SD-WAN : Underlay vs Overlay

In the world of SD-WAN we have heard many new terms like underlay, overlay, BIO, Internet breakout, configuration templates. Let us learn what these terms mean in simple words

• Underlay : Are actual physical circuits such as MPLS, Internet, DIA, BIA (Broadband), 4G, 5G.
• Overlay : Overlays are logical tunnels or IPSec tunnels created for different traffic types and policies or application-specific traffic.
• BIO : Business Intent Overlay or policies applied to traffic classes, e.g., threshold policies or blackout or brownout policies.
  For example from Silver Peak BIO traffic is divided into 6 categories and each category is given its desired BW which is applied to the overlay tunnel. For brownout cases such as packet loss or high latency, path conditioning can be enabled to switch traffic to the best performing link.

   

• Internet Breakout: There are 2 types of internet breakout in SD-WAN.
  • a) Local breakout : Any traffic that does not match the internal or internal routes will be sent to the local breakout by the device.
  • b) Cloud Security based breakout : There is another third party IPSEC or GRE tunnel between the SD-WAN edge device and the cloud security provider, and any traffic that does not match the internet routes/subnets will be forwarded to this tunnel.

     

• Configuration Templates : Templates are predefined configurations that help configure a specific task, for example, SNMP trap server or IPFIX / Netflow Collector or Syslog Reciever IP are the same across the network, so once a template is created, it is automatically applied to all devices, saving many hours of work.