Transmission of traffic between CPE devices and client devices using transport services

About transport services

You can use transport services to transmit traffic between CPE devices and client devices connected to them. Transport services are built on top of segments and consist of service interfaces. Kaspersky SD-WAN supports creating the following transport services:

• L2:
  • Point-to-Point (E-line in the MEF classification, hereinafter also referred to as P2P service) is a static transport service in which traffic is transmitted between two service interfaces.
  • Point-to-Multipoint (E-tree in the MEF classification, hereinafter also referred to as P2M service) is a transport service in which traffic is transmitted between multiple service interfaces in accordance with a tree topology. To each service interface added to the P2M service, you must assign one of the following roles:
    • Root means the service interface can send traffic to service interfaces with any role.
    • Leaf means the service interface can send traffic only to service interfaces with the Root role.
  • Multipoint-to-Multipoint (E-LAN in the MEF classification, hereinafter also referred to as M2M service) is a transport service in which traffic is transmitted between multiple service interfaces without a hierarchy.

  The P2P service is a static transport service and does not use the MAC learning mechanism to populate the MAC table on the Controller. MAC addresses are automatically added to the MAC table on the controller when a P2P service is created or modified. The MAC address learning mechanism is used for P2M services and M2M services.

• IP multicast (hereinafter also referred to as IP multicast service) is a transport service in which a multicast tree is built for traffic distribution between multiple service interfaces.
• L3 VPN (hereinafter also referred to as L3 VPN service) is a transport service in which traffic is routed between multiple L3 interfaces, which are mapped to service interfaces or M2M services.

When creating or editing transport services, you can add backup service interfaces. A backup service interface makes it possible to continue data transfer in the event of a failure of the primary service interface. Backup and primary service interfaces can be created on the same CPE device or on different CPE devices.

Traffic can be mirrored or forwarded between service interfaces of CPE devices. In this case, service interfaces can be added to the transport service.

Managing transport services in an SD-WAN instance template or in a CPE template

You can create P2M services and M2M services as well as L3 VPN services in an SD-WAN instance template and then use it when deploying an SD-WAN instance. Transport services created in the SD-WAN instance template are automatically created for the deployed SD-WAN instance. In this way, you can create transport services before you deploy the SD-WAN instance.

Transport services created for a deployed SD-WAN instance can be added to a CPE template, and then you can specify the template when adding or manually registering CPE devices. This automatically creates service interfaces that are mapped to OpenFlow ports, which are mapped to SD-WAN interfaces of the LAN type of CPE devices. Automatically created service interfaces are added to the transport services that you added to the CPE template. In this way, you do not have to manually connect each CPE device to transport services.

Management transport service

When a CPE device is registered, it automatically connects to a management transport service. The management transport service transmits SSH console traffic, runs scripts, and sends API commands to manage the VIM deployed on a uCPE device.

By default, a P2M management transport service is created in each SD-WAN instance template. When creating or editing a P2M service or an M2M service in the SD-WAN instance template, you can make that P2M service or M2M service the management service.

If necessary, Zabbix monitoring traffic, as well as Syslog and NetFlow protocol traffic can be transmitted through the management transport service. Zabbix monitoring traffic is encrypted by default, but to have Syslog and NetFlow traffic encrypted, such traffic must be transmitted through the management transport service. Transmission of Syslog and NetFlow traffic through the management transport service is governed by routing and forwarding table settings of the CPE device.

In this Help section Traffic packet duplication Scenario: Directing application traffic to a transport service Scenario: Ensuring L2 connectivity between CPE devices Managing Point-to-Point (P2P) transport services Managing Point-to-Multipoint (P2M) transport services Managing Multipoint-to-Multipoint (M2M) transport services Managing IP multicast transport services Managing L3 VPN transport services Managing transport services in an SD-WAN instance template Managing transport services in a CPE template Traffic mirroring and forwarding between CPE devices

Page top