Riverbed SD-WAN

SteelConnect Overview
SteelConnect EX Overview
Johan Mertens – Riverbed SE
The Modern Digital Landscape

Users & Devices Applications & Data

© 2019 Riverbed Technology, Inc. All rights reserved. 2

 The Evolution to Digital Networking (Today)

Applications & Data

Users & Devices

Internet
Cloud

MPLS

Branch Data Center

© 2019 Riverbed Technology, Inc. All rights reserved. 3

Riverbed’s mission
PERFORMANCE
For the world’s largest organizations,
we deliver exceptional network
performance and visibility for any

APPLICATIONS
NETWORKS

WAN APPLICATION application.

OPTIMIZATION ACCELERATION

ü WAN Optimization
ü Application Acceleration
ü Network Performance Management
SOFTWARE- NETWORK ü Software-Defined WAN
DEFINED PERFORMANCE
WAN MANAGEMENT

VISIBILITY
© 2019 Riverbed Technology, Inc. All rights reserved. 4
Three Fundamental Trade-Offs

Hybrid Hybrid WAN & Untenable to

Apps & IT Internet-Only WAN Manage

Reduce Internet Broadband Unpredictable

Costs & LTE Performance

Good Direct Less

Experience Branch-to-Internet Secure

© 2019 Riverbed Technology, Inc. All rights reserved. 5

Three Fundamental Trade-Offs

Hybrid Hybrid AppsHybrid

/ IT WAN & Untenable to
SD-WAN
Apps & +
IT Agile Networking
Internet-Only WAN Manage

Reduce Internet Broadband Unpredictable

Costs & LTE Performance

Good Direct Less

Experience Branch-to-Internet Secure

© 2019 Riverbed Technology, Inc. All rights reserved. 6

Three Fundamental Trade-Offs

Hybrid Apps / IT
SD-WAN
+ Agile Networking

ReduceCost Effective
Internet Broadband Unpredictable
Acceleration
Costs + Fast & LTE Performance

Good Direct Less

Experience Branch-to-Internet Secure

© 2019 Riverbed Technology, Inc. All rights reserved. 7

Three Fundamental
Maximize Trade-Offs
Agility, Performance & Security
… without compromise.

Hybrid Apps / IT
SD-WAN
+ Agile Networking

Cost Effective
Acceleration
+ Fast

Good Best Experience

Direct Less
Security
+ Secure Branch-to-Internet
Experience Secure

© 2019 Riverbed Technology, Inc. All rights reserved. 8

 INTRODUCING

SteelConnect EX Series

© 2019 Riverbed Technology, Inc. All rights reserved. 9

 SteelConnect EX Solution Architecture
All elements can be
• Management & Analytics
deployed in high-availability.
SteelConnect EX
Director
Full Mesh or
SteelConnect EX
Hub and Spoke
Analytics

SteelConnect EX
Controller
• Route Reflector FlexVNF
• Secure Gateway to Broadband
Broadband
Broadband
Management Plane
MPLS
MPLS
MPLS
Data Center, AWS or Azure Hosted LTELTELTE
Data-Plane Flows

FlexVNF FlexVNF FlexVNF

© 2019 Riverbed Technology, Inc. All rights reserved. 10

 Components & Roles
Analytics collects data from SD-
WAN appliances and analyzes and
Director Analytics stores information
accessed by GUI or reports
Director is the management UI used to provision
SD-WAN appliances and system configuration

Controller DC Gateway
The controller acts as a route reflector
for SDWAN branches. It also controls IPSEC DC appliances use FlexVNF SW and run on
tunnel creation and sends a VM or baremetal boxes
security key information to branches

MPLS Internet

Branch appliances use FlexVNF SW and run

on a VM or baremetal boxes

Branch1 Branch2 Branch3

© 2019 Riverbed Technology, Inc. All rights reserved. 11

SteelConnect EX Series Gateway Appliances
SteelConnect EX 580 / 780 / 3080 appliances use the same
hardware configs as the SteelHead 580 / 780 / 3080 appliances.

EX-3080

6 Gbps
EX-780
SteelConnect Total SD-WAN
Model Throughput
4 Gbps EX-285 100 Mbps
EX-580
EX-385 200 Mbps

2 Gbps EX-485 750 Mbps

EX-685 2 Gbps

EX-580 2 Gbps
EX-685 EX-780 4 Gbps
750 Mbps
EX-3080 6 Gbps
200 Mbps SteelConnect EX x85 model appliances
have options for built-in LTE, WiFi & POE.
EX-485

EX-385

EX-285

Micro/Small Branch Medium Branch Large Branch Hub / Data Center

© 2019 Riverbed Technology, Inc. All rights reserved. RIVERBED CONFIDENTIAL. This roadmap is for information purposes only and is not a commitment, promise or legal obligation to deliver any new 12
products, features or functionality. The development, release, and timing of any features or functionality described remains at Riverbed's sole discretion.
3 methods of device bootstrapping

Global ZTP URL-Based ZTP Script-based “ZTP”

§ Use device S/N § An Encrypted URL is § Initial device login via

§ 2-factor auth optional generated for a device console or
§ Laptop connected to management port is
device required
§ Connect WAN port
§ User clicks on URL
§ Device completes
§ Device comes up configuration
§ 2-factor auth optional

© 2019 Riverbed Technology, Inc. All rights reserved. 13

URL ZTP 6) Controller notifies director that
branchxxx with serial number xxxxxx is
staging
1a) Configure Template/Device
SD-WAN
Controller Director configuration
1b) Ship branch to site

4) Branch sends IKE to controller with

serial number of device. IKE is sent over
VNI interface created by script 7) Director pushes configuration to
branch via controller with Netconf

5) If IKE is accepted, controller assigns IPSEC

tunnel address to branch to create a temporary
tunnel for staging

2) Connect to branch via console

or Ethernet

SD-WAN 8) Branch reboots if configuration

Branch FlexVNF pushed passes commit
3) Create initial config with
URL ZTP or script
© 2019 Riverbed Technology, Inc. All rights reserved. 14
 Connect Computer to Branch
Configuration Then click on activation
button

© 2019 Riverbed Technology, Inc. All rights reserved. 15

Connect Laptop to LAN port that will hand out DHCP address in 192.168.1.1 subnet.
SteelConnect EX Series
Functional Components
SteelConnect SteelConnect EX Appliances SteelConnect
Director Physical & Virtual Appliances Analytics
Branch Data Center Cloud

Multi-Function VNF Service Fabric

Big Data
Policy-based SD-WAN
Centralized Acceleration Security Platform for
Network &
Management
Security
App & Cloud Bandwidth Enterprise Dynamic Path Next-Gen IPS /
Acceleration Optimization Routing Control Firewall IDS

Physical Virtual

SteelConnect Controller
Fully Redundant SD-WAN & Security Controller (Control Plane)

© 2019 Riverbed Technology, Inc. All rights reserved. RIVERBED CONFIDENTIAL. This roadmap is for information purposes only and is not a commitment, promise or legal obligation to deliver any new 16
products, features or functionality. The development, release, and timing of any features or functionality described remains at Riverbed's sole discretion.
SteelConnect EX Series Orchestration &
Management
The Full Stack
Optimization &
Management App Acceleration
Templates NETCONF & API Visibility Air Gapped
Network Security
Optimization & App Acceleration
TCP / UDP SSL / HTTPS SaaS / IaaS Mobile
Deduplication Compression File / Email Video SD-WAN

Advanced Security
NG-GW DDoS Prevention IPS-IDS SSL Proxy Core Network
URL Filtering Malware Protection Anti-Virus User Auth. Services

SD-WAN key capabilities

IPSEC/VxLAN overlay Packet Cloning Flow/Packet LB LTE modem
Application SLA Packet Racing FEC WiFi

