目录
SD-Branch Components
本节讨论推荐组件for an SD-Branch solution. Not every component is required for a valid SD-Branch deployment. The only hard requirements are a branch location with multiple WAN paths and Aruba Central for the management.
网关组件
The gateway offers organizations a reliable, high performance option with support for multiple WAN connections. From a routing standpoint, this provides IT with insight into the traffic flowing in and out of a site, regardless of the uplink. A headend gateway is needed for VPN tunnel termination in private data center and campus routing scenarios. A virtual gateway is needed for network deployments using cloud providers. A branch gateway provides direct access to the Internet at a remote site, as well as secure tunnel access to corporate resources at the headend location.
头端网关
The headend gateway acts as a VPN concentrator terminating VPN tunnels, and it provides routing into the data center or campus environments using OSPF or BGP. The headend gateway participates in the SD-WAN fabric overlay topology by terminating the tunnels from the BGWs. The headend gateway is a software function that runs on the Aruba 7200 series appliances, the 9000 series appliances, and some of the Aruba 7000 series appliances. The following table details the headend gateway scaling.
请参阅Aruba产品数据表,以获取本指南中未包括的详细规范:Aruba Gateways
| Platform | Max Tunnels | 转发表中的最大路线 | Max IKE Learned Routes | WAN Compression | Crypto Throughput | 防火墙会话 |
|---|---|---|---|---|---|---|
| 7280 | 8192 | 32,768 | 32,768 | 10 Gbps | 50 Gbps | 2M |
| 7240xm | 6144 | 32,768 | 32,768 | 10 Gbps | 30 Gbps | 2M |
| 7220 | 4096 | 16,384 | 16,384 | 10 Gbps | 21 Gbps | 2M |
| 7210 | 1024 | 8192 | 8096 | 10 Gbps | 8 Gbps | 2M |
| 7030 | 512 | 4096 | 3000 | 2.5 Gbps | 2.6 Gbps | 128K |
| 7010/7024 | 256 | 4096 | 1500 | 2.5 Gbps | 2.6 Gbps | 64K |
| 9004/9012 | 512 | 4096 | 3000 | 2.5 Gbps | 4 Gbps | 64K |
Virtual Gateway
The virtual gateway extends the SD-WAN overlay services to the public cloud infrastructure. Virtual gateways function as VPN concentrators and terminate tunnels from branch gateways, Instant APs and, VIA clients. Like the hardware VPN concentrators, virtual gateways support routing, security, and tunneling features. Virtual gateways are supported in Amazon Web Services and in Microsoft Azure. The following table details the virtual gateway scaling.
| Platform | Max tunnels | Max IKE learned routes | Max routes in forwarding table | Crypto throughput | 防火墙会议 |
|---|---|---|---|---|---|
| vGW-4G | 8192 | 32,768 | 131072年 | 4 Gbps | 6M |
| vGW-2G | 4096 | 16,384 | 65,536 | 2 Gbps | 256K |
| VGW-500M | 1600 | 8096 | 2048 | 500 Mbps | 64K |
分支网关
分支网关是每个远程站点的设备,该设备连接到WAN UPLINKS,并作为SD-WAN覆盖面料的端点参与。分支网关通过充当有线,无线,安全性和WAN政策在内的政策执行点来提供动态分割,包括路由。网关功能包括已有状态的防火墙,Web内容分类,混合WAN连接,IPSEC VPN,QOS和WAN路径监视和选择。分支网关是在Aruba 7200、9000和7000系列设备上运行的软件函数。下表详细介绍了分支网关缩放。
| Platform | 客户端设备 | Firewall throughput | Crypto throughput | Active firewall sessions | 防火墙会议per second | Tunneled node ports |
|---|---|---|---|---|---|---|
| 7240xm | 32,768 | 40 Gbps | 30 Gbps | 2M | 800K | — |
| 7220 | 24,576 | 40 Gbps | 20 Gbps | 2M | 500 k | — |
| 7210 | 16,384 | 20 Gbps | 6 Gbps | 2M | 350k | — |
| 7030 | 4096 | 8 Gbps | 2.6 Gbps | 128K | 65k | 2048 |
| 7010/7024 | 2048 | 4 Gbps | 2.6 Gbps | 64K | 64K | 1024 |
| 9004/9012 | 2048 | 7 Gbps | 4 Gbps | 64K | 32k | 2048 |
| 7005/7008 | 1024 | 2 Gbps | 1.2 Gbps | 64K | 63K | 512 |
Note:有关Aruba Central支持网关的完整列表,请参见Aruba Central Supported Gateways.
