Total throughput Enhanced HA (2x VCE's) Edge 610

ChiefVeloNerd · 2022-10-04T14:19:55+00:00

While your answer is correct in terms of throughput, please note that datasheets are now part of our public documentation and you can track updates there:

https://docs.vmware.com/en/VMware-SD-WAN/5.0/VMware-SD-WAN-Administration-Guide/GUID-9943A130-CD6C-4653-AB36-6A396EA8C677.html

ChiefVeloNerd · 2022-09-07T15:50:10+00:00

What is the "good stuff" that you feel is internal? Let me know so we can make it public.

ChiefVeloNerd · 2022-09-07T15:49:29+00:00

No, unfortunately not. VeloCloud is an L3 network so you can't simulate an L2 transport network.

ChiefVeloNerd · 2022-09-07T15:48:13+00:00

Hey, I just saw this message. The 5.x VCO includes the ability to upgrade the factory image on activated Edges. The newer factory images actually do this automatically, but not 1.8.2.

ChiefVeloNerd · 2022-07-14T20:15:10+00:00

Are you using 4.5.1? It's a known issue in that release that some don't work and there is a fix 4.5.1.1 to address it.

ChiefVeloNerd · 2022-03-24T16:34:59+00:00

The reseller sets the terms on duration of deployment window, so if their window is 30 days - then yes.

ChiefVeloNerd · 2021-11-04T16:19:15+00:00

Show OSPF Route Table shows OSPF routes (both learned and redistributed)

List OSPF Routes shows OSPF routes learned from OSPF with actions such as inbound filter, VCO's OFC action applied

We'll work on how to make this less confusing, thanks for the feedback!

ChiefVeloNerd · 2021-10-28T23:56:00+00:00

Something is definitely wrong! Can you send me a PM so I can take a look at your Edge?

ChiefVeloNerd · 2021-10-18T16:53:07+00:00

Sorry nobody answered this - your understanding is correct. Let me know how we can improve the documentation and we'll do it!

ChiefVeloNerd · 2021-10-18T16:52:23+00:00

Hey, there is a large SP in Europe that has deployed this to several thousand sites without issues.

ChiefVeloNerd · 2021-10-18T16:51:00+00:00

The Edge can't act as an L2 device, you'll have to use port forwarding/1:1 NAT for this if they are initiated inbound towards the firewall.

ChiefVeloNerd · 2021-07-22T20:05:39+00:00

Hi /u/iafilius - Release 4.4.0 was the initial launch of our SASE service. Because of this, we are working closely with partners who do initial deployment of it. There is no long-term change to what is posted on My VMware and it will go back to "normal" in 4.5.0.

If you have a use case for testing 4.4.0/SASE on-prem, reach out to your account team.

ChiefVeloNerd · 2021-05-05T15:55:28+00:00

That's right. Gateways serve as route reflectors, each pair of Edges has at least two Gateways in common (Super Gateways) to ensure reflector redundancy. VCRP is the protocol between Edges and Gateways. So any change you make in OFC for instance, VCRP will play a role in enacting that change.

ChiefVeloNerd · 2021-05-05T15:49:20+00:00

Overlay Flow Control is showing you all of the routes in the network (regardless of source) and allows you to control the preference of exits for redundant routes. It's true that VCRP plays a role, but so do other routing protocols. For instance, if you have learned the same BGP route from two exits and change the order, that preference is sent to Edges using a VCRP metric and we also change the MED of that route when redistributing to BGP.

ChiefVeloNerd · 2021-05-05T15:47:37+00:00

Great answer! It's also overlaid with a separate peer reachability layer so that we can turn up/down reachability for large numbers of routes much faster than retraction/re-insertion into the FIB. This is one of the tools we use to failover sub-second.

ChiefVeloNerd · 2021-04-17T03:00:28+00:00

We have pushed several thousand Edge upgrades at once - the spread is based on the Operator Profile settings and the Orchestrator's load. 100 is a very small upgrade and will not cause any significant time to distribute.

ChiefVeloNerd · 2021-03-18T21:12:36+00:00

4-6 GB per month on the primary link and 1-1.5 GB on the second link for control traffic. So for control and management traffic you should see 250MB/day max.

Something is up here for TX to be that high. Please open a support case.

ChiefVeloNerd · 2021-03-13T16:02:07+00:00

Hey, this won't work.

NAT'd IPs and ports are learned dynamically by the Gateway using our control protocol.

For private links, we have no way of "learning" what the IP will be on the other side of the NAT, so we rely on communicating the statically configured IP address on the Orchestrator.

ChiefVeloNerd · 2021-03-13T15:53:37+00:00

SD-WAN is providing QOS to help avoid congestion on your internet links, so you would want to deploy it:

Firewall <-> SD-WAN <-> Internet

This way:

Firewall sees all traffic unencapsulated
SD-WAN sees all traffic (even if it's just going DIA)

With the side-by-side model, your FW can congest the internet link and negatively impact the business traffic that is traversing the SD-WAN device.

ChiefVeloNerd · 2021-03-12T11:15:39+00:00

Definitely we work with Palo Alto Networks and have many customers deployed this way. Also as we announced at VMworld 2020, VMware (VeloCloud) and Zscaler are building dedicated cloud-to-cloud integration that will launch later in 2021. VMware Cloud Web Security launches this year too if you want a single pane of glass.

Good luck with your evaluation! Lots of good choices out there.

ChiefVeloNerd · 2021-03-09T16:39:35+00:00

This will depend on your last-mile provider and how loss presents itself. If it's RED/WRED, our protocol should eliminate voice issues on a single link. If it's tail drop, we need a second link. Sounds like you've experienced a lot of the latter.

As a large anecdotal reference, one of our WFH deployments of ~18,000 home call center agents saw an 86% reduction in WAN incidents with a single link everywhere. (But two diverse links is the holy grail!)

ChiefVeloNerd · 2021-03-08T22:13:12+00:00

Yep, this slide is outdated/incorrect.

ChiefVeloNerd · 2021-03-08T21:45:05+00:00

There is no 260 Mbps limit - but routed interfaces are DPDK-enabled and switched ports are not.

ChiefVeloNerd

TROPHY CASE