Professional Documents
Culture Documents
Features description
Agenda
1 SD-WAN Market
3 Teldat Solution
4 Teldat strengths
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 2
SD-WAN market
69% compound
annual growth
rate over the
next 5 years
(*)
Decouple
Cost
High level network
Focus on reduction/ Application
configuration tech from
Applications Network visibility
through GUI transport
agility
network
Current enterprise
SD-WAN changes Reduce the It allows to reduce Now the network
network scenario
the perspective of complexity of the the operation and allows to check the
generates a strong
the network enterprise network maintenance costs traffic going
dependence between
management. configuration of a network, through it,
transport network
From pure through a providing identifying
provider and network
communications to centralized flexibility. applications at
technologies. SD-WAN
applications based configuration and level 3, 4 or 7.
allows to simplify this
management tool.
process
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 4
Teldat Solution - Overview
Network Monitoring
API Integration
Multi-tenant
Datacenter
Application visibility All the enterprise own services are
behind a Datacenter Edge device.
…
Remote office
The users connect to the services
from the remote offices with a
Branch Edge Device
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 5
CNM – Deployment modes
1 2
Virtual appliance deployment
Cloud deployment of CNM (SaaS)
The CNM is deployed in customer premises
The Cloud instance is managed by
(datacenter) and it can be installed in one or three
Teldat, and the reseller/channel
nodes depending on the HA requirements
can get its own URL and even a
fully customized portal for its
customers.
High Availability –
Standalone 3 instances
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 6
CNM - Main Concepts
Template Application
An Application is any traffic
A Template is the definition of a from/to an User Group, directed
type of branch, collecting LAN, to a (Datacenter) Service, internet
WAN and policies configuration. site or another User Groups(s),
identified at level 3, 4 and/or 7.
User Group A user group defines a pool of IP SLA The SLA defines the desired policy
addresses that will be used in the for a set of applications. SLA types:
branch offices. For instance, a) Performance monitor: decide
computers, phones, guests… link to use based on delay, jitter
and loss, b) Best effort: Fixed link
regardless path status, c) Drop
Service Application Category
A service is a pool of IP
addresses, which are defined in The applications categories relate
the datacenter network that the applications with SLA and
hosts a specific tool (SIP, SAP, allow the user to prioritize that
CRM…) traffic through different links.
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 7
Transport independent
Teldat SD-WAN solution supports different kind of access: Internet and MPLS
BRANCH N
BRANCH 1
MPLS
INTERNET
Teldat SD-WAN features > Deep packet inspection (DPI)
(independent from the access type): SERVICES > Application visibility at level 3, 4
> VLAN tagging and 7
> DHCP and DHCP relay > Application policies
DATACENTER
> Quality of Service (QoS) per > WAN link status aware policies
application category and network
> Zero touch provisioning
access.
> High availability
> Downstream/Upstream
bandwidth allocation. > MPLS and Internet local breakout
> VRFs support to create the overlay > …
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 8
Network architecture
(per Application Category)
IPSec tunnels are created from Policy Based Routing (PBR) +
remote offices to the Datacenter WAN Probes (IPSLA) to select
A fixed IP address is Edge devices per application the tunnel, and BGP routing
needed in DC site. category and per WAN to indicate the Datacenter
Edge device the reverse
traffic path.
DMVPN to create the overlay
IPSec tunnel over GRE1
IPSec tunnel over GRE
IPSec tunnels created based
on Pre-Shared Key (PSK) Remote office
Datacenter
Servers AppC2
AppC2
WAN1
AppC3
WAN2 Branch 2:
Datacenter: Access to AppC2 and AppC3
AppC3 has centralized There is an application with
on the DC the access WAN2 local breakout to WAN2
to the internet.
Servers Internet breakout
AppC3
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 10
Network architecture
(per Application Category)
IPSec tunnels are created from Policy Based Routing (PBR) +
remote offices to the Datacenter WAN Probes (IPSLA) to select
A fixed IP address is Edge devices per application the tunnel, and BGP routing
needed in DC site. category and per WAN to indicate the Datacenter
Edge device the reverse
traffic path.
DMVPN to create the overlay
IPSec tunnel over GRE1
IPSec tunnel over GRE
IPSec tunnels created based
on Pre-Shared Key (PSK) Remote office
Datacenter
Servers AppC2
AppC2
WAN1
AppC3
WAN2 Branch 2:
Datacenter: Access to AppC2 and AppC3
AppC3 has centralized There is an application with
on the DC the access WAN2 local breakout to WAN2
to the internet.
Servers Internet breakout
AppC3
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 12
Network architecture
(per WAN) – Reverse traffic steering
IPSec tunnels are created from Policy Based Routing (PBR) +
remote offices to the Datacenter WAN Probes (IPSLA) to select
A fixed IP address is Edge devices per WAN. the tunnel, and BGP routing
needed in DC site. to announce LAN IP
addressing
Servers
AppC2
WAN2
WAN1
WAN2 Branch 2:
Datacenter: Access to both access
AppC3 has centralized networks.
on the DC the access WAN2 There is an application with
to the internet. local breakout to WAN2
Servers Internet breakout
AppC3
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 14
Teldat Solution - Datacenter
Horizontal scalability
Throughput can be increased adding new
Datacenter Edge devices. CNM (Controller)
distributes automatically the load among them.
Connectivity
Datacenter Edge devices must be
connected to all the WANs.
Several DC support
In the same SD-WAN
network.
Internal routing
Datacenter Edge devices support
OSPF or BGP for internal routing
towards datacenter side.
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 15
High availability architecture
Branch Edge devices generate all the tunnels when the device is provisioned (active and
passive tunnels for all and each one of the WANs) but each Branch Edge device only
maintains one tunnel ‘active’ per application category and WAN, only it would change if
the Datacenter Edge device connected by the active tunnel is not reachable.
1
A
2
Passive 3
B
VRF2
VRF3
VRF
VRF1
VRF2
VRF3
VRF One VRF per ‘Application Category’ at Datacenter Edge devices -> One tunnel is
created over any WAN to any Branch per each Application Category.
The full pink tunnels are the active ones, in case the active Datacenter Edge device
crashes, all the traffic is redirected to the second Datacenter Edge device
automatically (striped pink tunnels).
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 17
High availability architecture
One Brach Edge device has one
active DataCenter Edge device
for all the WANs
VRF1
VRF
VRF1
VRF One VRF per ‘WAN’ at Datacenter Edge devices -> One tunnel is created from any
Branch, per WAN.
The full pink tunnel is the active one, in case the active Datacenter Edge device
crashes, all the traffic is redirected to the second Datacenter Edge device
automatically (striped pink tunnel).
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 18
Internet breakout
Internet traffic can also be
routed from the remote offices Local Internet Breakout in the
to the Datacenter Edge device, remote offices to connect directly
and then to the Internet. the branch office with Internet
Overlay
INTERNET
Security (Roadmap)
Teldat will include some
Existing datacenter applications to the SD-WAN
connectivity to internet is used, solution in order to secure the
taken advantage of security breakout connectivity:
measures. CLOUD - BlueCoat: Firewall
- Flashstart: DNS Web filtering
APPLICATIONS
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 19
MPLS breakout
Remote
To communicate two remote offices office 1
through the overlay, the traffic goes to
the Datacenter Edge devices and then to
the other remote office
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 20
Network status
Probes are sent over the overlay from the Branch Edge devices to the
Datacenter Edge devices to get the network status
The probes get
information about RTT,
rate loss and jitter. An IPSLA probe is sent
IPSLA probes are used to balance through each tunnel which
the application traffic depending are generated for each App
on the network metrics. Carrier A
Cat and each WAN
Network
Carrier B
Network
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 22
Application Traffic Visibility
Teldat devices can generate and export Netflow/IPFix traffic to get all the traffic
information in the network.
To have level 7 visibility, the DPI must be activated in the device (license).