Enterprise Networking Stack

Enterprise Routing Multicast VRRP Enterprise QoS

Dual Stack IPv4/IPv6 Segmentation MP-BGP PPPoE

© 2019 Riverbed Technology, Inc. All rights reserved. RIVERBED CONFIDENTIAL. This roadmap is for information purposes only and is not a commitment, promise or legal obligation to deliver any new 17
products, features or functionality. The development, release, and timing of any features or functionality described remains at Riverbed's sole discretion.
Differentiation Cisco vmWare Silver
Riverbed Fortinet
Viptela Velocloud Peak
Large Large Mid-Market & Mid-Market Security
MARKET FIT Enterprise Enterprise Large Enterprise & SME
SD-WAN
• Enterprise-class routing / Brownfield integration

• Ease-of-management

• Path Resiliency / Link Conditioning

• Scalability

• Hub and Spoke / Full Mesh / Multi-mesh

• Visibility & Analytics

• IPv6 Support

SECURITY
• Next-Gen Firewall

• Next-Gen IPS

• Anti-virus / Malware

• Content / URL Filtering

• 3rd Party Service Chaining

APPLICATION ACCELERATION
• SaaS Acceleration

• IaaS Acceleration

• On-prem App Acceleration

• Deduplication & Compression

• Latency Mitigation

• Caching

© 2019 Riverbed Technology, Inc. All rights reserved. 18

SteelConnect EX Software
Secure SD-WAN License Tiers

Advanced • All Advanced SDWAN capabilities

• L4 - L7 Security and Unified Threat Management (UTM)

• Advanced SDWAN capabilities

Standard • For customers who require a better voice service (FEC, cloning etc)
• Provide User/User group based Traffic Engineering and SLA policy

• Core Network Services

Essentials • IPv4 and IPv6 support
• Multicast support
• SDWAN Full mesh or Hub & Spoke; Secure dynamic and encrypted overlays
• Application detection and visibility
• Application QoS
• Includes Layer-4 Stateful Security features like DOS Protection and SFW
• Advanced branch security (URL & IP filtering, blocking web access, ….)
• 3rd Party VNF support via uCPE

© 2019 Riverbed Technology, Inc. All rights reserved. 19

 SteelConnect EX uCPE Capability
• Load other VM’s on top of
SteelConnect EX

• L2 or L3 Service Chaining

• Packets can enter/exit a

third party VNF

• SteelConnect EX performs
service chain management

• Service Chain management

can be templatized
© 2019 Riverbed Technology, Inc. All rights reserved. 21
SteelConnect EX SD-WAN SLA Monitoring

SLA Monitoring does? SLA criteria Why SLA Monitoring?

Measures the performance of § Jitter Only SLA Monitoring makes

the WAN network § Latency decisions based on WAN
performance
§ Packet loss
- Use of Path resiliency
§ MOS Score mechanisms:
§ Link utilization - FEC
percentage - Packet Racing
- Packet Duplication
- ….

© 2019 Riverbed Technology, Inc. All rights reserved. 25

 Application Experience Based Traffic Steering
Traffic Steering
Traffic Steering based on Un-Encrypted L7 Application
Recognition √
Traffic Steering based on Encrypted L7 Application Recognition
√
Load balance and traffic steering across multiple paths based on
application SLA achievement, application type, Codec type, MOS
score based, time of day etc. √
TCP and HTTP (Application User Experience) Statistics based
traffic steering √
Active and Passive Monitoring of SaaS Apps
√
Traffic Conditioning

Packet Replication and Packet Stripping Support

√
FEC and MOS Score Support
√
© 2019 Riverbed Technology, Inc. All rights reserved. 26

26 | Copyright © 2016 Versa Networks Inc. All Rights Reserved—Company Confidential

Three Security Tiers

Next Generation Unified Threat

Stateful Firewall
Firewall Management

• Zone Protection. • Includes all SFW • Includes all NGFW

• DDoS features features
• Stateful Firewall • Application Control • Anti-Virus
• Application Visibility • URL Reputation and • IP Reputation and
• CGNAT Filtering Filtering
• Routing • User/Group Control • Intrusion Detection and
• QoS • SSL Inspection Prevention System
• IPSec VPN

© 2019 Riverbed Technology, Inc. All rights reserved. 28

 Thank You

© 2018 Riverbed Technology, Inc. All rights reserved. 33