SD-WAN

 View Only
last person joined: 6 days ago 

Ask questions and share experiences with SD-WAN and Session Smart Router (formerly 128T).
  • 1.  128T: Selective Encryption and Session Optimization

    Posted 04-24-2019 10:42
    Hi All,

    Just a few questions around 2 features;

    1) Selective Encryption
    - To my knowledge, this feature is always on, and inspects SSL/TLS handshakes to determine if a session between client and server is encrypted. If it is encrypted, the 128T node will not re-encrypt the data-in-flight. Is this true?

    2) Sessions Optimisation
    - What are the metrics for this feature to be activated? I understand that there is a slider in the GUI for this feature to be considered when forwarding traffic.
    2.1) Is there a latency and bandwidth limit to when this will be activated on a session and when it won't?
    2.2) To take advantage of this feature, the session does not have to be between 2 128T nodes, correct? (Can this be applied to direct internet-bound traffic as well?)
    2.3) Will the metrics that are taken into consideration for this feature be customisable in future releases? 

    Regards,

    ------------------------------
    Morne Vermeulen
    Engineer
    +27 (0) 10 141 8512
    ------------------------------


  • 2.  RE: 128T: Selective Encryption and Session Optimization

    Posted 04-25-2019 10:03
    Hi @Morne

    It's always great to hear from you!

    @Sarah V Jaffer and @Michael Adams (aka, Mike) should be able to answer your questions on Session Optimization (here is a short video too). You both tag anyone else, if they are better suited to provide answers.

    As far as your question re: "will the metrics that are taken into consideration for this feature be customisable in future releases?", I would suggest to add it to the Ideas group in Interchange. I'm not sure if this is in the pipeline (Sarah and Mike may know), however, if you add this to the Ideas group, the product management team will be able to officially let you know. And if it's not in the queue, they can add it in for future considerations. 

    And, yes re: adaptive encryption. We also have this minute video on Adaptive Encryption in the 128T Networking Platform. Not packed with tons of information, but provides a quick highlight of the feature. 

    Thanks!

    ------------------------------
    Victoria Smiley
    Interchange Community Manager
    Burlington MA
    ------------------------------



  • 3.  RE: 128T: Selective Encryption and Session Optimization

    Posted 04-25-2019 10:55
    Hi @Morne,

    To answer your first question, Adaptive Encryption is a feature that can be enabled/disabled through the data model.  Within the security element in config you should find an adaptive-encryption setting that allows you to set this per security.

    As for Session Optimization, our criteria for activating that feature are: high latency (half a second or more) and low bandwidth.  The latter is determined by the traffic engineering settings: traffic engineering must be enabled on that interface, and the transmit cap (again for that interface) must be 30mbps or lower.  The feature is a SVR feature and does require two 128Ts to participate and it will not apply to internet-bound traffic.  

    We currently have no plans to make the latency and bandwidth requirements customizable.

    ------------------------------
    Sarah V Jaffer
    Software Engineer
    MA
    (781) 203-8386
    ------------------------------