Cisco SDWAN johcurra 2017-11-03 -...
Transcript of Cisco SDWAN johcurra 2017-11-03 -...
John M CurranSystems Engineer
Introduction and Technical Deep DiveCisco SD-WAN
Viptela Confidential2
Why SD-WAN
High Customer Demand & Rapid Adoption
Explosive Market Growth & Revenue Opportunity
1Gartner Predicts 2016: Enterprise Networks and Network Services, Dec 2015 2Gartner Predicts: SD-WAN and Its Impact on Traditional Router and MPLS Services, Nov 2016Revenue, Worldwide, 2016-2020 3IDC Forecasts Strong Growth for Software-Defined WAN As Enterprises Seek to Optimize Their Cloud Strategies, March 2016
Disrupt or be Disrupted
By the end of 2019, 30% of enterprises will have deployed SD-WAN technology in their branches, up from less than 1% today.1
The overall branch office router marketing will experience a CAGR of -6.3% and the legacy router segment will experience a -28.1% CAGR by the end of 2020.2
SD-WAN Technology and Services market poised to reach $6 Billion by 2020.3
Viptela Confidential4
• It costs too much • It’s complex to install and manage• It underperforms• It’s not secure
Why SD-WAN Matters to CustomersLegacy WAN Architecture Does Not Meet the Needs of the Business
Customers Need a Better Way
Viptela Confidential5
5X Cloud PerformanceCloud Aware architectures and SLA-based traffic steering deliver blazing
performance for applications like O365, AWS, SFDC and more
10X More BandwidthNo capacity restraints. No choke points.
Instantly add bandwidth anytime, anywhere based on application requirements
50% Lower CostReduced CapEx and bandwidth
expense. Simplified management. Rapid troubleshooting
Enterprise class SD-WAN that is Simple to Operate, Secure and is
built for the Cloud
Viptela: The Leader in SD-WAN Innovation
Separation of management, control, data for scaling
Redundant management—cloud or on premises
Zero-touch provisioning in minutes, not days
Full segmentation support for fast app deployment
Choice of topologies with point-and-click
Complete visibility from single pane of glass
Comprehensive and Flexible to Fit Your Business
OR OR OR
PHYSICALSECURE ROUTERS
VIRTUALSECURE ROUTERS
IN-HOUSE IT
MANAGED SERVICE
CAPEX WITH ANNUAL SUBSCRIPTION
ENTERPRISE-BASED AGREEMENT
SD-WAN Enterprise Grade CapabilitiesReducing Cost and Complexity for Agile IT
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Viptela Company Overview
Viptela Confidential8
Viptela At A Glance
$110M VC funding: Sequoia, Redline, Northgate
6 Continents
40 Fortune-500 customers
35,000 Devices deployed
8 Tier-1 Carriers & Global SIs
24x7x365Support
Global Distributionand RMA
Training and Certification
Retail
Hospitality
Financial
Transport
Healthcare Manufacturing
Gov Tech
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CHALLENGES VIPTELA SOLUTION BUSINESS OUTCOMES
Case Studies: GAPGlobal Retailer Case Study: Cloud onRamp
Enabled Cloud-Based Healthcare
Apps
Zero Outages
Adding Bandwidth 120 à 2 days
10x Bandwidth
No wasted engineering hours
Outages at Clinics
Couldn’t enable SaaS Apps
Need to add to Office365 and Cloud-based Voice
MPLS à MPLS+ broadband
Cloud-based EMR enabled
Next Phase: Migrate Office 365, Voice to Cloud
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CHALLENGES VIPTELA SOLUTION BUSINESS OUTCOMES
Case StudiesGloGlobal Retailer Case Study: Global Retailer
Reduction in WAN Costs
40%
26x Bandwidth improvement
5x Improvement store conversions
$20M Saved over 3-years
Reduce OpEx and CapEx costs
Re-energize customer in-store experience
Improve mobile application performance
Viptela SEN infrastructure
1600 stores globally
MPLS à dual broadband
7 Segments – PCI, guest WiFi, security
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CHALLENGES VIPTELA SOLUTION BUSINESS OUTCOMES
Technology Silos Consolidated
46
14 to 1 Carrier MPLS VRFs
Months to weeks rapid M&A onboarding
46 Portfolios consolidated
Rapid M&A integration
14 different environment, 8 carriers
Massive migration to O365 & AWS
Business unit segmentation
Viptela SEN infrastructure
Enable active active à MPLS + internet
Case Study: Global Industrial Firm
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CHALLENGES VIPTELA SOLUTION BUSINESS OUTCOMES
Less time for deployingnew branch
WAN
80%
20x Bandwidth Improvement
4x Improvement in app performance
50 Sites deployed per night
1000 Devices upgraded in 4 hours
1.5 Engineering hours plan / site(contrast with 40 hours earlier)
High bandwidth apps (HD Video)
Improve application performance
Simplify branch IT operations (incl ATMs)
Viptela SEN infrastructure
3000 locations
Augment MPLS with broadband
Case Study: Banking – Fortune 500
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CHALLENGES VIPTELA SOLUTION BUSINESS OUTCOMES
Transformed Customer
Experience
Video and WiFi inside Branches
Faster Applications
Agile Operations
Business Continuity: Data loss Prevention and Backup
Customer Experience Applications • Self-service kiosks • Video conf with live experts • New Retail Bank AppsSimplify branch IT operations (incl ATMs)Improve Business continuity with Data loss prevention, backups
Verizon Managed SD-WAN with Viptela SEN
1400 locations
Augment MPLS with LTE
Case Study: Network As a Service
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANSolution Elements and Overview
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WAN Solution PhilosophyMost Comprehensive Solution on the Market
Transport Independent Fabric
CellularMPLSBroadband
Delivery Platform
QoS
Application PoliciesSecurity
Per-SegmentTopologies
Segmentation Svc Insertion
CloudPath
Application SLA
SecurePerimeter
TrafficEngineering
SurvivabilityRouting
Analytics
Monitoring
Operations
TransportHub
Multicast
CloudAccel
Cisco SD-WAN ArchitectureThe Power of Abstraction
Management Plane
Control Plane
Data Plane
APIs
vSmart Controllers
vAnalytics 3rd PartyAutomation
vManage
Data Center Campus Branch SOHOCloud
vBond
vEdge Routers
4GMPLS
INET
Orchestration Plane
Cisco SD-WAN Solution ElementsOrchestration Plane
APIs
vSmart Controllers
vAnalytics 3rd PartyAutomation
vManage
Data Center Campus Branch SOHOCloud
vBond
vEdge Routers
4GMPLS
INET
• Orchestrates connectivity between management, control and data plane
• First point of authentication• Requires public IP Address• Facilitates NAT traversal• All other components need to
know the vBond IP or DNS information
• Authorizes all control connections (white-list model)
• Distributes list of vSmarts to all vEdges
Orchestration Plane
Cisco vBond
Cisco SD-WAN Solution ElementsManagement Plane
Management Plane
Cisco vManage
• Single pane of glass for Day0, Day1 and Day2 operations
• Real time alerting
• Centralized provisioning• Configuration standardization• Simplicity of deploying• Simplicity of change• Supports
• REST API• CLI• Syslog• SNMP• NETCONF
vSmart Controllers
vAnalytics 3rd PartyAutomation
vManage
Data Center Campus Branch SOHOCloud
vBond
vEdge Routers
4GMPLS
INET
APIs
Cisco SD-WAN Solution ElementsControl Plane
Control Plane
Cisco vSmart
• Centralized brain of the solution• Facilitates fabric discovery
• Establishes OMP peering with all vEdges
• Implements control plane policies, such as service chaining, traffic engineering and per VPN topology
• Dramatically reduces complexity of the entire network
