The SD-WAN Gateway runs on an Ubuntu Operating System version 18.04. However, traditional Open Source components such as the Linux routing and firewall (iptables) subsystem are not involved in processing the user traffic.

The entire networking stack is implemented in the user space in a process called gwd. While gwd contains the vast majority of functionality in the system, there are various other components that support the operation of the SD-WAN Gateway.

The following table lists the processes with description and log files.

Process Description Log File

VMware SD-WAN Process Monitor (vc_procmon) is the foundational process of the VMware SD-WAN system. This process is responsible for launching other VMware SD-WAN processes, re-launching them on failure, and monitoring memory consumption of gwd.

mgd The Management Plane Daemon (mgd) is responsible for communication with the Orchestrator. This process is kept isolated from gwd so that in the incident of a total failure of the gwd process, the Orchestrator is still reachable for configuration changes or software updates required to resolve the failure. /var/log/mgd.log

gwd This process comprises the entire Data and Control Plane of the Gateway (except for dynamic routing protocols like BGP). Use and dispcnt to query about the process. /var/log/gwd.log
natd This process manages the assignment of Port Address Translation (PAT) entries and stores them in shared memory, ensuring that the same NAT translations are done even after gwd is restarted or upgraded. Use to query about the process. /var/log/natd.log
watchfrr The watchfrr daemon is part of the FRR open source routing library, and is responsible for launching bgpd, re-launching it on failure, and running any other related utilities. The script /usr/sbin/frr.init which is available on Gateway, can be used to restart some daemons. N/A
bgpd The BGP Daemon (bgpd) is part of the FRR open source routing library and manages the BGP neighbors and routes. /var/log/bgpd.log
bfdd The BFD Daemon (bfdd) is part of the FRR open source routing library which is used to detect route failures between two connected entities faster with low-overhead detection of failures. /var/log/bfdd.log

The gwd1 is an interface, which provides the ability for gwd to deliver packets to the kernel. An example is a packet destined for the local gateway host but received by gwd.