The next concepts are underlays, overlays, and business intent overlays or BIOs. Now this is a high-level discussion to help visualize the concepts and differences between these key features in an Aruba SD-WAN. Here we can see a representation of the Internet. There are many networking devices connected via various transport methods, like broadband Internet, MPLS, LTE, etc. From an Aruba SD-WAN point of view, the concept of an underlay refers to an IPSec UDP tunnel over the physical transports that the EdgeConnect appliances connect to. Using a GPS as an analogy, an underlay is like the available streets, expressways, and highways that exist for you to drive on. Since many paths or routes exist over the Internet, an overlay is a logical concept that is essentially the forwarding path EdgeConnect appliances use. Like the highlighted path through GPS selects that you drive to get to your destination, GPSs have the ability for users to select how paths are calculated. For example, you can choose settings to avoid toll roads to use fastest route versus the shortest route to avoid highways, etc. If GPSs had the ability to configure different profile settings depending upon why or where I'm driving, that would be like a business intent overlay or BIO. A more apt way of thinking of a BIO is more like a business intent profile. If you're driving to work, you might want to take the shortest path to save fuel so you would create a work profile. Likewise, a business intent overlay is a profile that you can figure to determine how the overlay is calculated based upon the intent of types of traffic like voice replication or web traffic. When I was driving my kids to school, pre-pandemic, I wanted to take the fastest path, and take advantage of HOV lanes since I had more than two people. In addition to my work profile, it would have been really nice to have another profile called school. Note that for the same types of traffic, the overlay might not always be the same. Just as the GPS might sometimes have you drive along different streets to get to work because there's an accident or roads have been closed. To reiterate, this GPS analogy is a relevant way to visualize the distinctions. The overlay, which is the best path to follow, determine real time by the BIO based on current underlay conditions when EdgeConnect forwards matching traffic. To summarize, there are underlay tunnels and overlay tunnels. Again, underlay tunnels are the physical transport networks built using IPSec UDP tunnels between sites. These used the transport network connections such as MPLS, broadband Internet, and LTE, that you buy from one or more internet service providers. When using a GPS to drive, you don't build new roads each time. The data can be distributed across multiple underlay tunnels using multiple transport methods. Depending upon the configuration of the EdgeConnect appliances routes and how you want to direct different types of traffic. Again, the business intent overlay is a set of policies that determine how different types of overlay tunnels are determined, which traffic is routed through which overlay, and how the traffic flowing through each of the overlays makes use of the underlay tunnels. It's possible for multiple overlays to use the same underlays differently. So different traffic types are treated differently. For example, you might want your voice traffic to use more expensive but reliable MPLS networks, but e-mail and file sharing might flow over the Internet and only fail back to MPLS in the case your broadband Internet link goes down. Now let's bring it all together, and look at an entire Aruba EdgeConnect Enterprise SD-WAN. At the bottom of this diagram is the underlying network consisting of the WAN transports like MPLS, Internet, and LTE. Above that are three overlay networks, each with logical tunnels that EdgeConnect appliances establish between sites across the underlay tunnels. EdgeConnect optimizes each overlay to support the types of traffic it transports. The top overlays for real-time traffic like Voice over IP and video. The goal for this type of traffic is maximum reliability, so we want to utilize a pair of connections, perhaps with one MPLS link and one broadband Internet link from two different service providers and an LTE link for backup. Also, we specify a full mesh topology to establish direct point-to-point connections with minimal latency for the fastest connections between EdgeConnect peers. Finally, we want to locally break out any traffic. The middle overlay is for enterprise applications data like SaaS offerings or local peer-to-peer file sharing. The goal is to provide the best quality connection by using MPLS and less expensive Internet connections to transport data in a dual hub-and-spoke topology. Likewise, since enterprise apps comprise most network traffic, you can apply Aruba Boost for WAN optimization. We want each site to connect to a pair of data center sites as the hubs and each EdgeConnect breaks out Internet traffic to the Zscaler Cloud Security Service. The bottom overlay matches all other traffic, including guest Wi-Fi, since guest Wi-Fi is just a service to provide web connectivity. We use only inexpensive broadband Internet connections with all traffic backhaul to one hub site that breaks it out to the checkpoint Cloud Guard cloud security service. These are just a few examples of the overlay configurations you can configure with the business intent overlays using the same underlay tunnels over the available WAN transports. EdgeConnect appliances all have some built-in basic traffic handling enhancements that ensure your data gets cross the network reliably with optimum handling. Aruba Path Conditioning features include forward error correction and packet order correction. Forward error correction or FEC adds additional parity information to the data stream so that even if some packets are lost in transmission, the receiving EdgeConnect can reconstruct the missing data from the parity packets, avoiding the need for retransmissions. This makes the connection more reliable, and saves bandwidth. Packet order correction or POC accounts for the fact that different packets in the same flow can take different paths through the network with different latencies. This can cause them to arrive out of order, which can cause confusion in the receiving device, and trigger unnecessary retransmissions. POC allows the EdgeConnect appliance across the network to cache incoming packets that arrive early and out of order until the rest of the packets in the flow arrive. It then reassembles the packets in the correct order and forwards them to the destination on the local land. Dynamic path control refers to the different link bonding methods that EdgeConnect appliances can use to select underlay tunnels for each overlay. Boost is a set of mature Aruba WAN optimization technologies. TCP acceleration helps to mitigate the effects of latency by enabling local devices to transmit as quickly as possible to the local EdgeConnect, and not have to wait for acknowledgments to come back across the network from the receiver when the TCP transmission window is full. Network memory is Aruba's disk caching and deduplication technology that eliminates the need to transmit the same strings of data multiple times saving bandwidth. This is especially useful for dataflows like backups, where most of the data being transmitted in a full backup is the same as previous ones.
