Skip to main content

Network Architecture

AD-WAN implements a cloud-managed SD-WAN architecture that enables secure, scalable connectivity between sites, remote users, and cloud resources across different network environments.

Overview

The AD-WAN network architecture consists of several key components working together to provide seamless connectivity:

  • Web Dashboard: Browser-based interface for network management and monitoring
  • Platform API: Backend services for configuration, orchestration, and integration
  • Controller Cluster: High-availability infrastructure for device management and coordination
  • Edge Devices: Customer premise equipment that provides secure site connectivity
  • VPN Gateway (AD-HOME): Remote access solution for mobile and remote workers
  • Secure Mesh Network: Encrypted tunnels connecting all sites using WireGuard or IPsec protocols

Network Topology

The following diagram illustrates the AD-WAN network architecture:

Key Components

Web Dashboard

The web-based management interface allows administrators to:

  • Monitor network status and device health
  • Configure network topology and routing policies
  • Manage user access and VPN clients
  • View analytics and performance metrics

Platform API

The backend management system provides:

  • Centralized device registration and inventory
  • Configuration management and deployment
  • User authentication and authorization
  • Integration with third-party systems

Controller Cluster

The high-availability controller infrastructure serves as the coordination point for the network:

  • Maintains secure connections with all edge devices
  • Distributes configuration updates to devices
  • Monitors device health and connectivity status
  • Provides automatic failover for uninterrupted service

Edge Devices

Edge devices deployed at customer sites provide:

  • Secure connectivity to the central infrastructure
  • High-performance packet processing and routing
  • Support for multiple tunneling protocols (WireGuard, IPsec)
  • Dynamic routing capabilities (BGP, OSPF)
  • NAT and firewall functionality for local networks
  • Zero-touch provisioning for easy deployment

VPN Gateway (AD-HOME)

The remote access VPN gateway enables:

  • Secure remote access for mobile users
  • WireGuard-based VPN connectivity
  • Integration with the SD-WAN mesh network
  • Seamless access to resources across all sites

Local Networks

End-user devices and applications at each site connect through:

  • Standard ethernet or Wi-Fi connections
  • Automatic IP addressing (DHCP)
  • Transparent access to both local and remote resources

Secure Mesh Connectivity

All sites communicate through:

  • Encrypted tunnels using WireGuard or IPsec protocols
  • Direct site-to-site connections for optimal performance
  • Automatic failover and path optimization
  • End-to-end encryption for all data in transit

Configuration Management

AD-WAN uses a secure, automated configuration management system:

Zero-Touch Provisioning

  1. Device Registration: Edge devices automatically register with the controller cluster upon first boot
  2. Authentication: Each device authenticates using unique credentials
  3. Configuration Delivery: The platform securely distributes network configurations to devices
  4. Automatic Application: Devices automatically apply configurations without manual intervention

Secure Updates

  • All configurations are encrypted end-to-end
  • Changes are validated before deployment
  • Rollback capability ensures network stability
  • Real-time monitoring confirms successful application

High Availability

  • Controller cluster provides redundancy across multiple availability zones
  • Automatic failover ensures continuous operation
  • Devices maintain connectivity even if individual controllers become unavailable

Traffic Flow

Site-to-Site Communication

When users at Site A need to access resources at Site B:

  1. Traffic enters the edge device at Site A from the local network
  2. The edge device encrypts and routes traffic through the secure tunnel to Site B
  3. The edge device at Site B decrypts and forwards traffic to the destination
  4. Return traffic follows the same path in reverse

Remote VPN Access

When remote users connect via AD-HOME:

  1. VPN client establishes a secure WireGuard tunnel to the VPN gateway
  2. Traffic is encrypted and sent through the tunnel
  3. The VPN gateway routes traffic to the appropriate site via the SD-WAN mesh
  4. Users gain seamless access to resources across all connected sites

Internet Access

Local users at each site can access the internet through:

  • Direct internet breakout at their local site
  • Centralized internet gateway at a designated site
  • Automatic path selection based on policies and performance

Management Traffic

  • Edge devices maintain persistent encrypted connections to the controller cluster
  • Controllers send configuration updates and commands to devices
  • Devices report health status and events back to controllers
  • All management traffic is encrypted and authenticated

This architecture provides scalable, secure networking with centralized management and distributed high-performance data processing at each site.