• Distributes connectivity information between vEdge
• Orchestrates secure data plane connectivity between vEdges
vSmart Controllers
vAnalytics 3rd PartyAutomation
vManage
Data Center Campus Branch SOHOCloud
vBond
vEdge Routers
4GMPLS
INET
APIs
Cisco SD-WAN Solution ElementsData Plane Data Plane
Physical/Virtual
Cisco vEdge
• WAN edge router• Provides secure data plane with
remote vEdge routers• Establishes secure control plane
with vSmart controllers (OMP)• Implements data plane and
application aware routing policies
• Exports performance statistics• Leverages traditional routing
protocols like OSPF, BGP and VRRP
• Support Zero Touch Deployment• Physical or Virtual form factor
APIs
vSmart Controllers
vAnalytics 3rd PartyAutomation
vManage
Data Center Campus Branch SOHOCloud
vBond
vEdge Routers
4GMPLS
INET
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco vEdge Routers
Small OfficeHome Office
100Mb
1Gb
1/10Gb
BranchCampus
Large CampusData Center
Virtualized BranchCloud
vEdge Cloud
vEdge 2000
vEdge 1000
vEdge 100
ControllersCloud or On-Premise Delivered
Physical Server
vManage vSmart vSmart
VM
vContainer
vBond*
* Can be deployed as physical vEdge appliance
On-Premise
ESXi or KVM
vManage vSmart vSmartvBond
Hosted
VM
vContainer
AWS or Azure
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANTechnology Deep Dive
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANZero Trust Fabric
Cisco vEdge Router Identity• Each physical vEdge router is uniquely
identified by the chassis ID and certificate serial number
• Certificate is stored in onboard Tamper Proof Module (TPM)- Installed during manufacturing process
• Certificate is signed by Avnet root CA- Trusted by Control Plane elements
• Symantec root CA chain of trust is used to validate Control Plane elements
• Alternatively, if used, Enterprise root CA chain of trust can be used to validate Control Plane elements- Can be automatically installed during ZTP
TPMChip
Root Chain
During Manufacturing
In Viptela Software
Device Certificate
Cisco vEdgeZero Touch Provisioning
Control and PolicyElements
Initial
cont
rol
com
mun
icatio
n
Initial
devic
e
conf
igura
tion
from
vMan
age Full Registration and
Configuration
vEdge
5
* Factory default config
Assumption:§ DHCP on Transport Side (WAN)§ DNS to resolve ztp.viptela.com*
§ Delivered as-a-Service
3
4
Zero Touch ProvisioningServer
Query to
ztp.viptela.comRedirect to corporate
orchestrator
1
2
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANFabric Operation
Overlay Management Protocol (OMP)Unified Control Plane
• Runs on top of TCP, extensible control plane protocol
• Runs between vEdge routers and vSmartcontrollers and between the vSmartcontrollers- Inside TLS/DTLS connections
• Advertises control plane contextvSmart vSmart
vSmart
vEdge vEdgeVS
Note: vEdge routers need no control connections amongst them
Bidirectional Forwarding Detection (BFD)
vEdge vEdge
vEdge
vEdge vEdge
• Path liveliness and quality measurement detection protocol- Up/Down, loss/latency/jitter, IPSec
tunnel MTU
• Runs between all vEdge and vEdge Cloud routers in the topology- Inside IPSec tunnels- Automatically invoked after each IPSec
tunnel establishment- Cannot be disabled
• Uses hello (up/down) interval, poll (app-aware) interval and multiplier for detection- Fully customizable per-vEdge, per-color
Transport1
Transport2
§ Each vEdge advertises its local IPsec encryption keys
§ Encryption key is per-transport
Local Keys
vSmartControllers
vEdgevEdge
§ Keys are rotated frequently through OMP
Traffic Encrypted with
Traffic Encrypted with
Data Plane PrivacyTraffic Encryption
Control Plane
