nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SD-WAN Packet Duplication

From: Brian Knight via NANOG <nanog () lists nanog org>
Date: Mon, 15 Sep 2025 11:27:05 -0500
On 2025-09-15 08:13, Mike Hammett via NANOG wrote:
One of the results of another thread mentioned that some SD-WAN technologies employ packet duplication across multiple WAN circuits as a part of their service. What are your experiences like with platforms like that? What would your recommendation be for a fairly low bit rate requirement of packet duplication?
$DAYJOB-1 had three SDWAN flavors. (Note that these impressions are a few years old as of now.)
Barracuda: Packet duplication required both WAN links to have nearly the same latency. It worked, but deployment was limited to one or two customers, and we didn't support it. 

Viptela: Packet duplication worked well.
* The setup was a bit convoluted, but it was granular enough to packet duplicate types of traffic. * When I left, we had it working with a few customers. No issues that I remember. 
 * IIRC we mostly used Viptela packet dupe for voice.
* I don't remember what the SDWAN logs looked like, but I want to say that it was clear what the policy was doing. 

Versa: Packet duplication worked well also.
* Setup was easy and granular, similar to a firewall rule base. It's easy to enable packet dupe for specific flows. * Maybe 10 or so customers had it configured. Typical setup was (2) WAN circuits, but some packet dupe customers had (3) or more. * We had Versa packet dupe working for voice, medical imaging, and general Internet access. * The few packet dupe issues that customers raised were not issues with the Versa platform. * The result of an SDWAN policy decision is easy to see; the logs are structured similar to firewall logs.
Versa is my first choice for SDWAN-specific features, especially packet duplication and traffic routing. Its robust packet capture ability saved us more than a few times. (Viptela packet capture wasn't bad on the old hardware, but the C1k / C8k platforms aren't the same as the vEdges.)
Historically, Versa struggled with their NG firewall feature set back in 2017-2018. I'm sure the bugs are worked out by now, but do test that thoroughly if you intend to use those features.
Viptela is a solid second choice, especially if you don't want to onboard another vendor. Packet dupe works as advertised. 

Feel free to hit me up on- or off-list with further questions.

HTH,

-Brian
_______________________________________________
NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/PJVL3Y7CPIQKVRLQXNE7QBVRBBE2PI75/
Previous By Date Next
Previous By Thread Next

Current thread: