ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
070bd42886bf85534041b93dd2c837ee42e8ab52
nexus/wiki/concepts/SD-WAN.md
weishen 74d02d0df2 Auto-sync: 2026-04-29 00:02
2026-04-29 00:02:51 +08:00

59 lines
2.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "SD-WAN (Software-Defined Wide Area Network)"
type: concept
tags: [AWS, Networking, WAN, Overlay, SASE]
sources: [ctp-topic-18-wide-area-networking-in-aws-cloud]
last_updated: 2026-05-07
---
## SD-WAN (Software-Defined Wide Area Network)
SD-WANSoftware-Defined Wide Area Network是一种软件定义的广域网技术通过软件控制层对物理网络进行抽象实现动态路径选择、负载均衡和自动化流量调度。
## Definition
- **SD**: Software-Defined——网络控制平面与数据平面分离通过软件集中管理
- **WAN**: Wide Area Network——跨越地理区域的广域网
- **核心价值**: 将底层物理网络Underlay抽象为逻辑 Overlay 网络,灵活调度流量
## In CTP Architecture
在 [[ctp-topic-18-wide-area-networking-in-aws-cloud]] 中描述的演进路线:
- **当前状态**: TGW 间路由依赖静态前缀列表,缺乏 BGP 动态路由DR 场景需要人工干预
- **演进目标**: 引入 [[SilverPeak]] SD-WAN 作为叠加网络Overlay在 AWS 中部署虚拟 SD-WAN 设备
- **解决问题**: 动态路径选择、自动化流量调度,消除静态路由的局限性
## Key Properties
| 属性 | 值 |
|------|-----|
| 架构类型 | Overlay Network叠加网络 |
| 控制平面 | 软件集中控制,与硬件解耦 |
| 路径选择 | 基于实时链路质量(带宽、延迟、丢包率) |
| 部署模式 | 虚拟设备vSIM 或纯软件) |
| 典型厂商 | Silver Peak, Viptela (Cisco), VeloCloud (VMware) |
## Relationship to SASE
SD-WAN 是 SASESecure Access Service Edge架构的核心组件
- SD-WAN 提供灵活的广域网连接
- SASE 将 SD-WAN 与安全服务SWG、CASB、ZTNA整合
- [[Prisma-Access]] 即为 Palo Alto Networks 的 SASE 产品
## Connections
- [[ctp-topic-18-wide-area-networking-in-aws-cloud]] ← 演进目标 ← [[SD-WAN]]
- [[SilverPeak]] ← 供应商 ← [[SD-WAN]]
- [[Overlay-Network]] ← 基于 ← [[SD-WAN]]
- [[Prisma-Access]] ← 整合 ← [[SD-WAN]]
## Relationship to CTP Topic 31
在 [[ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones]] 中SSM 作为 SD-WAN 落地前的**临时/过渡方案**SSM 提供零 VPN 的安全访问,而 SD-WAN 落地后将从网络层彻底解决多区域互联与安全策略统一管理问题。
## Sources
- [[ctp-topic-18-wide-area-networking-in-aws-cloud]]
- [[ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones]]
Reference in New Issue View Git Blame Copy Permalink