BESS participants: "SDWAN" networks is characterized by:
1. Augment of transport, which refers to utilizing overlay paths over different underlay networks. Very often there are multiple parallel overlay paths between any two SDWAN edges, some of which are private networks over which traffic can traverse without encryption, others require encryption, e.g. over untrusted public networks. 2. Enable direct Internet access from remote sites, instead hauling all traffic to Corporate HQ for centralized policy control. 3. Some traffic are routed based on application IDs instead of based on destination IP addresses. https://datatracker.ietf.org/doc/draft-dunbar-bess-bgp-sdwan-usage/ describes examples of using BGP UPDATE messages to achieve the SDWAN Application Based Segmentation, assuming that the applications are assigned with unique IP addresses. In the Figure below, the following BGP Updates can be advertised to ensure that Payment Application only communicates with the Payment Gateway: [cid:image001.png@01D5D851.C2B24030] BGP UPDATE #1 from C-PE2 to RR for the RED P2P topology (only propagated to Payment GW node: - MP-NLRI Path Attribute: * 30.1.1.x/24 - Tunnel Encap Path Attribute * IPsec Attributes for PaymentGW ->C-PE2 BGP UPDATE #2 from C-PE2 to RR for the routes to be reached by Purple: - MP-NLRI Path Attribute: * 10.1.x.x * 12.4.x.x - TunnelEncap Path Attribute: * Any node to C-PE2 Your feedback is greatly appreciated. Thank you very much. Linda Dunbar
_______________________________________________ BESS mailing list BESS@ietf.org https://www.ietf.org/mailman/listinfo/bess
