The following snippets summarize the SD-WAN architecture guide for Enterprise deployment. To view the complete guide, go to SD-WAN Architecture for Enterprise.
Introduction
The intention of the reference architecture is to provide an overview of Fortinet SD-WAN solution, along with the components and architectures to satisfy common use cases. It covers the Fortinet technology involved in deploying various types of SD-WAN designs, along with considerations and best practices. Our intention is to design a highly scalable, redundant, and secure SD-WAN design that is practical for your organizational requirements.
Executive summary
The following image illustrates a modernized SD-WAN branch edge solution that manages a hybrid architecture inclusive of both private WAN (MPLS) and broadband internet connectivity.
First, the branch has multiple transports, or connectivity options. In this example, the corporate WAN MPLS network remains, but this organization has introduced a single broadband connection to provide direct internet access (DIA) from the branch. In addition, the organization has established an overlay network using Internet Protocol security (IPsec) tunnels between branches and the datacenter over the broadband internet transport. The result is that multiple paths are possible from the branch to both the datacenter and a multi-cloud environment.
Compare this with legacy single-path architecture with a switch connected to a simple router that has one connection to a private WAN. Essentially, there is only one option for egress traffic. But introducing DIA inherently provides for a redundant connectivity architecture. In terms of datacenter connectivity, the overlay network (IPsec tunnel) delivers an alternative path for critical applications that would normally traverse the MPLS. In the same way, the private WAN path will continue to provide its path to the internet, but is now superseded by the DIA connection.
Architecture and design
| Design | Business Application Location(s) | Common Use Cases |
|
Single datacenter |
Single datacenter location | Private workloads and applications where stability is preferred |
|
Multiple datacenters |
Geo-redundant datacenter locations | Redundant, private workloads where datacenter location is preferred, and other locations are backups |
|
Multi-region datacenters |
Geo-redundant datacenters across different regions |
Connectivity to other regions for some applications and services |
|
Cloud on-ramp* (for static cloud environments) |
Static cloud infrastructure | Connectivity to cloud services with a static gateway |
|
Cloud on-ramp* (for dynamic cloud environments) |
Dynamic cloud infrastructure | Connectivity to cloud services with a dynamic gateway |
* Designs like direct internet access (DIA) and cloud on-ramp are typically used in conjunction with other designs. For example, multiple datacenter designs can include DIA and cloud on-ramp.
For more information, go to SD-WAN Architecture for Enterprise.