OMPUpdate
OMPUpdate
AES256-GCM
Remote Keys
Local Keys
Remote Keys
TLOCs TLOCs
OMP Update:§ Reachability – IP Subnets, TLOCs§ Security – Encryption Keys§ Policy – Data/App-route Policies
BGP, OSPF, Connected, Static
BFDIPSec Tunnel
OMPDTLS/TLS Tunnel
Transport1
Transport2VPN1
A
VPN2
B
VPN1
C
VPN2
D
BGP, OSPF, Connected, Static
vSmart
OMPUpdate
OMPUpdate
vEdge vEdge
Subnets Subnets
TLOCs TLOCs
Policies
Fabric Operation Fabric Walk-Through
OMPUpdate
OMPUpdate
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANApplication Experience and QoS
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application Visibility
Deep Packet Inspection
ü App Firewall
ü Traffic prioritization
ü Transport selection
vEdge Router
App 1
App 2
App 3,000
4G/LTE
MPLSInternet Data Center
CampusBranch
Small OfficeHome Office
Cloud Data Center
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Critical Applications SLA
Path1: 10ms, 0% loss, 5ms jitterPath2: 200ms, 3% loss, 10ms jitterPath3: 140ms, 1% loss, 10ms jitter
vManage
App Aware Routing PolicyApp A path must have:
Latency < 150msLoss < 2%
Jitter < 10ms
Path 1
Path 3
Path 2
vEdgeRouter
vEdgeRouter
§ vEdge Routers continuously perform path liveliness and quality measurements
Device QoS(shaping, policing, queuing, marking)
Internet
MPLS
4G LTE
Optimal Application Throughput
• High latency path between users and servers, i.e. geo-distances
• vEdge routers terminate TCP sessions and provide local acknowledgements to prevent TCP windowing from reacting
• Selective acknowledgements prevents unnecessary retransmit of the successfully received segments
• Hosts using old TCP/IP stacks will see the most benefit
Users ServersHigh Latency Path
vEdgevEdge
TCP Connections TCP ConnectionsOptimized
TCP Connections (Cubic)
SD-WANFabric
Application OptimizationTCP Performance Optimization
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANSegmentation and Service Insertion
Cisco SD-WAN VPNsvEdge Router Security Zones
MPLS
INET
Transport(VPN0)
Service(VPNn)
Management(VPN512)
IF
• VPNs are isolated from each other, each VPN has its own forwarding table
• Reachability within VPN is advertised by the OMP
IF,Sub-IF
IF,Sub-IF
IF,Sub-IF
IF,Sub-IF
TransportsTransports
Site 1
Site 2
Data Center
VPN A
VPN B
VPN C
IPSec
20IP
8UDP
36ESP
4VPN
…Data
Label
§ Isolated virtual private networks across any transport
§ VPN mapping is based on physical vEdge Router interface, 802.1Q VLAN tag or a mix of both
§ VPN isolation is carried over all transports- https://tools.ietf.org/html/rfc4023
802.1q
802.1q
IF
IF
IF
IF
End-to-End SegmentationVirtual Private Networks and Mapping
Application Aware TopologiesArbitrary VPN Topologies
VPN1
Full-Mesh
VPN2
Hub-and-Spoke
VPN3
Partial Mesh
VPN4
Point-to-Point
Unified Communications
SecurityCompliance
RegionalServices
PartnerConnectivity
• Leverage control policies to influence per-VPN topology
L4-L7 Service InsertionRegional Secure Perimeter
Data Center
Remote Office
Regional Hub
MPLS INET
4G
L4-L7 ServiceAdvertisement
PolicyAdvertisement*
vSmart
VPN1
VPN1
Traffic Path
Control Plane
FW
* For data policy only. Control policy enforced on vSmart.
VPN1
• Can chain numerous L4-L7 services
Protected Compute Resources
Regional Secure
PerimeterCampus
Small OfficeHome Office
Branch
FirewallsIDS/IPS/DLP
FirewallsIDS/IPS/DLP
Data Center
CloudData Center
Data Center
Application Traffic SecurityRegional Secure Perimeter
Secure SD-WANFabric
ServiceAdvertisement
Service InsertionPolicy
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANCloud Adoption
Application Quality Probing
RegionalHub
Remote SiteISP2
ISP1
SD-WANFabric
Loss/Latency
!
Data Center
Cloud onRamp for SaaSSaaS Optimization
Data Center
RegionalHub
Remote Site
SD-WANFabricMPLS
ISP1
Loss/Latency
!
ISP2
Remote Site
SD-WANFabric
Branch
Campus
CloudData Center
Compute VPC/VNET
Compute VPC/VNET
Cloud onRamp for IaaS IaaS
Remote Site
SD-WANFabric
Branch
Campus
CloudData Center
Compute VPCs/VNETs
Gateway VPC/VNET
BGPBGP BGP
IPSec Tunnel
Cloud SecuritySaaS and Internet Security
GRE Tunnel
Remote Site
ISP1
ISP2
Exploits ATP Malware Botnets
POP1 POP2
Remote Site
ISP1
ISP2
DNS Query
Client
• Eliminates backhaul of traffic destined to Internet and cloud applications
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANHigh Availability and Redundancy
Viptela Confidential84
Site Redundancy - Routed
§ Redundant pair of vEdge routers operate in active/active mode
§ vEdge routers are one or more Layer 3 hops away from the hosts
§ Standard OSPF or BGP routing protocols are running between the redundant pair vEdgerouters and the site router
§ Bi-directional redistribution between OMP and OSPF/BGP and vice versa on the vEdgerouters
§ Site router performs equal cost multipathingfor remote destinations across SD-WA Fabric- Can manipulate OSPF/BGP to prefer one vEdge
router over the other
vEdge A
Host
vEdge BOSPF/BGP OSPF/B
GP
SiteRouter
SD-WANFabric
Viptela Confidential85
Site Redundancy - Bridged
§ vEdge routers are Layer 2 adjacent to the hosts- Default gateway for the hosts
§ Virtual Router Redundancy Protocol (VRRP) runs between the two redundant vEdgerouters- Active/active when using multigroup
§ VRRP Active vEdge responds to ARP requests for the virtual IP with its physical interface MAC address
§ In case of failover, new VRRP Active vEdgerouter sends out gratuitous ARP to update ARP table on the hosts and mac address table on the intermediate L2 switches
vEdge AVRRP Active
Host
vEdge BVRRP Standby
SD-WANFabric
Viptela Confidential86
Transport Redundancy - Meshed
MPLS Internet
§ vEdge routers are connected to all the transports
§ When transport goes down, vEdge routers detect the condition and bring down the tunnels built across the failed transport- BFD times out across tunnels
§ Both vEdge routers still draw the traffic for the prefixes available through the SD-WAN fabric
§ If one of the vEdge routers fails, second vEdge router takes over forwarding the traffic in and out of site- Both transport are still available
Site Network
vEdgevEdge
Viptela Confidential87
Transport Redundancy – TLOC Extension
MPLS Internet
Site Network
vEdgevEdge
§ vEdge routers are connected only to their respective transports
§ vEdge routers build IPSec tunnels across directly connected transport and across the transport connected to the neighboring vEdge router- Neighboring vEdge router acts as an
underlay router for tunnels initiated from the other vEdge
§ If one of the vEdge routers fails, second vEdge router takes over forwarding the traffic in and out of site- Only transport connected to the remaining
vEdge router can be used
VRRP OSPF/BGP
OSPF/BGP
INET INETMPLSMPLS
INET
MPLS
Site
DataCenter
MPLS
INET
vSmart Controllers
Control
Data
Site Redundancy Transport Redundancy
Network/Headend Redundancy Control Redundancy
High Availability and RedundancyConnectivity Assurance
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANAnalytics
Viptela Confidential101
vAnalytics
Visibility
Forecasting
What-If
Recommendations
• Offered as a SaaS Service
• Multi-customer sourced data
• Anonymous data-collection
• Reports for Customers, Partners and Viptela
• Included with Enterprise License tier
Viptela Confidential102
vAnalytics Dashboard
Viptela Confidential103
vAnalytics Main Characteristics
