Connections between CPE devices are established through tunnels that are built on top of communication channels. Tunnels are unidirectional, so when establishing a connection between two devices or between a device and the control plane, both an inbound link and an outbound link must be created. Tunnels established between CPE devices are combined into a topology.
The concept of a tunnel is closely related to the concept of a link because in the case of SD-WAN, links are formed inside tunnels. The tunnel interface directly connects to a port of the OpenFlow switch on CPE devices on both sides, thereby forming a tunnel. Thus, in Kaspersky SD-WAN, tunnels are a means of forming links.
The set of tunnels connecting two CPEs is a segment. Traffic can be distributed over multiple tunnels at the source CPE device at the beginning of the segment and relayed to the destination CPE device at the end of the segment.
The routes along which traffic can be transmitted within one segment are called paths. The following types of paths are supported:
One segment can contain from 2 to 16 paths, and when transmitting traffic, the best path with the lowest value of the cost parameter is selected by default. If the best path is not available for traffic transmission for technical reasons, another path with the closest value of the cost parameter is selected.