Architecture of the solution

Kaspersky SD-WAN includes the following main components:

• The orchestrator controls the solution infrastructure, functions as an NFV orchestrator (NFVO), and manages network services and distributed VNFMs. Can be managed via the web interface or REST API when using external northbound systems.
• The SD-WAN Controller centrally manages the overlay network and network devices in accordance with the service chain topology via the OpenFlow protocol. Deployed as a virtual or physical network function.
• CPE devices relay traffic and form an SDN fabric in the form of an overlay network. Installed at remote locations.
• The VNFM manages the lifecycle of virtual network functions using SSH, Ansible playbooks, scripts, and Cloud-init attributes.

When using virtual network functions, the following additional components may be included in the architecture:

• The SDN controller manages hardware and software switches. This component is optional.
• The VIM -manages computational, networking, and storage resources within the NFV infrastructure. Connects VNFs using virtual links, subnets, and ports. The OpenStack cloud platform is used as the VIM.

Kaspersky SD-WAN has a distributed microservice architecture based on Docker containers (see the figure below). An SD-WAN Controller can include one, three, or five nodes. Controller nodes are separate virtual machines which you can run on different physical servers for fault tolerance.

Architecture of Kaspersky SD-WAN