An Edge with only Private MPLS links can reach the Orchestrator and Gateways located in public cloud, by using the SD-WAN Service Reachable option.

In a site with no direct public internet access, the SD-WAN Service Reachable option allows the private WAN to be used for private site-to-site VCMP tunnels and as a path to communicate with an internet hosted VMware service.

For hybrid environments that have MPLS-only links or require failover to MPLS links, you can enable the SD-WAN Service Reachable option.

MPLS-only Sites

VMware supports private WAN deployments with a hosted VMware service for customers with hybrid environments who deploy in sites with only a private WAN link.

In a site with no public overlays, the private WAN can be used as the primary means of communication with the VMware service, including the following:

  • Enabled SD-WAN service reachability through private link
  • Enabled NTP override using private NTP servers

The following image shows a Regional Hub with Internet connection and SD-WAN Edge with only MPLS connection.

The traffic from the SD-WAN Edge with MPLS-only links is routed to the Orchestrator and Gateway through a Regional Hub, which is able to break out to the public cloud. SD-WAN Service Reachable option allows the Edge to remain online and manageable from the Orchestrator, and allows public internet connectivity through the Gateway irrespective of whether or not there is public link connectivity.

Dynamic Failover via MPLS

If all the public Internet links fail, you can failover Internet Multipath traffic to a private WAN link.
Note: Traffic classified as Direct to Internet will not failover to a private WAN link regardless of priority or service class. In other words, traffic where the Network Service is Direct does not failover to a private link even if the Priority is High and the Service Class is Real Time. Only traffic with a Multipath classification fails over to a private link.
The following image illustrates Resiliency of SD-WAN Orchestrator and Non SD-WAN Destination, Zscaler.

  • Orchestrator Resiliency – The Orchestrator connects to the Internet. If the Internet fails, the Orchestrator will connect through MPLS. The Orchestrator connection is established using the IP Address which is advertised over MPLS. The connectivity leverages the public Internet link in the Regional Hub.
  • Zscaler Resiliency – The Zscaler connectivity is established through Internet. If the public link fails, then Zscaler connects through MPLS.

Configure SD-WAN Service Reachable

  1. In the Enterprise portal, click Configure > Edges.
  2. In the Edges page, either click the device Icon next to an Edge or click the link to the Edge and click the Device tab.
  3. Scroll down to Interface Settings and Edit the Interface connected to the MPLS link.
  4. In the Interface window, select the User Defined Overlay checkbox.

    The SD-WAN Service Reachable is available only for a User Defined Overlay network.

  5. In the WAN Settings section, Edit the Interface enabled with User Defined Overlay.
  6. In the User Defined WAN Overlay window, select the SD-WAN Service Reachable checkbox to deploy sites which only have a private WAN link and/or enable the capability to failover critical Internet traffic to a private WAN link.

    When you select the SD-WAN Service Reachable checkbox, a list of public IP addresses of SD-WAN Gateways and SD-WAN Orchestrator is displayed, which may need to be advertised across the private network, if a default route has not been already advertised across the same private network from the firewall.

  7. Configure other options as required and click Update Link to save the settings.

For more information on other options in the WAN Overlay window, see Configure Edge WAN Overlay Settings.