Megaport Virtual Edge (MVE) is an on-demand, vendor-neutral Network Function Virtualization (NFV) service that enables branch-to-cloud connectivity on Megaport’s global software-defined network (SDN). MVE provides the edge-computing framework that hosts partner SD-WAN technology directly on Megaport ONE’s global SDN.
An MVE provisioned in a metro area works as a gateway to connect enterprise SD-WAN enabled sites to Megaport ONE’s ecosystem, providing cloud-neutral, direct, and secure access to its extensive platform of cloud providers and other services. MVE enables traffic flow between metro locations and cloud service providers (CSPs) using SD-WAN technologies and internet connectivity. Once connected to MVE, traffic traverses across the Megaport ONE private network.
MVE integrated with Cisco supports provisioning the MVE NFV service as a virtualized standalone router, providing full control of the cloud provider to users with advanced routing expertise. For details, see Creating a Cisco MVE in Autonomous Mode.
What is SD-WAN?
A software-defined wide area network (SD-WAN) provides enterprise customers with centralized control over multiple network endpoints such as branch offices, hubs, data centers, point-of-sale locations, and home offices. The virtualized network design allows flexibility in the choice of transport services, including public internet over broadband, satellite, MPLS, and mobile 4G/5G networks by decoupling the network software controls from the WAN connections.
SD-WAN simplifies the setup and management of WAN solutions using a management control console that an enterprise network manager can use to apply routing decisions, automate business policies, and monitor network usage and performance in real time.
SD-WAN with Megaport ONE
The Megaport ONE SDN is a private network that does not provide connectivity to the public. MVE is connected to the internet so SD-WAN appliances can reach the Megaport private network. But internet dependency is reduced, because MVE makes use of transit IP connectivity to the public internet only as a bridge to the Megaport ONE private network. The public internet portion of the end-to-end connectivity is limited to only one-hop or a few-hops to the Megaport ONE SDN. Terminating traffic to the nearest MVE reduces internet hops. The internet acts as the first mile, and Megaport acts as the middle and last mile.
The internet connection is used only to bridge connectivity from the customer SD-WAN on-premises devices into the Megaport SDN. The internet connection terminates at the Megaport MVE. Other than the initial connection between the customer on-premises devices and MVE to enter the Megaport SDN, once the connection is made, all traffic remains within the Megaport network.
By design, the internet-facing interface on an MVE cannot reach the internet-facing interface on another MVE over the public internet. You must create a private VXC to build connectivity between two MVEs. Available routes on the public, internet-facing MVE interfaces are unfiltered, except for routes of other Megaport MVE IP addresses, which are blackholed. MVE prioritizes the path preference for any inter-MVE routes to send them across VXC connections that are not subject to internet variances and security considerations. For details, review the appropriate “Connecting MVEs” topic for your SD-WAN vendor.
MVE is integrated with these SD-WAN providers:
- Aruba EdgeConnect SD-WAN – see Aruba EdgeConnect SD-WAN with Megaport MVE.
- Cisco – see Cisco with Megaport MVE.
- Fortinet Secure SD-WAN – see Fortinet Secure SD-WAN with Megaport MVE.
- Versa Secure SD-WAN – see Versa Secure SD-WAN with Megaport MVE.
- VMware SD-WAN – see VMware SD-WAN with Megaport MVE.
The SD-WAN providers create the private overlay network and manage the network connections and network policies. The provider’s SD-WAN fabric acts as the overlay, and the Megaport SDN acts as the underlay.
The SD-WAN and MVE solutions include these key features and benefits:
- Flexible connections within a metro area. You can use MVE to hop onto important high-speed metro area networks without provisioning a private circuit for access. Although a metro area covers a larger area than a LAN, MVE treats a metro area as one big LAN, keeping data traffic local.
- SD-WAN termination. MVE instances are preconfigured in essential metro areas as edge points across the Megaport ONE platform. Connections are terminated from branch and on-premises locations to the nearest MVE metro hub to localize traffic. Remote sites are connected to MVE, so anything on the internet or the Megaport ONE SDN is treated as though it is present on the edge. You can connect to MVE directly, through a cross-connect in a data center, or by using the public internet.
- Direct onramps. MVE provides direct access to any service within a cloud service provider (CSP).
- Subscription-based, pay-as-you-go pricing models. Your subscription includes a public IP address, internet access, and distributed denial-of-service (DDoS) protection for the connection to the internet that terminates the tunnel between the MVE and customer-provided equipment at the branch.
- Secure the network edge with SASE. In addition to the Network Function Virtualization (NFV) services that MVE provides, Megaport’s Fortinet and Versa SD-WAN partners offer Secure Access Service Edge (SASE) services. Both Versa and FortiGate VMs on MVE natively support SASE and SD-WAN services. For details, see Securing the Network with SASE.
- Simple online provisioning. You order and configure MVE through the Megaport ONE Portal or through Cisco’s SD-WAN vManage NMS console. You then order and provision up to 24 Virtual Cross Connects (VXCs). You can also create VXCs from existing Ports and CSPs into MVE to enable meshed network access, as shown in this figure: