SD-WAN combines a full suit of advanced cloud networking, security and WAN connectivity features to form an end-to-end WAN solution for large enterprises to connect remote branches/outlets securely and resiliently, particularly as a more cost-effective alternative to traditional MPLS or VSAT solutions.
The key features of RansNet SD-WAN solution include below:
Access layer (HSA)
The Access layer is powered by our HSA appliance (HotSpot Access). It sits at each remote network as a CPE device to connect to different WAN technologies, eg. Fiber, MPLS, VSAT, PPPoE, or LTE. It's capable of connecting to multiple WAN options, at the same time with load balancing and auto fail-over. It has 4 x GE LAN ports to connect local devices and if there are more devices, we can simply extend with a typical LAN switch.
Through resilient WAN connectivity, the HSA will build dual SSLVPN tunnel to the CMG gateways sitting at WAN distribution layer, for highest resiliency. The HSA advertises it's local LAN network to CMG via OSPF across the VPN tunnels. It's possible to run active-active VPN tunnels, or active-standby tunnel, simply by tweaking OSPF costs, eg. by default if the tunnel cost is the same, OSPF will load balance traffic across both tunnels; else we can increase the OSPF costs over the less preferred (backup) tunnel. Typically if the backup link is less reliable we'd recommend to configure active-standby mode.The secure SSLVPN tunnels can run across any IP networks, through dynamic or static WAN links or even from behind other routers/firewall, as long as HSA is able to reach to CMG across provider networks.
WAN Distribution layer (CMG)
The WAN distribution layer is powered by Cloud Managed Gateway (CMG). The CMG acts as VPN concentrator to terminate SSLVPN tunnels with remote HSA. The CMG runs OSPF inside the SSLVPN tunnel to learn remote routes; it runs BGP with core routers to learn upstream (core) routes. It then redistributes BGP into OSPF for the remote HSA to learn routes for core networks; and redistributes OSPF into BGP for core network to learn remote networks. So the CMG forms a very important aggregation layer between the core and remote networks.
If we need to support large amount of remote sites, it's recommended to use multiple virtual CMG hosted on typical hypervisor (VM-Host), eg. VMWare, KVM, etc. Then split remote HSA into multiple groups to tunnel with different virtual CMG.
Typical design guide:
The core layer consist of customer or provider core switches or core routers. The core routers form BGP with CMG to learn remote routes and advertises server routes/networks to CMG (redistributed to HSA). It's possible to use any other 3rd-party high performance routers or customer preferred selection of routers, as long as they support standard BGP protocols. But a physical CMG-5000 with 10G interfaces would be a good choice too.
The mfusion platform can be a VM or physical server sitting in the cloud, or any location/networks that are reachable by both CMG and HSA.
The mfusion provides below key functions