1. Features Guide
  2. Release 3.0 Features
  3. Dynamic Conduits

Dynamic Conduits

The dynamic conduit is a conduit between two Oracle SD-WAN Edge client sites that is not predefined in the Oracle SD-WAN Edge configuration file, but is created on-demand based on network traffic. From a user perspective, the advantage of a conduit between client sites is that traffic can flow directly from one client Oracle SD-WAN Edge site to a second client site without having to traverse the NCN or two conduits. In addition, the conduit is built and removed dynamically based on user defined traffic thresholds. These thresholds are defined in either packets per second (pps) or bandwidth (kbps). From a configuration perspective, the Dynamic Conduit requires some up front configuration time. Another benefit of the Dynamic conduit is the ability for the any client to dynamically build a conduit to any other client.

This allows a dynamic full Mesh configuration for customer traffic flows. Once a threshold for the Dynamic Conduit is reached and the dynamic conduit is created, the appliances test the dynamic conduit before making full use of it in the following manner:

  • Send Bulk data if any exists and verify no loss, then
  • Send Interactive data and verify no loss, then
  • Send Real Time data after the Bulk and Interactive data are considered stable (no loss or acceptable levels)
  • If there is no Bulk or interactive data send Real Time Data after the conduit has been stable for a period of time

If the user data falls below the configured thresholds for a user defined period of time, the dynamic conduit is torn down.

Design Considerations

Based on the above traffic flows as well as the nature of dynamic conduits the user should be aware of certain Design considerations. These considerations are as follows:

  • For voice traffic across the Dynamic Conduit be aware of WAN link limitations/quality
    • Loss
    • Latency of the WAN link
  • In certain cases WAN link may not be recommended as a path for a Dynamic Conduit if there is a high loss or latency that would impact certain traffic types. In this case, do not configure the WAN link as part of the Dynamic Conduit
  • How often a WAN link transitions from good to bad
  • Ideally there is traffic between the Oracle SD-WAN Edge sites that is non-voice traffic Bulk or Interactive before Voice
  • WAN link thresholds are based on all traffic on a WAN link, including conduit, Intranet, and Internet
  • In this release Dynamic Conduits support a single “Dynamic Conduit Default set” for rules and classes.
  • When using Dynamic conduits, the user should have consisted rules for the following options: Header compression and TCP Termination.

Adding a site to the Dynamic Conduit is a service reset for all site participating in the Dynamic Conduit.

Dynamic Conduit Configuration

Dynamic Conduits have the concept of an Intermediate site; this site could be an

NCN site. If the NCN site has two client sites connected, Client A and Client B, with WAN-To-WAN forwarding enabled Client A would communicate with Client B through the NCN site (Intermediate). Any site configured as the Intermediate site monitors traffic flowing through sites that are configured to support Dynamic Conduits. In this example the NCN site is monitoring traffic levels between Client A and Client B. Once the configured threshold is reached through the Intermediate site the Dynamic Conduit is built between Client A and Client B.

The other high level design consideration is related to WAN-To-WAN Forwarding

Groups. By default, all Oracle SD-WAN Edge sites reside in the default forwarding group. When WAN-To-WAN forwarding is enabled all routes from all sites are known throughout the Oracle SD-WAN Edge. This may not be desired. Because of this, the concept of WAN-To-WAN Forwarding Groups was added in the 3.0 release. The user now has the ability to create multiple WAN-To-WAN Forwarding Groups that do not share routes. In this release the Intermediate Oracle will forward between WAN-To-WAN Forwarding Groups. In future software, a user will have an option to forward between WAN-To-WAN Forwarding Group or not.

A high-Level description of the configuration process follows.

The process for configuring a Dynamic Conduits is as follows:

  • Identify intermediate Site
    • Enable intermediate site (use default WAN-To-WAN Forwarding Group)
    • Enable WAN to WAN forwarding at intermediate site
  • Identify Client sites for Dynamic Conduits  Enable dynamic conduits at the clients site
  • Enable the Dynamic conduit service (WAN Link – Service properties)

     Provision WAN Link resources for the Dynamic Conduit (shares)

    • Identify threshold used for Dynamic Conduit Creation  Define using Dynamic Conduit Default Set

       Define threshold at Intermediate Site WAN Link

Dynamic Conduit Configuration Creation

For the Dynamic Conduits to be created the user would define a site, typically the NCN (site but not required to be the NCN site) site, to act as the intermediate node for the client sites. These options are configured at the appliance level. At this site the user would enable “WAN-To-WAN forwarding”, as well as select the “Intermediate site” option, see figure 1.

Image showing where to enable WAN to WAN forwarding and dynamic conduit settings.

In this example the NCN with the WAN-To-WAN option enabled will forward all routes to all client appliances within a WAN-To-WAN Forwarding Group. By default, all sites reside in the default WAN To-WAN Forwarding Group. The user can also define additional WAN-To-WAN Forwarding Groups as required. The groups are defined at the Global configuration level. The intermediate site will monitor the traffic flow between Client Sites to determine if the traffic level reaches the user defined threshold. If the traffic flow reaches the defined threshold, the Intermediate node will instruct the client nodes to establish a Dynamic Conduit. The sample thresholds will be described later in this document.

At the client node, the user would enable the dynamic conduits option at the appliance level.

Image showing where to enable dynamic conduits.

There are two methods for configuring thresholds for a dynamic conduit. The Dynamic Conduit will be created if any of the configured values (thresholds) are reached. The options can be configured at a global level or based on a WAN Link configured at the Intermediate node. If the user does not want to match on the WAN link they would only have to configure the thresholds at the global level. Currently if configured at the WAN link level all traffic accounted for is counted as the threshold value, so conduit traffic, intranet traffic and Internet traffic are all count towards the WAN link threshold. Examples of these options are defined below:

Option 1:

The advantage of this option is to offload bandwidth on one of the intermediate node WAN links. As clients communicate to each other through the intermediate node there may be a requirement to remove this traffic from one (or multiple) of its local WAN links. This can be accomplished by defining a threshold on the local WAN link. If one of the thresholds is reached the Dynamic Conduit will be established between client sites. The key design point when using the WAN link threshold option is that this is total traffic on the WAN link. This includes conduit, internet, and intranet traffic, not just client to client traffic. The option is defined under the appliance – WAN Link – General- Property's tab. Figure 3 displays the options to configure the available threshold options.

Image showing options to configure the available threshold options.

Figure 3

Option 2:

Once the Dynamic Conduit is enabled at a client site there is a Dynamic Conduit

Default Set defined. Within this default set is a properties tab which includes

"creation limits". The values for the conduit create are Sample time in seconds (default value 10 seconds), Throughput in kbps (default value 250 kbps), and Throughput in pps (default value 10 pps).

From the global level once a client site has “Dynamic Conduits” enabled look for “Dynamic Conduit Default Set: Default”. Figure 4 displays these settings.

Image showing settings for dynamic conduits.

Figure 4

Once the intermediate site is defined, and WAN To WAN forwarding is enabled and Client sites have dynamic conduits enabled if any Creation limit is reached the dynamic Conduit is created. Again, this can be pps or kbps.

For each client site the user would also have to provision the Bandwidth shares for the Dynamic Conduit. These provisioned Fair shares per WAN link are used by all dynamic conduits on that WAN link. The allocated minimum reserve shares are per Dynamic Conduit for the WAN Link. Figure 5 shows and exampled of enabling the service on a WAN Link:

Image showing how to enable bandwidth shares for WAN links.

Figure 5

While Figure 6 shows how to define the shares for a WAN Link once the service is enabled.

Image showing how to define the shares for a WAN link.

Figure 6

There is also dynamic conduit remove settings that are user definable. In addition to the above, the web console allows the user to delete a dynamic conduit or Freeze a dynamic conduit. The freeze option allows the user to keep the conduit up and ignore the remove conduit. This feature would be used for testing a dynamic conduit as well as for troubleshooting purposes. These options reside under the Manage Network  Dynamic Conduits tab in the web console.

WAN To WAN Forwarding Enhancements

To provide the flexibility required for Dynamic Conduits to operate, WAN-to-WAN forwarding was enhanced to allow for multiple groups. All sites that are part of a WANTo-WAN Forwarding Group with WAN-To-WAN forwarding enabled have a common

routing table. The routing table consists of routes to all other sites in the group. Many customers in the past did not enable WAN-To-WAN forwarding because of this fact. By default, all APNA's are applied to the default group. If the requirement is for only certain sites to support dynamic Conduits the user would define a new WAN-To-WAN Forwarding Group, then at the appliance level assign the appliance to the correct WAN-To-WAN Forwarding Group.

In addition, APNA's in one group will not have direct routes of an APNA that resides in another WAN-To-WAN Forwarding Group. The user also has the flexibility in allowing or excluding Internet routes and Intranet routes in the routing table. The

Internet/Intranet routes are considered local routes from a WAN-To-WAN forwarding perspective and included in the routing table unless otherwise configured. When configuring or planning to deploy Dynamic Conduits contact your Oracle representative for any additional information.