Silver Peak is releasing new features for its Unity EdgeConnect SD-WAN product, including support for BGP protocols and a stateful firewall. By adding these capabilities, Silver Peak claims customers can get rid of other networking devices to simplify branch deployment and operations.
Unity EdgeConnect supports eBGP and iBGP. The company says OSPF support is on the road map.
On the firewall front, the company claims the firewall can maintain up to two million concurrent connections, depending on the appliance. It also support NAT.
Note that other SD-WAN vendors also include support for routing protocols and firewalling. For instance, competitors including Viptela, CloudGenix, and Riverbed also support BGP, and CloudGenix and Viptela offer stateful and zone-based firewalling on their SD-WAN products.
BGP support was a selling point for Ben Harris, lead network administrator at Clair Global, which provides audio for live events, including concerts, tours, and festivals.
“It was a day one thing for us,” says Harris. He said the BGP support made it easier to integrate a new office in Australia. “We sent them a Silver Peak appliance and did some subnet coordination on the front end. They plugged in the appliance, we created a BGP session with their router, and we were good to go.”
The company has now deployed Silver Peak devices at three of its four of its U.S. locations and three offices overseas, including Australia.
Harris also has firewalls at each branch. He’s evaluating the firewall capabilities in Silver Peak, but at present has no plans to remove the firewalls that are in place.
“If we had a greenfield office, I wouldn’t put in a firewall,” said Harris. “Just the Silver Peak.”
Harris said he began investigating SD-WAN because he wanted better performance and more visibility into the wide area network, particularly as they rolled out VoIP services across the company.
His WAN is a mix of business broadband and MPLS, and he’s configured the Silver Peak appliances to send voice traffic over MPLS, and everything else over broadband. But Harris says he won’t renew the MPLS contracts once they’re up. Instead, he’ll source more business broadband.
Silver Peak has also announced a new feature called First-packet iQ. Silver Peak says it can identify over 10,000 applications based on a single packet, enabling faster policy enforcement and the ability to automatically steer Internet-bound traffic, such as SaaS applications, directly to the Internet.
Silver Peak applies a variety of mechanisms for its first-packet identification technique. First is a cloud-hosted database, maintained by Silver Peak, that tracks IP addresses and geolocation information for a large number of Internet applications and services, including popular business services such as Salesforce and Office365.
EdgeConnect devices download this database every 24 hours for updates. It uses this database to look at the destination IP address to help identify the application. The EdgeConnect devices can also snoop request/response transactions from DNS to understand the application being called.
Silver Peak says that because the branch device already examines every packet, this database lookup shouldn’t significantly affect performance.
These features are available now in Silver Peak’s latest software release.