JP2024504005A - Distributed routing controller for multi-region SDWAN - Google Patents

Abstract

According to some embodiments, a software defined wide area network (SD-WAN) includes a first region and a second region. The first region includes a plurality of first routing controllers and a plurality of first SD-WAN edge routers. The second region includes a plurality of second routing controllers and a plurality of second SD-WAN edge routers. Each first SD-WAN edge router in a first region establishes an Overlay Management Protocol (OMP) peering connection with a plurality of first routing controllers in the first region, but not in a second region. The region is configured to avoid establishing OMP peering connections with a plurality of second routing controllers of the region. Each second SD-WAN edge router in the second region establishes an OMP peering connection with a plurality of second routing controllers in the second region, while each second SD-WAN edge router in the second region establishes an OMP peering connection with a plurality of first routing controllers in the first region. configured to avoid establishing an OMP peering connection with.

Description

(Related application)
This application claims the benefit of U.S. Provisional Patent Application No. 63/232,946, filed August 13, 2021, entitled "Distributed Routing Controllers for Multi-Region SDWAN," the entire contents of which are incorporated herein by reference. Incorporated into the specification.

(Field of invention)
TECHNICAL FIELD This disclosure relates generally to software defined networking in a wide area network (SD-WAN), and more particularly to a distributed routing controller for a multi-region SD-WAN.

Traditional wide area network (WAN) architectures connect users at branch or campus locations to applications hosted on servers within data centers. Typically, dedicated multiprotocol Label Switching (MPLS) circuits are used for security and reliable connectivity. However, businesses are becoming increasingly mobile, and business-critical applications are running on the Internet across multiple clouds. Traditional WAN architectures can be limited in available bandwidth, security, and complexity management, which can hinder business productivity.

Software-defined networking in WANs (SD-WAN) simplifies the management and operation of WANs by decoupling the networking hardware from its control mechanisms. Benefits include lower costs through transport independence across multiple technologies, improved business application performance and increased agility, optimized user experience and efficiency for SaaS and public cloud applications, and simplified operations through automation and cloud-based management. Including . However, existing SD-WANs can be difficult to scale due to routing controller limitations.

For a more complete understanding of the disclosed embodiments and their features and advantages, reference is made to the following specification in conjunction with the accompanying drawings.
1 is a network diagram illustrating a multi-region SD-WAN with distributed routing controllers, according to some embodiments. FIG. FIG. 2 is a flow diagram illustrating an example method by an edge router in an SD-WAN, according to some embodiments. FIG. 2 is a flow diagram illustrating an example method by a route controller in an SD-WAN, according to some embodiments. 4 illustrates an example computer architecture for a device capable of executing program components that can be utilized to implement aspects of various techniques presented herein, according to some embodiments; FIG. It is a diagram.

SUMMARY Aspects of the invention are set out in the independent claims and preferred features are set out in the dependent claims. Features of one aspect may apply to each aspect alone or in combination with other aspects.

According to some embodiments, a software defined wide area network (SD-WAN) includes a first region and a second region. The first region includes a plurality of first routing controllers and a plurality of first SD-WAN edge routers. The second region includes a plurality of second routing controllers and a plurality of second SD-WAN edge routers. Each first SD-WAN edge router in a first region establishes an Overlay Management Protocol (OMP) peering connection with a plurality of first routing controllers in the first region, but not in a second region. and configured to avoid establishing OMP peering connections with a plurality of second routing controllers of the region. Each second SD-WAN edge router in the second region establishes an OMP peering connection with a plurality of second routing controllers in the second region, while each second SD-WAN edge router in the second region establishes an OMP peering connection with a plurality of first routing controllers in the first region. configured to avoid establishing an OMP peering connection with.

According to another embodiment, a method performed by an SD-WAN edge router in an SD-WAN includes sending a registration request to a network facilitator of the SD-WAN. The registration request includes a specific area identifier of the SD-WAN edge router. The method further includes receiving a list of routing controllers from a network facilitator of the SD-WAN. The list of routing controllers identifies multiple routing controllers of the SD-WAN. Each routing controller in the list of routing controllers received from the network facilitator has a region identifier that matches a particular region identifier of the SD-WAN edge router. The method further includes establishing OMP peering connections with a plurality of routing controllers in a list of routing controllers from the network facilitator. The method further includes avoiding establishing an OMP peering connection with any other routing controller having a realm identifier different from a particular realm identifier of the SD-WAN edge router.

According to yet another embodiment, a method performed by an SD-WAN facilitator in an SD-WAN includes receiving a first region identifier from a plurality of first routing controllers of a first region. The method further includes receiving a second region identifier from a plurality of second routing controllers of the second region. The method further includes receiving a registration request from the SD-WAN edge router. The registration request includes a specific area identifier of the SD-WAN edge router. The method further includes determining that a particular region identifier of the SD-WAN edge router matches a first region identifier of a plurality of first routing controllers of the first region. The method further includes sending the list of routing controllers to the SD-WAN edge router. The list of routing controllers includes a plurality of first routing controllers and excludes a plurality of second routing controllers.

Technical advantages of certain embodiments of the present disclosure may include one or more of the following. Some systems and methods described herein prevent a full mesh of peering/control connections between all routing controllers in an SD-WAN. Unlike existing SD-WANs, where a centralized pool of routing controllers (e.g., vSmart controllers) stores route information for all areas of the SD-WAN, embodiments of the present disclosure allow routing controllers to store route information for all areas of the SD-WAN. Provides a distributed regional routing controller that stores only route information. Furthermore, each edge router within a particular region only peers with the routing controller for that particular region. By providing an SD-WAN with distributed per-area routing controllers, an SD-WAN may be able to scale horizontally to a greater extent than existing SD-WANs. Additionally, network bandwidth and computer resources (eg, computer memory and processing power) may be optimized by reducing the number of routes that each routing controller needs to store. Other technical advantages will be readily apparent to those skilled in the art from the following drawings, description, and claims. Furthermore, although certain advantages are listed above, various embodiments may include all, some, or none of the listed advantages.

Exemplary Embodiments The present disclosure generally relates to multi-region SD-WANs with distributed routing controllers, as opposed to typical SD-WANs with centralized routing controllers. Large enterprises and organizations with facilities across multiple regions (eg, multiple cities, states, or counters) may deploy SD-WAN to support various technical requirements. Such deployments typically have high scale requirements. For example, an organization's SD-WAN may require the ability to scale up to tens of thousands of routers. However, because a typical SD-WAN has a centralized routing controller cluster (e.g., a centralized cluster of Cisco vSmart controllers), a typical SD-WAN deployment lacks the ability to scale up to the number of routers required. may have limitations in

To address these and other issues with a typical SD-WAN with a centralized routing controller, embodiments described herein provide a solution for a multi-region SD-WAN with a centralized routing controller. provides an architecture for a distributed region-by-area routing controller architecture that enables horizontal scaling to a greater extent than SD-WAN. The distributed routing controller architecture of the disclosed embodiments provides an architecture in which a routing controller (i.e., a vSmart controller) can be assigned to a particular region and have a different state than routing controllers in different regions. , addresses the scaling limitations of existing SD-WANs with centralized routing controllers. This allows for greater route scaling overall across all SD-WANs, since each routing controller only stores routes for its region, rather than for the entire SD-WAN. To achieve this architecture, the disclosed embodiments utilize region-specific identifiers to program edge/border routers to peer only with routing controllers assigned to the same region as the edge/border router. , provides fully automated dynamic peering logic for edge/border routers. For example, all border routers in a particular SD-WAN region are programmed to peer only with routing controllers that have the same region identifier as the border router (i.e., the border routers are assigned to different SD-WAN regions). (does not peer with a routing controller). As a result, SD-WANs according to disclosed embodiments can scale horizontally to a greater extent than existing SD-WANs with centralized routing controllers.

FIG. 1 shows a network diagram illustrating a multi-region SD-WAN environment 100 with a distributed routing controller 120. As shown in FIG. Multi-region SD-WAN environment 100 includes multiple SD-WAN regions 110. For example, the multi-region SD-WAN environment 100 includes a first SD-WAN region 110A, a second SD-WAN region 110B, a third SD-WAN region 110C, and a core/middle mile SD-WAN region 110D. may include. Each SD-WAN region 110 includes multiple routing controllers 120. For example, the first SD-WAN region 110A includes routing controllers 120A-1 and 120A-2, the second SD-WAN region 110B includes routing controllers 120B-1 and 120B-2, and the third - WAN region 110C includes routing controllers 120C-1 and 120C-2, and core/middle mile SD-WAN region 110D includes routing controllers 120D-1 and 120D-2. Each routing controller 120 peers only with other routing controllers 120 within the same SD-WAN region 110 (eg, by forming an OMP peering/control connection 150 over a network such as the Internet). For example, routing controllers 120A-1 and 120A-2 peer with each other but do not peer with any of the remaining routing controllers 120 in multi-region SD-WAN environment 100. Similarly, each routing controller 120 only peers with edge routers 130 and border routers 140 that are within the same SD-WAN region 110 (e.g., by forming an OMP peering/control connection 150 over a network such as the Internet). do. For example, routing controllers 120A-1 and 120A-2 peer with edge routers 130A-1, 130A-2, and 130A-3 and border routers 140A and 140B, but not with the remaining edge routers of multi-region SD-WAN environment 100. 130 and border router 140. A multi-region SD-WAN environment 100 includes SD-WAN regions 110 each having a dedicated routing controller 120 that peers only with their respective SD-WAN region 110 (i.e., a centralized pool of routing controllers is connected to the entire SD-WAN). Because the multi-region SD-WAN environment 100 is capable of relatively unlimited horizontal scaling of routing controller clusters and their associated paths/routes, could be.

