Crazy about VMware SD-WAN

  The following Features will be discussed in this second part of my blog TCP Optimization Techniques Dejitter Buffering SAAS Application Monitoring   Before diving into the mechanism here an important basic fact:     Remediation is never done for applications classified as LOW priority     TCP optimization TCP has some embedded traffic management capabilities for reliable traffic delivery  (window.size, slow-start, RTT handling,...)  But there are a bunch of factors which can negatively influence the performance, like Latency TCP-slow-start Last Mile network problems Out of Sequence packets Busty losses end host TCP limitations (missing fatures like SACK, windows scaling or timestamp options)  Typically TCP optimization helps on the transmission side and improve the download time for large data transfers over latency-high and lossy WAN links. But it can also be used for improving perfomance when on the receiver side the amount ...

 In the last year I got quite deep insight into ther vendors SD-WAN implementation and also have seen what various vendors are critizising about the VMware DMPO features. Also there are a lot of misconceptions on the market around some of these features. So let´s try and evaluate and look a little bit deeper into typical performance features and the VMware implementation of them Features discussed in this Blog (Part 1) Per Packet Load Balancing Forward Error Correction (FEC) Packet Replication Latency Remediation The following Features will be discussed in Part 2 of my blog TCP Optimization Techniques Dejitter Buffering SAAS Application Monitoring   Per Packet Load Balancing  Unfortunately this term can be quite easily misinterpreted, when you Google for the term and get the following result:  This behaviour (often criticized by other vendors about VMware) as described above would only work quite well when you have very similar or equal connections. If for example 2 ...

In this first part we look into   History Flow Table Gateway Routing and BGP Table  Firewall Logs on VCO Part 2 will follow with information on troubleshooting using the Edge CLI History Flow Table for Private Segments only a summary will be displayed (see last line in above screenshot) NOTE: the actual flow table can still be gathered via Remote Diagnostics Gateway Routing Table and BGP Routes     After the 2 minutes the VCO closes the connection to the gateway   Firewall Logs on VCO       Again here on all my 2 VCOs the same 400 error appears, it seems that there is an unknown conversion to run, as the firewall log uses a newer clickhouse database now instead of the standard mysql. Unfortunately up to now, none of my contacts at VMware could help me, as i assume that there is a conversion script needed for that feature. Next blog will have a look into Toubleshooting using the Edge CLI, stay tuned...

  Per default in version 5.2 the new Angular (html5) based GUI is now the only installed one. So you should  get familiar with that new UI  But if you search and search and do not find the necessary item in the new UI but need it urgently, what can you do ? An operator can allow also the classical UI by changing a System Parameter to TRUE:  and then the operator or MSP can enable the classical UI for the customer as Operator/MSP/User then you see the "Open Classic Orchestrator" in the upper right area NOTE: the classic UI is not maintained anymore, so there are already some items only vailable in the new UI and any new feature will only be visible by using the new UI Working with the new UI in my environment there were 2 features which were not easy to find. 1. Assign new image to an Edge In the old GUI you could go to the Configure/Edges and under Actions you could select "Assign new Image to Edge". It seems that this feature has been removed (I double checked the ...

 Recently I upgraded my VMware SD-WAN lab from version 5.0 to 5.2. Since some previous versions the official documentation  recommends to ask TAC for help in upgrading.   Docu 5.2: Orchestrator Upgrade  But if you have an unsupported implementation, like I do, you need to do it on your own: Trying to copy the new version to the VCO failed and I found out that I needed to increase a disk volume How to increase disk volume on VCO is described in this blog:   VCO Upgrade to 4.5.x After increasing the disk size my copy succeeded   NOTE: I did not copy direct to the installation directory including a renaming, as once an upgrade started that file gets deleted and if there are any problems to have to redo the copy from outside.  vcadmin@vco-lab-254:~$ ls -l total 2504488 drwxr-x--- 2 root    root          4096 Aug 31  2022 20220831130007 -rw-rw---- 1 vcadmin vcadmin 2564587520 Aug 10 07:57...

 Since version 4.0 VMware is working on the new (Angular)UI and still in version 5.0.0.x only parts have been converted up to now. I think now it is time to look and compare, but also see where there  are still weaknesses in the new UI. One meaningful enhancement is the possibility to also see under PATHS the existing Overlay Tunnels from that device  Unfortunately it takes some time until new paths are visible here and for some time you do not see any usage It is very complicated to get actual information out of that graphics as it seems that they are updates only every 5 minutes  The above picture was taken  at ... and it seems, that this tunnel close at 10:03, which is not the case, it is still running. I completely understand, that for bigger SD-WAN networks it is impossible to have up-to-date information ready immediately, but I would expect to have a similar live view for an overlay path or for all overlay paths, like you get on the underlay, or at least a...

 5.0.0.0 came around with a ton of exciting new features I was eager to test IPv6 (Dual Stack) in Underlay and Overlay  Better Gateway throughput Data loss prevention in SASE   However, new Version, new Bugs I first upgraded my company Orchestrator to 5.0.0.0 (after creating a snapshot to be able to roll back to 4.5). This worked quite well, only after going to all parts of the new UI I found out that I could not reach the "General Settings" in the new UI, but the content was perfectly visible in the old UI. Fortunately a 5.0.0.1 upgrade solved that problem. Another strange items, still in version 5.0.0.1 as well, is the fact that in the old and the new UI our Edges now are showing   0 % memory utilization ,  which is either an incredible efficient new code or simply a bug .   Next I tried IPv6 As my Internet provider at home still does not support IPv6, I used the new 5.0 IPv6 features to build IPv6 connectivity using the Dual Stack Overlay and the fact,...