How do you know a proposed SD-WAN implementation will work for your organization? The best way to answer that question is with formal SD-WAN testing during a proof of concept (POC) in which you deploy SD-WAN to a few sites/devices to evaluate its performance and functionality. This is the only way to accurately measure the performance difference against your current network implementation to visually see the performance gains, ease of management and cost reduction in migrating to SD-WAN. Listed below are Use Cases that AmZetta recommends you setup and configure for testing the SD-WAN POC.

Use Cases

Zero Touch Provisioning

AmZetta zWAN offers a cutting-edge zero touch provisioning feature, revolutionizing the way organizations deploy and manage their SD-WAN infrastructure. With zero touch provisioning, setting up new devices and branches becomes a breeze, eliminating the need for manual configurations and on-site technical support. By leveraging automated processes, zWAN enables rapid and error-free deployments, saving valuable time and resources. Through centralized management, administrators can remotely provision and configure zWAN devices, ensuring consistent network settings and security policies across the entire SD-WAN deployment. AmZetta zWAN’s zero touch provisioning not only simplifies network onboarding but also enhances scalability and agility, making it the preferred choice for organizations seeking an efficient and hassle-free SD-WAN solution.

Required Products: zWAN Director

Configuration Requirements: Must have multiple zWAN devices.

Test Case

1. 1. Create new Action Policies based on requirements.
   2. Install vEC on a new laptop.
   3. Go to the Onboarding section of zWAN Director and onboard vEC.
   4. To validate this, onboard a new device, then go into the Director and verify that the device is listed in Edge Controller List. Go into the device’s settings and validate that the proper settings are configured.

High Availability from a Failed WAN Link to the LTE Backup Link

This test is to simulate a primary WAN link failure to the EC or vEC. AmZetta offers a backup LTE service (T-Mobile) that will automatically takeover tunnel connectivity when the primary WAN link fails or is down. This is a very important feature for branch/remote offices and users working remotely. This feature allows for a redundant path to be in place to keep all users connected to their applications and services.

Required Products: zWAN EC or vEC

Configuration Requirements:

• Must have USB LTE Adapter & T-Mobile SIM installed for vEC.
• Must have T-Mobile SIM installed for the EC.

Test Case

1. Start running a workload through the zWAN vEC, any workload will do.
2. As that workload is generating traffic through the zWAN vEC, remove the physical connection to the primary WAN on the zWAN vEC.
3. Network failover from the physical WAN to the LTE service will happen automatically and your workload should continue running.

   

   NetBalancer must be properly configured for this feature.
4. To validate this test, please disable (or remove) one of the two (2) interfaces and you will see that traffic will seamlessly start flowing through the single interface.

VPN Replacement – Branch-to-Branch and Branch-to-DC Tunnel

AmZetta zWAN offers a powerful and innovative solution as a VPN replacement, transforming the way organizations establish secure and reliable connections across their network infrastructure. Traditional Virtual Private Networks (VPNs) often suffer from performance bottlenecks, limited scalability, and complex management. However, by leveraging zWAN’s cutting-edge features, businesses can seamlessly transition from traditional VPNs to a software-defined, application-centric approach. With zWAN, organizations can establish secure site-to-site and remote user connections, effectively extending their wide area network (WAN) capabilities. Through advanced encryption, traffic prioritization, and intelligent routing, zWAN ensures optimal application performance while safeguarding sensitive data. Embracing zWAN as a VPN replacement not only simplifies network management but also enhances overall security and agility, making it a compelling choice for modern businesses seeking a secure and efficient network connectivity solution.

Required Products: zWAN EC, vEC, and vCPE

Configuration Requirements: Proper network ports opened in datacenter and branch/endpoint.

Test Case

1. During POC setup, IPsec tunnels are created between the data center and all other branches and endpoint devices. These tunnels can be leveraged in order to allow access from the branches and/or endpoint devices back to data center resources. Simply ensure that the proper network ports are open.
   • Port 21, for example, for access to an FTP server
   • Port 3389, for example, for RDP access to a server
   • Any custom ports required for custom applications
2. Once ports have been properly configured, test access from a remote computer to the data center resource.
   • You may also do this for resources at other remote locations. For example, you can setup access from an endpoint at Branch A to an FTP server at Branch B. This access would go through the data center.
3. To validate this, please follow the steps below:
   • Ping the tunnel IP from vCPE to the EC/vEC using the utilities on each Edge Controller to test both ways.
   • Select an Edge controller
   • On the left pane select Utilities
   • In the IP address field enter the tunnel IP for the Edge Controller on the other end
   • EX:  If the DC is trying to ping the branch and the branch tunnel IP is 10.180.05, then that is what will be entered in the IP field from the DC Edge Controller.
   • Conversely, from the Branch Edge Controller go to Utilities and enter the the tunnel IP for the DC, so if that IP is 10.180.0.1 then from the Branch that would be entered in the IP filed, then “Run Checks”.
   • If the tunnel is established correctly DC and Branch should be able to ping each other.
   • A further step to check Branch to Branch communication would be to ping the Lan PC behind a branch Edge Controller. LAN IP’s can be found by going to DHCP on the left pane of the Edge Controller and then “Leases” which should show the active leases assigned to LAN PC’s. Back to Utilities now enter the LAN PC IP from the other branch in the IP field and it should ping once all firewalls have been disabled on the LAN PC. Branch LAN PC to Branch LAN PC should be able to ping successfully from each.

Internet Breakout for SaaS Apps & Approved Websites

In today’s digital landscape, where businesses increasingly rely on cloud-based applications and services, optimizing application performance and reducing data bandwidth are critical for ensuring a seamless user experience. Internet breakout for users provides improved application performance through WAN optimization – reducing data bandwidth to and from the data center.

Implementing Internet Breakout for SaaS Apps & Approved Websites can significantly enhance application performance through WAN optimization. This approach allows direct access to SaaS applications and approved websites, bypassing data center routing and reducing latency. As a result, users experience improved response times and enhanced productivity. Moreover, by optimizing data bandwidth through the data center, organizations can minimize network congestion and efficiently utilize resources, leading to a more cost-effective and efficient network infrastructure. Embracing Internet Breakout and WAN optimization empowers businesses to capitalize on the full potential of cloud-based applications while ensuring a superior end-user experience and network efficiency.

Required Products: zWAN Director

Configuration Requirements: Must have multiple WAN links (two of the following: Broadband, MPLS and LTE)

Test Case

1. SaaS Breakout is configured by default. In order to fine tune what is considered a SaaS application, go to a specific device under the Edge Controller section and click on Net Balancer option.
2. Click on SaaS Apps tab to see a list of all available SaaS applications as well as what is currently active for the SaaS Breakout net balancer.
   • You may select as many additional applications as you want from the list on the left then click the `>` button in the middle to add to the list. Conversely, you can select as many applications as you want from the list on the right and then click on the `<` button in the middle to remove from the list.
3. Click the Apply Changes button in the top right corner.
4. Navigate to an application that falls under one of the SaaS application categories that was added to the list and confirm that that traffic is going through one of the WAN interfaces and not an IPSEC interface in the Dashboard for that device.
5. To validate this, navigate to websites corresponding to the selected SaaS applications and then go to the Dashboard for the client and verify that those websites were accessed from the configured interface and NOT one of the IPsec interfaces.

Traffic Steering – Steer Particular Flows to Preferred WAN Links

AmZetta zWAN offers a powerful solution for network traffic segregation, effectively safeguarding sensitive applications from the impact of bulk data applications. By intelligently routing traffic types to different links, zWAN ensures that critical applications receive priority and dedicated bandwidth, preventing them from being adversely affected by high-volume data transfers. Through application-aware policies and dynamic path selection, zWAN optimizes the performance of mission-critical applications, while still efficiently utilizing available network resources for other data-intensive activities. This innovative approach not only enhances application response times but also ensures a seamless end-user experience. With AmZetta zWAN’s traffic segregation capabilities, organizations can confidently achieve superior network performance, improve application reliability, and maintain optimal productivity across their SD-WAN infrastructure.

Required Products: zWAN Director

Configuration Requirements: Must have multiple WAN links (two of the following: Broadband, MPLS and LTE)

Test Case

1. Go to specific device under Edge Controller section and click on Net Balancer.
2. Click on Balancing Rules tab and click on the NEW RULE button.
   • Choose the appropriate Target Gateway – whether an Internet Breakout, SaaS Breakout, or Branch Gateway.
3. Select the appropriate Packet Matching, Protocol Matching, DPI, or Web Categories option and input the required type of traffic to be steered.
   • For example, you could select Web Categories and then select Productivity to match any productivity SaaS applications.
4. Click the CREATE button.
5. To validate this, run a workload for a minimum of five to ten minutes for each type of traffic then navigate to the Dashboard section for the device and verify that each interface only had specific traffic flowing through it for the monitored time period.

Quality of Service (QoS) – Guaranteed Bandwidth for Specific Flows

Quality of Service (QoS) is configured based on priority, network conditions and/or traffic patterns. For this use case, we will set the bandwidth to different speeds and send more important traffic down the faster link with higher priority. This is a very important feature that allows the IT Staff to set priorities for specific Apps/Users – Testing QoS.

Required Products: zWAN Director

Configuration Requirements: Must have multiple WAN links (dual Broadband – or two of the following: Broadband, MPLS and LTE)

Test Case

1. 1. Go to specific edge controller in zWAN Director.
   2. Go to the QoS section and click on the Class Manager tab.
      • You will see some preset classes which you may edit to your needs or add your own classes.
        1. For example, there is a Cloud class with High priority and a minimum of 50 Mbps with a max of 100 Mbps.
   3. Once you have chosen, or created, your class, go to the Classifier tab and you will see some preset classifications here which you may edit to your needs or add new ones.
      • For example, there is a classifier for Cloud class that includes Teams calls, Salesforce, and cloud services such as AWS/Azure/GCP.
   4. Click on the Interface Manager tab and choose the WAN interface you would like to give priority to your class. You may choose the overall minimum and maximum bandwidth for your interface based on the bandwidth available.
      • For example, by default, WAN00 has a minimum guarantee of 75 Mbps and a max of 100 Mbps. If you have a 1 GbE link, you may increase these limits accordingly.
   5. Click the `+` sign in the interface’s box to add classes to that interface. Choose the required class.
      • Enable the QoS rules on the interfaces by switching the switch on the top right of the interface’s box to the enabled position.
      • Click the Activate Changes button at the top of the window.