Routing controller 120 analyzes and manages the control plane of multi-region SD-WAN environment 100. Unlike edge router 130 or border router 140, routing controller 120 does not handle the transmission of data traffic. Instead, routing controller 120 provides route information to edge routers 130 and border routers 140. In some embodiments, each routing controller 120 is a Cisco vSmart controller, which is software that runs as a virtual machine on a server. Each routing controller 120 forms OMP peering/control connections 150 with edge routers 130, border routers 140, and other routing controllers 120 within the same region 110 over a network, such as the Internet. Each OMP peering/control connection 150 (eg, 150A-F) is a communication channel through which a control protocol (ie, OMP) exchanges routing, policy, and management information between network devices. Generally, routing controller 120 establishes connections, coordinates connections, and maintains the connections that form the SD-WAN fabric. Routing controller 120 establishes and maintains a control plane connection (ie, OMP peering/control connection 150) with each edge router 130. Each OMP peering/control connection 150, which operates as a Datagram Transport Layer Security (DTLS) tunnel, is established after successful device authentication. In some embodiments, OMP peering/control connection 150 carries an encrypted payload between routing controller 120 and edge router 130. This payload may include route information necessary for routing controller 120 to determine the network topology, calculate the best route to the network destination, and distribute this route information to edge routers 130. In some embodiments, the routing controller 120 does not have a direct peering relationship with any device to which the edge router 130 is connected on the service side of the SD-WAN.

Each routing controller 120 learns routes for its associated region 110 from edge routers 130 and from any other routing controllers 120 within its region 110 (i.e., via OMP peering/control connections 150). Store and maintain route tables that store information (ie, OMP routes). Multi-region SD-WAN environment 100 provides a distributed region-by-region architecture for routing controllers 120, so that each routing controller 120 stores route information about the region in which it is operating in its route table. Just remember it. For example, routing controllers 120A-1 and 120A-2 learn routes for SD-WAN area 110A from each other and from edge routers 130A-1, 130A-2, and 130A-3 in SD-WAN area 110A. Memorize only information. Similarly, routing controllers 120B-1 and 120B-2 learn routes for SD-WAN region 110B from each other and from edge routers 130B-1, 130B-2, and 130B-3 in SD-WAN region 110B. SD-WAN region 110C only stores information, and routing controllers 120C-1 and 120C-2 learn from each other and from edge routers 130C-1, 130C-2, and 130C-3 in SD-WAN region 110C. Store only route information about. Routing controllers 120A-1 and 120A-2 do not store route information for region 110B or 110C, routing controllers 120B-1 and 120B-2 do not store route information for region 110A or 110C, and routing controller 120C-1 and 120C-2 do not store route information for area 110A or 110B. By having a distributed routing controller 120 that is prevented from storing route information for all regions 110 within the SD-WAN, multi-region SD-WAN environment 100 is prevented from storing route information for all regions 110. can scale horizontally to a much greater extent than a typical SD-WAN with a centralized routing controller 120.

Each SD-WAN region 110 also includes multiple edge routers 130. For example, the first SD-WAN region 110A includes edge routers 130A-1, 130A-2, and 130A-3, and the second SD-WAN region 110B includes edge routers 130B-1, 130B-2, and 130B-3, and the third SD-WAN region 110C includes edge routers 130C-1, 130C-2, and 130C-3. Edge routers 140 are located at the periphery of sites (remote offices, branch offices, campuses, data centers, etc.) and provide connectivity between sites. Edge router 130 can be either a hardware device or software (eg, a cloud-based router) that operates as a virtual machine. Edge router 130 handles the transmission of data traffic. Similar to routing controller 120, each edge router 130 peers only with routing controllers 120 within the same SD-WAN region 110 (eg, by forming an OMP peering/control connection 150). For example, edge routers 130A-1, 130A-2, and 130A-3 peer with routing controllers 120A-1 and 120A-2, but not with any of the remaining routing controllers 120 in multi-region SD-WAN environment 100. avoid that.

Each SD-WAN region 110 also includes multiple border routers 140. For example, the first SD-WAN region 110A includes border routers 140A and 140B, the second SD-WAN region 110B includes border routers 140C and 140D, and the third SD-WAN region 110C includes border routers 140E and 140F. including. Each border router 140 is also within the core/middle mile SD-WAN region 110D. Border router 140 can be either a hardware device or software (eg, a cloud-based router) that operates as a virtual machine. Border router 140 handles the transmission of data traffic. Each border router 140, edge router 130 communicates with a routing controller 120 within the same SD-WAN region 110 (e.g., by forming an OMP peering/control connection 150) and with a routing controller 120 in the core/middle mile SD-WAN region 110D. Peers with controller 120. For example, border routers 140A and 140B may include routing controllers 120A-1 and 120A-2 of first SD-WAN region 110A in addition to routing controllers 120D-1 and 120D-2 of core/middle mile SD-WAN region 110D. Peer with.

Network facilitator 160 is a network device that automatically coordinates the initial onboarding of routing controllers 120, edge routers 130, and border routers 140. Generally, network facilitator 160 facilitates connections between routing controller 120 and edge router 130. During the onboarding process, network facilitator 160 authenticates and verifies devices requesting to join the overlay network. For example, network facilitator 160 may receive registration request 170 from a particular SD-WAN edge router 130, such as edge router 130A-1. In some embodiments, registration request 170 may include a particular region identifier of a particular SD-WAN edge router (eg, the region identifier for SD-WAN region 110A). In response to receiving the registration request, network facilitator 160 sends routing controller list 180 to edge router 130A-1. Routing controller list 180 is filtered to include only routing controllers 120 (i.e., routing controllers 120A-1 and 120A-2 in this example) that have a region identifier that matches the region identifier of edge router 130A-1. This is a list of 120 items. In this manner, network facilitator 160 provides the information necessary for edge router 130A-1 to peer only with routing controllers 120 (ie, routing controllers 120A-1 and 120A-2) in its area 110A. In some embodiments, network facilitator 160 is a Cisco vBond Orchestrator. Network facilitator 160 can be either a hardware device or software (eg, a cloud-based router) that operates as a virtual machine.

In operation, multi-region SD-WAN environment 100 provides a distributed per-region routing controller architecture that prevents a full mesh of peering/control connections between all routing controllers 120 of the SD-WAN. To do so, multi-region SD-WAN environment 100 has unique behavior in control connections and OMP route distribution. First, each routing controller 120, edge router 130, and border router 140 in multi-region SD-WAN environment 100 is configured with a region identifier associated with the particular region 110 to which they belong. For example, SD-WAN region 110A may have a region identifier of "Area 1" and all devices within SD-WAN region 110A (e.g., routing controllers 120A-1 and 120A-2, edge router 130A-1) , 130A-2, and 130A-3, and border routers 140A and 140B) are configured with the same area identifier of "Area 1." Similarly, SD-WAN region 110B may have a region identifier of "Region 2" and all devices within SD-WAN region 110B (e.g., routing controllers 120B-1 and 120B-2, edge router 130B- 1, 130B-2, and 130B-3, and border routers 140C and 140D) are configured with the same area identifier of "Area 2." When registering with network facilitator 160, each routing controller 120 presents its region identifier to network facilitator 160. Network facilitator 160 maintains a routing controller list 180 that lists all routing controllers 120 in multi-region SD-WAN environment 100 and the region identifier of each routing controller 120. In this way, network facilitator 160 knows which routing controller 120 is responsible for a given region 110.

Then, when edge routers 130 and border routers 140 register with network facilitator 160, each device sends its assigned region identifier to network facilitator 160 in a registration request 170. Network facilitator 160 responds to registration request 170 by sending routing controller list 180 back to the requesting device. However, instead of sending a routing controller list 180 that enumerates all routing controllers 120 in the multi-region SD-WAN environment 100, the network facilitator 160 filters the routing controller list 180 to match region identifiers to requesting devices. Include only the routing controller 120 that has a For example, in response to receiving a registration request 170 from edge router 130A-1 that includes a region identifier of "Area 1," network facilitator 160 sends a request to the routing controller 120 that also has a region identifier of "Area 1" (i.e., a routing 120A-1 and 120A-2). The receiving device (i.e., edge router 130A-1 in this example) then establishes control connections and OMP peering ( That is, proceed to establish the OMP peering/control connection 150A). In this way, multi-region SD-WAN environment 100 prevents a full mesh of peering/control connections between all routing controllers 120 in the network spanning region 110.

FIG. 2 is a flow diagram illustrating an example method 200 by an edge router in an SD-WAN. For example, method 200 may be performed by edge router 130 of multi-region SD-WAN environment 100. Method 200 may begin at step 210 where a registration request is sent to a network facilitator of an SD-WAN. The registration request includes a specific area identifier of the SD-WAN edge router. In some embodiments, the registration request is a registration request 170 and the network facilitator is network facilitator 160. In some embodiments, the registration request is a request to form a DTLS tunnel.

At step 220, method 200 receives a list of routing controllers from a network facilitator of the SD-WAN. The list of routing controllers identifies one or more routing controllers of the SD-WAN. Each routing controller in the list of routing controllers received from the network facilitator has a region identifier that matches the specific region identifier of the SD-WAN edge router received in step 210. In some embodiments, the list of routing controllers is a routing controller list 180. In some embodiments, the plurality of routing controllers are routing controllers 120. In some embodiments, each routing controller is a vSmart controller.

In step 230, method 200 establishes OMP peering connections with multiple routing controllers in the list of routing controllers from the network facilitator received in step 220. In some embodiments, the OMP peering connection is an OMP peering/control connection 150.

In step 240, method 200 avoids establishing an OMP peering connection with any other routing controller that has a different region identifier than the specific region identifier of the SD-WAN edge router. For example, if the specific region identifier of an SD-WAN edge router is "Area 1", the SD-WAN Edge router may Avoid establishing an OMP peering connection with a routing controller having a region identifier of the identifier. After step 240, method 200 may end.

FIG. 3 is a flow diagram illustrating an example method 300 by a root controller in an SD-WAN. For example, method 300 may be performed by network facilitator 160 of multi-region SD-WAN environment 100. Method 300 may begin at step 310, where method 300 receives a region identifier from a routing controller of an SD-WAN. For example, each routing controller may send its associated region identifier in a request to register with the SD-WAN. In some embodiments, the registration request is a registration request 170. In some embodiments, method 300 may form and maintain a list of routing controllers and their associated region identifiers. For example, method 300 may form and maintain routing controller list 180.

At step 320, method 300 receives a registration request from an SD-WAN edge router. The registration request includes the area identifier of the edge router. In some embodiments, the registration request is a registration request 170. In some embodiments, the SD-WAN edge router is edge router 130.

In step 330, method 300 matches the edge router's region identifier received in step 320 with the routing controller's stored region identifier. For example, method 300 may analyze the complete list of routing controllers in the SD-WAN to identify routing controllers that have a region identifier that is the same as the region identifier of the edge router received in step 320.

In step 340, method 300 sends the list of routing controllers to the edge router. In some embodiments, the list of routing controllers is a filtered list of routing controllers that is filtered to include only routing controllers with matching region identifiers identified in step 330. In some embodiments, the list of routing controllers is a routing controller list 180. After step 340, method 300 may end.

FIG. 4 illustrates an exemplary computer architecture for a device capable of executing program components to implement the functionality described above. The computer architecture shown in FIG. 4 depicts any type of computer 400, such as a traditional server computer, workstation, desktop computer, laptop, tablet, network appliance, electronic reader, smartphone, or other computing device; It can be utilized to execute any of the software components presented herein. Computer 400, in some examples, is one of the devices described herein, such as routing controller 120, edge router 130, border router 140, network facilitator 160, and/or any other device described herein. Personal devices (e.g., smartphones, tables, wearable devices, laptop devices, etc.), servers, switches, routers, hubs, bridges, gateways, modems, repeaters, access points, and/or Networked devices may be included, such as any other type of computing device that may run any type of software and/or virtualization technology. Computer 400 includes a baseboard 402 or "motherboard," which is a printed circuit board to which a number of components or devices can be connected by a system bus or other telecommunications path. In one exemplary configuration, one or more central processing units (“CPUs”) 404 operate in conjunction with a chipset 406. CPU 404 may be a standard programmable processor that performs the arithmetic and logical operations necessary for the operation of computer 400.

CPU 404 performs operations by transitioning from one discrete physical state to the next through the operation of switching elements that differentially change states. A switching element generally bases its output state on a logical combination of the states of an electronic circuit, such as a flip-flop, that maintains one of two binary states, and one or more other switching elements, such as a logic gate. and electronic circuits provided. These basic switching elements can be combined to create more complex logic circuits, including registers, adder-subtractors, arithmetic logic units, floating point units, and the like.

Chipset 406 provides an interface between CPU 404 and the remaining components and devices on baseboard 402. Chipset 406 may provide an interface to RAM 408, which is used as main memory within computer 400. Chipset 406 includes read-only memory ("ROM") 410 or ROM for storing the basic routines that help start computer 400 and transfer information between various components and devices. An interface to a computer-readable storage medium such as non-volatile RAM ("NVRAM") may further be provided. ROM 410 or NVRAM may also store other software components necessary for operation of computer 400 in accordance with the configurations described herein.

Computer 400 can operate in a networked environment using logical connections to remote computing devices and computer systems over a network, such as the Internet. Chipset 406 may include functionality for providing network connectivity via NIC 412, such as a Gigabit Ethernet adapter. NIC 412 can connect computer 400 to other computing devices via network 424. It should be appreciated that multiple NICs 412 can be present within computer 400 to connect the computer to other types of networks and remote computer systems.

Computer 400 can be connected to a storage device 418 that provides non-volatile storage for the computer. Storage device 418 may store an operating system 420, programs 422, and data, which are described in more detail herein. Storage device 418 may be connected to computer 400 via storage controller 414 connected to chipset 406. Storage device 418 may be comprised of one or more physical storage units. The storage controller 414 may be a serial attached SCSI ("SAS") interface, a serial advanced technology attachment ("SATA") interface, a fiber channel ("FC") interface, or a computer. The physical storage unit may be interfaced with through other types of interfaces for physically connecting and transferring data between the computer and the physical storage unit.

Computer 400 can store data on storage device 418 by transforming the physical state of the physical storage unit to reflect the information being stored. The particular transformation of physical state may depend on various factors in different embodiments herein. Examples of such factors may include, but are not limited to, the technology used to implement the physical storage unit, whether the storage device 418 is characterized as primary storage or secondary storage, etc. Not limited.

