WAN Virtualization, the technology that enables SD-WAN, allows two or more sites to communicate over multiple diverse WAN links as if directly connected with a high-capacity point-to-point connection. A separate tunnel is created between each WAN link on the sites; the tunnels are monitored and traffic is routed over the various tunnels based on available bandwidth. Since traffic is dispersed over multiple tunnels, WAN Virtualization provides bandwidth aggregation as well as seamless failover in the event of WAN link failure.
LAN-to-LAN traffic over Public WAN Links
WAN Virtualization allows local and remote networks to communicate as if directly connected – LAN to LAN. To accomplish this, the Ecessa device identifies the traffic based on configured LAN identifiers (local and remote networks); the packet is then encapsulated using the Generic Routing Encapsulation (GRE) protocol; and if site encryption is enabled, the packet is then encrypted using IPSec.
Step 1 – A packet is received by the local Ecessa that matches the LAN-to-LAN criteria as configured on the device.
Step 2 – The Ecessa device encapsulates/encrypts the packet.
Step 3 – The Ecessa sends the packet out the public WAN link destined for the other side of the WAN virtualized tunnel.
Step 4 – The remote Ecessa device removes the encryption/encapsulation.
Step 5 – The Ecessa device forwards the packet to the host on the LAN. The packet keeps the original source and destination addresses, thus appearing as if the packet was sent over the LAN directly.