vBond Orchestrator authenticates the vSmart controllers and the SD-WAN routers.
It orchestrates connectivity between the vSmart controllers and the SD-WAN routers.
The vBond Orchestrator is the only device that requires to have a public IP address on it so all other SD-WAN devices can connect to it.
There are three components of the vBond Orchestrator:
Control Plane Connection
Each vBond Orchestrator has a permanent control plane connection over a DTLS tunnel with each vSmart controller.
The vBond orchestrator uses DTLS tunnels to communicate with SD-WAN routers when they come online.
The DTLS tunnel to SD-WAN routers is used to authentication the SD-WAN routers and facilitate their ability to join the network.
Authentication of a SD-WAN router is carried out using certificates and RSA cryptography.
The vBond orchestrator facilitates the initial orchestration between SD-WAN routers and vSmart controllers when one or both of them are behind NAT devices. Peer-to-peer technologies are used t o facilitate the connection
vBond Orchestrator performs load balacing of SD-WAN routers across vSmart controllers as routers come online