For example, computer 400 may issue instructions through storage controller 414 to determine the magnetic properties of a particular location within a magnetic disk drive unit, the reflective or refractive properties of a particular location within an optical storage unit, or the reflective or refractive properties of a particular location within a solid state storage unit. Information can be stored in storage device 418 by changing the electrical characteristics of particular capacitors, transistors, or other individual components of storage device 418 . Other transformations of the physical medium are possible without departing from the scope and spirit of this specification, and the foregoing examples are provided only to facilitate this description. Computer 400 can further read information from storage device 418 by detecting the physical condition or characteristic of one or more particular locations within the physical storage unit.

In addition to mass storage device 418, described above, computer 400 may access other computer-readable storage media for storing and retrieving information such as program modules, data structures, or other data. Those skilled in the art will appreciate that computer-readable storage media are any available media that provides non-transitory storage of data and that can be accessed by computer 400. In some examples, operations performed by routing controller 120, edge router 130, border router 140, network facilitator 160, and/or any other device described herein may be performed by one computer similar to computer 400. Can be supported by more than one device. Stated another way, some or all of the operations performed by routing controller 120, edge router 130, border router 140, network facilitator 160, and/or any other device described herein may include: May be executed by one or more computing devices 400.

By way of example, and not limitation, computer-readable storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology. The computer readable storage medium may include RAM, ROM, erasable ROM, erasable programmable ROM ("EPROM"), electrically-erasable programmable ROM ("EEPROM"), flash memory or Other solid-state memory technologies include compact disc ROM (CD-ROM), digital versatile disk (DVD), and high definition DVD (HD-DVD). , BLU-RAY, or other optical storage, magnetic cassette, magnetic tape, magnetic disk storage or other magnetic storage device, or any other medium that can be used to non-temporarily store the desired information. including but not limited to.

As briefly mentioned above, storage device 418 can store an operating system 420 that is utilized to control the operation of computer 400. According to one embodiment, the operating system includes a LINUX operating system. According to another embodiment, the operating system includes the WINDOWS SERVER operating system from MICROSOFT Corporation of Redmond, Washington. According to further embodiments, the operating system may include a UNIX operating system or one of its variants. It should be understood that other operating systems are also available. Storage device 418 may store other system or application programs and data utilized by computer 400.

In one embodiment, storage device 418 or other computer-readable storage medium is encoded with computer-executable instructions that, when loaded into computer 400, cause the computer to run from a general-purpose computing system. into a special purpose computer capable of implementing the embodiments described in . These computer-executable instructions transform computer 400 by specifying how CPU 404 transitions between states, as described above. According to one embodiment, computer 400 has access to a computer-readable storage medium that stores computer-executable instructions that, when executed by computer 400, perform the various processes described above with respect to FIGS. . Computer 400 may also include a computer-readable storage medium having instructions stored thereon for performing any of the other computer-implemented operations described herein.

Computer 400 also includes one or more input/output controllers for receiving and processing input from a number of input devices, such as a keyboard, mouse, touch pad, touch screen, electronic stylus, or other types of input devices. 416. Similarly, input/output controller 416 may provide output to a display such as a computer monitor, flat panel display, digital projector, printer, or other type of output device.

As described herein, computer 400 may include one or more of routing controller 120, edge router 130, border router 140, network facilitator 160, and/or any other device described herein. I can prepare. Computer 400 may include one or more hardware processors 404 (processors) configured to execute one or more stored instructions. Processor 404 may include one or more cores. Additionally, computer 400 may be configured to perform communications, such as those described herein as being performed by routing controller 120, edge router 130, border router 140, network facilitator 160, and/or any other device described herein. , may include one or more network interfaces configured to provide communication between computer 400 and other devices. Network interfaces are configured to couple to personal area networks (PANs), wired and wireless local area networks (LANs), wired and wireless wide area networks (WANs), etc. may include a device that includes For example, network interfaces may include devices compatible with Ethernet, Wi-Fi™, and the like. Program 422 may comprise any type of program or process for performing the techniques described in this disclosure.

As used herein, a computer readable non-transitory storage medium may include one or more semiconductor-based or other integrated circuits (ICs) (e.g., field-programmable gate arrays, FPGAs), where appropriate. ) or application-specific IC (ASIC), etc.), hard disk drive (HDD), hybrid hard drive (HHD), optical disk, optical disk drive (ODD), magneto-optical disk, Magneto-optical drives, floppy diskettes, floppy disk drives (FDD), magnetic tape, solid-state drives (SSD), RAM drives, secure digital cards or drives, any other suitable computer readable may include non-transitory storage media, or any suitable combination of two or more thereof. Computer-readable non-transitory storage media may be volatile, non-volatile, or a combination of volatile and non-volatile, where appropriate.

As used herein, "or" is inclusive and not exclusive, unless expressly indicated otherwise or the context indicates otherwise. Accordingly, as used herein, "A or B" means "A, B, or both," unless the context explicitly dictates otherwise. Further, "and" is both joint and plural, unless the context explicitly dictates otherwise. Accordingly, as used herein, "A and B" means "A and B together or separately," unless expressly indicated otherwise or the context indicates otherwise.

