What is new with the VeloCloud Software Release 3.3.2

WindstreamEnterprise
WindstreamEnterprise Administrator admin
edited October 2021 in Release Notes

VMware/VeloCloud SD-WAN Release 3.3.2 provides several new feature enhancements for Windstream.

 New Hardware Platforms

The following new hardware devices are also being released:

  • 610
  • 3400

Fortinet VNF

Fortinet ® Fortigate™ Virtual Appliances can now be deployed as Firewall VNF's on VMware SD-WAN Edge hardware. Only the 520v and 840 devices are currently supported.

 Internally the VNF service is designed as shown in the figure below. The VNF sits between the LAN interfaces and SD-WAN software. Traffic coming from the LAN going to the WAN is sent to the VNF first. The VNF inspects the traffic and then forwards it to the SD-WAN software on the box.

Traffic can be forwarded to the VNF selectively. In the figure below VLAN1 traffic is forwarded through the VNF, whereas VLAN2 traffic is sent directly to the SDWAN software.

image.png


LAN-Side NAT

The LAN-Side NAT feature allows for source or destination NAT rules to be applied to traffic before route and Business Policy lookups occur on the Edge. As a result, certain use cases such as branches with overlapping subnets can now be natively supported without a readdressing effort or the deployment of an external layer 3 device.

image.png

Last Known Good Device Settings

When an Edge successfully establishes a Management Channel, as in connects to an Orchestrator, it saves a copy of its working configuration as its "Last-Known-Good Device Settings".

If it was to lose connectivity to the Orchestrator as a result of certain configuration changes, it will automatically revert to its previous working configuration to reconnect to the Orchestrator. It will also log a critical event indicating that the last configuration change took down the Management channel.

The following changes could cause an Edge to lose its Management channel:

  • Adding an invalid static route
  • Configuring an incorrect IP address or next hop
  • Configuring an incorrect VLAN tag

High Availability (HA) Split-brain Detection and Prevention

The following HA enhancements were added to minimize the risk of Split-Brain condition:

  • In Standard HA (with a WAN switch present), heartbeats are sent via the WAN-side switch using ethertype 0x9999 in addition to the HA cable to maintain HA connectivity and prevent a split-brain scenario

Cluster LAN-side failure detection

In a clustered topology with dynamic routing enabled, if a Hub in the cluster loses all dynamic routes on the LAN and the other Hubs in the cluster do not, then the Gateway will rebalance or migrate the Edges from the Hub that has lost its dynamic routes.

   DISCLAIMER: There may be features listed here that do not get immediately implemented and may be added based on customer demand in the future. 


Categories