White Paper

W H I T E PAP E R

VeloCloud
Dynamic
Multipath
Optimization
Page 1

VeloCloud Dynamic
Multipath Optimization
This document discusses the key functionalities and
benefits of VeloCloud Dynamic Multipath Optimization
(DMPO) that assures enterprise and cloud application
performance over Internet and hybrid WAN.
 Contents
W H I T E PAP E R
Introduction 3
VeloCloud
Dynamic DMPO Key Functionalities 3
Multipath
Optimization Continuous Monitoring 3
Page 2 Dynamic Application Steering 4
On-demand Remediation 5
Application Aware Overlay QoS 6

Business Policy Framework and Smart Defaults 11

Traffic Class (Priority and Service Class) 11
Network Services 11
Link Steering 12

DMPO Real World Results 16

Secure Traffic Transmission 17

Ports Used 17

Summary 17

VeloCloud Networks™, Inc. is the Cloud-Delivered SD-WAN™ company, a Gartner Cool Vendor 2016,
the Frost & Sullivan Product Leader in the SD-WAN Solution Market 2016, and a Best of Interop and
Best of VMworld winner. The company simplifies branch WAN networking by automating deployment
and improving performance over private, broadband Internet and LTE links for today’s increasingly
distributed enterprises. VeloCloud SD-WAN includes: a choice of public, private or hybrid cloud
network for enterprise-grade connection to cloud and enterprise applications; branch office enterprise
appliances and optional data center appliances; software-defined control and automation; and virtual
services delivery. VeloCloud has received financing from investors including NEA, Venrock, March Capital
Partners, Cisco Investments and The Fabric, and is headquartered in Mountain View, Calif. For more
information, visit www.velocloud.com and follow the company on Twitter @Velocloud.

© 2 01 7 VE LOC LOU D NETWO RKS, I NC. ALL RI GHTS RESERVED.

 Introduction
VeloCloud Cloud-delivered SD-WAN solution enables Enterprise and Service Pro-
W H I T E PAP E R vider to utilize multiple WAN transports simultaneously, maximize the bandwidth,
while ensuring application performance. The unique Cloud-Delivered architecture
VeloCloud offers these benefits for on-premise and cloud applications (SaaS/IaaS). This re-
Dynamic quires building overlay network, which consists of multiple tunnels, monitoring and
Multipath adapting to the change in the underlying WAN transports in real time. To deliver a
Optimization resilient overlay network that takes into account real-time performance of WAN
Page 3 links, VeloCloud has developed the Dynamic Multi-Path Optimization (DMPO). This
document explains the key functionalities and benefits of DMPO.

DMPO Key Functionalities

DMPO is used between all of the VeloCloud components that process and forward
data traffic: VeloCloud Edge (VCE) and VeloCloud Gateway (VCG). For connectiv-
ity within Enterprise locations (branch-to-branch or branch-to-hub), the VCEs es-
tablish DMPO tunnels between themselves. For connectivity to Cloud applications,
each VCE establishes DMPO tunnels with one or more VCGs. The four key DMPO
functionalities are discussed below.

Continuous Monitoring
Automated Bandwidth Discovery
Once the WAN link is detected by the VCE, it establishes DMPO tunnels with one
or more VCGs and runs bandwidth test with the closest VCG. The bandwidth test
is performed by sending short burst of bi-directional traffic and measuring the
received rate at each end. Since the VCG is deployed at the Internet Points of Pres-
ence (PoPs), it can also identify the real public IP address of the WAN link in case
the VCE interface is behind a NAT or PAT device.

Similar process applies to the private link. For the VCEs acting as the hub or head-
end, the WAN bandwidth is statically defined. However, when the branch VCE es-
tablishes DMPO tunnel to the hub VCEs, the bandwidth test procedures are similar
to those between the VCE and the VCG on the public link.

Continuous Path Monitoring

DMPO performs continuous, uni-directional measurements of performance met-
rics - loss, latency and jitter of every packet on every tunnel between any two
DMPO endpoints, VCE or VCG. VeloCloud’s per-packet steering allows independent
decisions in both uplink and downlink directions without introducing any asymmet-
ric routing. DMPO uses both passive and active monitoring approaches.

When user traffic is present, the DMPO tunnel header contains additional per-
formance metrics including sequence number and timestamp, thus enabling the
DMPO endpoints to identify lost and out-of-order packets, and calculate jitter and
latency in each direction. The DMPO endpoints communicate the performance
metrics of the path between each other every 100 ms.

When there is no user traffic, an active probe is sent every 100 ms and, after 5
minutes of no high priority user traffic, the probe frequency is reduced to 500 ms.
This comprehensive measurement enables the DMPO to react very quickly to the
change in the underlying WAN condition, resulting in the ability to deliver sub-sec-
ond protection against brownout and blackout in the WAN.
 Dynamic Application Steering
Application-aware Per-packet Steering
W H I T E PAP E R DMPO identifies traffic using layer 2 to 7 attributes, e.g. VLAN, IP address, proto-
col, and applications. VeloCloud performs application aware per-packet steering
VeloCloud based on Business Policy configurations and real-time link conditions. The Business
Dynamic Policy contains out-of-the-box Smart Defaults that specifies the default steering
Multipath behavior and priority of more than 2500 applications. Customers can immediate-
Optimization ly use the dynamic packet steering and application-aware prioritization without
Page 4 having to define policies.

Throughout its lifetime, a single traffic flow can be steered onto one or more
DMPO tunnels, in the middle of the communication, with no impact to the flow.
A link that is completely down is referred to as having a blackout condition. A
link that is unable to deliver SLA for a given application is referred to as having a
brownout condition. VeloCloud offers sub-second blackout and brownout protec-
tion. With the continuous monitoring of all the WAN links, DMPO detects brown-
out or blackout condition within 300-500 ms and ,immediately steers traffic flow
to protect the application performance, while ensuring no impact to the active
flow and user experience. There is one minute hold time from the time when the
link brownout or blackout condition is cleared before DMPO steers the traffic back
onto the preferred link if specified in the business policy.

Intelligent learning enables application steering based on first packet of the ap-
plication by caching classification results. This is necessary for application-based
redirection, e.g. redirect Netflix on to the branch Internet link, bypassing the DMPO
tunnel, while backhauling Office 365 to the Enterprise regional hub or data center.

Example: Smart Defaults specifies that Microsoft Lync is a High Priority and is a
Real-Time application. There are two links with latency of 50 ms and 60 ms, respec-
tively. All other SLAs are equal or met. In this scenario, the DMPO will choose the link
with the lowest latency, i.e. link with 50 ms latency. If the current link to which the
Lync traffic is steered to experiences high latency of 200 ms, within less than a sec-
ond, the packets for the Lync of the same flow is steered to another link which has
lower latency of 60 ms.

MPLS Class of Service (CoS)

For a private link that has CoS agreement, DMPO can take CoS into account for
both monitoring and application steering decisions. SP will guarantee a different
SLA for each CoS on MPLS Link. DMPO can treat each CoS as a different link and
can take granular application-aware decisions for private link with CoS agreements.

Example: For Service Provider (SP) that offers two Class of Services, CoS1 and CoS2,
each with a distinct SLA, the link steering decision can be made to use CoS1 or Inter-
net, CoS2 or Internet.
 Bandwidth Aggregation
For applications that can benefit from more bandwidth, e.g. file transfer, DMPO
performs per-packet load balancing, utilizing all available links to deliver all packets
W H I T E PAP E R of a single flow to the destination. DMPO takes into account the real-time WAN
performance and decides which paths should be used for the flow. Additionally, the
VeloCloud DMPL performs resequencing at the receiving end to ensure there is no out-of-or-
Dynamic der packets introduced as a result of per-packet load balancing.
Multipath
Optimization Example: Two 50 Mbps links deliver 100 Mbps of aggregated capacity for a single
traffic flow. Quality of Service (QoS) is applied at both the aggregate and individual
Page 5 link levels.