Application/Flow Centric• Based on DPI and cflowd
• Bandwidth Usage- Top sources, destinations apps- Per-Site basis
• Application Performance• Application to tunnel binding and
performance information
• Anomaly Detection- Baseline of application usage- Anomaly detection based on
overall application usage (by application family, by site)
Network Centric• Site Availability
• Network Availability
• Site Usage Analysis- Top sites by bandwidth consumption- Historical bandwidth consumption
• Carrier Performance- App-Route stats on a per-carrier basis- Carriers health ranking
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANDemo
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Phase 2Platform Integration
Phase 1: At CloseNo Integration
vManage
vEdge
vManage
ISR4K + vEdge SW
Viptela Integration PlanPhase 3
Management Integration
vEdge
vManage + DNA Center
ISR4K + vEdge SWvEdge
Cloud-hosted Cloud-hosted
Platform: • As-isManagement:• vManage as-is
Platform: • vEdge capabilities integrated into all IOS-XE
platforms (ISR, CSR, ENCS, ASR1K)Management:• vManage for SD-WAN capabilities on IOS-XE
Management:• Cloud hosted DNA Center integrates vManage
capabilities• Full DNA Center capabilities (SWIM,
Assurance, Patch Management, Integrated workflows for SD-Access and SD-WAN)
Cloud-hosted
Support and Scale the current sales motion
Viptela SD-WAN on strategic ISR platform
Deliver end-to-end experience with full DNA integration
Dep
loym
ent S
cena
rios
Bene
fits
Det
ails
NEW
NEW
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
vManage
2-box solution: Possible Deployment Scenarios
ISR
TI / E! / DSL
Dep
loym
ent S
cena
rios
vEdge
ISR providing services
vManage
vEdge
Ethernet
ISR
vManage
ISR
TI / E! / DSL
vEdge
ISR providing T1/E1/DSL Connectivity
vManage
ISR
TI / E! / DSL
vEdge
WaaS
UC
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANPricing and Licensing
Perpetual costof Cisco
SD-WAN CPE hardware
Subscriptioncost of Cisco
SD-WAN software
(Includes SD-WAN controller
+ CPE software)
Operationalcost of Cisco
SD-WAN solution
1. Subscription* license (1YR, 3YR and 5YR) for Cisco SD-WAN software charged per CPE. This cost is dependent on two factors:
• Service bandwidth• Features
2. Perpetual cost of Cisco SD-WAN CPE** element.
*Note: Subscription cost of Viptela software includes cost of SD-WAN controllers, 24x7x365 Cisco SD-WAN support, next day hardware replacement for Cisco SD-WAN CPE, software upgrades on all components and the cost of hosting the Cisco SD-WAN controllers in the Cisco SD-WAN cloud.
**Note: CPE can be Cisco SD-WAN owned or in the case of Virtual CPE customer owned. Cost here implies Cisco SD-WAN CPE only.
Pricing ModelSubscription and Perpetual Elements
Plus Pro
Hub
Spoke Spoke Spoke
MPLS Internet Local breakout
Hub
Spoke Spoke Spoke
MPLS Internet
Spoke Spoke
Local breakout
Dynamic Routing
Dynamic Routing
Hub
Spoke Spoke Spoke
MPLS Internet
Spoke Spoke
Dynamic Routing
Dynamic Routing
SaaS onRamp
SD WAN controllers
AnalyticsSD WAN controllers
SD WAN controllers
AARAAR AAR
E2E Segmentation
E2E Segmentation
• Routing: Static• Topology: Hub-n-spoke only• Internet/Cloud: NAT, Split tunnel• Policy: Local ACL only, Data policy• QoS• SLA: Application aware routing (5 tuple only)• Visibility : DPI for visibility only
• Routing: Dynamic routing (OSPF/BGP)• Topology: Mesh topology• Internet/Cloud: Cloud onRamp for IaaS• Policy: Control policy• Segmentation: 5 VPNs (1+4)• SLA: Application aware routing (DPI)• Multicast
• Segmentation: Unlimited• Internet/Cloud: Cloud onRamp for SaaS • Analytics: vAnalytics platform
Enterprise
Features License Tiers