Dynamic Multipath Optimizationwan.velocloud.com/rs/098-RBR-178/images/sdwan-678...Dynamic Multipath Optimization Ports used Both data and control traffic use UDP port 2426. DMPO real-world

Dynamic Multipath Optimization

W H I T E PA P E R – D E C E M B E R 2 0 2 0

Table of contents

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

DMPO key functionalities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Continuous monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Automated bandwidth discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Continuous path monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Dynamic application steering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Application-aware per-packet steering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

MPLS class of service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Bandwidth aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

On-demand remediation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Real-time applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

TCP application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Application-aware overlay QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

QoS scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

CoS marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Policing traffic class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Policing MPLS CoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Rate limiting an application or category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

DMPO tunnel shaper for service providers with partner gateway . . . . . . . . . . . . 9

Business priority monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Business policy framework and smart defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Traffic class (priority and service class) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Network services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Link steering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Link steering: auto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Link steering by transport group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Link steering by WAN link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Link steering by interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

W H I T E PA P E R | 2


Mandatory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Preferred . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Available . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Secure traffic transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Ports used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

DMPO real-world results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Scenario 1: Branch-to-branch VoIP call on single link . . . . . . . . . . . . . . . . . . . 16

Scenario 2: File transfer from box .com on dual links . . . . . . . . . . . . . . . . . . . . . 16

Scenario 3: Branch-to-branch video call on dual links . . . . . . . . . . . . . . . . . . . . 17

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17





Introduction The VMware SD-WAN™ solution enables enterprises and service providers to utilize multiple wide area network (WAN) transports simultaneously, maximize the bandwidth, and ensure application performance. The unique cloud-delivered architecture offers these benefits for on-premises and cloud applications, such as software as a service (SaaS) and infrastructure as a service (IaaS). This requires building an overlay network, which consists of multiple tunnels, as well as monitoring and adapting to the change in the underlying WAN transports in real time. To deliver a resilient overlay network that takes into account real-time performance of WAN links, VMware has developed Dynamic Multipath Optimization™ (DMPO). This document explains the key functionalities and benefits of DMPO.

DMPO key functionalitiesDMPO is used between all of the VMware SD-WAN components that process and forward data traffic: the VMware SD-WAN Edge and the VMware SD-WAN Gateway. For connectivity within enterprise locations (branch to branch or branch to hub), VMware SD-WAN Edges establish DMPO tunnels between themselves. For connectivity to cloud applications, each VMware SD-WAN Edge establishes DMPO tunnels with one or more VMware SD-WAN Gateways.

Continuous monitoring Automated bandwidth discovery

Once the WAN link is detected by the VMware SD-WAN Edge, it establishes DMPO tunnels with one or more VMware SD-WAN Gateways and runs a bandwidth test with the closest VMware SD-WAN Gateway. The bandwidth test is performed by sending a short burst of bidirectional traffic and measuring the received rate at each end. Because the VMware SD-WAN Gateway is deployed at the Internet points of presence (PoPs), it can also identify the real public IP address of the WAN link in case the VMware SD-WAN Edge interface is behind a network address translation (NAT) or port address translation (PAT) device.

A similar process applies to the private link. For the VMware SD-WAN Edges acting as the hub or headend, the WAN bandwidth is statically defined. However, when the branch VMware SD-WAN Edge establishes a DMPO tunnel to the hub VMware SD-WAN Edges, the bandwidth test procedures are similar to those between the VMware SD-WAN Edge and the VMware SD-WAN Gateway on the public link.

Continuous path monitoring

DMPO performs continuous, unidirectional measurements of performance metrics: loss, latency, and jitter of every packet on every tunnel between any two DMPO endpoints, the VMware SD-WAN Edge or the VMware SD-WAN Gateway. VMware SD-WAN per-packet steering allows independent decisions in both uplink and downlink directions without introducing any asymmetric routing. DMPO uses both passive and active monitoring approaches.

When user traffic is present, the DMPO tunnel header contains additional performance metrics, including sequence number and timestamp, which enables the DMPO endpoints to identify lost and out-of-order packets, and calculate jitter and latency in each direction. The DMPO endpoints communicate the performance metrics of the path between each other every 100ms.

When there is no user traffic, an active probe is sent every 100ms and, after 5 minutes of no high-priority user traffic, the probe frequency is reduced to 500ms. This comprehensive measurement enables the DMPO to react very quickly to the change in the underlying WAN condition, resulting in the ability to deliver sub-second protection against brownout and blackout in the WAN.



Dynamic application steeringApplication-aware per-packet steering

DMPO identifies traffic using layer 2 to 7 attributes; for example, virtual local area network (VLAN), IP address, protocol, and applications. VMware SD-WAN performs application-aware, per-packet steering based on business policy configurations and real-time link conditions. The business policy contains out-of-the-box smart defaults that specify the default steering behavior and priority of more than 3,000 applications. Customers can immediately use the dynamic packet steering and application-aware prioritization without having to define policies.

Throughout its lifetime, a single traffic flow can be steered onto one or more DMPO tunnels, in the middle of the communication, with no impact to the flow. A link that is completely down is referred to as having a blackout condition. A link that is unable to deliver a service-level agreement (SLA) for a given application is referred to as having a brownout condition. VMware SD-WAN offers sub-second blackout and brownout protection. With the continuous monitoring of all the WAN links, DMPO detects a brownout or blackout condition within 300–500ms and immediately steers the traffic flow to protect the application performance, ensuring no impact to the active flow and user experience. There is a one-minute hold time from when the link brownout or blackout condition is cleared before DMPO steers the traffic back onto the preferred link if specified in the business policy.

Intelligent learning enables application steering based on the first packet of the application by caching classification results. This is necessary for application-based redirection; for example, redirecting Netflix onto the branch Internet link, bypassing the DMPO tunnel, while backhauling Office 365 to the enterprise regional hub or data center.

For example, smart defaults specify that Zoom is a high priority and is a real-time application. There are two links with latency of 50ms and 60ms, respectively. All other SLAs are equal or met. In this scenario, DMPO will choose the link with the lowest latency (i.e., the link with 50ms latency). If the current link to which the Zoom traffic is steered experiences a high latency of 200ms, within less than a second, the packets for Zoom of the same flow are steered to another link that has a lower latency of 60ms.

Application steering can also improve data security. For example, in a PCI environment, traffic must travel over secure links. If a secure link goes down and no other secure link is available, VMware SD-WAN will stop transmitting instead of potentially exposing sensitive information.

For employees working at home, the intelligence of DMPO can save connection costs. Traffic steering policies can be set to prefer less-expensive connections over more expensive ones such as LTE.

Multiprotocol Label Switching class of service

For a private link that has a class of service (CoS) agreement, DMPO can take CoS into account for both monitoring and application steering decisions. The service provider will guarantee a different SLA for each CoS on a Multiprotocol Label Switching (MPLS) link. DMPO can treat each CoS as a different link and take granular application-aware decisions for the private link with CoS agreements.

For example, for a service provider that offers two classes of services (CoS1 and CoS2, each with a distinct SLA), the link steering decision can be made to use CoS1 or Internet, or CoS2 or Internet.



Bandwidth aggregation

For applications that can benefit from more bandwidth (e.g., file transfer), DMPO performs per-packet load balancing, utilizing all available links to deliver all packets of a single flow to the destination. DMPO takes into account the real-time WAN performance and decides which paths should be used for the flow. Additionally, DMPO performs resequencing at the receiving end to ensure there is no out-of-order packets introduced as a result of per-packet load balancing.

For example, two 50Mbps links deliver 100Mbps of aggregated capacity for a single traffic flow. Quality of service (QoS) is applied at both the aggregate and individual link levels.

