There are multiple use cases which require the SD-WAN Gateway to operate as a Controller only (that is, to remove the data plane capabilities). Additionally, this will activate the Gateway to scale differently, as resources typically dedicated for packet processing can be shifted to support control plane processing. This will activate, for instance, a higher number of concurrent tunnels to be supported on a Controller than on a traditional Gateway. See the following section for a typical use case.

Use Case: Dynamic Branch-to-Branch via Different Partner Gateways

In this scenario, Edge 1 (E1) and Edge 2 (E2) as shown in the image belong to the same enterprise in the Orchestrator. However, they connect to different Partner Gateways (typically due to being in different regions). Therefore, Dynamic Branch-to-Branch is not possible between E1 and E2, but by leveraging the Controller, this is possible.

Initial Traffic Flow

As shown in the image below, when E1 and E2 attempt to communicate directly, the traffic flow begins by traversing the private network as it would in previous versions of the code. Simultaneously, the Edges will also notify the Controller that they are communicating and request a direct connection.

Dynamic Tunnel

The Controller signals to the Edges to create the dynamic tunnel by providing E1 connectivity information to E2 and vice versa. The traffic flow moves seamlessly to the new dynamic tunnel if and when it is established.

Configuring a Gateway as a Controller

In order for customers to be able to assign Controllers for Profiles or Edges, Operator must activate the Partner Handoff feature for the customers. If you want to activate the Partner Handoff feature, contact your Operator. Once you have the Partner Handoff feature activated, you can assign a Partner Gateway as a Controller by navigating to the Configure > Profile/Edges > Device > VPN Services > Controller Assignment page.

1. To assign Controllers for Profiles, perform the following steps:
   1. In the SD-WAN service of the Enterprise portal, go to Configure > Profiles.
   2. Select a profile you want to configure Gateway Handoff Assignment settings and click the View link in the Device column of the Profile. The Device page for the selected profile appears.

      

   3. Scroll down to VPN Services section and expand Controller Assignment.
   4. Click + Select Gateways, the Select Partner Gateways for Global Segment dialog box appears.

      

   5. From the Controllers section, select the Controllers to assign to the Profile and click Update.
   6. The Controller assignments configured at the Profile level will be applied to all the Edges within the Profile. You can override the settings at the Edge level by clicking the Override check box in the navigation path Configure > Edges > <Edge name> > VPN Services > Controller Assignment.