Teldat Visualizer is the Teldat Netflow collector which shows the traffic information.
Teldat Visualizer
Shows all this information in a coherence way
Filter the traffic per branch, LAN/WAN IP
addresses, application, port…
Create dynamic dashboards
Generate reports
Define thresholds to generate notifications
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 23
Quality of Service
ToS or DSCP: the user can configure the traffic marking per
4 application category or it can disable this option.
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 24
Zero Touch Provisioning
ZTP process:
1. The devices is plugged to the electric power and the network.
2. The device automatically connects with the CNM (providing the serial number).
3. Once the device is identified by the S/N, the CNM sends the configuration to the device
and the SSL certificate to encrypt the communications between CNM and the device
4. When the device loads the configuration, it gets the final configuration of the network and
the security parameters to establish further CNM connections.
4
2
+
1 3
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 25
Zero Touch Provisioning
To run the ZTP process automatically, a pre-configuration in the device is needed. There are
two possibilities
This configuration is valid for the following This configuration is valid for any network
scenarios: scenario:
Second level device First level access devices or second
Cloud CNM. level devices.
VA or Cloud CNM
The pre-configuration includes: …
DNS pre-configured to resolve the
CNM URL. The pre-configuration is customized per
customer, then it includes all the
DHCP pre-configured to get the IP
minimum configuration to get connectivity
from the network.
from the devices to the CNM in the
Cloud CNM URL to contact with CNM. specific customer network scenario.
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 26
CNM – Device Lifecycle Management
1 3
2 4
Update configuration
OS Update
template
CNM allows to Change configuration Device monitoring and
upload in the tool a template When the template is information
new version of the modified in the CNM, the
OS (CIT), and send it tool will show a warning
The user can change the The device contacts each
to a specific device notification in the devices
original template chosen 30 seconds with the CNM
or a group of configured with that
for a specific branch or a to provide the monitoring
devices template: “The
group o branches, if, for information of CPU,
configuration has been
example, a remote office memory and disk. In
updated!”. Then, the user
has been upgrade from a addition, in each contact,
can upload the change
small office to a medium the device will receive the
immediately, or program
or large office. jobs that are pending
the update to a specific
(update configuration,
date and time.
update OS…)
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 27
Teldat SD-WAN: Integration
All the Teldat devices can generate Netflow/IPFix
traffic (with the information of the traffic going
through the network) and sent it to a Netflow/IPFix
Netflow collector, to be used in a specific tool.
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 28
Branch office devices
Branch office device: the same physical devices that are in the current Teldat portfolio can be
migrated to a Teldat SD-WAN solution.
RXL14000 can provide up to 1Gbps and SDE-20K up to 20Gbps (2, 10 and 20Gbps models)
Furthermore, they can scale horizontally to cover scenarios with higher bandwidth
requirements
Max. BW(*) 20Gbps
1Gbps
OSDx
Hardware x86
04
solution can be adapted to the
customer necessities (base
license, controller license,
SD-WAN ready: the visualizer license…)
customers can migrate
easily to a SD-WAN
solution, not hardware 03 Real ZTP: the
update needed if they are provisioning of a new
using Teldat devices in branch or device in
pre-SD-WAN networks Teldat SD-WAN
like MPLS. Standard Protocols: use 05 solution is real zero
touch, without
of common standard
protocols as DMVPN, technical intervention.
IPSec, Netflow, IPSLA…
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 31
Teldat weaknesses
The DC Edge device is not MESH topology is not
multi-tenant supported
Remote offices HA
architecture LAN IP addresses are selected automatically
by CNM (partially solved)
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 32
Other competitors weaknesses
It needs technical staff intervention to load a
specific configuration
Not real Zero Touch Provisioning
Only when the SD-WAN controller is in Cloud
Digital
Certificates
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 34
| Terima | Merci | Thank You | Xiè xiè nǐ
Kasih | Děkuju | Gracias | Danke | Obrigado
©2017 Teldat Group Spain, Germany and more than 40 Countries worldwide. 00/00