Which component is the only one requiring a public IP address in the SD-WAN architecture?

In an SD-WAN architecture, the vBond component is essential for establishing secure and trusted connections between the various components of the network, including vManage, vSmart controllers, and edge devices (cEdges). The vBond operates as a trusted orchestrator that helps in the initial connectivity and key exchange between these components.

The reason vBond requires a public IP address is that it facilitates the initial communication between devices that may be distributed across different networks and potentially behind various NAT (Network Address Translation) devices. By having a public IP address, vBond can serve as a rendezvous point that is accessible to all the SD-WAN components regardless of their individual network configurations. This setup allows the edge devices to locate and connect to the vSmart controllers and vManage, establishing their control and data planes efficiently.

Other components in the architecture, like vSmart and vManage, can often operate using private IP addresses internal to the organization’s infrastructure, as they primarily communicate within the secure overlay network established by the SD-WAN. However, vBond must be publicly accessible to enable the orchestrator functionality across different environments and ensure a successful deployment of the SD-WAN solution.