To create an SD-WAN, navigate to the Cluster Parent Level. Creating the SD-WAN at this level provides visibility of all child cluster devices, simplifying the tunnel creation process. 

 

In this example, we demonstrate a setup with a single HUB device and a single Spoke device. 

 

 

 

Steps 1: Go to the Parent Cluster, navigate to SD-WAN, select Network, and click Create an SD-WAN Network

 

 

 

 


Steps 2: 


  • Name: Enter the tunnel name. 

  • Description: Provide a brief description of the tunnel. 

  • CIDR: Specify the tunnel IP range. Each device will automatically receive an IP from this network. You can specify both the network IP and the subnet. 

  • SLA: Choose the default SD-WAN SLA profile. 

  • Topology: Select HUB_AND_SPOKE. 

  • Does the HUB device have a public IP? 

  • Enable this option if the Hub device has a static public IP address. 

  • Do you want to enable an L2 tunnel? 

  • Enable this option if you want to create a Layer 2 tunnel over Layer 3. 

  • Enable WAN Optimization: 

  • Enable this option if you want to apply WAN optimization algorithms. 

  • MTU: Select the appropriate MTU size for the tunnel. 

  • Cipher: Choose one of the available encryption methods — AES or ChaChaPoly and Save 

 

 

 


Steps 3: Go to the Actions button and click the View Members. 

 

 


Steps 4: Go to the Add Appliance and click 

 


Steps 5: 


  • Name: Enter the HUB device name. 

  • Appliance: Select the HUB device’s MAC address. 

  • Appliance Public IP: Enter the static public IP configured on the HUB device. 

  • Type: Select HUB, since we are configuring the HUB device. 

 

 

 

Navigate to Advanced and select SD-WAN Algorithms

 
 

 

 


1. Packet Cloning 

  • What it is: 
    Copies a packet and sends it simultaneously over two or more tunnels. 

  • Purpose: 
    Ensures high-priority or sensitive traffic (like VoIP, video calls, or critical application data) reaches its destination even if a tunnel experiences packet loss. 

  • How it works: 

  • Original packet sent on the primary path 

  • Duplicate packet sent on a secondary path 

  • Destination discards duplicates but keeps the first arriving packet 

  • Benefit: 
    Improves reliability on lossy or unstable links. 

  • Trade-off: 
    Uses more bandwidth, so typically reserved for critical traffic. 

 

2. Session-Based Weighted Load Balancing 

  • What it is: 
    Entire sessions or flows (like a TCP connection or video stream) are assigned to tunnels based on a weighting factor. 

  • Weighting factor examples: 

  • Bandwidth availability 

  • Tunnel cost 

  • Latency or packet loss 

  • How it works: 

  • A new session is assigned to a tunnel according to its weight (heavier weights get more sessions) 

  • Once assigned, all packets in that session stick to the same tunnel. 

  • Benefit: 

  • Prevents packet reordering (important for TCP applications) 

  • Balances traffic intelligently across multiple links 

  • Use Case: 
    Best for web traffic, file transfers, or streaming that needs session consistency. 

 

3. Per-Packet Weighted Load Balancing 

  • What it is: 
    Instead of entire sessions, individual packets are distributed across tunnels according to weight. 

  • How it works: 

  • Each packet can take the “best” path based on real-time link metrics (latency, jitter, packet loss) 

  • Weighted distribution ensures tunnels are used according to capacity or performance 

  • Benefit: 

  • Maximizes link utilization 

  • Reduces congestion dynamically 

  • Trade-offs: 

  • Can cause packet reordering, which may affect TCP performance or some real-time apps 

  • Use Case: 
    Often used for stateless traffic or when ultra-low latency is critical (e.g., some video streaming or UDP-based apps) 

 

4. Best Path (Dynamic Path Selection) 

  • What it is: 
    The SD-WAN continuously monitors network metrics and sends traffic over the optimal path at any moment. 

  • Metrics Considered: 

  • Latency 

  • Jitter 

  • Packet loss 

  • Bandwidth availability 

  • How it works: 

  • Real-time telemetry from each tunnel 

  • Policies or SLAs define which tunnel is “best” for each type of traffic 

  • Benefit: 

  • Ensures performance-sensitive applications always get the best available path 

  • Provides automatic failover if a tunnel degrades 

 

How They Work Together 

  1. Critical traffic → Packet cloning for reliability. 

  1. Regular traffic → Session-based weighted load balancing (keeps TCP flows consistent). 

  1. High-performance or stateless traffic → Per-packet weighted load balancing (maximizes speed). 

  1. All traffic → Monitored via Best Path algorithm to dynamically reroute if a tunnel degrades. 

 

 

 

Steps 6: Select all WAN links that you want to include in the packet cloning algorithm. This ensures that identical packets are transmitted across the selected links, minimizing or eliminating packet loss at the receiving end. 

 

  
 

 

Steps 7: In this step, select the local LAN subnets that you want to share with other devices within the same tunnel. 

In this example, three subnets have been manually added. These subnets will be accessible from the Spoke device, allowing users to reach them through the HUB device. 

You will also see any preconfigured LAN subnets, and you can add additional subnets if required. 

 

 

 


Steps 8: In this step, choose whether the incoming traffic from the tunnel should be forwarded to the LAN side or the WAN side. After making your selection, click Save. 

 

 

You can now see that the HUB device has been successfully added to the tunnel.

 

 


Steps 9: Now, you need to add the Spoke template. Follow the same process as before, but this time select the appliance as Spoke template.

  

  

  

  

  
 


Steps 10: 


  • Name: Enter the SPOKE device name. 

  • Appliance: Select the SPOKE device’s MAC address. 

  • Type: Select SPOKE, since we are configuring the SPOKE device. 

 

  


Navigate to Advanced and select SD-WAN Algorithms (Packet Cloning)


 

 

  
 

 

Step 11: Select all WAN links that you want to include in the packet cloning algorithm. This ensures that identical packets are transmitted across the selected links, minimizing or eliminating packet loss at the receiving end. 

 

 

 


Step 12Select the local LAN subnets you want to share with other devices within the same tunnel. 

In this example, a single network has been added. This network will be associated with the HUB device, allowing users to access the 192.168.20.1/24 subnet through the Spoke device. 

 

 

 

  
 

Steps 13: Outbound Forwarding 

Select whether the incoming traffic from the tunnel should be forwarded to the LAN side or the WAN side. 

 

Once selected, click SAVE. 

 





Ping Test Result:


When I ping the tunnel IP from HUB to Spoke (172.20.100.3) and from Spoke to HUB (172.20.100.1), the pings are successful, as shown below.