On-demand remediationIn a scenario where it may not be possible to steer the traffic flow onto the better link (i.e., single link deployment) or multiple links have issues at the same time, DMPO can enable error correction for the duration of the disruption. The type of error correction used depends on the type of applications and the type of errors.

Real-time applications

• Real-time applications, such as voice and video flows, can benefit from forward error correction (FEC) during periods of packet loss. DMPO automatically enables FEC on single or multiple links. With multiple links, DMPO will select up to two of the best links at any given time for FEC. Duplicated packets are discarded, and out-of-order packets are reordered at the receiving end before being delivered to the final destination. With a single link, DMPO will send duplicate packets, increasing the chance that the packet will be received. DMPO enables jitter buffer for the real-time applications when the WAN links experience jitter.

TCP application

• TCP applications, such as file transfer, benefit from negative acknowledgement (NACK). Upon missing packet detection, the receiving DMPO endpoint informs the sending DMPO endpoint to retransmit the missing packet. Doing so protects the end applications from detecting packet loss, maximizes the TCP window, and delivers high TCP throughput during lossy condition.

Application-aware overlay QoSIn the VMware SD-WAN network, the DMPO tunnels are established between a VMware SD-WAN Edge and a VMware SD-WAN Gateway, or between a VMware SD-WAN Edge and another VMware SD-WAN Edge. The VMware SD-WAN Management Protocol header is added to the packet before leaving the VMware SD-WAN Edge, and it adds an overhead of 59 bytes. Once the traffic reaches the VMware SD-WAN Gateway or the VMware SD-WAN Edge on the receiving end, all tunnel headers (VMware SD-WAN Management Protocol, IPsec) are removed, and the original user data is passed to the next hop router, which can be another provider edge (PE) for the service provider scenario or an L3 switch/router for the enterprise scenario.

FIGURE 1: Application-aware overlay QoS .

VMware SD-WANEdge 1

VMware SD-WANEdge 2

VMware SD-WAN Gateway

Handoff (Clear)Tunneled Management Protocol

W H I T E PA P E R | 7W H I T E PA P E R | 7


QoS scheduling

A traffic class is defined with a combination of priority (high, normal, or low) and service class (real time, transactional, or bulk), resulting in a 3x3 matrix with 9 traffic classes. The application/category and scheduler weight can be mapped onto these traffic classes. All applications within a traffic class will be applied with the aggregate QoS treatment, including scheduling and policing. All applications in a given traffic class will have a guaranteed minimum aggregate bandwidth during congestion based on the scheduler weight (or percentage of bandwidth). When there is no congestion, the applications are allowed to burst up to the maximum aggregated bandwidth. A policy can be applied to cap the bandwidth for all the applications in a given traffic class.

The business policy contains the out-of-the-box smart defaults functionality that maps more than 3,000 applications to traffic classes. Customers can immediately use application-aware QoS without having to define a policy. They can also define policies for their own custom applications. Each traffic class is assigned a default weight in the scheduler. These parameters can be changed in the business policy. Figure 2 shows the default values for the 3x3 matrix with 9 traffic classes.

FIGURE 2: Default values for the 3x3 matrix with 9 traffic classes .

For example, the customer has a 90Mbps Internet link and 10Mbps MPLS on the edge, and the aggregate bandwidth is 100Mbps. Based on the default weight and traffic class mapping in Figure 2, all applications that map to business collaboration will have a guaranteed bandwidth of 35Mbps, and all applications that map to email will have a guaranteed bandwidth of 15Mbps. Business policies can be defined for an entire category (e.g., business collaboration), applications (e.g., Skype for Business), and more granular sub-applications (e.g., Skype File Transfer, Skype Audio, Skype Video).

CoS marking

When traffic arrives at the VMware SD-WAN Edge, the differentiated service code point (DSCP) values marked by the customer can be left as is or modified before sending out to the tunnel. The outer DSCP value on the tunnel header can also be modified or copied from the inner packet.

For example, Figure 3 shows two traffic flows: one is voice, which is considered important, and another is data, which is considered less important. For inner packet DSCP tags, the customer decides to leave DSCP tags as is for both voice and data. For outer packet DSCP tags, the customer decides to copy DSCP values to the outer packet for voice but changes the outer packet DSCP tag to DSCP=0 for data.

Real Time

Transactional

Bulk

LowNormalHigh

1720

1515

Real Time

Transactional

Bulk

LowNormalHigh

IM App, Web,Proxies, Games,

Media, Social

Infrastructure,Auth, Mgmt,

Network Services,Tunneling

BusinessCollaboration

Remote Desktop, Business App

Audio/Video

Storage/Backup,P2P

File SharingEmail

35 15 1

$$

Default application/category and traffic class mapping

Default weight and traffic class mapping



FIGURE 3: Traffic flows in CoS marking .

Policing traffic class

In legacy WAN networks, service providers and the enterprise have the ability to allocate bandwidth or police traffic based on CoS offered by the service provider. With VMware SD-WAN, there is a need to apply a similar concept to the WAN overlay that may include one or more transports from multiple service providers. An IT administrator may want to police high-priority business collaboration traffic on the aggregated overlay tunnel to ensure a service provider-offered SLA is honored, or proactively police non-critical applications for security or QoS compliance reasons. To accommodate these use cases, policing can be defined for a traffic class (i.e., service class and priority).

For example, a customer has a 90Mbps Internet link and a 10Mbps MPLS in the network, and the aggregated bandwidth is 100Mbps. Based on the default weight and traffic class mapping described in Figure 2, all applications within the business collaboration categories will be guaranteed a bandwidth of 35Mbps. At the same time, the service provider can enable a policy on this traffic class, so all the applications included in this traffic class will be policed at 35Mbps when there is no congestion in the network.

Policing MPLS CoS

For a private link that has a CoS agreement with an MPLS provider, the service provider will guarantee a different SLA for each CoS on an MPLS link. DMPO can treat each CoS as a different link and take granular application-aware decisions for the private link with CoS agreements. A policy can be defined for an MPLS CoS underlay to ensure the service provider’s committed bandwidth SLAs are being honored by the customer.

For example, the customer branch edge has a 10Mbps MPLS and the service provider offers a 40 percent bandwidth SLA for CoS1 (DSCP=EF, CS5), which is for real-time traffic, and 60 percent is for the rest of the traffic. The service provider will police their PE with an aggregate rate of 10Mbps and also police the rate for CoS1 traffic to not exceed 4Mbps. If CoS1 traffic via the MPLS underlay exceeds 4Mbps, packets will be dropped by the service provider, impacting QoS. A 4Mbps policy for CoS1 on the edge ensures traffic in that class never exceeds 4Mbps. The rest of the traffic can burst up to link speed if no congestion exists and is guaranteed a minimum bandwidth during times of congestion.

Outer Packet DSCP Tag:

Inner Packet DSCP Tag:

Link Steering: WAN Link

Copy from Inner

Leave as is

InterfaceTransport GroupAuto

Data IP HDRDSCP=CS3

VCMPHDR

IPSEC HDRDSCP=EFData IP HDR

DSCP=EF Data IP HDRDSCP=EF

MPHDR

IPSEC HDRDSCP=0Data IP HDR

DSCP=CS3 Data IP HDRDSCP=CS3

VCMPHDR

IPSEC HDRDSCP=EFData IP HDR

DSCP=EF Data IP HDRDSCP=EF Data IP HDR

DSCP=EFMP

HDRIPSEC HDRDSCP=EFData IP HDR

DSCP=EF Data IP HDRDSCP=EF Data IP HDR

DSCP=EF

Outer Packet DSCP Tag:

Inner Packet DSCP Tag:

Link Steering: WAN Link

0 – CS0/DF

Leave as is

InterfaceTransport GroupAuto

VMware SD-WAN Management Protocol



Rate limiting an application or category

Rate limiting is offered in both inbound and outbound directions for a specific application. When a rate limit for the outbound/inbound traffic is applied, under congestion, the traffic will be queued, and when the queue is full, the packets will be dropped.

