This KB provides recommended configuration settings for a WAN link using a consumer broadband modem (most commonly, DSL or cable) that will ensure that the VMware SD-WAN service operates in a stable and consistent manner with that WAN link. 

Some carriers change their modem configurations on a regular basis which adds complications for partners and customers in knowing what is compliant and what is not.  The recommendations can be used to provide guidelines to carriers up front when consumer broadband is ordered to ensure the configuration guidelines are addressed prior to installing and activating the VMware SD-WAN service with that carrier.

Turn on Bridge Mode

While explicit configurations are going to vary from modem to modem, the most common recommended modem configuration is to turn on bridge mode for the broadband modem itself. This single setting, while removing other more advanced features (firewalls, packet filters, etc.) from the modem, conversely serves to provide the best chance of stable and consistent operation when using a VMware SD-WAN Edge.

A modem with bridge mode turned on is especially important for any traffic that may need to pass Direct to the underlay. In a non-bridged scenario, this traffic would be double NAT’ed. There is also a potential issue for inbound traffic that would require two port forwarding rules to be configured (one on the modem and another on the Edge) should there be a service hosted at the customer premise that resides behind the Edge.

Bridge Mode Alternative: UDP Hole Punching 

While turning on bridge mode on a broadband modem is the recommended method for providing the best chance of ensuring a stable and consistent operation with VMware SD-WAN, there may be situations where bridge mode cannot be turned on. In such a case, the partner or customer will need to configure UDP Hole Punching for this WAN Link. UDP Hole Punching is intended to resolve some of the common tunnel establishment issues seen when an Edge is sitting behind a NAT device on a WAN circuit.

Instructions for configuring UDP Hole Punching may be found in the Configure Edge WAN Overlay Settings documentation.