Help Center User GuideGetting StartedFAQ
 
X
User Guide
Getting Started
FAQ
Contents  

Breakout and Breakout Profiles Overview

Site-to-site traffic between spoke sites of a tenant is sent (on overlay tunnels) directly from one site to another depending on the tenant topology or through the hub or enterprise hub. However, for Internet-bound or Software as a Service (SaaS) traffic, you can break out the traffic in different ways:

In CSO Release 4.0, only local breakout and central breakout (backhaul) are supported and the breakout option is enabled only at the site level. However, from CSO Release 4.1.0 onward, breakout is supported at the site, department, and application (cacheable only) levels by using breakout profiles that are applied using SD-WAN policy intents. Non-cacheable applications follow the site-specific or department-specific behavior as configured in the SD-WAN policy intent.

Note For sites added in CSO Release 4.1.0 onward, you cannot configure breakout directly at the site level and must use breakout profiles referenced in SD-WAN policy intents for this purpose.

Cloud Breakout

In releases before CSO Release 5.1.0, as part of providing the tunneled breakout to Zscaler, the tunnel source public IP address was obtained only from the WAN interface. With pool-based NAT supported from Release 5.1.0 onward, the tunnel creation to Zscaler (when pool-based NAT is configured) obtains the source address from the WAN link's NAT pool.

When multiple Zscaler tunnels are needed on a WAN interface (for example, when primary and secondary cloud breakout nodes are configured), the pool IP address must be large enough to accommodate these tunnels. In the case of multiple Zscaler tunnels, no two Zscaler tunnels will have the same source IP address. However, the IP address that is used as Zscaler tunnel’s source address, can also be used in the NAT pools.

Breakout Profiles

The following three types of breakout profiles are supported in CSO:

After you add a breakout profile, you must create an SD-WAN policy intent specifying the source (site, site group, or department) and application and the applicable breakout profile.

SD-WAN Policy Intents for Breakout

For SD-WAN policy intents configured at different source endpoints, the following is applicable:

Benefits of Breakout Profiles

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit