VeloCloud Dynamic Multipath Optimization · VeloCloud Dynamic Multipath Optimization Page 5 Bandwidth Aggregation For applications that can benefit from more bandwidth, e.g. file

WHITE PAPER

VeloCloud Dynamic

Multipath Optimization

Page 1

White Paper

VeloCloud Dynamic Multipath Optimization

This document discusses the key functionalities and benefits of VeloCloud Dynamic Multipath Optimization (DMPO) that assures enterprise and cloud application

performance over Internet and hybrid WAN.

WHITE PAPER

VeloCloud Dynamic


Page 2

VeloCloud Networks™, Inc. is the Cloud-Delivered SD-WAN™ company, a Gartner Cool Vendor 2016, the Frost & Sullivan Product Leader in the SD-WAN Solution Market 2016, and a Best of Interop and Best of VMworld winner. The company simplifies branch WAN networking by automating deployment and improving performance over private, broadband Internet and LTE links for today’s increasingly distributed enterprises. VeloCloud SD-WAN includes: a choice of public, private or hybrid cloud network for enterprise-grade connection to cloud and enterprise applications; branch office enterprise appliances and optional data center appliances; software-defined control and automation; and virtual services delivery. VeloCloud has received financing from investors including NEA, Venrock, March Capital Partners, Cisco Investments and The Fabric, and is headquartered in Mountain View, Calif. For more information, visit www.velocloud.com and follow the company on Twitter @Velocloud.

© 2017 VELOCLOUD NETWORKS, INC. ALL RIGHTS RESERVED.

Contents

Introduction 3

DMPO Key Functionalities 3

Continuous Monitoring 3Dynamic Application Steering 4On-demand Remediation 5Application Aware Overlay QoS 6

Business Policy Framework and Smart Defaults 11

Traffic Class (Priority and Service Class) 11Network Services 11Link Steering 12

DMPO Real World Results 16

Secure Traffic Transmission 17

Ports Used 17

Summary 17

WHITE PAPER

VeloCloud Dynamic


Page 3

IntroductionVeloCloud Cloud-delivered SD-WAN solution enables Enterprise and Service Pro-vider to utilize multiple WAN transports simultaneously, maximize the bandwidth, while ensuring application performance. The unique Cloud-Delivered architecture offers these benefits for on-premise and cloud applications (SaaS/IaaS). This re-quires building overlay network, which consists of multiple tunnels, monitoring and adapting to the change in the underlying WAN transports in real time. To deliver a resilient overlay network that takes into account real-time performance of WAN links, VeloCloud has developed the Dynamic Multi-Path Optimization (DMPO). This document explains the key functionalities and benefits of DMPO.

DMPO Key FunctionalitiesDMPO is used between all of the VeloCloud components that process and forward data traffic: VeloCloud Edge (VCE) and VeloCloud Gateway (VCG). For connectiv-ity within Enterprise locations (branch-to-branch or branch-to-hub), the VCEs es-tablish DMPO tunnels between themselves. For connectivity to Cloud applications, each VCE establishes DMPO tunnels with one or more VCGs. The four key DMPO functionalities are discussed below.

Continuous Monitoring Automated Bandwidth DiscoveryOnce the WAN link is detected by the VCE, it establishes DMPO tunnels with one or more VCGs and runs bandwidth test with the closest VCG. The bandwidth test is performed by sending short burst of bi-directional traffic and measuring the received rate at each end. Since the VCG is deployed at the Internet Points of Pres-ence (PoPs), it can also identify the real public IP address of the WAN link in case the VCE interface is behind a NAT or PAT device.

Similar process applies to the private link. For the VCEs acting as the hub or head-end, the WAN bandwidth is statically defined. However, when the branch VCE es-tablishes DMPO tunnel to the hub VCEs, the bandwidth test procedures are similar to those between the VCE and the VCG on the public link.

Continuous Path MonitoringDMPO performs continuous, uni-directional measurements of performance met-rics - loss, latency and jitter of every packet on every tunnel between any two DMPO endpoints, VCE or VCG. VeloCloud’s per-packet steering allows independent decisions in both uplink and downlink directions without introducing any asymmet-ric routing. DMPO uses both passive and active monitoring approaches.

When user traffic is present, the DMPO tunnel header contains additional per-formance metrics including sequence number and timestamp, thus enabling the DMPO endpoints to identify lost and out-of-order packets, and calculate jitter and latency in each direction. The DMPO endpoints communicate the performance metrics of the path between each other every 100 ms.

When there is no user traffic, an active probe is sent every 100 ms and, after 5 minutes of no high priority user traffic, the probe frequency is reduced to 500 ms. This comprehensive measurement enables the DMPO to react very quickly to the change in the underlying WAN condition, resulting in the ability to deliver sub-sec-ond protection against brownout and blackout in the WAN.

WHITE PAPER

VeloCloud Dynamic


Page 4

Dynamic Application SteeringApplication-aware Per-packet SteeringDMPO identifies traffic using layer 2 to 7 attributes, e.g. VLAN, IP address, proto-col, and applications. VeloCloud performs application aware per-packet steering based on Business Policy configurations and real-time link conditions. The Business Policy contains out-of-the-box Smart Defaults that specifies the default steering behavior and priority of more than 2500 applications. Customers can immediate-ly use the dynamic packet steering and application-aware prioritization without having to define policies.

Throughout its lifetime, a single traffic flow can be steered onto one or more DMPO tunnels, in the middle of the communication, with no impact to the flow. A link that is completely down is referred to as having a blackout condition. A link that is unable to deliver SLA for a given application is referred to as having a brownout condition. VeloCloud offers sub-second blackout and brownout protec-tion. With the continuous monitoring of all the WAN links, DMPO detects brown-out or blackout condition within 300-500 ms and ,immediately steers traffic flow to protect the application performance, while ensuring no impact to the active flow and user experience. There is one minute hold time from the time when the link brownout or blackout condition is cleared before DMPO steers the traffic back onto the preferred link if specified in the business policy.

Intelligent learning enables application steering based on first packet of the ap-plication by caching classification results. This is necessary for application-based redirection, e.g. redirect Netflix on to the branch Internet link, bypassing the DMPO tunnel, while backhauling Office 365 to the Enterprise regional hub or data center.

Example: Smart Defaults specifies that Microsoft Lync is a High Priority and is a Real-Time application. There are two links with latency of 50 ms and 60 ms, respec-tively. All other SLAs are equal or met. In this scenario, the DMPO will choose the link with the lowest latency, i.e. link with 50 ms latency. If the current link to which the Lync traffic is steered to experiences high latency of 200 ms, within less than a sec-ond, the packets for the Lync of the same flow is steered to another link which has lower latency of 60 ms.

MPLS Class of Service (CoS)For a private link that has CoS agreement, DMPO can take CoS into account for both monitoring and application steering decisions. SP will guarantee a different SLA for each CoS on MPLS Link. DMPO can treat each CoS as a different link and can take granular application-aware decisions for private link with CoS agreements.

Example: For Service Provider (SP) that offers two Class of Services, CoS1 and CoS2, each with a distinct SLA, the link steering decision can be made to use CoS1 or Inter-net, CoS2 or Internet.

WHITE PAPER

VeloCloud Dynamic


Page 5

Bandwidth AggregationFor applications that can benefit from more bandwidth, e.g. file transfer, DMPO performs per-packet load balancing, utilizing all available links to deliver all packets of a single flow to the destination. DMPO takes into account the real-time WAN performance and decides which paths should be used for the flow. Additionally, the DMPL performs resequencing at the receiving end to ensure there is no out-of-or-der packets introduced as a result of per-packet load balancing.

Example: Two 50 Mbps links deliver 100 Mbps of aggregated capacity for a single traffic flow. Quality of Service (QoS) is applied at both the aggregate and individual link levels.

