWS. Theoretically I can insert the service that is hosted in AWS. I can put my Palo Alto firewall in AWS and I can’t insert my Palo Alto firewall in AWS into the traffic path between the sites completely transparent. I mentioned topology agnostic – IP address agnostic. It doesn’t matter for us. AWS is just one more site that came up and you get a full range of services.
And then SaaS applications, yes, go to SAS directly. Office 365 would advocate that. But what if I have two ISPs at the remote site? Which ISP do I go through? If I’m going to throw this into direct internet access which one of the ISPs am I going to choose? Which one is better behaving? How do I know? It’s not a book handed solution. Like Ramesh said, I cannot put anything in SaaS Cloud. How do I know that this ISP is behaving better than the other ISP? Some interesting touristics about how we learn about how we learn about traffic patterns and decide on which application is preferred and for which ISP is preferred for a specific SaaS application. I’m going to show you that too.
This is the breadth of what we’re going to talk about today. It’s a little bit loaded and I hope we have time and so we’ll get to it. Oh, I forgot, application [escalade]. Of course being able to deliver the escalade through the fabric is critical. It’s not one [unintelligible 00:08:19]. It’s not just about doing one thing and calling it a day. We’re going to see what it means to do interbred grade US.
All right, so we’re going to start with bringing up – first step, Hybrid Wan and Brownfield Integration.
[Speaking outside of orientation]
David: So Ramesh to the tiers of our architecture. We have three distinct tiers of our architecture completely separated for [unintelligible 00:09:20]. Data plane, control plane, management plane, three completely different elements completely isolated and independent of each of each other. This is the management plane. This is the V-manage – this is the tool V-manage. It’s a single pane of glass for every operational thing that you need to do in your environment. This where you define things, this is where you troubleshoot things. This is your single pane of glass into this.
Tom: And this is virtual –
David: This is a virtual machine. Yes, this is a virtual machine. It can operate as a single appliance. As you can see in here it says V-manage [unintelligible 00:09:54]. Of course it’s a demonstration and it’s a really small one. I’m going to showing something that is really sizable so you can kind of appreciate the size of it. This is one device. I can build a cluster of these devices. They all operate in active, active, active, active nodes. We shard different functionalities across multiple devices and so it’s not an active standby solution, it’s an active, active nodes or active, active, active nodes. It can be used for redundancy if I just want to install two nodes in the same location. There is also an option to install two nodes in different locations. Of course there are certain network characteristics that have to be met as far as latency and prove what they have to exist between the two locations to allow the database [unintelligible 00:10:35].
But it’s an all-active. There is not a single element of our solution that is active-standby. Everything is active-active. So this is the – V-manage can be deployed as a cluster. You can see in here the amount of V-smart controllers. You can see the amount of V-edges. You could actually see one V-edge down, right? So I can click on it and I can see that it’s a V-edge that in fact is a V-edge in this room that was provisioned and yet it shows down that it’s unreachable.
That’s just an example for you guys how you can see different things in here.