VeloCloud SD-WAN 5.2 - Administration Guide

What's New

Table 1. What's New in Version 5.2.0
Feature	Description
Amazon Web Services Transit Gateway Connect Service for BGP/GRE Support on LAN	VeloCloud Edge now has a feature (BGP over GRE support on LAN), which enables support on VeloCloud Edges to use the AWS TGW Connect Service for connectivity to the AWS Transit Gateway. For additional information, see Configure Edge for Amazon Web Services (AWS) Transit Gateway (TGW) Connect Service.
Automatic SIM Switchover	This feature allows you to automate the process of LTE SIM switching in case of primary LTE connection failure. For additional information, see Configure Automatic SIM Switchover.
BGP Gateway Neighbor State	The Orchestrator does not mark the state of BGP neighbor-ship accurately. In a situation where the Edge goes offline due to a power loss or Gateway is not reachable, the BGP state still reflects the one which is previous and it is an incorrect information. Hence, in this feature the Orchestrator shows the Neighbor state as "Unavailable" with appropriate tooltip showing the current Edge or Gateway state to the user. For additional information, see Monitor BGP Edge Neighbor State.
Common Criteria Firewall Gap Remediation	Common Criteria (CC) is an international certification accepted by many countries. Obtaining the CC certification is an endorsement that our product has been evaluated by competent and independent licensed laboratories for the fulfilment of certain security properties. Enterprise users can configure the Common Criteria Firewall settings both at the Edge and Profile levels. By default, this feature is deactivated. For additional information, see Configure Common Criteria Firewall Settings for Profiles Configure Common Criteria Firewall Settings for Edges
Configure TACACS Services for Edges	TACACS services are used by organizations for authentication purpose to access the router or Network-attached Storage (NAS). Configure TACACS Services Configure TACACS Services for Edges
Customizable QoE	This feature allows you to configure minimum and maximum latency threshold values, in the range 1ms to 1000ms, for Voice, Video, and Transactional application categories. You can configure this feature in the Business Policy page of a Profile or an Edge. For additional information, see Configure Business Policy. Whenever the Customizable QoE values are modified for a Profile or an Edge, an event is created. For additional information, see Monitor QoE.
Disk Status Report	Disk status report provides the disk read and write statistics. You can find the total number of read and write and also disk load for every 5 minutes. For additional information, see the Remote Diagnostic Tests on Edges section in the Arista VeloCloud SD-WAN Troubleshooting Guide.


Feature	Description
DHCPv6 Relay Support on Edge	VeloCloud Edge now supports the DHCPv6 Relay feature on an Edge, which allows the DHCPv6 clients to communicate with a remote DHCPv6 server. You can configure this feature on the Device settings page of an Edge. For additional information, see Configure Interface Settings for Edges.
Edge Link Down Limit	This feature allows you to set the limit for the Edge link to be down. For additional information, see Edge Management.
Edge Activation Failure when Next-hop Router cannot be Pinged	When selected on the Activation URL, the local UI stopped the activation process mid-way as it could not ping the upstream next-hop router address to verify its correctness (not all routers respond to ICMP) and this feature helps to overcome this activation issue. For additional information, see Activate an Edge Device.
Encrypt Device Secrets	This feature activates device secret encryption for all the Edges in the current Enterprise. You can even activate this feature for an individual Edge. For additional information, see View Edge Information Provision a New Edge Edge Management
Enhanced Firewall Services	Enhanced Firewall Services (EFS) service provides additional EFS security functionalities on VeloCloud Edges. The NSX Security powered EFS functionality supports Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) services on VeloCloud Edges. The Edge Firewall EFS protect Edge traffic from intrusions across Branch to Branch, Branch to Hub, or Branch to Internet traffic patterns. Customers can configure and manage the Enhanced Firewall Services (EFS) using the Firewall functionality in VeloCloud Orchestrator. For additional information, see the following: Enhanced Firewall Services Overview Configure Enhanced Firewall Services Monitor Enhanced Firewall Services Threats