For example, customers try to access Hulu traffic. Outbound request traffic is small, and most of the traffic is inbound. In traditional WAN, by the time traffic gets to the edge router, it is too late to know that the link doesn’t have enough bandwidth, and the WAN link can get congested. VMware SD-WAN inbound QoS can request a streaming application to back off and ensure Hulu traffic doesn’t exceed configured inbound bandwidth.

FIGURE 4: Rate limiting an application .

DMPO tunnel shaper for service providers with partner gateway

Service providers may offer SD-WAN services at lower capacity compared to aggregated capacity of WAN links at the local branch. For instance, customers may have purchased a broadband link from another vendor and service provider offering SD-WAN services, and hosting a partner VMware SD-WAN Gateway has no control over the underlay broadband link. In such situations, to ensure that the SD-WAN service capacity is being honored and to avoid congestion toward the partner gateway, the service provider can enable the DMPO tunnel shaper between the edge and the partner gateway.

Figure 5 shows that the VMware SD-WAN Edge has dual links, 20Mbps Internet and 20Mbps MPLS, with 35Mbps SD-WAN service from the service provider. To ensure the traffic toward the partner gateway doesn’t exceed 35Mbps (X in the topology shown in Figure 5), the service provider can place a tunnel shaper on the DMPO tunnel.

FIGURE 5: DMPO tunnel shaper .

Internet

MPLS

Direct Internet

MP

X Mbps

W H I T E PA P E R | 1 0


Business priority monitoring

Based on a designated priority, the application traffic can be monitored in real time, and historical data can be retrieved. It can be viewed in the format of bytes received and sent, packet received and sent, and average throughput.

FIGURE 6: Business priority monitoring dashboard .

Business policy framework and smart defaultsIT administrator controls QoS, steering, and services to be applied to the application traffic through the Business Policy. Smart Defaults provides out-of-the-box Business Policy that supports over 3,000 applications. DMPO makes steering decision based application type, real-time link condition (congestion, latency, jitter, and packet loss), and the Business Policy.

Each application is assigned a category. Each category has default action, which is a combination of Traffic Class (Priority and Service Class), Network Service, and Link Steering. In addition to the default application list, customer applications can be defined manually. The following is an example of Business Policy.

FIGURE 7: Business policy example .



Traffic class (priority and service class)An application/category is assigned to a traffic class based on the combination of priority and service class, and aggregated QoS treatment is applied to all the applications that fall into the same traffic class, including scheduling and policing as previously discussed in the “Application-aware overlay QoS” section.

Network servicesBy default, an application is assigned one of the four default network services, which can be modified by the user:

• Direct: Typically used for non-critical, trusted Internet applications that should be sent directly, bypassing the DMPO tunnel. An example is Netflix, a service that is considered to be a non-business, high-bandwidth application and should not be sent over the DMPO tunnels. The traffic sent directly can be load balanced at the flow level. By default, all the low-priority applications are assigned to the Direct network service.

• Multipath: Typically given to important applications. The Multipath service assignment sends the Internet-based traffic to the VMware SD-WAN Gateway. Figure 9 shows the default link steering and on-demand remediation technique for a given service class. By default, high and normal-priority applications are given the Multipath action for network service.

• Cloud Proxy: Typically used to redirect the application flow to a cloud proxy, such as Websense (now Forcepoint).

• Internet Backhaul: Typically used to redirect Internet applications to the specified enterprise location that may or may not have the VMware SD-WAN Edge. The typical use case is to force important Internet applications through a site that has security devices, such as a firewall, an intrusion prevention system (IPS), and content filtering, before the traffic is allowed to exit to the Internet.

Figure 8 shows the default values for a network service action. Note that VPN traffic is always sent through the tunnels (specifying the Direct action for network service does not apply to VPN traffic).

PRIORITY DESTINATION: INTERNET (E.G., SAAS, WEB TRAFFIC)

DESTINATION: WITHIN THE ENTERPRISE VPN

High Multipath (through DMPO tunnels) Multipath (through DMPO tunnels)

Normal

Low Direct

FIGURE 8: Default values for a network service action .



Link steering In the business policy, there are four link steering modes: auto, by transport group, by WAN link, and by interfaces.

Link steering: auto

By default, all applications are given the automatic link steering mode. This means DMPO automatically picks the best links based on the application type and automatically enables on-demand remediation when necessary. There are four possible combinations of link steering and on-demand remediation for Internet applications. As previously mentioned, traffic within the enterprise (VPN) always goes through the DMPO tunnels, hence it always receives the benefits of on-demand remediation.

FIGURE 9: Default link steering and on-demand remediation for a given service class .



The following examples explain the default DMPO behavior for different real-time application types and link conditions:

SCENARIO EXPECTED DMPO BEHAVIOR

1. At least one link that satisfies the SLA for the application.

Pick the best available link.

2. Single link with packet loss exceeding the SLA for the application.

Enable FEC for the real-time applications sent on this link.

3. Two links with loss on only one link.

Enable FEC on both links.

4. Multiple links with loss on multiple links.

Enable FEC on two best links.

5. Two links but one link appears unstable, i.e. missing three consecutive heartbeats.

Mark link un-usable and steer the flow to the next best available link.

6. Both jitter and loss on both links.

Enable FEC on both links and enable jitter buffer on the receiving side. Jitter buffer is enabled when jitter is greater than 7ms for voice and greater than 5ms for video. The sending DMPO endpoint notifies the receiving DMPO endpoint to enable jitter buffer. The receiving DMPO endpoint will buffer up to 10 packets or 200ms of traffic, whichever happens first. The receiving DMPO endpoint uses the original timestamp embedded in the DMPO header to calculate the flow rate to use in de-jitter buffer. If flow is not sent at a constant rate, the jitter buffering is disabled.

FIGURE 10: Default DMPO behavior for different real-time application types and link condition .

Link steering by transport groupDifferent locations may have different WAN transports (e.g., WAN carrier name, WAN interface name). DMPO uses the concept of transport group to abstract the underlying WAN carriers and interfaces from the business policy configuration. The business policy configuration can specify the transport group (public wired, public wireless, private wired) in the steering policy so that the same business policy configuration can be applied across different device types or locations, which may have completely different WAN carriers and WAN interfaces. When the DMPO performs the WAN link discovery, it also assigns the transport group to the WAN link. This is the most desirable option for specifying the links in the business policy because it eliminates the need for IT administrators to know the type of physical connectivity or the WAN carrier.

FIGURE 11: Link steering by transport group .



Link steering by WAN linkThe WAN interface is connected to a WAN carrier, which is specific to the location of the VMware SD-WAN Edge. DMPO automatically detects the WAN carrier by doing a GeoIP lookup, or the IT administrator can specify the WAN carrier. Additionally, link steering can be based on a private line CoS, which is specified on the WAN overlay.

Figure 12 shows a customer MPLS CoS agreement that includes three classes of service: CoS1 (CS5, EF), CoS2 (AF41, CS4), and CoS5 (AF21, CS2) with guaranteed bandwidth of 60 percent, 20 percent, and 20 percent respectively defined on the WAN overlay. MPLS CoS 1 ensures a maximum bandwidth of 60 percent.

FIGURE 12: MPLS CoS agreement with three classes of service .

In the business policy, link steering can be selected between Internet, MPLS - CoS1, MPLS - CoS2, or MPLS - CoS5.

Link steering by interfaceThe link steering policy can be applied to the interface (i.e., GE2, GE3), which will be different depending on the VMware SD-WAN Edge model and the location. This is the least desirable option to use in the business policy because IT administrators have to be fully aware of how the VMware SD-WAN Edge is connected to be able to specify which interface to use.

FIGURE 13: Link steering by interface .



For link steering by transport group, by interface, and by WAN link, there are three possible link steering sub-options: preferred, mandatory, and available.

