SD-WAN & Edge Routing

VeloCloud SD-WAN

VeloCloud is now a part of the Arista WAN solutions portfolio!

Figure 1: VeloCloud connecting Arista over Cloud WAN

Arista’s leadership campus wired & wireless solution now includes an industry-leading software-defined wide area network (SD-WAN) and Cloud WAN solution to connect Enterprise branch offices to headquarters over the Internet, powered by VeloCloud, the newest member of the Arista product portfolio.

In this fast-paced digital era increasingly impacted by AI-based workloads, integrating robust routing with SD-WAN technology provides modern enterprises with centralized optimization and management of connectivity, security, and application control across distributed environments.

VeloCloud Security and AI Solutions Enable zero trust networking with end-to-end encryption and an integrated L7 firewall, along with AI to simplify Cloud WAN operations and advanced traffic optimization for the new traffic patterns imposed by agentic AI and genAI workloads.

SASE IntegrationsCombine best-in-class VeloCloud SD-WAN with popular Security Service Edge (SSE) solutions to connect users located anywhere to applications at the edge, cloud, and data center, in a reliable, secure, and optimal manner.

Arista WAN RoutingProvides enterprise-class routing platforms available in physical, virtual, and cloud forms, all running the same EOS software for operational consistency across campus, data center, cloud, and WAN environments.

Significantly reducing operational complexity and costs, the advanced Arista portfolio enables dynamic path selection, application-aware routing, and seamless integration of any transport type to help deliver reliable, high-performance connectivity for users, devices, and cloud applications. This agility allows enterprises to rapidly deploy new sites, optimize bandwidth usage, and respond quickly to changing business needs.

VeloCloud SD-WAN Overview

Driven by software-defined networking principles, VeloCloud delivers converged cloud networking from the edge to the data center and cloud. Addressing end-to-end automation, application continuity and branch transformation, VeloCloud empowers enterprises looking to advance their business outside the data center with modern, high performance operations.

VeloCloud SD-WAN is tailored for today’s distributed enterprises. Built on VeloRAIN robust AI-networking architecture, VeloCloud optimizes AI and modern workloads across distributed enterprise networks.

Benefits from Modern SD-WAN

Flexible Foundation for Edge Growth: SD-WAN is now foundational to the distributed enterprise edge — not just for building a hybrid WAN or cloud connectivity
Enable Multi-Cloud Operations: Connect users and branches securely to the cloud, through the cloud, and with the cloud without consuming data center resources
Increase Operational Efficiencies: Reduce operational complexity by harnessing the power of AIOps to rapidly identify root causes and remediate poor application performance
Empower Enterprise Employees: Enable work anywhere—securely, easily, and productively
Take Advantage of Application Flexibility: VeloCloud SD-WAN supports hundreds of popular secure service edge (SSE) providers and virtual network functions (VNF) applications
Take on New Use Cases: Embrace new applications at the edge with an SD-WAN platform designed for digital transformation

Capabilities to Support Enterprise Operations

Dynamic Multipath Optimization

Zero-Touch Provisioned

Deep application Recognition

Dynamic Application-Based Slicing

High-availability Deployment Models

Enhanced Firewall Services

Global Network of Gateways

Centralized Management via Orchestrator

Explore Product Features >>

The VeloCloud SD-WAN Difference

Cloud Native Workload and application performance
VeloCloud SD-WAN and SASE support a wide range of services, including AWS Cloud WAN, Azure Virtual WAN, and Google Cloud Network Connectivity Center.
AI Networking and AIOps
VeloRAIN is a reference architecture used by VeloCloud to identify and prioritize applications with new intelligent capabilities. It introduces an innovative application layer approach to network-based slicing and employs AI to automate network operations using anonymized real-time data to dynamically adjust policies.

Securing your WAN Edge

Advanced network security capabilities are foundational to enabling modern operations outside the data center. VeloCloud combines multiple security layers to provide a comprehensive zero trust network solution for distributed enterprises.

Layer 7 Stateful Firewall

The VeloCloud Edge devices implement a segment-aware, layer 7 stateful firewall. The stateful firewall monitors and tracks the operating state and characteristics of every network connection coming through the edge and uses this information to determine which connections must be allowed.

IP Security and Denial of Service Protection - The firewall protects against IP manipulation where the attacker uses various techniques to circumvent security controls. This includes techniques such as fragmentation, SYN flooding, TCP sequence alteration, spoofing, large packet sizes, or sending non standard protocols over known ports.
Network Segmentation - Segmentation enhances security by dividing a network into distinct subnetworks or segments, each isolated from the others with controlled communication paths. This approach contains potential security breaches by preventing lateral movement. If an attacker compromises one segment, they can't easily access other parts of the network. Segmentation also allows for more granular security policies and reduced attack surface, making it an essential practice for modern network security.
Network Address Translation (NAT) - NAT provides security by hiding internal IPs, blocking unsolicited traffic, and obscuring network details. The edge devices support a variety of NAT policy configurations.

Enhanced Firewall Services (EFS)

Every VeloCloud edge device ships with an integrated stateful firewall to provide an extended security layer at the branch. Whether you direct all traffic over the private WAN, or if you configure Direct Internet Access (DIA) for specific types of traffic, the Enhanced Firewall Services (EFS) extends your centrally managed security policies to branch sites without compromising performance. EFS protects Edge traffic from intrusions across Branch to Branch, Branch to Hub, or Branch to Internet traffic patterns.

Intrusion Detection and Prevention (IDS / IPS)

The Intrusion Detection and Prevention system provides a critical security component to identify and block threats. The IDS / IPS feature maintains a curated database of frequently updated signatures to ensure optimal efficacy and protection from the latest threats.

URL Filtering and Reputation Services

VeloCloud EFS includes URL filtering and IP reputation services powered by Webroot Brightcloud®. These online real-time threat intelligence services ensure that your distributed workers and devices are safe from malicious and harmful web content, significantly reducing liability and the risk of compromise.

Policy Orchestration

The VeloCloud Orchestrator platform provides centrally managed templates and security policies to ensure a consistent and up-to-date security posture across the organization. With an enhanced visualization, auditing tools, and simplified point and click configuration administrators can easily view and interpret security rules to simplify management and reduce the risk of misconfiguration.

Security Dashboard

The Security Overview dashboard provides a comprehensive overview of your Enterprise's threat landscape. A quick response is essential in addressing threats. This dashboard displays threats and their severity, the source of attacks, and the affected Edges, allowing you to take corrective action quickly.

Object groups

Object groups define collections of IP addresses, ports, and domain names to simplify and scale configuration across distributed deployments. These groups enhance policy management by allowing administrators to reference multiple objects with a single entity. Domain name objects, in particular, are valuable for controlling access to specific internet domains—either allowing or blocking them as needed. Once defined, object groups can be easily integrated into firewall policies, providing administrators with greater flexibility, efficiency, and clarity in rule management.

Logging

Regionally hosted logging is included in the base VeloCloud SD-WAN license. This means that logs are stored in the same region as the Orchestrator (virtual controller). By default, 15 GB of logs per Enterprise or seven days of logs per Edge, whichever comes first, will be kept. Logs can be viewed under the Firewall Logs section of the dashboard. Alternatively, logs can be sent over the network via syslog to an external SIEM collector.

VeloCloud SASE Integrations

VeloCloud™ leverages a Best-of-Breed SASE strategy by combining its industry-leading SD-WAN with seamless integration of leading Security Service Edge (SSE) solutions. This enables secure, reliable, and optimized connectivity for users—regardless of location—to applications across the edge, cloud, and data center. The solution enhances user experience, simplifies operations, and supports compliance risk mitigation.

SASE Integration
Figure 1 Best-of-Breed SASE Overview

SASE Use Cases

Cloud migration: 81% of enterprises are expected to have workloads deployed in multiple clouds .
SaaS adoption: Increasing use of SaaS applications exposes the enterprise perimeter to websites whose risk or reputation may not be well known.
Edge transformation: New edge-native applications are being deployed at branch locations or in mobile edge destinations like police cars or ambulances.
Hybrid work: Major surveys indicate approximately 50% of employees are expected to work remotely or in a hybrid environment.
Stop new generation of attacks: VeloCloud SASE prevents targeted ransomware attacks that exploit legitimate software and endpoints to hide their tracks.
Ensure compliance: Enterprise data is spread across data centers, the public cloud, SaaS clouds, and the edge.
Protecting data: A substantial amount of enterprise data gets generated and consumed in the cloud or at the enterprise edge.
WAN upgrades: Bandwidth requirements at the edge continue to increase and enterprises look for ways to keep the WAN link costs within budget.

VeloCloud SD-WAN Cloud-based Architecture

VeloCloud’s cloud based architecture offers a unique footprint of more than 3,000 cloud gateways spanning 150+ SASE points of presence from VeloCloud and its partners around the world. This provides optimum app performance and security, empowering users to:

Connect directly to the cloud to eliminate backhauling and slash latency.
Safeguard your end users across all your locations with uniform, cloud-delivered security services through best-of-breed SSE integration.
Simplify centralized policy and WAN management.
Speed deployment at scale via zero-touch provisioning to deliver security and performance on day one.

