Private WAN (PWAN) allows geographically distant sites to securely route traffic to each other as if each site was connected to the same router. It also allows access to the Internet to be centralized for all sites in a space.
Private, secure routing
In the example environment below, showing sites in a single space, a host on the 10.1.0.0/24 network can communicate with a host on the 10.6.0.0/24 network, no matter which Aggregator or routing group either site is assigned to.
When private WAN is enabled, traffic from sites in the space is not routed from an Aggregator to a partner’s core router; instead, it is routed either directly to other sites in the same space on the same Aggregator, or routed via a PWAN Router to sites in the same space on different Aggregators.
Connected IPs and Routes Outside Private WAN
Some network designs call for a mix of private WAN routing and normal public routing. A site may need to be part of a Private WAN space but continue to use a public IP address for its connection to the internet. We can accommodate this configuration.This can be configured by disabling the “Include in private WAN” option on a sites connected IP or route. A CPE can have multiple connected IPs and routes, some included in private WAN routing and some excluded.
Sites with a mix of Private WAN-included and Private WAN-excluded connected IPs route their traffic as shown in this diagram:
System Requirements for Private WAN Routers
Environment: bare metal, ESX, Xen, or KVM.
see virtualization considerations on provisioning private WAN routers.
CPU: Intel Xeon CPU Ivy Bridge (2013) or newer with at least 4 cores
if private WAN encryption is enabled, the AES acceleration instruction set is recommended for faster speeds
RAM: minimum 4 GB, add 50 MB/private WAN space and can use more depending on the number of routes the space has.
Disk: minimum 4 GB. For highest reliability, use hard disks, solid state disks, or flash storage with good wear-leveling algorithms. Flash storage without good wear-leveling algorithms tend to fail sooner than other types of storage.
Ethernet: One gigabit interface
IP Address: One static public IP
Bandwidth: Sufficient bandwidth for all bonds assigned to private WAN in this routing group, considering your oversubscription ratio if applicable.
Centralized Internet Access
In addition to offering private routing among separate sites, private WAN also offers a way to centralize internet access for all the sites in a space. Access can be configured using NAT on the Private WAN Routers, by forwarding traffic to a dedicated router through a VLAN interface on the PWAN Router, or by sending it to a gateway at a site (for example, the corporate HQ).