SD-WAN Overview

What is SD-WAN ?

  • Software Defined Wide-Area Networking is a unified WAN architecture that delivers secure and superior application performance through adaptive traffic steering over a combination of multiple WAN transports like
    • Broadband
    • LTE
    • MPLS
  • Companies are switching to software defined wide area networks (SD-WAN), and are getting popular among corporates around the world. A study from International data corporation predicts that by 2021 SD-WAN market will reach upto USD $8 Billion.
  • Software Defined denotes that WAN is Programmable from a Central controller & Orchestrator and an intelligent routing Software is decoupled for the Hardware unlike traditional routers
  • SD-WAN has been widely deployed or consumed by enterprise IT on a subscription model (opex model) and hence it is referred to as Network as a Service.
What is SD-WAN ?

SD-WAN Context

  • Enterprises have been rapidly adopting Cloud, SaaS, IoT and real-time collaboration tools in a big way. According to Cloud Security Alliance, enterprises use average of 464 apps including critical apps.
  • As more and more enterprise embark on their digitalization or digital transformation journey, we're seeing:
    • More users & many thin branches and more endpoints (including BYOD and IoT things)
    • Increased number of rich applications consuming more and more bandwidth (30% YOY)
    • Complex traffic patterns due to higher adoption of hybrid clouds, SaaS and edge architecture
    • Increased Attack surface due variety applications deployed, number of variety of WAN link types

Why and when MPLS VPN deployed?

  • It matters when:
    • Business applications such as ERP, Citrix, VoIP, Video NEED Predictable and quality network services
    • Secure Connectivity among Multiple branch offices - Users, Systems & applications
    • Financial impact of poor WAN quality or down time more in Consumer businesses or org. that deal with higher volume of transactions.
  • Hence, subscribe to MPLS VPNs / Leased Lines from telcos for Performance & Security with SLA.

Industry Standards for SD-WAN

  • No industry standard definition exists for an SD-WAN. SD-WAN implementations have incorporated WAN technologies and functions that have been developed over the years such as VPN, WAN Optimization, IPsec tunneling, hybrid WAN, deep packet inspection, policy management, QoS performance monitoring and analytics while incorporating newer SDN, NFV, and Service Orchestration technologies. The latter three technologies provide the integration and service deployment automation that has made SD-WAN Managed Services so compelling. SD-WAN Managed Services are a specific use case for a MEF Third Network service using overlay networking technologies to deliver agile, assured and orchestrated application-driven connectivity services.
  • MEF Definition
    The SD-WAN Service Attributes and Services (MEF 70) describes requirements for an application-aware, over-the-top WAN connectivity service that uses policies to determine how application flows are directed over multiple underlay networks irrespective of the underlay technologies or service providers who deliver them."

SD-WAN Architecture & How it Works

The core feature of the SD-WAN is the intelligent packet steering of outgoing IPv4/IPv6 packets across one or more WAN links considering real-time WAN congestion status, state of encrypted tunnels, QoS and application based routing policies dictated by the SD-WAN orchestrator.

SD-WAN Architecture & How it Works
  • Components of SD-WAN architectures as below:
    • Centralized Orchestrator (typically cloud based & Multi-tenant) Centralized management of SD-WAN edges & gateway
    • SD-WAN Edge with zero or low touch provisioning (deployed in branch premises)
    • Cloud services Gateway (Optional - Multi-tenant Services Edge)
  • SD-WAN Orchestrator has a set of predefined policies for not only packet forwarding but also for many services such as DHCP, Firewall / NAT, Syslog etc which the SD-WAN devices download as configuration and initiate the services. This includes Load Balancing & failover over WAN links for internet traffic to creation of encrypted site to site tunnels to DC or other branches. This optimized packet forwarding with leveraging multiple WAN transport leads increased uptimes, better SLA and higher bandwidth per branch.
  • SD-WAN Device On-Boarding
    • Each SD-WAN device is assigned a unique device ID (Serial No) and secret key by SD-WAN Orchestrator.
    • SD-WAN Device registers with the above Device ID, secret key and Device CPU related fingerprints for stored security reasons.
    • After authenticating the devices, a unique RSA certificate is generated for the device based on which it establishes a management tunnel with SD-WAN Orchestrator & Controller.
    • All the SD-WAN packet steering, encrypted tunnel & QoS policies are pushed to the SD-WAn device immediately after registration.
  • Key SD-WAN Features
    • Unified Transport - Multiple Active WAN links with link quality intelligence.
    • Smart traffic steering (Application based routing & Multi-path Bonding).
    • Integrated Security (Scalable VPN tunnels and simple UTM functionalities)
    • Centralized orchestration of networks for simplified network Ops
  • SD-WAN Edge - Physical or virtual
  • SD-WAN Controller - Centralized management of SD-WAN edges & gateways
  • Service Orchestrator - Lifecycle Service Orchestration of SD-WAN and other services
  • Subscriber Web Portal - Subscriber service ordering and modification

SD-WAN or Traditional WAN ?

The SD-WAN market is growing continuously and in a recent study from Forrester reveals that more than 64% of us companies are planning to switch to sd-wan and services, though using traditional wan services is still a reliable medium to receive and deliver network services. In many cases it has been seen a hybrid approach is more effective and beneficial, which uses both of these techniques to deliver maximum value.

Requirements of services changes from companies to companies and even vary with situations, and hence there is no hard and fast rule to select one, Let’s dig into it and understand both of them and see which is suitable for your company.

Traditional wan technology as the name suggests has been in use from long time, IT, data network infrastructure, video and voice.

Traditional wan uses routers and virtual private network (VPN) to secure a connection between multiple local area networks (LAN), organizations with multiple branches in different locations use this feature.

To get resilient and efficient network traffic flow traditional wan uses multiprotocol label switching (MPLS). This allows a feature in which companies can prioritize video, voice or data or their network.

SD-WAN is a new technology in wide area networking, since it combines the features of wan technology, like MPLS and broadband to secure the connection between multiple branches.

With this networking capabilities are enhanced like control and flexibility while reducing the networking costs. Now companies can even connect branch offices present in remote locations. With this organisation can connect all their branches to the central network, in the cloud.

Traditional wan works on MPLS which offer great quality of service, but MPLS bandwidth are more expensive. While in case of sd-wan, which can work on 4G LTE and broadband, which reduces the internet cost significantly.

Traditional wan works on a single carrier (most of the time), avoiding packet loss since it virtually isolates the packets and here you can prioritize your traffic as per importance to ensure reliability. While in case of sd-wan you have multiple options, and can choose your important work to transfer on the best network, to ensure minimal packet loss.

Traditional wan uses branch to branch secure communication using MPLS connections, where packets sent are private and can only be accessed at the destination. While SD-WAN uses end to end encryption using VPN connection. With this feature companies can increase more security layers, like firewalls to reduce any chance of threat.

Both are secure but when it comes to scalability and changes, traditional wan reduces the efficiency with every new branch, since it requires manual connection, which takes a long time. While in case of sd-wan this is not the case, it is highly scalable.

SD-WAN Architecture & How it Works

Hence, the decision to choose any one depends on the organization and its requirements. While choosing a company should focus on short milestones and long term goals.

How does SD-WAN Provide you Network Security?

  • Most SD-WAN deploying offers an approach to encrypt your branch-to-branch corporate traffic-utilizing:
    • IPsec
    • VPN Tunnels
    • Firewalls
    • Microsegmentation of Application Traffic
  • Which secures the information within your network. Since nowadays almost every SD-WAN vendor offers IP security (IPsec), it's regular reasoning that SD-WANs are inherently secure. The facts demonstrate that IPsec handles ensuring the information as it moves from the system.
How does SD-WAN Provide you Network Security?

Enhancing agility while reducing Opex cost between your branch offices is one of the features of software defined wans (SDWAN).

But what about security? Organisations can not compromise on security over lower CapEx.

Today organisations need a solution to virtualise the security network function so that to tackle rapidly evolving security threats while keeping a control over Capex of updating and installing new hardware.

SD-WAN uses virtual machines, which helps organisations to install updates on existing hardwares, rather than doing it manually which incurs CapEx and time.

What is SDN and how it differs from SD-WAN ?

What is SDN and how it differs from SD-WAN ?

Deployment Objective

Agile delivery of dynamic network services in Data centers.

Network Optimization is Key

Delivery of hugely improved & predictable branch WAN performance & uptime

User experience is key

Key Value Drivers

Disaggregation : Leverage Commodity white boxes – Commercial Off The Shelf (COTS) hardware – rather than costly proprietary ones. Hardware decoupled from routing software - Flexible deployment, Better scaling & ROI

Optimized networks through centralized control & orchestration

Aggregation : Intelligently leverage multiple (low-cost) WAN transport for lower Opex rather than expensive MPLS from service providers and increased bandwidth scaling

Optimized WAN through centralized control & orchestration

Architecture Impact

Primarily a new approach, new industry technology as industry standards

SD-WAN is an integrated solution

Supplementary Benefits

Reduces dependencies on Proprietary Network systems vendors; No vendor Lock-ins

Reduces dependencies on carriers / service providers and gives more control to Enterprises customers

Focus Features

Intelligent & programmable flow control

Works with distributed vSwitches in the Compute node too.

Dynamic & Multi-path Traffic forwarding based on Application policy, WAN availability & link quality

Includes a lot of Network Edge functionalities such as Firewall, NAT, DHCP and other network services

HW Platforms

Commodity x86 and specialized switching hardware

Commodity x86 and off-the shelf ARM & MIPS whiteboxes

Why does your company need SD-WAN ?

Switching to sd-wan (software-defined wide area network) allows organizations to connect all their network supplies and visibilities. This allows organizations to use their cloud-based technology, with no or minimal expensive hardware. Thus, it helps businesses to decrease CapEx and Opex.

  • SD-WAN for organization provides :
    • Integrated security function
    • Virtual overlay network
    • Application and network activity monitoring
    • Control and management infrastructure

In addition to reduced cost, it provides flexibility and agility since now connectivity is through a cloud that allows organizations to have control over scaling up the bandwidth and operation.

What you need to consider before choosing your new SD-WAN Vendor?

There are some important questions that you should consider before selecting your vendor. You must ensure that the vendor can fulfill your current needs and future needs as well.

    What you need to consider before choosing your new SD-WAN Vendor?
  • These are the questions you should ask :
  • Does the vendor guarantee you predictable performance of your application platforms?
  • Can your vendor support new and customized applications?
  • Is the SD-WAN compatible with integrated wan optimization at various company branches?
  • How will the connection interact with current routers, gateways, and firewalls?
  • Does your vendor provide you with a centralized orchestration console, for your organizational use in managing application QoS and network security?
  • Carefully analyze these questions and what the vendor offers.

    What are SD-WAN key Takeaways ?

      • SD-WAN is a wide area network with virtual connectivity, which uses software and minimal use of hardware
      • Its architecture works cloud-based, which makes it highly suitable for scaling up
      • Since hardware uses are minimum which led to low CapEx and high ROI
      • Highly simplified network connectivity, resilient, and agile service
    We are here with you to help what suits your organization talk to us @CosgridSupport
    Copyright 2023 © COSGrid Systems Pvt. Ltd., All Rights Reserved