vSmart controllers have preinstalled credentials that allow the controller to authenticate to every SD-WAN router that comes online.
The credentials ensure that only authenticated devices can gain access to the SD-WAN fabric.
After each successful authentication, the vSmart controller establishes a DTLS tunnel to each SD-WAN router in the fabric for uses these tunnels to establish an Overlay Management Protcol (OMP) neighbourship with each SD-WAN router.
OMP is a proprietary routing protocol similar to BGP that can advertise routes, next hops, keys, and policy information to establish and maintain the SD-WAN fabric.
The vSmart controller processes the OMP routes learned from the SD-WAN routers or other vSmart Controllers to determine the network topology. It calculates the best routes to destinations and advertises reachability information learned from these routes to all the SD-WAN routers within the fabric.
The vSmart controller implements all the control policies that are created on vManage. These policies can include service chaining, traffic enginerring, and segmentation per VPN topology.
The vSmart controller also works with the vBond orchestrator to authenticate devices as they join the network and orchestrate connectivity between the SD-WAN routers.