The scope of this disclosure includes all changes, substitutions, variations, modifications, and modifications to the exemplary embodiments described or illustrated herein that would be understood by those skilled in the art. The scope of the disclosure is not limited to the exemplary embodiments described or illustrated herein. Further, although this disclosure describes and illustrates each embodiment herein as including a particular component, element, feature, function, act, or step, any of these embodiments may be may include any combination or permutation of any of the components, elements, features, functions, acts, or steps described or illustrated anywhere herein that would be understood by those skilled in the art. Furthermore, any device or system adapted, arranged, capable, configured, enabled, operable, or operable to perform the specified functions in the appended claims; A reference to a component of a device or system refers to the fact that the device, system, or component is so adapted, arranged, capable, configured, enabled, operable, or capable of operation. to the extent that it or a particular feature thereof is activated, turned on, or unlocked. In addition, although this disclosure describes or illustrates certain embodiments as providing certain advantages, a particular embodiment may not provide any of these advantages or may lack these advantages. may provide some or all of the benefits.

Note that the embodiments disclosed in this specification are merely examples, and the scope of the present disclosure is not limited thereto. A particular embodiment may include all, some, or none of the components, elements, features, functions, acts, or steps of the embodiments disclosed herein. Certain embodiments are particularly disclosed in the appended claims, which are directed to methods, storage media, systems, and computer program products, such that any feature recited in one claim category, e.g. Claim categories such as systems may be similarly claimed. Any dependencies or references in the appended claims are chosen for formal reasons only. However, any subject matter arising from intentional reference to any preceding claim (in particular multiple dependencies) may be claimed as well, so that any combination of the claims and their features may be disclosed and It may be claimed regardless of the dependent relationships chosen in the appended claims. Claimable subject matter includes not only the combinations of features recited in the appended claims, but also any other combinations of features in the claims, each feature recited in the claims may be combined with any other feature or combination of other features in the claims. Furthermore, any of the embodiments and features described or depicted herein may be claimed in a separate claim and/or together with or appended to any embodiment or feature described or depicted herein. may be claimed in any combination with any of the features of the claims.

Claims (25)

