In MEF SD-WAN Service Specification WG, there has been a lot of discussion on Application Flow Based Segmentation. Application Flow based Segmentation refers to separating traffic based on business and security needs, e.g. having different topology for different traffic types or users/apps. For example, retail business requires traffic from payment applications in all branches only go to the Payment Gateway in its HQ Data Centers, whereas other applications can be multi-point (in Cloud DC too). Segmentation is a feature that can be provided or enabled for a single SDWAN service (or domain). Each Segment can have its own policy and topology. In the figure below, the traffic from the Payment application (Red Dotted line) is along the Tree topology, whereas other traffic can be multipoint to multi point topology as in VRF.
Segmentation is analogous to VLAN (in L2 network) and VRF (in L3 network). But unlike VRF where all the intermediate nodes can forward per VRF, in SDWAN Overlay, the multipoint to multipoint WAN is an overlay network. If using IPsec Point to Point tunnel, there would be N*(N-1) tunnels, which is too many to many. Does anyone know an existing protocol that can handle the above scenario described in https://datatracker.ietf.org/doc/draft-dunbar-bess-bgp-sdwan-usage/ Thank you very much. Linda Dunbar
_______________________________________________ BESS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bess
