What makes SD-WAN SD-WAN?
Over the last decade the world of computer networking has seen a rise in Software Defined Wide Area Network, or SD-WAN, providers. While this is a fantastic new technology we will cover in this article, it is crucial to remember that while there are many SD-WAN providers across the IT landscape, there is not an official RFC or other standard that defines what SD-WAN actually is.
With that being said, it's also important to remember that since there is no standard, any vendor can claim to have an SD-WAN solution and there would really be no quantifiable way to refute that. However, across many of the major players in the SD-WAN landscape several key tenets have emerged that are currently the de-facto traits of any true SD-WAN solution. These four traits are:
This article will take a deeper look at these concepts and how they have been applied or adopted by various vendors across the SD-WAN landscape.
Transport Agnostic Services
Many individuals who read the header of this section will think to themselves, "Isn't most network equipment transport agnostic? I can plug a router into an Internet circuit, ELAN or MPLS circuit no problem.", and, those individuals would be absolutely correct. However, when referring to an SD-WAN platform, not only is the networking hardware transport agnostic, but, by result of the SD-WAN configuration and operation the traffic transiting the SD-WAN fabric is unaware of the type of transport being utilized.
To explain this in a different way, traditional router-centric WAN models view each circuit as a finite resource that will either be utilized for a specific packet, or not, based on routing decisions or manual configurations made by an administrator. Within an SD-WAN fabric, circuits are no longer viewed as individual finite resources, but, as pools of resources that can be utilized dynamically (up to their maximum capabilities) to transmit traffic on the most optimal path. Not only can this dynamic and intelligent decision making occur on a packet by packet basis, but, true SD-WAN platforms also have the ability to utilize their various circuits concurrently to provide a much higher throughput and efficiency rate for the traffic.
While the flexibility of WAN transports is certainly a qualifying feature of SD-WAN, potentially the most critical is the ability of an SD-WAN platform to create a secure overlay using these various transports. While native security features, such as an integrated firewall, threat protection or content filtering are not necessarily tenets, an SD-WAN platform cannot be considered a true SD-WAN solution without the capability of creating dynamic and fully secure overlays across the WAN.
Improved User Experience
Since the beginning, the goal of networks fundamentally has been to improve user experience, even before the users knew their experience needed improving. Purpose built for moving information from point A to point B at the speed of electricity, networks have always carried user data and administrators and engineers have always sought to improve that experience. Traditional networks have, unfortunately, been limited in their capabilities for increased positive user experience. At the end of the day, a network administrator can do everything in their power to ensure optimal performance and redundancy and an end user will just experience a working-as-expected network. When something breaks, it breaks, and a call is placed to IT to fix it. This is the cycle SD-WAN platforms strive to break.
Recommended by LinkedIn
Unlike traditional infrastructure, SD-WAN routers actively probe available paths to Internet and internal resources alike to consistently provide not only the most direct or “best” path, as would be determined by traditional dynamic routing protocols, but also the most efficient and high-quality path available for the traffic to take. The constant probes and measurements not only allow for the monitoring of end-resource availability, but, also for constant monitoring of the links themselves. Most SD-WAN platforms will intelligently respond to a decline in WAN link quality by shifting traffic to an alternate, more stable circuit, or, by enacting what many providers have come to call “Link-Bonding Policies”.
Link-Bonding characteristics, also sometimes referred to as the Overlays are where the improved user experience really comes to light. Through the intelligent monitoring of WAN circuits, these platforms are able to send traffic across a variety of transports at the same time and reconstruct the flows on the receiving end or choose the path mid-flow that provides the most efficient or reliable transit. This allows true per-packet balancing of flows across WAN circuits, and, provides a much more efficient and fault tolerant method of data transport.
Centralized Orchestration
A wide variety of management suites, platforms, toolsets, etc. exist on the market today to manage traditional network infrastructure. From SolarWinds to PRGT these platforms strive to consolidate network management functions into a single dashboard for reporting, configuration, backups and more. While many of these solutions are quite successful, they lack the intelligence to proactively remediate issues in an environment as ever changing as the Internet.
SD-WAN platforms revolve around single-pane-of-glass management, configuration, reporting and analysis to provide one cohesive infrastructure management tool for all activities and devices related to the particular SD-WAN solution. From Silver Peak’s Unity Orchestrator to Cisco’s vManage and Meraki Dashboard to Palo Alto’s Panorama, a key component that all these solutions share is centralized orchestration. In the past, this type of centralized management has been viewed as a convenience employed mainly by large organizations who could afford the hefty licensing costs associated with the different toolsets. However, the inclusion of centralized management within SD-WAN platforms allows a business to invest in a forward-thinking solution, continue the improvement of the organization and gain the benefits of working with an all-in-one management suite natively in the product. This type of all-in-one view into the day-to-day technical functionality of an organization’s WAN allows IT departments to remain agile and proactive in the response to, or prevention of, network outages due to circuit congestion, degradation or failure.
Reduction of IT OpEx
The final tenet of SD-WAN solutions is the reduction of long-term OpEx related to an organization’s network. Through the intelligent optimization of network traffic across a wide variety of WAN transports, SD-WAN solutions allow forward-thinking organizations to migrate their connectivity away from costly MPLS circuits or other guaranteed services to less reliable, but more cost effective broadband circuits. Generally speaking, enterprise organizations strive for the ‘four-nines’ level of reliability regarding their network traffic. This approach dictates that of all packets sent across the network 99.99% must reach their destination. To put this in perspective, I opened the handy-dandy Wireshark application on my laptop while writing this article. I currently have two tabs open in Google Chrome, Spotify streaming and my machine’s OS services running. In a 5-second packet capture there were 227 packets that crossed my computer’s NIC. If we use 225 (for simple math) as a baseline for our scenario we come up with the following:
If I were a user in an enterprise aiming for 99.99% reliability of all traffic that means that of my three hundred thirty-six million, nine hundred sixty thousand packets a whopping three hundred thirty-six million, nine hundred twenty-six thousand, three hundred four must arrive at their destination. Now, if we multiply that across an organization of thousands of users… well, I don’t want to take up my entire blog post with that large of a number, but it’s huge. In contrast to the 99.99% rule, which is typically adhered to by the use of MPLS circuits (for the business critical traffic), most DIA (Direct Internet Access) providers can reasonable maintain 99% reliability, or, two-nines. In the scope of my scenario above an Internet circuit could lose as many as three million, three hundred thirty-five thousand, nine hundred four MORE packets than the acceptable loss thresholds of an MPLS circuit.
SD-WAN platforms allow organizations to mitigate the potential loss of those two additional nines by utilizing all WAN links to peak efficiency and performing proactive monitoring of WAN circuits so inadvertent brown or black outs can be avoided and the traditional 99.99% uptime can be maintained.
While many organizations are still apprehensive to take the plunge and move to fully broadband connectivity, I do believe the trend is coming, sooner rather than later. With the optimizations contained within the majority of SD-WAN platforms the need for MPLS is gradually declining and I predict that within the next five years guaranteed circuits will become a commodity held only by the largest enterprises for their most critical traffic.