A software defined wide area network (SD-WAN), comprising:
A first area,
a plurality of first routing controllers, each first routing controller storing a plurality of first routes for the first region;
a first region including a plurality of first SD-WAN edge routers;
A second area,
a plurality of second routing controllers, each second routing controller storing a plurality of second routes for the second region;
a second region including a plurality of second SD-WAN edge routers;
Each first SD-WAN edge router in the first area includes:
establishing an Overlay Management Protocol (OMP) peering connection with the plurality of first routing controllers of the first region;
configured to avoid establishing an OMP peering connection with the plurality of second routing controllers of the second region;
Each second SD-WAN edge router in the second area includes:
establishing an OMP peering connection with the plurality of second routing controllers of the second region;
An SD-WAN configured to avoid establishing an OMP peering connection with the plurality of first routing controllers of the first region. each first routing controller of the first region is prevented from storing the plurality of second routes for the second region;
The SD-WAN of claim 1, wherein each second routing controller of the second region is prevented from storing the plurality of first routes for the first region. The SD-WAN of claim 1 or 2, wherein each of the first and second routing controllers is a vSmart controller. each first routing controller of the plurality of first routing controllers is configured to establish an OMP peering connection with another first routing controller of the first region;
each first routing controller of the plurality of first routing controllers is prevented from establishing an OMP peering connection with any routing controller outside the first region;
each second routing controller of the plurality of second routing controllers is configured to establish an OMP peering connection with another second routing controller of the second region;
Any of claims 1 to 3, wherein each second routing controller of the plurality of second routing controllers is prevented from establishing an OMP peering connection with any routing controller outside the second region. SD-WAN according to item 1. A network facilitator,
A registration request is received from a particular SD-WAN edge router of the plurality of first and second SD-WAN edge routers, and the registration request includes a particular area identifier of the particular SD-WAN edge router. including,
In response to receiving the registration request, a list of routing controllers is sent to the particular SD-WAN edge router, and each routing controller in the list of routing controllers is a member of the particular SD-WAN edge router. The SD-WAN according to any one of claims 1 to 4, further comprising a network facilitator configured to have a region identifier matching the particular region identifier. The SD-WAN of claim 5, wherein the network facilitator is a vBond orchestrator. The SD-WAN according to claim 5 or 6, wherein the registration request is a request to form a Datagram Transport Layer Security (DTLS) tunnel. a plurality of first border routers in the first region, each first border router comprising:
establishing an OMP peering connection with the plurality of first routing controllers of the first region;
establish OMP peering connections with multiple core routing controllers in the core area;
a plurality of first border routers configured to avoid establishing an OMP peering connection with the plurality of second routing controllers of the second region;
a plurality of second border routers in the second region, each second border router comprising:
establishing an OMP peering connection with the plurality of second routing controllers of the second region;
establishing an OMP peering connection with the plurality of core routing controllers of the core region;
a plurality of second border routers configured to avoid establishing an OMP peering connection with the plurality of first routing controllers of the first region. The SD-WAN according to any one of the above. It is a core area,
multiple core routing controllers,
9. The SD-WAN of any one of claims 1 to 8, further comprising a core region comprising a plurality of SD-WAN border routers. Each SD-WAN border router is
establishing an OMP peering connection with the plurality of core routing controllers of the core region;
10. The SD-WAN of claim 9, configured to establish OMP peering connections with routing controllers of only one other of the first or second regions. A method performed by an SD-WAN edge router in a software defined wide area network (SD-WAN), the method comprising:
sending a registration request to a network facilitator of the SD-WAN, the registration request including a specific area identifier of the SD-WAN edge router;
receiving a list of routing controllers from the network facilitator of the SD-WAN;
the list of routing controllers identifies a plurality of routing controllers of the SD-WAN;
each routing controller in the list of routing controllers received from the network facilitator has a region identifier that matches the particular region identifier of the SD-WAN edge router;
establishing an Overlay Management Protocol (OMP) peering connection with the plurality of routing controllers in the list of routing controllers from the network facilitator;
and avoiding establishing an OMP peering connection with any other routing controller having a different realm identifier than the particular realm identifier of the SD-WAN edge router. 12. The method of claim 11, wherein each of the plurality of routing controllers is a vSmart controller. 13. A method according to claim 11 or 12, wherein the network facilitator is a vBond orchestrator. 14. A method according to any one of claims 11 to 13, wherein the registration request is a request to create a Datagram Transport Layer Security (DTLS) tunnel. A method performed by an SD-WAN network facilitator in a software defined wide area network (SD-WAN), the method comprising:
receiving a first region identifier from a plurality of first routing controllers of a first region;
receiving a second region identifier from a plurality of second routing controllers of a second region;
receiving a registration request from an SD-WAN edge router, the registration request including a specific region identifier of the SD-WAN edge router;
determining that the particular region identifier of the SD-WAN edge router matches the first region identifier of the plurality of first routing controllers of the first region;
sending a list of routing controllers to the SD-WAN edge router, the list of routing controllers including the plurality of first routing controllers and excluding the plurality of second routing controllers; , including a method. 16. The method of claim 15, wherein each of the plurality of first and second routing controllers is a vSmart controller. 17. A method according to claim 15 or 16, wherein the network facilitator is a vBond orchestrator. 18. A method according to any one of claims 15 to 17, wherein the registration request is a request to create a Datagram Transport Layer Security (DTLS) tunnel. receiving a second registration request from an SD-WAN border router, the second registration request including a specific region identifier of the SD-WAN border router;
determining that the particular region identifier of the SD-WAN border router matches the second region identifier of the plurality of second routing controllers of the second region;
sending a second list of routing controllers to the SD-WAN border router, the second list of routing controllers including the plurality of second routing controllers; 19. The method of any one of claims 15 to 18, further comprising: excluding a controller. Determining that the particular region identifier of the SD-WAN edge router matches the first region identifier of the plurality of first routing controllers of the first region comprises 20. A method according to any one of claims 15 to 19, comprising analyzing a complete list of routing controllers including the routing controller. An SD-WAN edge router in a software defined wide area network (SD-WAN), comprising:
means for transmitting a registration request to a network facilitator of the SD-WAN, the registration request including a specific area identifier of the SD-WAN edge router;
means for receiving a list of routing controllers from the network facilitator of the SD-WAN, the method comprising:
the list of routing controllers identifies a plurality of routing controllers of the SD-WAN;
means for receiving, each routing controller in the list of routing controllers received from the network facilitator having a region identifier that matches the particular region identifier of the SD-WAN edge router;
means for establishing Overlay Management Protocol (OMP) peering connections with the plurality of routing controllers in the list of routing controllers from the network facilitator;
means for avoiding establishing an OMP peering connection with any other routing controller having a different region identifier than the particular region identifier of the SD-WAN edge router. 22. A router according to claim 21, further comprising means for implementing a method according to any one of claims 12 to 14. An SD-WAN network facilitator in a software defined wide area network (SD-WAN), comprising:
means for receiving a first region identifier from a plurality of first routing controllers of a first region;
means for receiving a second region identifier from a plurality of second routing controllers of a second region;
means for receiving a registration request from an SD-WAN edge router, the registration request including a specific region identifier of the SD-WAN edge router;
means for determining that the particular region identifier of the SD-WAN edge router matches the first region identifier of the plurality of first routing controllers of the first region;
means for transmitting a list of routing controllers to the SD-WAN edge router, the list of routing controllers including the plurality of first routing controllers and excluding the plurality of second routing controllers; and a facilitator. 24. A facilitator according to claim 23, further comprising means for implementing a method according to any one of claims 16 to 20. 21. A computer program, computer program product or logic encoded on a tangible computer readable medium comprising instructions for implementing a method according to any one of claims 11 to 20.