Micro Branch
For very small and micro branch deployments, Aruba does not require a traditional branch gateway. You can deploy an AP at a small branch or home office location without a gateway. In this design, the AP establishes secure connections with the VPN concentrators at each headend or data center location. The AP provides Wi-Fi connectivity to the end devices and secure WAN access to corporate resources.
Note:For a complete list of Aruba Central-supported APs, seeAruba Central Supported APs.
有线组件
The wired LAN in the SD-Branch uses a layer-2 or layer-3 design. Although there are many hardware choices that work at the access layer in the network, this design focuses on products that are the most common and easily supported options in each layer of the network, with general guidance on which option to choose.
Access Switches
The access layer connects wired devices to the network, such as APs, workstations, multi-function printers, and other devices that don’t support Wi-Fi or need higher performance than a wireless connection can provide. The access layer also provides PoE to devices such as APs, IP phones, and IP cameras.
请参阅Aruba产品数据表,以获取本指南中未包括的详细规范:阿鲁巴校园访问开关
| Switch | Vlans | ACLS | ACL Entries ingress | ACL Entries egress | MAC Table | UBT Clients per port | UBT Clients per system |
|---|---|---|---|---|---|---|---|
| 6400 | 4,094 | 4000 | IPv4: 64,000 | IPv4: 64,000 | 32,768 | 256 | 1,024 |
| 8000 per ACL | IPv6:64,000 | IPv6:20,460 | |||||
| MAC: 64,000 | MAC: 64,000 | ||||||
| 6300 | 4,094 | 4000 | IPv4: 20,480 | IPv4:8,192 | 32,768 | 256 | 1,024 |
| 8000 per ACL | IPv6:5120 | IPv6:2,048 | |||||
| Mac:20,480 | Mac:8,192 | ||||||
| 6200 | 2,048 | 4000 | IPv4: 5,120 | IPv4: 2,048 | 16,000 | 128 | 1,024 |
| 8000 per ACL | IPv6:1,280 | IPv6:512 | |||||
| Mac:5,120 | MAC: 2,048 |
Aggregation Switches
The aggregation layer provides connectivity for all access layer switches and connects to the branch gateways. The aggregation layer is responsible for layer-3 routing in this design, and it handles all traffic between networks on the LAN and traffic leaving the LAN for the WAN or the Internet. For high availability, the aggregation layer consists of a pair of switches acting as a single switch. If a switch fails or needs to be taken out of service for maintenance, the other switch continues forwarding traffic without interruption to the LAN services.
请参阅Aruba产品数据表,以获取本指南中未包括的详细规范:Aruba Campus Aggregation switches
| Feature | 8360 | 8325 | 8320 |
|---|---|---|---|
| Vlans | 4,094 | 4,040 | 4,040 |
| ACLS | 4,000 | 512 | 4,000 |
| 8,000 entries per ACL | 2,304 entries per ACL | 14,336 entries per ACL | |
| ACL Entries ingress | IPv4:65,536 | IPv4: 2,304 | IPv4:14,336 |
| IPv6:16,384 | IPv6:2,304 | IPv6:7,168 | |
| Mac:65,536 | Mac:2,304 | ||
| ACL Entries egress | IPv4:8,192 | IPv4: 2,304 | IPv4: 256 |
| IPv6:2,048 | IPv6:256 | IPv6:255 | |
| Mac:8,192 | |||
| MAC | 212,992 | 98,304 | 98,304 |
| ARP | IPv4:145,780 | IPv4: 120000 | IPv4:120,000 |
