Print

VeloCloud SD-WAN 6.1 - Troubleshooting Guide - About Remote Diagnostics Print

About Remote Diagnostics

VeloCloud Orchestrator supports bi-directional communication with the VeloCloud Edge by using WebSockets. WebSocket is a full-duplex communication protocol over a single TCP connection. WebSockets easily support communication between a Web browser (or other client applications) and a Web server with much lower overhead than HTTP polling. Remote Diagnostics uses a bi-directional WebSocket connection instead of the live-mode heartbeat mechanism to improve the responsiveness of the Remote Diagnostics in the VeloCloud Orchestrator.

The WebSocket communication involves the following two WebSocket connections for passing WebSocket messages from a Web browser to a VeloCloud Edge and vice versa:
  • A WebSocket connection between a Web browser (Orchestrator UI portal) and an Orchestrator. This connection is responsible for all communications with the Web browser and for setting up the system properties needed for establishing a WebSocket connection.
  • Another WebSocket connection between an Orchestrator and an Edge. This connection is persistent and setup on Edge activation for processing heartbeats from the Edge and sending back responses to the Orchestrator.

While establishing WebSocket connections between a Web browser and an Edge, in order to ensure Web security against Distributed Denial-of-Service (DDoS) and Cross site request forgery (CSRF) attacks, the browser origin address that is used to access the Orchestrator UI is validated for incoming requests.

In most Orchestrators, the browser origin address/DNS hostname is the same as the value of the network.public.address system property. To support scenarios where the address used to access the Orchestrator UI from the browser is different from the value of the network.public.address system property, the following system properties are added newly for WebSocket connections:
  • network.portal.websocket.address- Allows to set an alternate address/DNS hostname to access the UI from a browser if the browser address is not the same as the value of network.public.address system property. By default, the network.portal.websocket.address system property is not set.
  • session.options.websocket.portal.idle.timeout- Allows to set the total amount of time (in seconds) the browser WebSocket connection is active in an idle state. By default, the browser WebSocket connection is active for 300 seconds in an idle state.
..