FIGURE 14: Sub-options for link steering by transport group, by interface, and by WAN link .

Mandatory

Pin the traffic to the link or the transport group. The traffic is never steered away regardless of the condition of the link, including outage. On-demand remediation is triggered to mitigate brownout conditions, such as packet loss and jitter. For example, Netflix is a low-priority application and required to stay on public wired links at all times.

PreferredPick the preferred link as long as the SLA is met, and steer traffic to other links once the preferred link cannot deliver the SLA needed by the application. In the situation when there is no available link to steer to (e.g., all links fail to deliver the SLA needed by the application), on-demand remediation is enabled. Alternatively, instead of steering the application away as soon as the current link cannot deliver the SLA needed by the application, DMPO can enable on-demand remediation until the degradation is too severe to be remediated, at which point DMPO will steer the application to the better link. For example, customers prefer to have the video collaboration application on the Internet link until it fails to deliver the SLA needed by video, then steer to the private link.

Available

Pick the available link as long as the link is up. If the link fails to deliver the SLA, DMPO enables on-demand remediation. DMPO will not steer the application flows to another link unless the original link is completely down. For example, web traffic is backhauled over the Internet link to the hub site using the Internet link as long as the link is active, regardless of the SLA.

Secure traffic transmissionFor private or internal traffic, DMPO encrypts both the payload, which contains the user traffic, and the tunnel header with IPsec transport mode end to end. DMPO supports AES-128 and AES-256 encryption standards and SHA2/SHA1 algorithms for integrity. IKEv2 is used for key management and PKI for authentication.

Private Wired

AvailablePreferredMandatory

Private Wired


Private Wired


• Pin an application to a path even when the link fails (for example, PCI)

• Prefer an application on a path, but steer it away if it can’t meet the SLA (for example, VoIP)

• Prefer an application on a path, but steer it away if the link fails (for example, web browsing)



Ports usedBoth data and control traffic use UDP port 2426.

DMPO real-world resultsScenario 1: Branch-to-branch VoIP call on single link The results in Figure 15 demonstrate the benefits of on-demand remediation using FEC and jitter remediation on a single Internet link with traditional WAN and VMware SD-WAN. A mean opinion score (MOS) of less than 3.5 is unacceptable quality for a voice or video call.

FIGURE 15: Results for a branch-to-branch VoIP call on a single link with VMware SD-WAN optimization .

Scenario 2: File transfer from box .com on dual linksThe results in Figure 16 demonstrate the benefits of bandwidth aggregation and on-demand remediation for a 50MB file download from box.com on dual 20Mbps links with traditional WAN and VMware SD-WAN.

FIGURE 16: Results for a file transfer from box .com on dual links with VMware SD-WAN optimization .

Traditional WAN VMware SD-WAN

VMware SD-WANTraditional WAN



Scenario 3: Branch-to-branch video call on dual linksThe results in Figure 17 demonstrate the benefits of sub-second blackout protection by steering application flows onto Internet links and on-demand remediation at the same time on the Internet link with VMware SD-WAN.

FIGURE 17: Results for a branch-to-branch video call on dual links with VMware SD-WAN optimization .

SummaryVMware SD-WAN DMPO enables application-aware, dynamic per-packet steering; on-demand remediation; and overlay quality of service. DMPO ensures optimal SD-WAN performance for the most demanding applications over any transport (Internet or hybrid) and any destination (on-premises or in the cloud).

For more information, see sdwan.vmware.com.

VMware SD-WAN Enhancements

Cable Company

Cable Company

https://sdwan.vmware.com/

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www .vmware .com Copyright © 2020 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. and its subsidiaries in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item No: sdwan-678-dynamic-multipath-optimization-wp-1119 5/19

Dynamic Multipath Optimizationwan.velocloud.com/rs/098-RBR-178/images/sdwan-678...Dynamic Multipath Optimization Ports used Both data and control traffic use UDP port 2426. DMPO real-world

Documents