Feature	Description
High Availability Enhancements	Release 5.2.0 includes multiple improvements for a site deployed using a High Availability topology. These include: Events: There are new events generated for WAN, LAN, and HA Link state changes and include additional metadata like Serial Number and HA mode. Monitoring The HA Standby tab is a new dashboard for the Standby Edge to report CPU and Memory Utilization located on the Monitor > Edges page. For all Monitor > Edges dashboards, there are now "Failover bars". These are vertical markers on graphs indicating where and when an HA failover occurred. All Monitor > Edges graphs include a box with the HA Edge serial number so a customer knows at a glance which HA Edge was active for a particular period on a Monitoring graph. New Configuration Options for High Availability HA Failover Detection Time Multiplier can be used to set a longer High Availability threshold. The timer represents how long a Standby Edge will wait for a heartbeat packet from the Active Edge before becoming active and can in some instances prevent an Active-Active "Split Brain" state from on an HA Edge under high traffic load. Configurable HA Interface allows the customer to configure any Edge switched port for use as the HA Interface (the interface that connects the Active and Standby Edges for synchronization). Previously the HA Interface was limited to the default interface for that Edge model (in other words, LAN1 or GE1). The HA Interface can also be configured for a 1G/10G SFP port. Packet Capture for the Standby Edge's HA Interface: An administrator now has an additional HA troubleshooting tool with the option to request a packet capture of the Standby Edge's HA Interface. For additional information, see the following: Activate High Availability Monitoring High Availability Edges Split-Brain Detection and Prevention HA Event Details Request Packet Capture Bundle
High Availability Support for Platform Firmware	Updating the Factory image and the Platform firmware on High-availability (HA) for SD-WAN Edges is supported in the 5.2 release. See the following topics for additional information: View Edge Information Platform Firmware Upgrade Progress
IPv6 NSD via Edge	Non SD-WAN Destination via Edge now supports both IPv4 and IPv6. For additional information, see Configure Non SD-WAN Destinations via Edge Configure Cloud VPN and Tunnel Parameters for Edges
OSPFv3	OSPF (Open Shortest Path First) is an interior gateway protocol (IGP) that operates within a single autonomous system (AS). OSPFv3 is introduced in the SD-WAN Edge for IPv6 underlay routing in addition to existing BGPv6 support. For additional information about OSPFv3, caveats, and exceptions, see Activate OSPF for Profiles. For additional sections relevant to OSPFv3, see the following: Configure Interface Settings for Profiles Configure Interface Settings for Edges Configure VLAN for Profiles Configure VLAN for Edges Configure a Loopback Interface for an Edge
RADIUS MAC Address Bypass (MAB) for 802.1x on VLANs	In Release 5.1.0, the RADIUS MAB for 802.1x was introduced but limited to routed interfaces only. In Release 5.2.0, customers can also use this feature for VLANs assigned to switched ports. See the section below for additional information: MAC Address Bypass (MAB) for RADIUS-based Authentication
Route Summarization	Route Summarization or route aggregation is a method used to minimize the number of routes that a router advertises to its neighbor. See the sections below for additional information, a use case, and procedure steps: Route Summarization Route Summarization Configuration Configure BGP from Edge to Underlay Neighbors for Profiles Configure BGP from Edge to Underlay Neighbors for Edges Activate OSPF for Profiles
Route Visibility	The 5.2.0 release supports enhancements and features for routing visibility, which includes the Monitor BGP Gateway Neighbor State (with BGP Received Routes and BGP Advertised Routes) and the Gateway Route table (which displays important information about each route). For additional information see: Monitor BGP Gateway Neighbor State Gateway Route Table
Support for Over Capacity Drops Trend in the Edge System Information Logs	VeloCloud Orchestrator allows you to monitor the total number of packets dropped due to over capacity since the last sync interval. For additional information, see Monitor System Information of an Edge.
Wi-Fi Access Control based on MAC Address	Wi-Fi Access Control can be used as an additional layer of security for wireless networks. When enabled, only known and approved MAC addresses are permitted to associate with the base station.
Zscaler Angular UI Migration	Starting with the 5.2.0 release, users can configure the Zscaler feature from the New Orchestrator UI: Configure Zscaler Settings for Profiles Configure Zscaler Settings for Edges Monitor Zscaler laasSubscription

Release Notes

For information on all the new/modified features for 5.2.0, see the Arista VeloCloud SD-WAN 5.2.0 Release Notes.