The Direct Internet Access (DIA) option in the configuration of split tunnels for an SD-WAN device, as shown in the exhibit, is a feature that allows traffic destined for the internet to bypass the SD-WAN overlay network and be sent directly out of the local branch’s internet connection. This can significantly improve access to cloud services andinternet performance by reducing latency and avoiding backhauling traffic through the corporate data center or another central location.
When DIA is enabled, traffic that is destined for the internet does not traverse the SD-WAN overlay network; instead, it is routed directly from the branch to the internet. The SD-WAN appliance can still enforce security policies on this traffic, and it can also be programmed to dynamically decide whether to use the DIA path based on real-time performance metrics and other criteria.
By implementing the BGP default route advertisement into the local LAN Virtual Routing and Forwarding (VRF) of the tenant, the SD-WAN appliance advertises a default route to the local site. This allows the site to route internet-bound traffic directly to the internet without having to send it across the SD-WAN network. This eases the internal network traffic load and can potentially reduce costs associated with data transmission over the corporate WAN.
References:The explanation provided above aligns with standard SD-WAN architecture and practices for configuring split tunnels and the use of Direct Internet Access in SD-WAN environments.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit