Which solution allows overlay VNs to communicate with each other in an SD-WAN Architecture?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
In an SD-WAN architecture, overlay VNs (Virtual Networks) are used to provide network segmentation and isolation. The VNs are typically created using technologies such as VXLAN or MPLS to create an overlay network on top of the physical network infrastructure.
To allow communication between overlay VNs, there are several possible solutions:
A. External fusion routers can be used to map VNs to VRFs and selectively route traffic between VRFs.
External fusion routers can be used to map each VN to a separate VRF (Virtual Routing and Forwarding) instance. The fusion router can then selectively route traffic between VRFs based on policies configured on the router. This approach requires additional hardware and configuration complexity, but it offers the most flexibility in terms of traffic routing and security policy enforcement.
B. GRE tunneling can be configured between fabric edges to connect one VN to another.
GRE (Generic Routing Encapsulation) tunnels can be used to create a virtual point-to-point connection between two fabric edges, each connected to a different VN. The traffic from one VN is encapsulated within GRE packets and sent to the other fabric edge, where it is decapsulated and forwarded to the destination VN. This approach requires additional overhead due to encapsulation and decapsulation, but it is relatively simple to configure and does not require additional hardware.
C. SGTs can be used to permit traffic from one VN to another.
SGTs (Security Group Tags) can be used to allow traffic between VNs based on predefined security policies. Each VN is assigned a specific SGT, and traffic is permitted or denied based on the SGTs of the source and destination VNs. This approach requires the use of SGT-aware network devices and a centralized policy server to manage the SGTs and policies.
D. Route leaking can be used on the fabric border nodes to inject routes from one VN to another.
Route leaking can be used to inject routes from one VN into the routing table of another VN. This approach requires configuration on the fabric border nodes to allow the leaking of routes between the VNs. It is relatively simple to configure, but it can be challenging to manage and can introduce potential security risks.
In summary, all of the above solutions can allow overlay VNs to communicate with each other in an SD-WAN architecture, but each has its own advantages and disadvantages. The choice of solution will depend on the specific requirements and constraints of the network deployment.