1. Test your desired traffic patterns to ensure that the traffic is going through the desired interface and that you are getting the guaranteed bandwidth.
2. To validate this, follow the steps below:
   1. Go to the Overview section for the device.
   2. Click the Last 30 minutes option in the top right corner and change the time period to coincide with the time period that your test workload was ran.
   3. In the Total Data table, verify that the desired interface shows the correct amount of data transmitted and/or received as compared to the other interfaces in the table.

Load Balancing

AmZetta zWAN load balancing empowers organizations with a powerful mechanism to optimize network performance by effectively utilizing multiple parallel links. Through intelligent traffic distribution, zWAN load balancing ensures that network traffic is evenly distributed across available links, maximizing throughput and reducing bottlenecks. By dynamically selecting the most efficient path for each packet, zWAN load balancing improves application response times and enhances end-user experience. This innovative feature allows businesses to fully leverage their network resources, increasing bandwidth capacity and overall network efficiency. With AmZetta zWAN load balancing, organizations can confidently handle growing data demands and achieve superior performance, making it an indispensable component of a high-performing SD-WAN infrastructure.

Required Products: zWAN Director

Configuration Requirements: Must have multiple WAN links (two of the following: Broadband, MPLS and LTE)

Test Case

1. Go to a specific device under the Edge Controller section and click on Net Balancer option.
2. You have multiple net balancers by default:
   • DC_TUNNEL_ALL – this establishes a secure IPsec tunnel between the device and the data center.
   • Internet – this is the default for all internet traffic to go through the data center for inspection.
   • SAAS – this is for SaaS breakout.
   • Choose one of the net balancers above (the default internet one, for example) and click the down arrow icon to expand the net balancer and see the individual interfaces that are a part of that net balancer.
3. Hover over one of the interfaces and click the pencil icon to edit the settings for that interface.
4. The key setting here is the weight – the larger the weight, the more traffic that will go through the interface before balancing over to the other interfaces in the net balancer.
   • For example, if you had two WAN interfaces, WAN00 on broadband and WAN01 on LTE, you would want most of the traffic to go through the broadband interface, as it is going to have a larger bandwidth. You may go with something like 200:1 ratio between the broadband and LTE.
   • In another example, if you have two broadband connections with similar bandwidths, you may want the overall ratio to be balanced. You do not, however, want to do a simple 1:1 ratio, as this would cause potential overhead in the constant switching between interfaces. You may want to do something more similar to a 50:50 ratio, so that 50 packets would go down each interface before switching.
5. Once you have updated the weight for each interface, click the Update button.
   • Start running a heavier workload (something like video streaming) and look in the dashboard for that device in the zWAN Director to see the balance of data between the interfaces.
6. To validate this, run a workload for a minimum of five to ten minutes. Afterwards, go to the Dashboard for the device and look at the percentage of data that traversed through each interface during this time. The ratio should equal the weight ratio given in the steps above.

Centralized Control of zWAN Devices

The centralized control of zWAN devices represents a game-changing approach that effectively reduces management costs. By consolidating the control plane into a centralized platform, organizations can streamline network management and configuration, leading to significant cost savings. This centralized control empowers network administrators to efficiently provision, monitor, and maintain multiple zWAN devices from a single point of control, eliminating the need for on-site management at each location. With reduced complexities and streamlined operations, this innovative approach optimizes network performance while minimizing administrative overhead, making it a compelling solution for organizations seeking a cost-effective and efficient SD-WAN deployment.

Required Products: zWAN Director

Configuration Requirements: Must have multiple zWAN devices.

Test Case

1. Onboard at least 2 devices.
2. Go to the Edge Controllers section of the zWAN Director and click on the List tab. Here you will see a list of all devices that have been onboarded to the tenant.
   • You may create a group for these devices so that you may more easily organize your devices.
     1. For example, if you have 2 devices being used by developers and 2 devices being used by sales, you can create a group for developers and a group for sales.
3. To create a group, go to the Groups tab and click the Add Group button in the top right corner.
4. Give it a name and a description. You may match (add devices to a group) by either looking for a specific string in device name or by looking for specific tags with specific values.
   • For example, you could name your devices as `dev01` and `dev02` and then the matching rule would be for `dev`.
   • You could also add a tag with key `department` and value `development` to each device during onboarding and then add the same key/value pair to the group matching to import them into the group.
5. From here, you can easily see which devices belong to which group, which devices are up and operational, which devices are having issues, deploy specific policies to groups so when new devices are imported into a group, they get the same policies set, and more.
6. To validate this, verify that the onboarded devices (edge controllers) are listed in the Edge Controller list within the Director. An Admin with elevated privileges will be able to both monitor and edit settings for all devices that are online. Devices that are not online cannot be monitored or edited, though they will remain listed until removed/deleted by the admin.