Link Search Menu Expand Document
calendar_month 07-Mar-24

EdgeConnect SD-WAN Solution Fundamentals

This section introduces the Aruba EdgeConnect SD-WAN solution with descriptions of the Aruba Orchestrator, EdgeConnect SD-WAN appliances, and some key features.

Table of contents

Aruba Orchestrator

Aruba Orchestrator provides centralized policy management, monitoring, and reporting capabilities for the SD-WAN platform.

Orchestrator has three flexible models for deployment:

  • On-premise VM deployment
  • Customer-managed cloud deployment
  • Aruba-hosted SaaS (software-as-a-service) deployment.

When EdgeConnect SD-WAN is hosted as-a-service, Aruba manages and maintains the platform, eliminating the need for additional capital expenditures. This option offers maximum flexibility, ease of deployment, full use and customization of Orchestrator features, and long-term sustainability.

Use Orchestrator to configure and monitor application quality of service and security policies for thousands of sites rapidly from a centralized dashboard with single-screen administration.

With Orchestrator’s centralized configuration, users have a single-pane dashboard for real-time monitoring, alerting, and visibility into the network, as well as access to a detailed historical log of reporting and analytics for better understanding of business needs related to the SD-WAN fabric.

The dashboard can be customized in several formats to provide high-level geographic health overviews, granular analysis of live traffic flows, an overview of appliances connected to the network, and more.

Best practice is to use the SaaS option because it decreases the operational complexity of the deployment. For information on the on-premise options, refer to the Aruba Edge Connect Enterprise User Guides.

EdgeConnect SD-WAN Appliances

EdgeConnect SD-WAN physical or virtual SD-WAN appliances (supporting any common hypervisors and public clouds) are deployed in branch offices and data centers to create a secure, virtual WAN overlay. This enables organizations to migrate to broadband WAN at their own pace, whether site-by-site or using a hybrid WAN approach that leverages MPLS and broadband Internet connectivity.

 EdgeConnect SD-WAN 10104EdgeConnect SD-WAN XSEdgeConnect SD-WAN S-PEdgeConnect SD-WAN M-HEdgeConnect SD-WAN L-HEdgeConnect SD-WAN XL-H
ModelEC-10104EC-XSEC-S-PEC-M-HEC-L-HEC-XL-H
Typical DeploymentSmall Branch / Home OfficeSmall BranchLarge BranchHead Office/DC Large HubData Center Large HubData Center Large Hub
Typical WAN Bandwidth2-500 Mbps2-1000 Mbps10-3000 Mbps50-5000 Mbps2-10 Gbps2-10 Gbps
Simultaneous Connections256,000256,000256,0002,000,0002,000,0002,000,000
Recommended WAN Boost up to200 Mbps250 Mbps500 Mbps1 Gbps1 Gbps5 Gbps
Redundant / FRUsNoNoSSD and Power (AC or DC)SSD and PowerSSD and PowerSSD, NVMe, Power
Data Path Interfaces4 x RJ45 10/100/10004 x RJ45 10/100/10008 x RJ45 4 x 1/10G Optical8 x RJ45 4 x 1/10G Optical6 x 1/10G Optical6 x 1/10/25G Optical

Note: WAN bandwidth assumes bidirectional traffic (symmetric up-link and down-link). For total WAN throughput (Rx+Tx), multiple these numbers by 2.
For the most up-to-date SKU information, refer to the EdgeConnect SD-WAN SD-WAN Data Sheet.

First-Packet iQ

First Packet iQ provides robust capabilities for Application Visibility and Control (AVC) that simplify establishment of route policies by application or domain. Rapid classification is critical for making traffic forwarding decisions.

When different groups of applications are mapped to Business Intent Overlays, the decision on which overlay to place the flow must be correct on the first packet, or application performance will suffer.

Unique in the industry, First-Packet iQ goes above and beyond traditional Deep Packet Inspection techniques that typically require several packets of HTTP or HTTPS to identify applications accurately. Using First-Packet iQ, EdgeConnect can immediately and efficiently steer flows to the best route and avoid the need for after-the-fact route remediation. With Silver Peak’s unique technology to “map the Internet,” EdgeConnect can provide the granular Internet breakout policies as shown above.

Business Intent Overlays

The Aruba EdgeConnect SD-WAN platform enables enterprises to create multiple application-specific WAN overlays. Each overlay, or Business Intent Overlay (BIO), specifies priority and quality of service requirements for application groups based on business requirements or intent.

With these policy definitions in place, EdgeConnect automates traffic steering on an end-to-end basis across all underlying WAN transport services including MPLS, broadband Internet and 4G/LTE, providing the ability to deliver an application Quality of Experience significantly better than the underlying transport services can deliver individually. Each BIO has its own link bonding policy that specifies the underlay transports the BIO will use, the service level including path conditioning, and topology (full mesh, hub-and-spoke, or regional hub-and-spoke).

Each BIO has settings that include Traffic Class/QoS, Firewall Zone, and the option to enable Boost (WAN Optimization).

