Overview of Riverbed Cloud Networking and SD-WAN
Riverbed Cloud Networking lets enterprises simplify their network configuration and management and helps enterprises intuitively manage networks based on parameters relevant to their businesses such as applications, users, locations, performance, and security across LAN, wireless LAN, WAN, and cloud Infrastructure-as-a-Service (IaaS) platforms.
The Riverbed solution provides an intelligent and intuitive approach to designing, deploying, and managing distributed networks for the modern hybrid enterprise. The solution consists of appliances and a centralized management console that the administrator uses to view network health, deploy appliances, and make changes to policies.
Riverbed Cloud Networking
The Riverbed Cloud Networking offering includes the following components:
This deployment guide provides detailed examples of validated designs for each series of appliances.
SteelConnect Manager
SteelConnect Manager (SCM) is a web-based, management portal that lets you design the network before deploying any hardware. You can use SCM to push configurations to the devices for deployment of infrastructure without the need for an engineer to be on-site. After deployment, SCM provides network visibility for manageability and troubleshooting and SCM manages all appliances, including all firmware upgrades.
SCM is offered primarily as a cloud SaaS service, but it is also available as an on-premises solution.
The SCM cloud SaaS service resides in the global Amazon Web Services (AWS) cloud public infrastructure and orchestrates a series of services hosted by Riverbed. Each service has dependencies that function as a part of the collective SteelConnect infrastructure.
SteelConnect appliances (gateways, switches, and access points) connect to core services, and the services associated with them, to find their assigned server. After an appliance is paired with SCM, it connects only to its corresponding SCM. Each SCM communicates through various services for updates regarding the appliance registration and management changes. All communication between the appliances and SCM, as well as all interoperating services inside of SCM, are authenticated through x509 certificate validation. These Riverbed-owned certificates are exchanged and validated for authenticity.
SD-WAN gateways
SteelConnect gateways are physical and virtual secure WAN gateways that provide unified connectivity (point-to-point and full-mesh) and enforcement of global policy across on-premises and cloud network environments, zero-touch provisioning, and secure automated VPN management.
Gateways are categorized into hardware and software appliances. The gateways automatically map into connected network segments, called zones, to:
•provide basic network services.
•handle one or more uplinks, either by concurrent use or as backup.
•enable policy enforcement.
•enforce security.
•enable extended reporting for connected zones.
•connect multiple sites with a secure, full-mesh VPN or a hub-and-spoke VPN deployment.
The SteelConnect gateway comes in various form factors to accommodate a variety of network architectures and complexities:
•Branch gateways - SteelConnect SDI-130, SD-130W, SDI-330, SDI-1030, and SDI-2030, and SteelHead SD 570-SD, 770-SD, and 3070-SD.
Note: SteelHead SD appliances deliver the benefits of SteelHead WAN optimization and SteelConnect SD-WAN while providing the flexibility of a single-box solution.
•Data center gateways - SDI-2030 and SDI-5030.
•SteelConnect gateway virtual machine (VM) - Available for various virtualization platforms in these image types:
–VMware
–VirtualBox
–KVM
–Hyper-V
–XenCenter
•Virtual gateways in IaaS cloud environments - Instances of the SteelConnect gateway of various sizes can be deployed in Amazon Web Services (AWS) or Azure. When you deploy a gateway in your cloud or multiple clouds, the RouteVPN feature lets you connect your data center to the cloud, or even multiple clouds.
Gateway form factors
WAN optimization with SteelHead (and SteelHead SD)
Starting with SteelConnect version 2.11, SteelHead SD appliances and the SDI-2030 gateway run different software than the SDI-130, SDI-130W, SDI-330, SDI-1030, and virtual SDI gateway/cloud SDI gateways. While the two families of appliances are fully interoperable and can be deployed seamlessly on the same network to form SD-WAN overlays across multiple WANs, SteelHead SD appliances and the SDI-2030 gateway provide support for these additional features:
•Active-active high-availability deployments
•Enterprise-class routing
•Advanced network topologies
SteelHead SD prior to version 2.0 ran a SteelConnect virtual gateway to provide SD-WAN services. If your network operates SteelHead SD 1.0, we recommend engaging your Riverbed account team or Riverbed Professional Services to get guidance, recommendations, and eventually on-site support to allow the smoothest transition to 2.0.
This version of the guide focuses on topologies with SDI appliances. SteelHead SD deployment details will be added as our technical teams establish best practices with customer deployments. For detailed SteelHead SD feature information and basic topologies, see the SteelHead SD User Guide.
The following table captures the capabilities per SteelHead SD and SteelConnect model.
Feature | SteelHead 570-SD, 770-SD, 3070-SD | SDI-2030 | SDI-130 | SDI-330 | SDI-1030 | SDI-5030 | Virtual GW | Cloud GW |
eBGP | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
iBGP | Yes | Yes | No | No | No | No | No | No |
OSPF single area | Yes | Yes | Yes | Yes | Yes | No | No | — |
OSPF multi-area ABR | Yes | Yes | No | No | No | No | No | — |
ASBR | Yes | Yes | Yes* (Underlay routing inter-working solution) | Yes* (Underlay routing inter-working solution) | Yes* (Underlay routing inter-working solution) | No | Yes* (Underlay routing inter-working solution) | No |
Route retraction | Yes | Yes | No | No | No | Yes | No | No |
Default route originate | OSPF/BGP | OSPF/BGP LAN and WAN | OSPF-only LAN | OSPF-only LAN | OSPF-only LAN | BGP only | OSPF-only LAN | No |
Overlay route injection in LAN | Yes | Yes | No | No | No | Yes | No | No |
Local subnet discovery | Yes | Yes | No | No | No | Yes | No | No |
Static routes | Yes | Yes (LAN and WAN) | Yes (3rd-party routes) | Yes (3rd-party routes) | Yes (3rd-party routes) | Yes | Yes (3rd-party routes) | Yes (3rd-party routes) |
VLAN support (LAN side) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | — |
1:1 Active-Active High Availability | Yes | Yes | No (Active-Passive HA) | No (Active-Passive HA) | No (Active-Passive HA) | No (HA cluster) | No (Active-Passive HA) | No (Active-Passive HA AWS) |
Brownfield transit for internet-only branch | Yes (As an edge device only) | Yes | Yes (As an edge device only) | Yes (As an edge device only) | Yes | Yes | Yes (As an edge device only) | Yes (As an edge device only) |
Native VLAN support | No | No | Yes | Yes | No | No | Yes | — |