EdgeConnect SD-WAN Solution Fundamentals
This section introduces the Aruba EdgeConnect SD-WAN solution with descriptions of the Aruba Orchestrator, EdgeConnect SD-WAN appliances, and some key features.
Table of contents
Aruba Orchestrator
Aruba Orchestrator provides centralized policy management, monitoring, and reporting capabilities for the SD-WAN platform.
Orchestrator has three flexible models for deployment:
- On-premise VM deployment
- Customer-managed cloud deployment
- Aruba-hosted SaaS (software-as-a-service) deployment.
When EdgeConnect SD-WAN is hosted as-a-service, Aruba manages and maintains the platform, eliminating the need for additional capital expenditures. This option offers maximum flexibility, ease of deployment, full use and customization of Orchestrator features, and long-term sustainability.
Use Orchestrator to configure and monitor application quality of service and security policies for thousands of sites rapidly from a centralized dashboard with single-screen administration.
With Orchestrator’s centralized configuration, users have a single-pane dashboard for real-time monitoring, alerting, and visibility into the network, as well as access to a detailed historical log of reporting and analytics for better understanding of business needs related to the SD-WAN fabric.
The dashboard can be customized in several formats to provide high-level geographic health overviews, granular analysis of live traffic flows, an overview of appliances connected to the network, and more.
Best practice is to use the SaaS option because it decreases the operational complexity of the deployment. For information on the on-premise options, refer to the Aruba Edge Connect Enterprise User Guides.
EdgeConnect SD-WAN Appliances
EdgeConnect SD-WAN physical or virtual SD-WAN appliances (supporting any common hypervisors and public clouds) are deployed in branch offices and data centers to create a secure, virtual WAN overlay. This enables organizations to migrate to broadband WAN at their own pace, whether site-by-site or using a hybrid WAN approach that leverages MPLS and broadband Internet connectivity.
EdgeConnect SD-WAN 10104 | EdgeConnect SD-WAN 10106 | EdgeConnect SD-WAN 10108 | EdgeConnect SD-WAN S-P | EdgeConnect SD-WAN M-H | EdgeConnect SD-WAN L-H | EdgeConnect SD-WAN XL-H | |
---|---|---|---|---|---|---|---|
Model | EC-10104 | EC-10106 | EC-10108 | EC-S-P | EC-M-H | EC-L-H | EC-XL-H |
Typical Deployment | Small Branch / Home Office | Small Branch | Medium Branch | Large Branch | Head Office/DC Large Hub | Data Center Large Hub | Data Center Large Hub |
Typical WAN Bandwidth | 2-500 Mbps | 2-1000 Mbps | 2-2000 Mbps | 10-3000 Mbps | 50-5000 Mbps | 2-10 Gbps | 2-10 Gbps |
Simultaneous Connections | 256,000 | 256,000 | 256,000 | 256,000 | 2,000,000 | 2,000,000 | 2,000,000 |
Recommended WAN Boost up to | 200 Mbps | 250 Mbps | 500 Mbps | 500 Mbps | 1 Gbps | 1 Gbps | 5 Gbps |
Redundant / FRUs | No | No | No | SSD and Power (AC or DC) | SSD and Power | SSD and Power | SSD, NVMe, Power |
Data Path Interfaces | 4 x RJ45 10/100/1000 | 2 x RJ45 2 x Combo 2 x 1/10G SFP+ | 2 x 10M/100M/1000M RJ45 ports with POE Support 2 x Combo ports (RJ45 or SFP) 2 x 1G/10G SFP+ Ports | 8 x RJ45 4 x 1/10G Optical | 8 x RJ45 4 x 1/10G Optical | 6 x 1/10G Optical | 6 x 1/10/25G Optical |
Note: WAN bandwidth assumes bidirectional traffic (symmetric up-link and down-link). For total WAN throughput (Rx+Tx), multiple these numbers by 2.
For the most up-to-date SKU information, refer to the EdgeConnect SD-WAN SD-WAN Data Sheet.
Virtual Appliances
EdgeConnect SD-WAN appliances can be deployed in a virtual form factor on-prem and in cloud environments. Requirements for virtual deployments can be found here.
First-Packet iQ
First Packet iQ provides robust capabilities for Application Visibility and Control (AVC) that simplify establishment of route policies by application or domain. Rapid classification is critical for making traffic forwarding decisions.
When different groups of applications are mapped to Business Intent Overlays, the decision on which overlay to place the flow must be correct on the first packet, or application performance will suffer.
Unique in the industry, First-Packet iQ goes above and beyond traditional Deep Packet Inspection techniques that typically require several packets of HTTP or HTTPS to identify applications accurately. Using First-Packet iQ, EdgeConnect can immediately and efficiently steer flows to the best route and avoid the need for after-the-fact route remediation. With Silver Peak’s unique technology to “map the Internet,” EdgeConnect can provide the granular Internet breakout policies as shown above.
Business Intent Overlays
The Aruba EdgeConnect SD-WAN platform enables enterprises to create multiple application-specific WAN overlays. Each overlay, or Business Intent Overlay (BIO), specifies priority and quality of service requirements for application groups based on business requirements or intent.
With these policy definitions in place, EdgeConnect automates traffic steering on an end-to-end basis across all underlying WAN transport services including MPLS, broadband Internet and 4G/LTE, providing the ability to deliver an application Quality of Experience significantly better than the underlying transport services can deliver individually. Each BIO has its own link bonding policy that specifies the underlay transports the BIO will use, the service level including path conditioning, and topology (full mesh, hub-and-spoke, or regional hub-and-spoke).
Each BIO has settings that include Traffic Class/QoS, Firewall Zone, and the option to enable Boost (WAN Optimization).
Link Bonding, Path Conditioning, and Dynamic Path Control
SD-WAN uses multiple underlay transport networks to provide applications the best possible virtual overlay network experience. The configuration of each BIO contains two primary sections:
SD-WAN Traffic to Internal Subnets (i.e., EdgeConnect-to-EdgeConnect)
Breakout Traffic to Internet and Cloud Services (i.e., EdgeConnect-to-Internet)
Each section includes a Link Bonding Policy that specifies the underlay transports to use (specified as a label), how to bond the transports, and service level quality metric that includes the amount of Forward Error Correction to be applied.
As an IPsec-based overlay, performance of the hybrid WAN is optimized while maintaining complete independence of the underlying infrastructure. Optimal path choices are based on application requirements, geolocation, and packet-level determination of link quality, including line characteristics such as delay, loss, and jitter.
EdgeConnect’s Path Conditioning includes both Forward Error Correction (FEC) and Packet Order Correction (POC).
Forward Error Correction reconstructs lost packets to avoid the need for TCP retransmission, substantially increasing the performance of Internet links. The ratio of FEC packets to data packets is configurable depending on business criticality and real-time requirements for the application.
Packet Order Correction (POC) algorithms reorder packets that arrive at their destination out of order. This is a common occurrence when load balancing across different service providers’ networks. With FEC and POC, EdgeConnect can make internet connections perform as well as or better than private lines.
Boost
Aruba EdgeConnect takes SD-WAN performance even further for latency-sensitive applications and applications that transfer large amounts of data across the WAN. With the optional Unity Boost software performance pack, EdgeConnect integrates Aruba’s field-proven WAN Optimization features in a single SD-WAN solution. When Boost is integrated with SD-WAN, it can be provisioned after the initial SD-WAN roll-out for a given end-customer without the need to service-chain an additional physical appliance or Virtual Network Function (VNF) for the sole purpose of WAN Optimization.
Boost is enabled at the Business Intent Overlay level so it can be activated for critical applications without running on less-sensitive applications.
Boost includes:
- Application Acceleration (latency mitigation) to improve application response times over distance
- Data reduction (compression and deduplication) to eliminate the transmission of redundant data. This capability is also referred to as “Network Memory”.
Latency Mitigation
TCP Acceleration uses techniques such as selective acknowledgments, window scaling, and message segment size adjustment to mitigate poor performance on high-latency links.
Data Reduction
Data reduction technology addresses limited bandwidth using advanced fingerprinting algorithms that examine all incoming and outgoing WAN traffic. Network memory localizes information and transmits only modifications between Boost-enabled SD-WAN nodes.
IP Header Compression is the process of compressing excess protocol headers before transmitting them on a link and uncompressing them to their original state at the other end.
Payload Compression uses algorithms to identify relatively short byte sequences that are repeated frequently. The sequences are replaced with shorter segments of code to reduce the size of transmitted data.
Licensing
EdgeConnect
EdgeConnect software, applied to EdgeConnect hardware, virtual, or cloud instances, can be purchased using one of two options:
Subscription-term basis for enterprise end-customers
Monthly-metered basis for service providers.
In both cases, the appliance license is based on the WAN-side, bidirectional bandwidth of the appliance instance (not LAN side).
EdgeConnect Subscription: Subscription licensing is term-based and renewable at 1, 2, 3, 4, and 5 years. The appliance license is based on the composite WAN-side bandwidth and has the following bandwidth tiers:
EdgeConnect License | EdgeConnect Aggregate WAN Provisioned Bandwidth (Mbps) | Description: Per EC Instance, Term (n) is 1,2,3,4 or 5 years |
---|---|---|
EC-BW-20-nY | 20 Mbps | EC BW License, 20 Mbps Bandwidth, n Years |
EC-BW-50-nY | 50 Mbps | EC BW License, 50 Mbps Bandwidth, n Years |
EC-BW-100-nY | 100 Mbps | EC BW License, 100 Mbps Bandwidth, n Years |
EC-BW-200-nY | 200 Mbps | EC BW License, 200 Mbps Bandwidth, n Years |
EC-BW-500-nY | 500 Mbps | EC BW License, 500 Mbps Bandwidth, n Years |
EC-BW-1G-nY | 1 Gbps | EC BW License, 1 Gbps Bandwidth, n Years |
EC-BW-2G-nY | 2 Gbps | EC BW License, 2 Gbps Bandwidth, n Years |
EC-BW-UL-nY | Unlimited Bandwidth | EC BW License, Unlimited Bandwidth, n Years |
Boost
Boost is an optional WAN optimization performance pack for EdgeConnect.
Note: Boost is integrated in the same software image and is enabled with a simple “checkbox” provisioning action.
With Enterprise, Boost is licensed in units of 100 Mbps of WAN optimization and can be deployed flexibly to sites that require application acceleration.
It is important to note that with the data reduction feature of Boost, a site’s application traffic may be several times the provisioned WAN bandwidth.
Advanced Security License
The EdgeConnect Platform supports IDS that requires a new software feature license called Advanced Security. This license type comes in two options: “standard” and “unlimited”. For IDS/IPS, the difference between standard and unlimited is the maximum throughput supported by the inspection engine, and is specific for each EdgeConnect model and software release. The Advanced Security feature license is optional. In the future, other security-related features may be tied to the Advanced Security License.