Hi peers,
At the moment, we are evaluating a solution where tunnel concentrators are going to be in virtual machines. And despite the fact where we should go in terms of technology, space, payment model and everything, this solution is something new in the company.
So, we're looking for any previous experience and advice about how to make a proper solution and which product/s to use. Please share your thoughts.
Thanks.
Definitely look at Aruba EdgeConnect (formerly known as SilverPeak).
My main client has had them in production for years for five hospital campuses and their headquarters site. They have hardware appliances and Virtual Appliances.
Assuming you go the VA route, make sure you're thinking about providing enough bandwidth on the pNIC(s) you have connected to the vSwitch your VA(s) in a site are connected to the outside world through.
You'll be fine if you have something like a C7000 with Flex10 pNICs, but even if your hypervisor is some sort of 1U make sure it has 1G, 10G, 25G, 40G, 50G, or 100G pNIC(s) in it according to what your total MPLS and/or broadband Internet connections, i.e., Comcast or whatever, can provide and make sure there are no network chokepoints between your hypervisor(s) with your VA(s) and your enterprise WAN/Internet (for IPsec virtual WAN underlay tunnels) connections.
Start doing your homework NOW on what applications in your catalog are the highest priority, high priority, medium priority, best effort, etc. over the SD-WAN.
Prepare yourself for difficult conversations with leadership about non-working vacillating de facto lack-of-decision like, "It's all top priority." No, you, leadership, set the POLICY on when something gets pitched over the side what goes first and what goes last. We implement YOUR policy.
In my opinion, the way SD-WAN is designed, you will need multiple network endpoints or network-based concentrator hardware to handle multiple tunnels incoming.
If you host them as virtual devices, you share the underlying network hardware and therefore lose performance, not gain it. If you want to virtualize them, use several, many endpoints (not just one).
FatPipe Networks Inc - Hybrid Networking Connectivity.
We use our patented MPSec technology in order to provide bandwidth aggregation, redundancy, common management, compression and inbound/outbound load balancing. This solution is used by many of our customers for video conference, VoIP and data for the seamless switchover.
@Kowligi Prakash, I looked at FatPipe *years* ago. I was intrigued by the technology, but the leadership I was under at the time didn't see the point. "Just get ISDN BRIs for the branch offices and an ISDN FG D / T1 for HQ."I didn't know you guys were still around! :)