Decoding SD-WAN - part2

Part one of the discussion was intended to provide a 10,000 feet high overview of SD-WAN the 'keyword'. Now let’s look at the nitty-gritty of SD-WAN the 'technology'.

Current WAN Design:

The traditional approach to design a branch office WAN is to have a T1 access to a service provider’s MPLS network at each branch offices and to have one or more higher speed links at each data centers. In this design, it is common to have all or some of a company’s Internet traffic be backhauled to a data center before being handed off to the Internet. One of the limitations of this design is that since the Internet traffic transits the expensive MPLS circuit, this adds both cost and delay.

The Foundation:

To understand SD-WAN ‘the technology’, we have to first understand the current dynamics of enterprise networking. Enterprise spends about 50-60% of their overall IT expenses on WAN. With recent boom in the cloud based services (SAAS, IAAS etc.), most of the Enterprise’s apps are now hosted on some form of cloud platforms. There is a huge surge in the traffic requirements of these next generation of Apps. Also Enterprises are witnessing many fold increase in their user base.

The need of the hour for most of the Enterprises:

1.    Branch connectivity: The most critical of all requirements. Modern Enterprises can’t wait for 3-6 months to get a particular site to go online. This must be reduced to few days and should be provisioned with minimal or no manual efforts.

2.    Traffic Prioritization: Traffic is prioritized in a static manner using PBR; e.g., voice traffic always gets top priority and it receives a set amount of bandwidth. Enterprises need a way to dynamic prioritize traffic based on application requirements.

3.    Business Critical Apps: Business critical applications has to meet the SLA requirements for better user experience.

4.    Public Cloud Services: Most Enterprises currently make relatively modest use of public cloud computing services.

5.    Internet Access: Many Enterprises currently backhauls most of its Internet traffic to its data centers. Enterprises needs a way to enable direct Internet access from their branch offices meeting their security needs.

6.    Application Visibility: Last but not the least, Enterprises wants to have complete visibility about all the applications running in their network.

So, now we know the issues faced by Enterprises, let's focus on the solution. To understand the solution better, we first need to understand two aspects of viewing applications which run over networks. Application centric view and network centric view. In essence, when you write your application keeping network in mind (application should be intelligent enough to deal with network anatomy), you are following the network centric approach. But when your network has to be aware of application and its requirements, you are following the Application centric approach for network design. We won’t go in detail about the pros and cons of each approaches but SD-WAN or SDN in general looks to follow the app cenric approach.

The other important aspect of the solution is to understand the overlay networks. Overlay and underlay designs have different unique consequences on the network. An overlay network separates identity of a device from its location which makes it possible to create layers of network abstraction that can be used to run multiple separate, discrete virtualized network layers on top of the physical network or underlay networks.

SD-WAN ‘THE SOLUTION’:

As discussed in the part one of the discussion, let’s look at the individual sections of the overall solution and how it aligns with the need of the Enterprises discussed earlier.

Transport independence:

The WAN is a critical business resource that requires resilient design and architecture. Enterprise will need path diversity and will likely have multiple service providers with different transport networks. To increase WAN bandwidth, Enterprise should augment WAN connections with less-expensive transports such as Internet to meet growing traffic demands at lower costs. In addition, enterprise may also consider cellular 3G/4G LTE as backup connectivity.

To accomplish these architectural changes to the WAN, Enterprise should deploy a transport-independent WAN model that is a single, prescriptive overlay network design that can be used over any type of WAN transport with integrated security. This architecture will enable Enterprise to take advantage of hybrid access approaches with MPLS and Internet.

For branch-office access, Enterprise should use the secure overlay for transport to the private cloud and Internet edge and take advantage of the cost and additional bandwidth afforded with a hybrid network design (MPLS + Internet). Many vendors offers DMVPN as an integrated overlay solution which can run over any kind of underlying transport.

Application traffic path control:

A mechanism is required for routing application traffic optimally, across multiple paths, and ensuring full use of all WAN resources. Enterprise must move away from separate networks with static traffic mapping to a single dynamic WAN directed by application policy control. Path control assures that application traffic always follows the WAN path that is optimal for user experience. When a WAN path experiences performance degradation, it automatically moves priority traffic to the best-performing path available, protecting application performance and user experience.To maximize use of expensive WAN resources, path control services automatically load balances traffic across all the WAN connections.

Path control and load balancing based on policies at the application level will greatly simplify the administration of application performance control for Enterprise. For example, a path control policy may set the MPLS network as a preferred path for voice applications for guaranteed SLAs and high reliability provided by MPLS, and load balance other traffic across the network to maximize usage. However, if a brownout occurs, Intelligent Path Control will dynamically reroute to the better path (may be Internet or other Transports) so the user experience is maintained.

Application visibility:

Enterprise must have visibility into what applications are on the network and the performance of each application. This visibility is critical for capacity planning and to verify and troubleshoot problems that affect user experience.Application-response-time measurement should be deployed for mission-critical business applications to isolate where delays are occurring in the network (for example: client, LAN, WAN, or server response time). Another important component of the architecture is QoS. After Enterprise gains visibility into all applications running over the WAN, it can apply QoS policies to groups of key applications to help ensure the priority applications get properly scheduled into the WAN with the proper bandwidth allocation.

Application optimization:

Enterprise will want to further accelerate application performance through application-optimization principles. TCP optimization allows enterprises to squeeze more out of their existing pipe while maintaining the ability for applications to travel at normal speeds, even during usage spikes. Although bandwidth can relieve traffic congestion, web and cloud applications have introduced new levels of latency that only HTTP caching can truly address. In many cases, caching can offload 40 to 90 percent of network traffic, while giving users a near instant application experience.

End-to-End security:

Enterprise must rethink where security should be enforced as its users become more distributed, applications are no longer hosted locally and more devices connect to the network. Securing user traffic by moving the security policy enforcement from the data center edge to a centrally managed cloud will great help the Enterprise meeting its security goals.

SDN based orchestration:

To promote greater agility, Enterprise will require controlled-based architecture with open interfaces. This solution must automate and orchestrate WAN deployments in minutes. As Enterprise makes infrastructure investments, the company must have flexibility as it moves from physical to virtual devices which can be managed by a single management system with full investment protection.

Summary

To summarize, modernizing the WAN for Enterprise can be a daunting journey. It is essential that benefits from infrastructure investments can be realized today and still scale for tomorrow’s needs. SD-WAN allows Enterprise to lower the cost of investment on WAN with a hybrid WAN & transport overlay design, improve, optimize & protect the application experience for users.