Successful Enterprise GenAI Implementation with VeloRAIN >>

The VeloCloud Difference

Industry leading SD-WAN solution (7-time leader in Gartner SD-WAN Magic Quadrant)
Global network of PoP’s leveraging public cloud infrastructure to deliver consistent user experience
Flexible “Best-of-Breed” SSE deployment options to simplify branch IT operations via automations to third party cloud service providers.
Simplified connectivity management through VeloCloud Orchestrator providing a single pane to manage networking and security services.

Best-of-Breed SASE Partners

	VeloCloud SD-WAN and Zscaler SASE solution improve the user experience, simplify branches and lower cost with cloud-delivered secure SD-WAN. VeloCloud ensures high-performance, resilient connectivity, while Zscaler provides Zero Trust access, threat protection, and data security. Together, they enable a robust, scalable, and unified SASE solution designed for modern, cloud-driven enterprise networks. Deployment Guide

	VeloCloud SD-WAN and Symantec WSS SASE solution simplifies deployment with PoP-to-PoP integration offering a scalable, efficient, and secure network for modern enterprises. Deployment Guide

	VeloCloud SD-WAN with Palo Alto Prisma Access delivers optimized, resilient connectivity and cloud-delivered security. Together, they offer a scalable, secure, and centrally managed SASE solution for modern, distributed enterprises. Deployment Guide

	VeloCloud SD-WAN with Netskope One SSE combines intelligent, high-performance WAN routing with cloud-native security delivering a secure, scalable SASE solution with centralized control for modern, cloud-first enterprise networks.

	VeloCloud SD-WAN with Forcepoint SSE delivers optimized connectivity and robust cloud-delivered security for distributed enterprises.

Arista WAN Routing

Arista’s WAN Routing, designed for enterprise WAN routing use cases, combines cloud-grade routing software, enterprise-class WAN routing platforms, carrier/cloud-neutral Internet transit options, and CloudVision^® automation software to simplify and improve customer wide area networks.

Based on Arista’s EOS^® software and CloudVision’s cloud-based management and orchestration services, Arista WAN Routing delivers advanced traffic engineering, encrypted fabric management, and predictive diagnostics and analytics from the cloud to the edge that simplify the WAN and lower WAN operating costs. Enterprise-class routing features are available in a broad series of physical, virtual, and cloud platforms – all using identical EOS software.

Highlights:

Arista AWE-7200R Series Platforms offer the performance and scale to meet modern enterprise WAN edge and aggregation requirements.

CloudEOS™ virtual and cloud platform is fully supported by Arista WAN Routing as a transit hub and connectivity architecture.

Cloud on-ramp and transit options

CloudEOS with WAN transit gateway services is widely deployed in all major public cloud platforms and marketplaces, via customer on-premises appliances, and in Equinix Edge, Metal, and Fabric services.

Arista’s WAN Routing features are available in a series of physical, virtual, and cloud platforms – all using identical EOS software.

Equinix

Arista has partnered with Equinix to develop both virtual and physical implementations of the Arista Pathfinder system that are deployable globally in Equinix facilities. This enables customers to have access to a globally distributed WAN core leveraging multi-carrier and multi-cloud transit options - all provisioned through Arista CloudVision and through the Arista CI architecture.

“Arista Pathfinder leverages Equinix’s Network Edge, Equinix Metal, and Equinix Fabric services to deliver scalable routing architectures that accelerate customers with cloud and carrier-neutral networking,” stated Zachary Smith, Global Head of Edge Infrastructure Services at Equinix. “Pathfinder’s ability to scale, in software, from a single virtual deployment to a multi-terabit globally distributed core that reallocates paths as network conditions change is a radical evolution in network capability and self-repair.”

https://community.equinix.com/t5/Announcements/Arista-s-CloudEOS-Router-is-now-on-the-Network-Edge-Marketplace/ba-p/1179

https://www.youtube.com/watch?v=CMim_I79LWM

https://www.equinix.com/resources/webinars/equinix-metal-arista-cloud-on-ramp

https://docs.equinix.com/en-us/Content/Interconnection/NE/deploy-guide/Arista/NE-Arista-specs.htm

WAN Dynamics

WAN Dynamics is a reseller of Arista cloud networking solutions and was an early adopter of the Arista WAN Routing System.

“As an Elite Arista Partner, we have been using Arista EOS and CloudVision for years and testing the Arista WAN Routing System in production environments for several quarters. The software quality and features within the system are ideal for enterprise network architectures embracing modern distributed application architectures across a blend of edge, campus, data center, and cloud and SaaS environments,” stated Jason Gintert, chief technology officer at WAN Dynamics.

https://www.wandynamics.com/blog/wan-dynamics-arista-certified-services-partners

VeloCloud SD-WAN

Arista SASE Integrations

.VeloCloud SD-WAN & Microsoft SSE Integration