Built Using IETF Standards-Based Protocols: Based on BGP/MPLS VPN and Ethernet VPN, with the use of a Private SAFI (Sub Address Family Identifier) to carry SD-WAN- related information such as:
- Key management
- Access circuit state and status
- NAT-related information
- Information about SLA to critical applications
Key management and certificate management
- True emulation of IKE without using IKE.
- A branch’s secret is never sent on the wire and can be rotated as often as every four minutes.
- A unique shared secret is algorithmically derived between every pair of branches.
- Advanced certificate management capabilities.
- Support for OCSP, CMPv2, SCEP, and ACME
- Support for external key management using Key Management Interoperability Protocol (KMIP) for deployments requiring keys generated by the tenant/customer.
Ability to be deployed in DDIL (Denied, Disrupted, Intermittent, and Limited) environments
- Three VM images – The minimum set of images to operate completely disconnected is three. All updates of security images are supported in a completely disconnected environment.
- License centrally managed by Versa Director. Versa Director is one of the three images where the license is loaded and does not require reaching back to or through the internet.
- Versa Analytics is one of the images. It provides operators with full visibility of security, connectivity, and performance.
- Single Pane of Management as well as Centralized Provisioning, Management, Monitoring, Visibility, and Big Data Analytics for all SASE services (SD-WAN, SSE) and multi-cloud.
- Most widely deployed SD-WAN solution by Satellite-Based Service Providers, Shipping, and Maritime. Support for up to 14 underlay transport domains per node. It can simultaneously accommodate multiple underlays such as SATCOM (LEO, MEO, GEO), Private MPLS, LTE/5G, terrestrial fiber, broadband, and others.
Versatile Traffic steering, Traffic Conditioning, and Advanced TCP Optimization
-
Traffic steering based on any layer3-layer7 fields of the packet, Layer7 application, URL category, user, group, device posture, Entity Confidence Score, Geo-Location, Security Tag associated with the source, time of the day, and other factors.
- Tunnel-less on a per-flow basis. Versa can support Tunnel-less SD-WAN where and when required. Please refer to the section “Versa’s Tunnel-Less SD-WAN Solution.”
- Encryption can be enabled or disabled on a per-flow basis.
- Versa solution is very well suited and provides the best application experience for satellite, maritime, and federal networks that leverage NSA High Assurance Internet Protocol Encryption (HAIPE) or Commercial Solutions for Classified (CSfC)-based architectures that might experience DDIL and adverse conditions. Please refer to the section “Versa SD-WAN for Classified Solution.”
- Traffic steering is based on the visibility of end-to-end dynamic path characteristics such as packet loss, latency, and jitter. This feature provides more accurate and resilient end-to-end application SLAs. All other vendors select the best path based on SLA to the immediate next hop. Only Versa can steer traffic based on end-to-end path metrics.
- Traffic conditioning using FEC, replication, and other measures, which are all automatically triggered when SLA degrades and stopped when the SLA improves. These capabilities are available for all traffic types rather simply for voice and video.
- Support advanced TCP optimization and congestion control algorithms like BBR, Hybla, SACK, Recent Acknowledgement.
Comprehensive QoS Capabilities Versa solution supports very comprehensive QoS (Layer3-QoS-Policy, AppQoS Policy, Policer, Marking, HQoS with 4K shapers and 64,000 queues) and SD-WAN traffic steering capabilities. Based on the layer3-layer7 fields within the received traffic, including application, URL category, and device posture, a forwarding class (FC) and packet-loss priority (PLP) is associated with a traffic flow. The FC and PLP prioritize and schedule the traffic within a VOS platform. Additionally, rewrites of inner and outer headers and egress-shaping are done based on the FC and PLP. Hence, mission traffic is prioritized over less-critical traffic within a Versa appliance as well as on transmission.
Very well suited for brownfield network deployments.
- Support all major layer2 and layer3 (IPv4 and IPv6) protocols.
- Support for IPv4, IPv6, and dual-stack for VRFs, as well as underlay transport.
Support for complex topologies such as Full Mesh, Hub and Spoke, Partial Mesh, Spoke-Hub-Hub-Spoke, Hub-Controllers, Controller behind the hub, and many more.
Very rich template infrastructure: Versa supports a very rich template infrastructure that supports a hierarchy of templates. Using this hierarchy of templates, global policies can be defined with specific policies having higher precedence. This makes the overall configuration management simple and efficient.
A device group is a collection of devices with similar but not identical configurations. A device group is typically associated with a device template and a set of service templates of different types, such as security service template, application steering service template, QoS service template, General service template, and others. A device group can be associated with multiple security service templates which are applied in an operator-specified order. Additionally, there can be device-specific security service templates.
CGNAT for v4 and v6 NAPT-44, DNAT-44, Dynamic NAT-44, Basic-NAT-44, Twice Basic NAT-44, NPT66, NAT64, MAP-E
Multiple options for Zero Touch Provisioning.
Universal CPE to host multiple VNFs. Service Chaining hosted VNFs and external physical PNFs.