Abstract

In a Software-Defined Wide Area Network (SD-WAN), when a central control plane is installed it ideally first establishes Transport Layer Security (TLS) tunnels with edge devices and then forms data plane tunnels, such as Internet Protocol Security (IPsec) tunnels, which provide end-to-end connectivity between the edge devices. It is conventionally considered that the end-to-end connectivity provides more efficiency, but this may not be true for all types of traffic. For example, there may be scenarios in which tunnels can be formed between edge devices that are not performance efficient; thereby, causing exhaustion of central processing unit (CPU) resources, memory resources, etc., as well as potentially causing scalability issues and/or churning resources used in forming the tunnels and keeping them alive in an environment. Presented herein are techniques that provide tunnel establishment mechanisms through which efficient tunnels can be dynamically formed in SD-WAN network topologies by measuring the feasibility and desirability of any potential tunnel pair using either centralized or decentralized approaches. One potential benefit of the technique presented herein is the ability to dynamically provide the proven, most-efficient path between any two points (nodes) an SD-WAN network based on the capacity of the network devices involved in establishing and maintaining network links, along with an evaluation of the appropriateness of establishing such dynamic linkages.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Share

COinS