SD-WAN — Part 1: What is and what is not SD-WAN?!

I worked (and still working!!) many years (4 years πŸ˜‚!!) on SD-WAN solutions. So, I decided to share with you my experience about this technology. Many post coming up about this technology.

SD-WAN Stands for Software Defined Wide Area Network and it is a pseudo application of SDN to WAN networks. In other words, it is a software approach to manage the WAN and run an automated overlay network between different branches, Datacenters and customer cloud locations if integrated.

SD-WAN promises a bunch of benefits (that we will comment here!!):

  • Increase bandwidth and decrease cost: this means that we can use many transport connections (MPLS, Internet, 4G) that can be aggregated (thanks to SD-WAN) and used in the same time as one support. In some cases, reducing WAN costs can be reached by the use of Internet Links. However, In some countries, the cost of an internet link can be closer to the cost of a MPLS link πŸ™„. Also, if a firewall is mandatory in every branch in front of every internet link, the business case could not be as interesting as it should be.
  • Centralized configuration and management: the only interface of configuring and managing the whole WAN network is the centralized SD-WAN Orchestrator. Saying that, it is the end of connecting to each device to add an ACL!!!
  • Zero Touch Provisioning (ZTP): This means that once the branch edge device has an internet access, and once the configuration is provisioned on the SD-WAN Orchestrator, the branch edge device will download its configuration and boot on it (details of ZTP will be described in coming posts). This is working in a design where we have only internet links (some design considerations for MPLS links are needed), and where the SD-WAN orchestrator is not on-premise😏. We will discuss in a coming post this point in details with design considerations.
  • Application Aware Routing: The idea here is to use a DPI engine that recognize applications and then based on some application SLA (Latency, Jitter, Packet Loss), the SD-WAN edge device (on the branch or the datacenter) will choose the best link to send the application packets on. This is working on all SD-WAN solutions, but each SD-WAN solution is handling the feature in a different way. For Example, predefined SLA vs user defined SLA, the number of applications recognized by the DPI engine etc…
  • Application visibility: this is a very important feature that gives information and reporting about which application is using the WAN links, the Bandwidth consumed by each application, latency etc… Unfortunately, this is not working for customer home applications (for some SD-WAN solutions) if it is not defined on the DPI engine.
  • Local Internet Breakout: This feature can be used to forward internet traffic (browsing etc…) to the branch local internet access. Some considerations should be taken here: Which internet proxy will be used? on-premise one? cloud one? answers coming in next posts πŸ˜‰
  • Direct Cloud Access: This feature can be enabled by adding an SD-WAN edge device on Cloud hosting zone like Amazon or Azure. This means that the Cloud location will be part of your WAN branches. For some SD-WAN solutions, Direct Cloud Access is to route Cloud well known applications to the closest (based on latency) cloud location of you cloud provider.
  • Security: All SD-WAN solutions provide at least a basic layer 4 Firewall. This firewall could be used to secure access to your network. It is recommended to do some pentesting of the SD-WAN solution you will choose before using its firewall. Many considerations to take on the security part of a SD-WAN design, this will be described in coming posts.
  • Automation: An SD-WAN solution is an enabler for automation. Rest API are available on each SD-WAN solution to automate configuration and get many information. We will see many examples in this blog about automation.

So now what is not SD-WAN?

  • SD-WAN will replace MPLS? We cannot say that SD-WAN will replace MPLS as it can uses MPLS as a transport network.
  • SD-WAN is NFV? No SD-WAN is not NFV, but an SD-WAN solution can run as a NFV to replace the physical SD-WAN device
  • SD-WAN ensure end to end QoS? SD-WAN can do some Queuing at the ingress LAN interface of the SD-WAN device, but cannot ensure end-to-end QoS especially when it is running only on internet links.

Thanks for reading, don’t hesitate to contact me if you have any question. And stay tuned for next posts πŸ˜‰ !

2 Responses

  1. Mark says:

    Great start…tell me more

Leave a Reply to Mark Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.