On-demand RemediationIn a scenario where it may not be possible to steer the traffic flow onto the better link, i.e., single link deployment, or multiple links having issues at the same time, the DMPO can enable error correction for the duration of the disruption. The type of error correction used depends on the type of applications and the type of errors.

Real-time ApplicationsReal-time applications, such as voice and video flows, can benefit from Forward Error Correction (FEC) during periods of packet loss. DMPO automatically enables FEC on single or multiple links. With multiple links, DMPO will select up to two of best links at any given time for FEC. Duplicated packets are discarded and out-of-order packets are re-ordered at the receiving end before being delivered to the final destination. DMPO enables jitter buffer for the real-time applications when the WAN links experience jitter.

TCP ApplicationTCP applications, such as file transfer, benefit from Negative Acknowledgement (NACK). Upon missing packet detection, the receiving DMPO endpoint informs the sending DMPO endpoint to retransmit the missing packet. Doing so protects the end applications from detecting packet loss and as a result, maximizes TCP win-dow and delivers high TCP throughput during lossy condition.

WHITE PAPER

VeloCloud Dynamic


Page 6

Application Aware Overlay QoSIn the VeloCloud Cloud-Delivered SD-WAN network, the DMPO tunnels are estab-lished between VCE and VCG, or between VCE and VCE. VeloCloud Management Protocol (VCMP) header is added to the packet before leaving the VCE and it adds an overhead of 59 bytes. Once the traffic reaches the VCG or the VCE on the receiving end, all tunnel headers (VCMP, IPSec) are removed and the original user data is passed to the next hop router, which can be another Provider Edge (PE) for SP scenario or L3 switch/router for Enterprise scenario.

Default Application/Category and Traffic Class Mapping

QoS SchedulingA Traffic Class is defined with a combination of Priority (High, Normal, or Low) and Service Class (Real-Time, Transactional, or Bulk) resulting into 3x3 matrix with 9 Traffic Classes. Application/category and scheduler weight can be mapped onto these Traffic Classes. All applications within a Traffic Class will be applied with the aggregate QoS treatment, including scheduling and policing. All applications in a given Traffic Class will have a guaranteed minimum aggregate bandwidth during congestion based on scheduler weight (or percentage of bandwidth). When there is no congestion, the applications are allowed to burst up to the maximum aggre-gated bandwidth. A policer can be applied to cap the bandwidth for all the applica-tions in a given Traffic Class.

The Business Policy contains the out-of-the-box Smart Defaults functionality that maps more than 2,500 applications to Traffic Classes. Customers can immediate-ly use application-aware QoS without having to define policy. Each Traffic Class is assigned a default weight in the scheduler. These parameters can be changed in the Business Policy. Below are the default values for the 3x3 matrix with 9 Traffic Classes.

WHITE PAPER

VeloCloud Dynamic


Page 7

Example: The customer has 90 Mbps Internet link and 10 Mbps MPLS on the edge and the aggregate Bandwidth is 100 Mbps. Based on the default weight and Traffic Class mapping above, all applications that map to Business Collaboration will have a guaranteed bandwidth of 35 Mbps and all applications that map to Email will have a guaranteed bandwidth of 15 Mbps. Business policies can be defined for entire cate-gory (e.g., Business Collaboration), applications (e.g. Skype for Business) and more granular sub-applications (e.g., Skype File Transfer, Skype Audio, Skype Video).

CoS MarkingWhen traffic arrives at the VCE, the Differentiated Service Code Point (DSCP) values marked by the customer can be left “as-is” or modified before sending out to the tunnel. The outer DSCP value on the tunnel header can also be modified or copied from the inner packet.

Default Weight and Traffic Class Mapping

Example: In the diagram above, there are two traffic flows, one is voice which is con-sidered important, and another one is data which is considered less important. For inner packet DSCP tags, the customer decides to leave DSCP tags “as-is” for both voice and data. For outer packet DSCP tags, customer decides to copy DSCP values to outer packet for voice but changes outer packet DSCP tag to DSCP=0 for data.

WHITE PAPER

VeloCloud Dynamic


Page 8

Policing Traffic ClassIn legacy WAN networks, Service Providers and Enterprise have the ability to al-locate bandwidth or police traffic based on CoS offered by Service Provider. With SD-WAN, there is a need to apply similar concept to the WAN overlay that may include one or more transports from multiple Service Providers. IT administrator may want to police high priority Business Collaboration traffic on the aggregated overlay tunnel to ensure a Service Provider offered SLA is honored or proactively police non-critical applications for security or QoS compliance reasons. To accom-modate these use cases, policing can be defined for Traffic Class (i.e., Service Class and Priority).

Example: A customer has 90 Mbps Internet and 10 Mbps MPLS in the network and the aggregated bandwidth is 100 Mbps. Based on the default weight and Traffic Class mapping described in the QoS Scheduling section above, all applications within Busi-ness Collaboration categories will be guaranteed a bandwidth of 35 Mbps; at the same time, SP can enable policer on this Traffic Class, so all the applications included in this Traffic Class will be policed at 35 Mbps when there is no congestion in the network.

Policing MPLS CoSFor a private link that has CoS agreement with MPLS provider, SP will guarantee a different SLA for each CoS on MPLS Link. DMPO can treat each CoS as a differ-ent link and can take granular application aware decisions for private link with CoS agreements. A policer can be defined for a MPLS CoS underlay to ensure Service Provider committed bandwidth SLAs are being honored by the customer.

Example: The customer branch edge has 10 Mbps MPLS and SP offers 40% band-width SLA for CoS1 (DSCP=EF, CS5) which is for real time traffic and 60% is for the rest of the traffic. SP will police their PE with aggregate rate of 10 Mbps and also police rate for CoS1 traffic to not exceed (DSCP=EF, CS5) 4 Mbps. If CoS1 traffic via MPLS underlay exceeds 4 Mbps, packets will be dropped by Service Provider, thus impacting quality of service. A 4 Mbps policer for CoS1 on Edge ensures traffic in that class never exceeds 4Mbps. The rest of the traffic can burst up to link speed if no con-gestion exists and is guaranteed a minimum bandwidth during times of congestion.

WHITE PAPER

VeloCloud Dynamic


Page 9

Rate-Limiting an Application or CategoryRate limiting is offered in both inbound and outbound directions for a specific application. When a rate limit for the out-bound/inbound traffic is applied, under congestion, the traffic will be queued and when the queue is full, the packets will be dropped.

Example: Customer users try to access Hulu traffic. Outbound request traffic is small and most of the traffic is inbound. In traditional WAN, by the time traffic gets to the edge router it is too late to know that the link doesn’t have enough bandwidth and WAN link can get congested. Velo-Cloud Cloud-Delivered SD-WAN inbound QoS can request a streaming application to back off and ensure Hulu traffic doesn’t exceed configured inbound bandwidth.

Multi-Source Inbound QoSVeloCloud Cloud-Delivered SD-WAN enables multi-source inbound QoS which pro-actively measures the bandwidth usage with multiple remote peers, and will begin to regulate the traffic before congestion. Additionally, available bandwidth will be fairly distributed between direct internet traffic and all remote peers based on the quantity and priority of traffic that each remote device has to transmit.

Example: Consider a customer with the hub and spoke topology with the dynamic branch-to-branch functionality enabled. If an important video call is initiated from Branch 1 to Branch 2, these branches can talk over a dynamically established overlay tunnel. The challenge with the traditional WAN technologies is that the hub is un-aware of the high priority video call between the two branches. This might result in the hub sending low priority traffic towards the Branch 1 and causing quality issues for the important video sections. With VeloCloud Cloud-Delivered SD-WAN multi-source inbound QoS enabled, Branch 1 will proactively inform the hub to slow down the low priority traffic.

WHITE PAPER

VeloCloud Dynamic


Page 10

DMPO Tunnel Shaper for Service Providers with Partner GatewayService Providers may offer SD-WAN services at lower capacity compared to ag-gregated capacity of WAN links at the local branch. For instance, customers may have purchased a broadband link from another vendor and SP offering SD-WAN services and hosting VeloCloud Partner Gateway has no control over the underlay broadband link. In such situations, in order to ensure that the SD-WAN service ca-pacity is being honored and to avoid congestion towards Partner Gateway, SP can enable DMPO tunnel shaper between the tunnel and the Partner Gateway.

Example: As shown in the diagram above, the VCE has dual links, 20 Mbps Internet and 20 Mbps MPLS, with 35 Mbps SD-WAN service from SP. To ensure the traffic towards Partner Gateway doesn’t exceed 35 Mbps (X in the topology above), SP can place a tunnel shaper on the DMPO tunnel.

Business Priority MonitoringBased on designated priority, the application traffic can be monitored in real-time, and historical data can be retrieved. It can be viewed in the format of Bytes Re-ceived and Sent, Packet Received and Sent, and Average Throughput.

WHITE PAPER

VeloCloud Dynamic


Page 11

Business Policy Framework and Smart DefaultsIT administrator controls QoS, steering, and services to be applied to the applica-tion traffic through the Business Policy. Smart Defaults provides out-of-the-box Business Policy that supports over 2,500 applications. DMPO makes steering deci-sion based application type, real-time link condition (congestion, latency, jitter, and packet loss), and the Business Policy.

Each application is assigned a category. Each category has default action, which is a combination of Traffic Class (Priority and Service Class), Network Service, and Link Steering. In addition to the default application list, customer applications can be defined manually. At right is an exam-ple of Business Policy.

Traffic Class (Priority and Service Class)An application/category is assigned to Traffic Class based on the combination of Priority and Service Class and aggregated QoS treatment is applied to all the applications that fall into the same Traffic Class, including scheduling and policing (See the Application Aware Overlay QoS section for details).

Network ServicesThere are 4 types of Network Services – Direct, Multi-path, Cloud Proxy and Inter-net Backhaul. By default, an application is assigned one of the default Network Services, which can be modified by the user.

ɚ Direct: Typically used for non-critical, trusted Internet applications that should be sent directly, bypassing the DMPO tunnel. An example is Netflix, a service that is considered to be a non-business, high bandwidth application and should not be sent over the DMPO tunnels. The traffic sent directly can be load-balanced at the flow level. By default, all the low priority applica-tions are assigned to the Direct Network Service.

ɚ Multi-Path: Typically given to important applications.Multi-Path service assignment sends the Internet-based traffic to the VCG. Table 1 shows the default link steering and on-demand remediation technique for a given Service Class. By default, high and normal priority applications are given the Multi-Path action for Network Service.

ɚ Cloud-Proxy: Redirects the application flow to a cloud proxy, such as Web-Sense (now ForcePoint).

ɚ Internet Backhaul: Redirects the Internet applications to the specified En-terprise location that may or may not have the VCE. The typical use case is to force important Internet applications through a site that has security devices such as firewall, IPS, and content filtering before the traffic is al-lowed to exit to the Internet.

WHITE PAPER

VeloCloud Dynamic


Page 12

Below are the default values for Network Service action. Note that the VPN traffic is always sent through the tunnels (specifying Direct action for Network Service does not apply to VPN traffic).

Priority Destination: Internet(e.g. SaaS, Web traffic)

Destination: Within Enterprise VPN

High Multi-Path (through DMPO tunnels) Multi-Path (through DMPO tunnels)

Normal Multi-Path (through DMPO tunnels) Multi-Path (through DMPO tunnels)

Low Direct Multi-Path (through DMPO tunnels)

Link SteeringIn the Business Policy, there are four link steering modes: auto, by transport group, by WAN link and by Interfaces.

Link Selection: AutoBy default, all applications are given the automatic Link steering mode. This means DMPO automatically picks the best links based on the application type and auto-matically enables on-demand remediation when necessary. There are four possible combinations of Link Steering and On-demand Remediation for Internet appli-cations. As mentioned earlier, traffic within the Enterprise (VPN) always goes through the DMPO tunnels, hence it always receive the benefits of on-demand remediation..

Service Class Destination: Internet Network Service: Multi-PathLink Steering: Auto

Destination: Internet Network Service: DirectLink Steering: Auto

Real-Time Link Selection Behavior

Per-Packet Steering Flow Based Load Balancing

On-demand Remediation

FEC and Jitter Buffer

Transactional Link Selection Behavior

Per-packet Load Balancing Flow Based Load Balancing


NACK

Bulk Link Selection Behavior

Per-packet Load Balancing Flow Based Load Balancing


NACK

WHITE PAPER

VeloCloud Dynamic


Page 13

The following examples explain the default DMPO behavior for different applica-tion types and link conditions.

Scenario Expected DMPO Behavior

1 At least one link that satisfies the SLA for the application.

Pick the best available link.

2 Single link with packet loss exceeding the SLA for the application.

Enable FEC for the real-time applications sent on this link.

3 Two links with loss on only one link. Enable FEC on both links.

4 Multiple links with loss on multiple links. Enable FEC on two best links.

5 Two links but one link appears unstable, i.e. missing three consecutive heartbeats

Mark link un-usable and steer the flow to the next best available link.

6 Both jitter and loss on both links. Enable FEC on both links and enable jitter buffer on the receiving side. Jitter buffer is enabled when jitter is greater than 7 ms for voice and greater than 5 ms for video. The sending DMPO endpoint notifies the receiving DMPO endpoint to enable jitter buffer. The receiving DMPO endpoint will buffer up to 10 packets or 200 ms of traffic, whichever happens first. The receiving DMPO endpoint uses the original timestamp embedded in the DMPO header to calculate the flow rate to use in de-jitter buffer. If flow is not sent at a constant rate, the jitter buffering is disabled.

Link Steering by Transport GroupDifferent locations may have dif-ferent WAN transports (e.g. WAN carrier name, WAN interface name); DMPO uses the concept of Transport Group to abstract the underlying WAN carriers and interfaces from the Business Policy configuration. The Business Policy configuration can specify the transport group (public wired, public wireless, private wired, etc.) in the steering pol-icy so that the same Business Policy configuration can be applied across different device types or locations, which may have completely different WAN carriers and WAN interfaces. When the DMPO performs the WAN link discovery, it also assigns the transport group to the WAN link. This is the most desirable option for specifying the links in the Business Policy because it eliminates the need for IT administrators to know the type of physical connectivity or the WAN carrier.

WHITE PAPER

VeloCloud Dynamic


Page 14

Link Steering by WAN LinkThe WAN interface is con-nected to a WAN carrier, which is specific to the lo-cation of the VCE. DMPO automatically detect the WAN carrier by doing GeoIP lookup, or the IT administrators can specify the WAN carrier. Addition-ally, link steering can also be based on private line CoS, which is specified on the WAN overlay.

Example: The customer MPLS CoS agreement includes three Classes of Service: CoS1 (CS5, EF), CoS2 (AF41, CS4) and CoS5 (AF21, CS2) with guaranteed bandwidth of 60%, 20% and 20% respectively defined on the WAN overlay. MPLS CoS 1 ensures a maximum bandwidth of 60%.

In the Business Policy, link steering can be selected between Internet, MPLS - CoS1, CoS2 or CoS5.

Link Steering by InterfaceThe link steering policy can be ap-plied to the interface, i.e., GE2, GE3, which will be different depending on the VCE model and the location. This is the least desirable option to use in the Business Policy because IT administrators have to be fully aware of how the VCE is connected to be able to specify which interface to use.

WHITE PAPER

VeloCloud Dynamic


Page 15

For link steering by transport group, by interface and by WAN Link, there are three possible link steering sub options – Preferred, Mandatory, and Available.

Mandatory Link SteeringPin an application to a path even when the link fails. Example: PCI

Preferred Link SteeringPrefer application on a path but steer away if it cannot meet SLA. Example: VoIP

Available Link SteeringPrefer application on a path but steer away if the link fails. Example: Web Browsing

Mandatory Pin the traffic to the link or the transport group. The traffic is never steered away regardless of the condition of the link, including outage. On-demand remediation is triggered to mitigate brownout conditions, such as packet loss and jitter.

Example: Netflix is a low priority application and is required to stay on the public wired links at all times.

PreferredPick the preferred link as long as the SLA is met, and steer traffic to other links once the preferred link cannot deliver the SLA needed by the application. In the situation when there is no available link to steer to, e.g. all links fail to deliver the SLA needed by the application, on-demand remediation is enabled. Alternatively, instead of steering the application away as soon as the current link cannot deliver the SLA needed by the application, DMPO can enable the on-demand remediation until the degradation is too severe to be remediated, at which point the DMPO will steer the application to the better link.

Example: Customers prefer to have the video collaboration application on the Inter-net link until it fails to deliver the SLA needed by video, then steer to the private link.

AvailablePick the available link as long as the link is up. If the link fails to deliver the SLA, DMPO enables the on-demand remediation. DMPO will not steer the application flows to another link unless the original link is completely down.

Example: Web traffic is backhauled over the Internet link to the hub site using the Internet link as long as the link is active, regardless of SLA.

WHITE PAPER

VeloCloud Dynamic


Page 16

DMPO Real World Results

Scenario 2: File Transfer from Box.com on Dual LinksResults here demonstrate benefits of bandwidth ag-gregation and on-demand remediation for a 50MB file download from Box.com on dual 20Mbps links with tra-ditional WAN and VeloCloud SD-WAN.

Scenario 1: Branch- to-Branch VoIP Call on Single Link Results here demonstrate benefits of on-demand remediation using FEC and jitter remediation on a single Internet link with traditional WAN and VeloCloud SD-WAN.

Scenario 3: Branch-to-Branch Video Call on Dual LinksResults here demonstrate benefits of sub-second blackout protection by steering application flows onto Internet links and on-demand remediation at the same time on the Internet link with VeloCloud SD-WAN.

WHITE PAPER

VeloCloud Dynamic


Page 17

Secure Traffic TransmissionFor private or internal traffic, DMPO encrypts both the payload, which contains the user traffic, and the tunnel header with IPSec transport mode end-to-end. DMPO supports AES128 and AES256 encryption standards and SHA2/SHA1 algorithms for integrity. IKEv2 is used for key management and PKI - for authentication.

Ports UsedBoth data and control traffic uses UDP port 2426.

SummaryVeloCloud Dynamic Multi-path Optimization (DMPO) enables application-aware dynamic per-packet steering, on-demand remediation and overlay Quality of Ser-vice; DMPO ensures optimal SD-WAN performance for the most demanding appli-cations over any transport (Internet or Hybrid) and any destination (On-Premises or Cloud).

VeloCloud Networks, Inc., the Cloud-Delivered SD-WANTM company, Gartner Cool Vendor 2016 and a winner of Best Startup of Interop, simplifies branch WAN networking by automating deployment and improving performance over private, broadband Internet and LTE links for today’s increasingly distributed enterprises. For more information, visit www.velocloud.com and follow the company on Twitter @Velocloud.

© 2017 VELOCLOUD NETWORKS, INC. ALL RIGHTS RESERVED.

Documents

VeloCloud Dynamic Multipath Optimization · VeloCloud Dynamic Multipath Optimization Page 5 Bandwidth Aggregation For applications that can benefit from more bandwidth, e.g. file