On-demand Remediation
In a scenario where it may not be possible to steer the traffic flow onto the better
link, i.e., single link deployment, or multiple links having issues at the same time,
the DMPO can enable error correction for the duration of the disruption. The type
of error correction used depends on the type of applications and the type of errors.

Real-time Applications
Real-time applications, such as voice and video flows, can benefit from Forward
Error Correction (FEC) during periods of packet loss. DMPO automatically enables
FEC on single or multiple links. With multiple links, DMPO will select up to two of
best links at any given time for FEC. Duplicated packets are discarded and out-of-
order packets are re-ordered at the receiving end before being delivered to the final
destination. DMPO enables jitter buffer for the real-time applications when the
WAN links experience jitter.

TCP Application
TCP applications, such as file transfer, benefit from Negative Acknowledgement
(NACK). Upon missing packet detection, the receiving DMPO endpoint informs the
sending DMPO endpoint to retransmit the missing packet. Doing so protects the
end applications from detecting packet loss and as a result, maximizes TCP win-
dow and delivers high TCP throughput during lossy condition.
 Application Aware Overlay QoS
In the VeloCloud Cloud-Delivered SD-WAN network, the DMPO tunnels are estab-
lished between VCE and VCG, or between VCE and VCE. VeloCloud Management
W H I T E PAP E R
Protocol (VCMP) header is added to the packet before leaving the VCE and it
VeloCloud adds an overhead of 59 bytes. Once the traffic reaches the VCG or the VCE on the
Dynamic receiving end, all tunnel headers (VCMP, IPSec) are removed and the original user
data is passed to the next hop router, which can be another Provider Edge (PE) for
Multipath
SP scenario or L3 switch/router for Enterprise scenario.
Optimization
Page 6

QoS Scheduling
A Traffic Class is defined with a combination of Priority (High, Normal, or Low) and
Service Class (Real-Time, Transactional, or Bulk) resulting into 3x3 matrix with 9
Traffic Classes. Application/category and scheduler weight can be mapped onto
these Traffic Classes. All applications within a Traffic Class will be applied with the
aggregate QoS treatment, including scheduling and policing. All applications in a
given Traffic Class will have a guaranteed minimum aggregate bandwidth during
congestion based on scheduler weight (or percentage of bandwidth). When there
is no congestion, the applications are allowed to burst up to the maximum aggre-
gated bandwidth. A policer can be applied to cap the bandwidth for all the applica-
tions in a given Traffic Class.

Default Application/Category and Traffic Class Mapping

The Business Policy contains the out-of-the-box Smart Defaults functionality that
maps more than 2,500 applications to Traffic Classes. Customers can immediate-
ly use application-aware QoS without having to define policy. Each Traffic Class is
assigned a default weight in the scheduler. These parameters can be changed in the
Business Policy. Below are the default values for the 3x3 matrix with 9 Traffic Classes.
 W H I T E PAP E R

VeloCloud
Dynamic
Multipath
Optimization
Page 7

Default Weight and Traffic Class Mapping

Example: The customer has 90 Mbps Internet link and 10 Mbps MPLS on the edge
and the aggregate Bandwidth is 100 Mbps. Based on the default weight and Traffic
Class mapping above, all applications that map to Business Collaboration will have a
guaranteed bandwidth of 35 Mbps and all applications that map to Email will have a
guaranteed bandwidth of 15 Mbps. Business policies can be defined for entire cate-
gory (e.g., Business Collaboration), applications (e.g. Skype for Business) and more
granular sub-applications (e.g., Skype File Transfer, Skype Audio, Skype Video).

CoS Marking
When traffic arrives at the VCE, the Differentiated Service Code Point (DSCP)
values marked by the customer can be left “as-is” or modified before sending out
to the tunnel. The outer DSCP value on the tunnel header can also be modified or
copied from the inner packet.

Example: In the diagram above, there are two traffic flows, one is voice which is con-
sidered important, and another one is data which is considered less important. For
inner packet DSCP tags, the customer decides to leave DSCP tags “as-is” for both
voice and data. For outer packet DSCP tags, customer decides to copy DSCP values
to outer packet for voice but changes outer packet DSCP tag to DSCP=0 for data.
 Policing Traffic Class
In legacy WAN networks, Service Providers and Enterprise have the ability to al-
locate bandwidth or police traffic based on CoS offered by Service Provider. With
W H I T E PAP E R SD-WAN, there is a need to apply similar concept to the WAN overlay that may
include one or more transports from multiple Service Providers. IT administrator
VeloCloud may want to police high priority Business Collaboration traffic on the aggregated
Dynamic overlay tunnel to ensure a Service Provider offered SLA is honored or proactively
Multipath police non-critical applications for security or QoS compliance reasons. To accom-
Optimization modate these use cases, policing can be defined for Traffic Class (i.e., Service Class
and Priority).
Page 8
Example: A customer has 90 Mbps Internet and 10 Mbps MPLS in the network and the
aggregated bandwidth is 100 Mbps. Based on the default weight and Traffic Class
mapping described in the QoS Scheduling section above, all applications within Busi-
ness Collaboration categories will be guaranteed a bandwidth of 35 Mbps; at the same
time, SP can enable policer on this Traffic Class, so all the applications included in this
Traffic Class will be policed at 35 Mbps when there is no congestion in the network.

Policing MPLS CoS

For a private link that has CoS agreement with MPLS provider, SP will guarantee
a different SLA for each CoS on MPLS Link. DMPO can treat each CoS as a differ-
ent link and can take granular application aware decisions for private link with CoS
agreements. A policer can be defined for a MPLS CoS underlay to ensure Service
Provider committed bandwidth SLAs are being honored by the customer.

Example: The customer branch edge has 10 Mbps MPLS and SP offers 40% band-
width SLA for CoS1 (DSCP=EF, CS5) which is for real time traffic and 60% is for the
rest of the traffic. SP will police their PE with aggregate rate of 10 Mbps and also
police rate for CoS1 traffic to not exceed (DSCP=EF, CS5) 4 Mbps. If CoS1 traffic
via MPLS underlay exceeds 4 Mbps, packets will be dropped by Service Provider, thus
impacting quality of service. A 4 Mbps policer for CoS1 on Edge ensures traffic in that
class never exceeds 4Mbps. The rest of the traffic can burst up to link speed if no con-
gestion exists and is guaranteed a minimum bandwidth during times of congestion.
 Rate-Limiting an Application
or Category
Rate limiting is offered in both inbound
W H I T E PAP E R and outbound directions for a specific
application. When a rate limit for the out-
VeloCloud bound/inbound traffic is applied, under
Dynamic congestion, the traffic will be queued and
Multipath when the queue is full, the packets will
Optimization be dropped.
Page 9
Example: Customer users try to access
Hulu traffic. Outbound request traffic is
small and most of the traffic is inbound.
In traditional WAN, by the time traffic gets to the edge router it is too late to know
that the link doesn’t have enough bandwidth and WAN link can get congested. Velo-
Cloud Cloud-Delivered SD-WAN inbound QoS can request a streaming application
to back off and ensure Hulu traffic doesn’t exceed configured inbound bandwidth.

Multi-Source Inbound QoS

VeloCloud Cloud-Delivered SD-WAN enables multi-source inbound QoS which pro-
actively measures the bandwidth usage with multiple remote peers, and will begin
to regulate the traffic before congestion. Additionally, available bandwidth will be
fairly distributed between direct internet traffic and all remote peers based on the
quantity and priority of traffic that each remote device has to transmit.

Example: Consider a customer with the hub and spoke topology with the dynamic
branch-to-branch functionality enabled. If an important video call is initiated from
Branch 1 to Branch 2, these branches can talk over a dynamically established overlay
tunnel. The challenge with the traditional WAN technologies is that the hub is un-
aware of the high priority video call between the two branches. This might result in
the hub sending low priority traffic towards the Branch 1 and causing quality issues
for the important video sections. With VeloCloud Cloud-Delivered SD-WAN multi-
source inbound QoS enabled, Branch 1 will proactively inform the hub to slow down
the low priority traffic.
 DMPO Tunnel Shaper for Service Providers with Partner Gateway
Service Providers may offer SD-WAN services at lower capacity compared to ag-
gregated capacity of WAN links at the local branch. For instance, customers may
W H I T E PAP E R have purchased a broadband link from another vendor and SP offering SD-WAN
services and hosting VeloCloud Partner Gateway has no control over the underlay
VeloCloud broadband link. In such situations, in order to ensure that the SD-WAN service ca-
Dynamic pacity is being honored and to avoid congestion towards Partner Gateway, SP can
Multipath enable DMPO tunnel shaper between the tunnel and the Partner Gateway.
Optimization
Page 10