| IPv6:145,780 | IPv6:52,000 | IPv6:52,000 | |
| 路由 | IPv4:606,977 | IPv4: 131,072 | IPv4: 131,072 |
| IPv6:630,784 | IPv6:32,732 | IPv6:32,732 | |
| v4+v6: 606,977 | v4+v6: 163,796 | v4+v6: 163,796 | |
| IGMP | 7,000 | 4,094 | 4,094 |
| MLD | 7,000 | 4,094 | 4,094 |
| Multicast routes | IPv4: 7,000 | IPv4:4,094 | IPv4:4,094 |
| IPv6:7,000 | IPv6:4,094 | IPv6:4,094 | |
| Active Gateways | IPv4:1,024 | IPv4:4,040 | IPv4:4,040 |
| IPv6:1,024 | IPv6:4,040 | IPv6:4,040 | |
| v4+v6: 1,026 | V4+V6:4,040 | V4+V6:4,040 | |
| 滞后 | 52 | 56 (32 for JL627A) | 54(JL759A的32) |
| 每滞后16便士 | 每滞后16便士 | 每滞后16便士 | |
| VRFs | 256 | 256 | 256 |
| Feature | 6400 | 6300 |
|---|---|---|
| Vlans | 4,094 | 4,094 |
| ACLS | 4,000 with | 4,000 with |
| 8,000 entries per ACL | 8,000 entries per ACL | |
| ACL Entries ingress | IPv4: 64,000 | IPv4: 20,480 |
| IPv6:64,000 | IPv6:5,120 | |
| MAC: 64,000 | Mac:20,480 | |
| ACL Entries egress | IPv4: 64,000 | IPv4:8,192 |
| IPv6:20,460 | IPv6:2,048 | |
| MAC: 64,000 | Mac:8,192 | |
| MAC | 32,768 | 32,768 |
| ARP | IPv4: 49,152 | IPv4: 49,152 |
| IPv6:49,152 | IPv6:49,152 | |
| 路由 | IPv4: 61,000 | IPv4: 61,000 |
| IPv6:61,000 | IPv6:61,000 | |
| v4+v6: 65,536 | v4+v6: 65,536 | |
| IGMP | 7,000 | 8,192 |
| MLD | 7,000 | 8,192 |
| Multicast routes | IPv4:8,192 | IPv4:8,192 |
| IPv6:8,192 | IPv6:8,192 | |
| 主动GW | IPv4:1,024 | IPv4:1,024 |
| IPv6:1,024 | IPv6:1,024 | |
| v4+v6: 1,024 | v4+v6: 1,024 | |
| 滞后 | 256 | 52 |
| 每滞后16便士 | 每滞后16便士 | |
| VRFs | 256 | 256 |
Note:For a complete list of Aruba Central-supported AOS-CX switches, seeAruba Central Supported AOS-CX switches.
Wireless Components
With Aruba’s standalone AP, the controller functions are in Central. Standalone APs are typically used in smaller networks or branch sites and scale up to 512 APs per site. In this design, we recommend deploying up to 350 APs. If you are planning to install more than 350 APs, please contact an Aruba or partner SE/CSE for verification of your design.
请参阅Aruba产品数据表,以获取本指南中未包括的详细规范:Aruba Indoor Access Points
Access Points
当前有两个系列的Aruba接入点:最新一代5XX系列802.11ax AP和3XX系列802.11ac Wave 2 AP。有关当前可用模型的详细信息如下列出;他们支持不同的吞吐量和客户端负载,以满足不同的部署需求。
型号中的最后一个数字表示天线类型。如果数字为4,则AP具有用于外部天线的连接器。如果数字为5,则AP具有内部天线。例如,IAP-334具有外部天线,IAP-335具有内部天线。在大多数办公室部署中,首选内部天线模型。
以下功能在当前的Aruba 5xx和3xx AP中很常见:
基于控制器或无控制器部署模式的统一AP
两个以太网端口之间的无POE故障转移(仅对以太网模型)
内置蓝牙低能电台
Advanced Cellular Coexistence to minimize interference from cellular networks
Support for security and network management with Aruba ClearPass and Aruba Central
Application visibility for QoS and traffic control
Enhanced security with WPA3 and Enhanced Open
Aruba 5xx Series Access Point Options
The Aruba 5xx Series of campus access points support 802.11ax to efficiently and simultaneously serve multiple clients and traffic types in dense environments. These APs offer increased data rates for both individual device and overall system while delivering high performance and throughput in environments where mobile and IoT density is a growing concern.
