Solution Overview: Arista VeloCloud SD-WAN on IBM Cloud VPC

Arista VeloCloud SD-WAN transforms unpredictable broadband or hybrid transport networks into enterprise-class connections, assuring application performance via its distributed Cloud Gateway and Orchestrator infrastructure. In the IBM Cloud context, the VCE functions as the Cloud Gateway, extending optimized connectivity to applications hosted within the VPC. The core function of the VCE deployment pattern is threefold:

1. Overlay Establishment: Creating secure, optimized VCRP-based DMPO tunnels between branch office Arista VeloCloud Edges and the VCE in the VPC, handling Branch-to-Cloud and Branch-to-Branch traffic.
2. Traffic Insertion: Implementing precise IBM VPC Custom Routing Tables to ensure all ingress and egress traffic is forcibly steered through the VCE’s LAN interface before proceeding to workload subnets or external networks.
3. Security Enforcement: Providing essential security functions, including IDS/IPS protection using the Suricata engine, managed by Arista's curated security signatures.

Architecture diagram

Production environments mandate resilience against infrastructure failure, requiring an HA architecture across multiple IBM VPC availability zones.