Example: As shown in the diagram above, the VCE has dual links, 20 Mbps Internet
and 20 Mbps MPLS, with 35 Mbps SD-WAN service from SP. To ensure the traffic
towards Partner Gateway doesn’t exceed 35 Mbps (X in the topology above), SP can
place a tunnel shaper on the DMPO tunnel.

Business Priority Monitoring

Based on designated priority, the application traffic can be monitored in real-time,
and historical data can be retrieved. It can be viewed in the format of Bytes Re-
ceived and Sent, Packet Received and Sent, and Average Throughput.
 Business Policy Framework
W H I T E PAP E R
and Smart Defaults
VeloCloud IT administrator controls QoS, steering,
and services to be applied to the applica-
Dynamic
tion traffic through the Business Policy.
Multipath Smart Defaults provides out-of-the-box
Optimization Business Policy that supports over 2,500
Page 11 applications. DMPO makes steering deci-
sion based application type, real-time link
condition (congestion, latency, jitter, and
packet loss), and the Business Policy.

Each application is assigned a category.

Each category has default action, which
is a combination of Traffic Class (Priority
and Service Class), Network Service, and
Link Steering. In addition to the default
application list, customer applications can
be defined manually. At right is an exam-
ple of Business Policy.

Traffic Class (Priority and Service Class)

An application/category is assigned to Traffic Class based on the combination
of Priority and Service Class and aggregated QoS treatment is applied to all the
applications that fall into the same Traffic Class, including scheduling and policing
(See the Application Aware Overlay QoS section for details).

Network Services
There are 4 types of Network Services – Direct, Multi-path, Cloud Proxy and Inter-
net Backhaul. By default, an application is assigned one of the default Network
Services, which can be modified by the user.

ɚɚ Direct: Typically used for non-critical, trusted Internet applications that

should be sent directly, bypassing the DMPO tunnel. An example is Netflix, a
service that is considered to be a non-business, high bandwidth application
and should not be sent over the DMPO tunnels. The traffic sent directly can
be load-balanced at the flow level. By default, all the low priority applica-
tions are assigned to the Direct Network Service.
ɚɚ Multi-Path: Typically given to important applications.Multi-Path service
assignment sends the Internet-based traffic to the VCG. Table 1 shows the
default link steering and on-demand remediation technique for a given
Service Class. By default, high and normal priority applications are given
the Multi-Path action for Network Service.
ɚɚ Cloud-Proxy: Redirects the application flow to a cloud proxy, such as Web-
Sense (now ForcePoint).
ɚɚ Internet Backhaul: Redirects the Internet applications to the specified En-
terprise location that may or may not have the VCE. The typical use case
is to force important Internet applications through a site that has security
devices such as firewall, IPS, and content filtering before the traffic is al-
lowed to exit to the Internet.
 Below are the default values for Network Service action. Note that the VPN traffic
is always sent through the tunnels (specifying Direct action for Network Service
does not apply to VPN traffic).
W H I T E PAP E R
Priority Destination: Internet Destination: Within Enterprise VPN
VeloCloud (e.g. SaaS, Web traffic)
Dynamic
High Multi-Path (through DMPO tunnels) Multi-Path (through DMPO tunnels)
Multipath
Optimization Normal Multi-Path (through DMPO tunnels) Multi-Path (through DMPO tunnels)

Low Direct Multi-Path (through DMPO tunnels)

Page 12

Link Steering
In the Business Policy, there are four link steering modes: auto, by transport group,
by WAN link and by Interfaces.

Link Selection: Auto

By default, all applications are given the automatic Link steering mode. This means
DMPO automatically picks the best links based on the application type and auto-
matically enables on-demand remediation when necessary. There are four possible
combinations of Link Steering and On-demand Remediation for Internet appli-
cations. As mentioned earlier, traffic within the Enterprise (VPN) always goes
through the DMPO tunnels, hence it always receive the benefits of on-demand
remediation..

Service Class Destination: Internet Destination: Internet

Network Service: Multi-Path Network Service: Direct
Link Steering: Auto Link Steering: Auto

Real-Time Link Selection Per-Packet Steering Flow Based Load Balancing

Behavior

On-demand FEC and Jitter Buffer

Remediation

Transactional Link Selection Per-packet Load Balancing Flow Based Load Balancing
Behavior

On-demand NACK
Remediation

Bulk Link Selection Per-packet Load Balancing Flow Based Load Balancing
Behavior

On-demand NACK
Remediation
 The following examples explain the default DMPO behavior for different applica-
tion types and link conditions.

W H I T E PAP E R Scenario Expected DMPO Behavior

1 At least one link that satisfies the SLA Pick the best available link.
VeloCloud for the application.
Dynamic
2 Single link with packet loss exceeding Enable FEC for the real-time applications sent on
Multipath the SLA for the application. this link.
Optimization
3 Two links with loss on only one link. Enable FEC on both links.
Page 13 4 Multiple links with loss on multiple links. Enable FEC on two best links.

5 Two links but one link appears unstable, Mark link un-usable and steer the flow to the next
i.e. missing three consecutive heartbeats best available link.

6 Both jitter and loss on both links.
Enable FEC on both links and enable jitter buffer on
the receiving side. Jitter buffer is enabled when jitter
is greater than 7 ms for voice and greater than 5 ms
for video. The sending DMPO endpoint notifies the
receiving DMPO endpoint to enable jitter buffer. The
receiving DMPO endpoint will buffer up to 10 packets
or 200 ms of traffic, whichever happens first. The
receiving DMPO endpoint uses the original timestamp
embedded in the DMPO header to calculate the flow
rate to use in de-jitter buffer. If flow is not sent at a
constant rate, the jitter buffering is disabled.

Link Steering by
Transport Group
Different locations may have dif-
ferent WAN transports (e.g. WAN
carrier name, WAN interface name);
DMPO uses the concept of Transport
Group to abstract the underlying
WAN carriers and interfaces from
the Business Policy configuration. The Business Policy configuration can specify the
transport group (public wired, public wireless, private wired, etc.) in the steering pol-
icy so that the same Business Policy configuration can be applied across different
device types or locations, which may have completely different WAN carriers and
WAN interfaces. When the DMPO performs the WAN link discovery, it also assigns
the transport group to the WAN link. This is the most desirable option for specifying
the links in the Business Policy because it eliminates the need for IT administrators
to know the type of physical connectivity or the WAN carrier.
 Link Steering by
WAN Link
The WAN interface is con-
W H I T E PAP E R nected to a WAN carrier,
which is specific to the lo-
VeloCloud cation of the VCE. DMPO
Dynamic automatically detect the
Multipath WAN carrier by doing
Optimization GeoIP lookup, or the IT
administrators can specify
Page 14
the WAN carrier. Addition-
ally, link steering can also
be based on private line
CoS, which is specified on
the WAN overlay.

Example: The customer MPLS CoS

agreement includes three Classes of
Service: CoS1 (CS5, EF), CoS2 (AF41,
CS4) and CoS5 (AF21, CS2) with
guaranteed bandwidth of 60%, 20%
and 20% respectively defined on the
WAN overlay. MPLS CoS 1 ensures a
maximum bandwidth of 60%.

In the Business Policy, link steering can be selected between Internet, MPLS - CoS1,
CoS2 or CoS5.

Link Steering by Interface

The link steering policy can be ap-
plied to the interface, i.e., GE2, GE3,
which will be different depending
on the VCE model and the location.
This is the least desirable option to
use in the Business Policy because
IT administrators have to be fully
aware of how the VCE is connected
to be able to specify which interface to use.
 For link steering by transport group, by interface and by WAN Link, there are three
possible link steering sub options – Preferred, Mandatory, and Available.

W H I T E PAP E R Mandatory
VeloCloud Link Steering
Dynamic Pin an application to a path
even when the link fails.
Multipath Example: PCI
Optimization
Page 15
Preferred
Link Steering
Prefer application on a path
but steer away if it cannot
meet SLA. Example: VoIP

Available
Link Steering
Prefer application on a path
but steer away if the link
fails. Example: Web Browsing

Mandatory
Pin the traffic to the link or the transport group. The traffic is never steered away
regardless of the condition of the link, including outage. On-demand remediation is
triggered to mitigate brownout conditions, such as packet loss and jitter.

Example: Netflix is a low priority application and is required to stay on the public
wired links at all times.

Preferred
Pick the preferred link as long as the SLA is met, and steer traffic to other links
once the preferred link cannot deliver the SLA needed by the application. In the
situation when there is no available link to steer to, e.g. all links fail to deliver the
SLA needed by the application, on-demand remediation is enabled. Alternatively,
instead of steering the application away as soon as the current link cannot deliver
the SLA needed by the application, DMPO can enable the on-demand remediation
until the degradation is too severe to be remediated, at which point the DMPO will
steer the application to the better link.

Example: Customers prefer to have the video collaboration application on the Inter-
net link until it fails to deliver the SLA needed by video, then steer to the private link.

Available
Pick the available link as long as the link is up. If the link fails to deliver the SLA,
DMPO enables the on-demand remediation. DMPO will not steer the application
flows to another link unless the original link is completely down.

Example: Web traffic is backhauled over the Internet link to the hub site using the
Internet link as long as the link is active, regardless of SLA.
 DMPO Real World Results
W H I T E PAP E R
Scenario 1: Branch-
VeloCloud to-Branch VoIP
Dynamic Call on Single Link
Multipath Results here demonstrate
Optimization benefits of on-demand
remediation using FEC and
Page 16 jitter remediation on a single
Internet link with traditional
WAN and VeloCloud SD-
WAN.

Scenario 2: File
Transfer from
Box.com on
Dual Links
Results here demonstrate
benefits of bandwidth ag-
gregation and on-demand
remediation for a 50MB file
download from Box.com on
dual 20Mbps links with tra-
ditional WAN and VeloCloud
SD-WAN.

Scenario 3: Branch-
to-Branch Video Call
on Dual Links
Results here demonstrate
benefits of sub-second
blackout protection by
steering application flows
onto Internet links and
on-demand remediation
at the same time on the
Internet link with VeloCloud
SD-WAN.
 Secure Traffic Transmission
For private or internal traffic, DMPO encrypts both the payload, which contains the
W H I T E PAP E R user traffic, and the tunnel header with IPSec transport mode end-to-end. DMPO
supports AES128 and AES256 encryption standards and SHA2/SHA1 algorithms for
VeloCloud integrity. IKEv2 is used for key management and PKI - for authentication.
Dynamic
Multipath
Optimization
Page 17
Ports Used
Both data and control traffic uses UDP port 2426.

Summary
VeloCloud Dynamic Multi-path Optimization (DMPO) enables application-aware
dynamic per-packet steering, on-demand remediation and overlay Quality of Ser-
vice; DMPO ensures optimal SD-WAN performance for the most demanding appli-
cations over any transport (Internet or Hybrid) and any destination (On-Premises
or Cloud).
VeloCloud Networks, Inc., the Cloud-Delivered SD-WANTM company,
Gartner Cool Vendor 2016 and a winner of Best Startup of Interop,
simplifies branch WAN networking by automating deployment
and improving performance over private, broadband Internet and
LTE links for today’s increasingly distributed enterprises. For more
information, visit www.velocloud.com and follow the company on
Twitter @Velocloud.

© 20 17 V E LO C LO UD NE TWOR KS, INC . ALL R IGH TS R ESERVED.