Aruba 5xx common capabilities:
双重上行链路端口,并支持冗余和增加容量
蓝牙5和Zigbee收音机,用于位置和物联网用例
绿色AP模式可节省70%的能源
Aruba 550系列访问点:The Aruba 550 Series APs are ideal for extreme high-density environments, such as public venues, higher education, hotels, and enterprise offices. The 550 series supports maximum data rates of 4.8Gbps in the 5GHz band and 1,150Mbps in the 2.4GHz band (for an aggregate peak rate of 5.95Gbps). The Aruba 550 series requires ArubaOS and Aruba InstantOS 8.5 software, and its features include:
Dual-radio (8x8 + 4x4 MIMO)
可选的Tri-Radio模式*,带有两个5GHz和一个2.4GHz无线电(全部4x4 Mimo)
双5G HPE智能率端口
AI-powered features for wireless RF and client connectivity optimization
Up to 1024 associated client devices per radio (recommended active 200)
阿鲁巴岛530系列Access Points:The Aruba 530 Series APs are ideal for very high-density environments, such as higher education, K12, retail branches, hotels, and digital workplaces. The 530 series supports maximum data rates of 2.4Gbps in the 5GHz band and 1,150Mbps in the 2.4GHz band (for an aggregate peak rate of 3.55Gbps). The Aruba 530 series requires ArubaOS and Aruba InstantOS 8.5 software, and its features include:
Dual-Radio(双4x4 Mimo)
双5G HPE智能率端口
AI-powered features for wireless RF and client connectivity optimization
Up to 1024 associated client devices per radio (recommended active 200)
Aruba 510系列访问点:The Aruba 510 Series APs are ideal for high-density environments, such as schools, retail branches, hotels, and enterprise offices. The 510 series supports maximum data rates of 2.4Gbps in the 5GHz band and 575Mbps in the 2.4GHz band (for an aggregate peak data rate of 2.975Gbps). The Aruba 510 series requires ArubaOS and Aruba InstantOS 8.4 software, and its features include:
Dual-radio (4x4 + 2x2 MIMO)
Single 2.5G HPE Smart Rate and Gigabit Ethernet uplink ports
Up to 256 associated client devices per radio
Aruba 3xx系列访问点选项
Aruba 340 Series Access Points:Aruba 340系列是最高的性能AP,并支持HPE智能速率上行链路,因此它可以在两个5-GHz频段上使用3.5 Gbps的全部性能或5-GHz频段中的1.7 Gbps,在2.4-GHz频段中使用800Mbps,对于2.5 Gbps的组合带宽。该模型非常适合为礼堂,高密度办公环境或公共场所需要非常高密度和下一代性能的组织。Aruba 340系列需要Arubaos和Aruba Instantos 8.3软件。
双收音机4x4 802.11ac ap with Mu-mimo
Optional dual 5-GHz mode supported, where the 2.4-GHz radio is converted to a second 5-GHz radio
天线极化多样性,以优化RF性能
HPE智能率和带有链接聚合控制协议(LACP)支持增加容量的智能率和千兆以太网上行链路端口
Hitless PoE failover between both Ethernet ports
Aruba 330 Series Access Points:Aruba 330系列是高性能的AP,并支持HPE智能速率上行链路,因此它可以在5-GHz频段中使用1.7 Gbps的完整性能,而2.4-GHz频段中的600Mbps则可以使用2.3 GBP的带宽。该模型非常适合为礼堂,高密度办公环境或公共场所需要高密度和下一代绩效的组织。
天线极化多样性,以优化RF性能
HPE Smart Rate and Gigabit Ethernet uplink ports with LACP support for increased capacity
Hitless PoE failover between both Ethernet ports
Aruba 310系列访问点:Aruba 310系列是一种中等性能的AP,在5GHz频段中支持1.7 Gbps,在2.4 GHz频段中具有300 Mbps,具有单个千兆以太网上行链路。该模型非常适合需要支持中等密度环境的组织,例如学校,零售分支机构,酒店和企业办公室,这些办公室不需要多Gigabit绩效。
Aruba 300 Series Access Points:Aruba 300系列是一个入门级AP,在5-GHz频段中支持1.3 Gbps和2.4 GHz频段中的300 Mbps,具有单个千兆以太网上行链路。该模型非常适合具有中等密度环境的组织,想要最新技术但不需要更高绩效水平的组织。
Note:For a complete list of Aruba Central-supported APs, seeAruba Central Supported APs.