SD-WAN uses multiple underlay transport networks to provide applications the best possible virtual overlay network experience. The configuration of each BIO contains two primary sections:

  • SD-WAN Traffic to Internal Subnets (i.e., EdgeConnect-to-EdgeConnect)

  • Breakout Traffic to Internet and Cloud Services (i.e., EdgeConnect-to-Internet)

Each section includes a Link Bonding Policy that specifies the underlay transports to use (specified as a label), how to bond the transports, and service level quality metric that includes the amount of Forward Error Correction to be applied.

As an IPsec-based overlay, performance of the hybrid WAN is optimized while maintaining complete independence of the underlying infrastructure. Optimal path choices are based on application requirements, geolocation, and packet-level determination of link quality, including line characteristics such as delay, loss, and jitter.

EdgeConnect’s Path Conditioning includes both Forward Error Correction (FEC) and Packet Order Correction (POC).

Forward Error Correction reconstructs lost packets to avoid the need for TCP retransmission, substantially increasing the performance of Internet links. The ratio of FEC packets to data packets is configurable depending on business criticality and real-time requirements for the application.

Packet Order Correction (POC) algorithms reorder packets that arrive at their destination out of order. This is a common occurrence when load balancing across different service providers’ networks. With FEC and POC, EdgeConnect can make internet connections perform as well as or better than private lines.

Boost

Aruba EdgeConnect takes SD-WAN performance even further for latency-sensitive applications and applications that transfer large amounts of data across the WAN. With the optional Unity Boost software performance pack, EdgeConnect integrates Aruba’s field-proven WAN Optimization features in a single SD-WAN solution. When Boost is integrated with SD-WAN, it can be provisioned after the initial SD-WAN roll-out for a given end-customer without the need to service-chain an additional physical appliance or Virtual Network Function (VNF) for the sole purpose of WAN Optimization.

Boost is enabled at the Business Intent Overlay level so it can be activated for critical applications without running on less-sensitive applications.

Boost includes:

  • Application Acceleration (latency mitigation) to improve application response times over distance
  • Data reduction (compression and deduplication) to eliminate the transmission of redundant data. This capability is also referred to as “Network Memory”.

Latency Mitigation

TCP Acceleration uses techniques such as selective acknowledgments, window scaling, and message segment size adjustment to mitigate poor performance on high-latency links.

Data Reduction

Data reduction technology addresses limited bandwidth using advanced fingerprinting algorithms that examine all incoming and outgoing WAN traffic. Network memory localizes information and transmits only modifications between Boost-enabled SD-WAN nodes.

IP Header Compression is the process of compressing excess protocol headers before transmitting them on a link and uncompressing them to their original state at the other end.

Payload Compression uses algorithms to identify relatively short byte sequences that are repeated frequently. The sequences are replaced with shorter segments of code to reduce the size of transmitted data.

Licensing

EdgeConnect

EdgeConnect software, applied to EdgeConnect hardware, virtual, or cloud instances, can be purchased using one of two options:

  • Subscription-term basis for enterprise end-customers

  • Monthly-metered basis for service providers.

In both cases, the appliance license is based on the WAN-side, bidirectional bandwidth of the appliance instance (not LAN side).

EdgeConnect Subscription: Subscription licensing is term-based and renewable at 1, 2, 3, 4, and 5 years. The appliance license is based on the composite WAN-side bandwidth and has the following bandwidth tiers:

EdgeConnect LicenseEdgeConnect Aggregate WAN Provisioned Bandwidth (Mbps)Description: Per EC Instance, Term (n) is 1,2,3,4 or 5 years
EC-BW-20-nY20 MbpsEC BW License, 20 Mbps Bandwidth, n Years
EC-BW-50-nY50 MbpsEC BW License, 50 Mbps Bandwidth, n Years
EC-BW-100-nY100 MbpsEC BW License, 100 Mbps Bandwidth, n Years
EC-BW-200-nY200 MbpsEC BW License, 200 Mbps Bandwidth, n Years
EC-BW-500-nY500 MbpsEC BW License, 500 Mbps Bandwidth, n Years
EC-BW-1G-nY1 GbpsEC BW License, 1 Gbps Bandwidth, n Years
EC-BW-2G-nY2 GbpsEC BW License, 2 Gbps Bandwidth, n Years
EC-BW-UL-nYUnlimited BandwidthEC BW License, Unlimited Bandwidth, n Years

Boost

Boost is an optional WAN optimization performance pack for EdgeConnect.

Note: Boost is integrated in the same software image and is enabled with a simple “checkbox” provisioning action.

With Enterprise, Boost is licensed in units of 100 Mbps of WAN optimization and can be deployed flexibly to sites that require application acceleration.

It is important to note that with the data reduction feature of Boost, a site’s application traffic may be several times the provisioned WAN bandwidth.

Advanced Security License

The EdgeConnect Platform supports IDS that requires a new software feature license called Advanced Security. This license type comes in two options: “standard” and “unlimited”. For IDS/IPS, the difference between standard and unlimited is the maximum throughput supported by the inspection engine, and is specific for each EdgeConnect model and software release. The Advanced Security feature license is optional. In the future, other security-related features may be tied to the Advanced Security License.


Table of contents


Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.