🎣Unlocking VPN Flexibility with Fusion's SD-WAN NFV Using OpenWrt & libvirtd🎏

Ronald BartelsRonald Bartels
5 min read

In today’s fast-paced business environment, where remote work and secure inter-site connectivity are crucial, the demand for flexible and scalable networking solutions is ever-increasing. Fusion's SD-WAN platform not only addresses this with its core features but goes further with Network Function Virtualization (NFV), enabling seamless integration of third-party VPNs and remote access solutions. Leveraging libvirtd and OpenWrt images, Fusion’s SD-WAN introduces operational flexibility that can connect everything from branch offices to a work-from-home setup—without the complexity often found in traditional VPN deployments.

The Power of NFV with Fusion’s SD-WAN

At the heart of this capability is libvirtd, a powerful virtualization framework that enables the deployment of virtual machines or services directly on Fusion SD-WAN edge devices. Instead of relying solely on proprietary configurations or hardware-limited functions, Fusion’s SD-WAN edge devices can load virtualized services, including VPN clients and servers, through the use of NFV.

This approach transforms the SD-WAN edge into a versatile and adaptable network node, capable of much more than simply forwarding traffic or ensuring Quality of Service (QoS). The integration of NFV allows for running virtualized services such as IPSEC, OpenVPN, or WireGuard clients or servers, directly on Fusion's SD-WAN edge devices.

OpenWrt | Bringing VPN Flexibility to Fusion's SD-WAN

OpenWrt is an open-source operating system based on Linux that is widely used for embedded devices. With its rich package ecosystem, OpenWrt provides out-of-the-box support for a range of VPN technologies, including IPSEC, OpenVPN, and WireGuard. This makes it the perfect companion for SD-WAN implementations that require more than basic site-to-site connectivity.

By leveraging libvirtd, an OpenWrt image can be loaded onto a Fusion SD-WAN edge device to extend VPN capabilities. This means you can run an OpenVPN server on one edge device, allowing road warriors or remote workers to connect securely, or configure a WireGuard client to create high-performance site-to-site links with other networks, including standalone Virtual Private Servers (VPS) in hosting environments.

This flexibility is especially beneficial for hybrid setups where businesses may have both corporate offices and a mix of cloud environments. Even when dealing with cloud providers that are difficult to connect via traditional VPN methods, a simple OpenWrt image running WireGuard can solve the problem, maintaining the security and efficiency Fusion’s SD-WAN is known for.

Virtualized Service Flexibility with libvirtd

So how does libvirtd enable this level of virtualization and service flexibility? libvirtd is a daemon that provides management and control over various virtualization technologies, including KVM, Xen, and LXC. Within the Fusion SD-WAN architecture, libvirtd is utilized to:

  1. Load Any Image: Whether it’s an OpenWrt image or any other Linux-based virtual appliance, Fusion’s SD-WAN edge devices can dynamically load these images, turning the edge hardware into a multi-functional network device.

  2. Direct VPN Integration: This NFV-based setup allows for seamless deployment of VPN services directly at the network edge, avoiding the need for separate dedicated VPN appliances or firewalls.

  3. High Scalability: Fusion’s SD-WAN NFV makes it easy to scale services. Need to run multiple VPN clients to different cloud providers or regional hubs? Just load more instances on the same edge device, without the need for additional hardware.

  4. Operational Simplicity: With Fusion’s SD-WAN, once a virtualized service is spun up, the orchestration is done centrally, and everything can be managed through Fusion’s robust controller platform.

This eliminates the headaches traditionally associated with integrating third-party VPNs. For example, if a business is connecting multiple cloud environments or even remote offices with non-standard routing, an OpenWrt image with a WireGuard client can be deployed quickly and easily. It’s like having a Swiss Army knife for VPN connectivity.

A Real-World Example | Connecting a VPS to a Fusion SD-WAN Site

Let’s say you have a Virtual Private Server (VPS) hosted in a remote data center, and you need to connect this server securely to a Fusion SD-WAN site. Using the NFV capability, an OpenWrt image can be loaded onto the Fusion SD-WAN edge device with WireGuard configured to establish a secure site-to-site tunnel. This tunnel connects the VPS with the branch office as if it were part of the same network, all while maintaining the security, traffic steering, and performance optimization provided by Fusion’s SD-WAN.

This setup provides several benefits:

  • Cost Efficiency: No need for expensive dedicated VPN hardware or complex configurations.

  • Performance: WireGuard offers high performance and low overhead, making it ideal for bandwidth-intensive applications.

  • Scalability: As your business grows, adding more VPNs or remote workers is as simple as spinning up additional virtual services.

PWAN | The Default Bulletproof Branch Networking Solution

While Fusion’s SD-WAN offers this exceptional flexibility with NFV and third-party VPNs, it’s important to note that Fusion’s PWAN functionality already provides a bulletproof solution for branch connectivity. PWAN (Private Wide Area Network) enables seamless, secure branch-to-branch communication with advanced traffic engineering, multiple link bonding, and automated failover.

This means that for many businesses, the native PWAN capability is more than sufficient for branch networking, offering out-of-the-box reliability, security, and performance. However, for those unique cases requiring third-party VPNs or complex cloud connections, the flexibility of NFV through libvirtd and OpenWrt fills in the gaps perfectly.

Wrap | Flexibility and Scalability in One Package

Fusion's SD-WAN solution isn’t just about optimizing branch networking; it's about offering the operational flexibility to handle any VPN requirement you might encounter. By leveraging libvirtd and OpenWrt, businesses gain access to a highly customizable network environment that supports third-party VPNs, road warrior setups, and seamless cloud integration.

This kind of flexibility, combined with Fusion’s battle-tested PWAN capabilities, means that no matter what networking challenges arise—whether it’s connecting a remote worker or linking a VPS in the cloud—Fusion's SD-WAN can handle it with ease.

Fusion’s SD-WAN not only optimizes your networking but also future-proofs it by giving you the tools and flexibility you need to grow, adapt, and thrive in an ever-changing digital landscape.

Ronald Bartels ensures that Internet inhabiting things are connected reliably online at Fusion Broadband South Africa - the leading specialized SD-WAN provider in South Africa. Learn more about the best SD-WAN in the world: 👉Contact Fusion🚀

https://hubandspoke.amastelek.com/cappuccino-a-day
0
Subscribe to my newsletter

Read articles from Ronald Bartels directly inside your inbox. Subscribe to the newsletter, and don't miss out.

OpenWRTSDWANlibvirtd#SouthAfrica

Written by

Ronald Bartels
Ronald Bartels

Driving SD-WAN Adoption in South Africa