Understanding SD-WAN

The SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. solution includes a new set of devices called HPE Aruba Networking Gateways that inter-operate with HPE Aruba Networking Switches and Instant APs to provide a full-fledged WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. architecture.

Based on the size of your branch setup, you can select the device combination that best suits your requirement:

See Supported Devices for AOS-10 for information on HPE Aruba Networking Gateways that can be deployed as VPNCs.

Figure 1 shows a typical deployment topology of an HPE Aruba Networking EdgeConnect SD-Branch with Branch Gateways and a microbranch with Instant APs:

Figure 1  SD Branch Topology

Figure 2 Illustrates the communication flow between HPE Aruba Networking Central, branch sites, and data center.

Figure 2  HPE Aruba Networking Central and Cloud Communication

Figure 3 shows all elements in an HPE Aruba Networking EdgeConnect SD-Branch and the SD-WAN data flow.

Figure 3  HPE Aruba Networking SD-WAN Data Flow

What are the Solution Requirements?

The HPE Aruba Networking Gateways are the most important components of the HPE Aruba Networking SD-Branch Solution. The SD-WAN Gateway portfolio includes HPE Aruba Networking Branch Gateways and the VPNCs.

At the Branch Site

The following are the components in a branch, along with the roles they play:

  • Branch Gateways—Function at the branch to optimize and control WAN, LAN, and cloud security services.
  • Switches—Function with Branch Gateways to detect and isolate rogue APs, and denylist rogue devices.
  • Instant APs—Function as VPN clients at branch sites. The client data traffic from these APs are aggregated by the VPNC located at the data center.

At the Data Center

You can deploy HPE Aruba Networking Gateways as VPNCs at the data center. For data center redundancy, you can deploy two VPNCs in the active-standby or active-active mode.

The following are the components operational at the data center:

VPNC—A VPNC functions as a VPN management system that aggregates data traffic from the branches and terminates IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. VPN tunnels.

Virtual Gateway—The headend gateway at the enterprise data center can be hosted as a virtual appliance. The virtualised instance enterprise data center gateway in public or private cloud is referred to as Virtual Gateway. HPE Aruba Networking Virtual Gateways function as VPNCs.

For a list of supported Gateways, Switches, and APs, see Supported Devices for AOS-10.

In the Cloud

A valid HPE Aruba Networking Central subscription is required to avail cloud-based administration, management, configuration, and monitoring of SD branch components such as Branch Gateways, VPNCs, Instant APs, and HPE Aruba Networking Switches.