SD-WAN deployment pitfalls: How to avoid five common challenges

As organizations accelerate their cloud adoption and digital transformation initiatives, they are beginning to realize that traditional network architectures are unable to handle the resulting complex and massive workloads. This in turn is driving the growth of flexible and powerful SD-WAN deployments, with analysts predicting that the SD-WAN market will grow to more than $8.4 billion by 2025.

Changing the network architecture is a crucial task. The entire process can be divided into three stages: planning, deployment verification, and operational insight.

[[430385]]

The planning phase is fairly straightforward but requires caution: service performance parameters need to be benchmarked across end-user, application, network, and multi-cloud services. Common requirements for this phase include inventorying and locating all internal applications, cataloging SaaS and IaaS applications, and properly sizing MPLS and Internet connections to accommodate expected traffic. There are tools on the market that can help NetOps teams do all of this, as it would be nearly impossible to do manually.

Once planning is complete, the actual deployment and operation begins, which is also the phase that is most prone to errors. The deployment phase allows for visualization of application performance, traffic segmentation, DSCP, and SD-WAN policies for service provider tunnels, as well as verification and monitoring of end-to-end application performance behavior.

During this process, NetOps can also use bandwidth consumption, QoS marking, and SD-WAN policy validation to isolate issues and identify root causes for rapid resolution. The final phase implements the deployment with visual analytics, customized dashboards, alerts, reporting, and the rapid troubleshooting required to properly manage the SD-WAN.

Here are five common challenges that can go wrong during deployment and operations.

Technology patchwork & hodgepodge

MPLS and Internet connections have been part of the enterprise WAN for more than two decades, resulting in a hodgepodge of old and new commands and technologies. This can include statically constructed tunnels, open ports, forgotten network devices, etc. All of these undocumented changes can put an organization at migration risk.

It is important to realize that some undocumented changes may be missed during the deployment process. This is where pre- and post-migration baseline planning along with good visibility tools are critical to identifying traffic patterns and gathering the necessary analytics to judge post-migration completeness.

Poor application performance after migration

Configuration or policy issues often don’t surface until the network is stress-tested, making validation a critical process during SD-WAN deployments. A good NPMD platform is essential for visualizing before-and-after patterns.

For example, after a successful SD-WAN migration, file sharing performance may be significantly degraded. This is because file sharing traffic was previously accelerated by the edge router on the MPLS connection. When it is downgraded to a standard Internet circuit and deprioritized, it may experience pauses and other problems. The verification process can help to quickly deal with such problems. In order to quickly discover problems, tools that can provide a complete end-to-end view of the SD-WAN overlay and the transport substrate are needed.

Unable to verify path selection

SD-WAN relies on path selection, but it is difficult to verify that the policy is operating as expected. It is necessary to use site-to-site traffic analysis tools to identify and verify the final path selection over time and visualize when different transport methods are selected (and which traffic policy determines that behavior).

Service provider connections surge

Operationally, one of the biggest challenges of SD-WAN migration may be the sudden proliferation of managed service providers. With SD-WAN, each remote site can have its own ISP (with SLAs included).

To complicate matters further, while the virtual overlay may look good, the physical underlay may very well be hiding a host of problematic links and real-world issues. Therefore, it is important to ensure that the tools used provide the appropriate visibility (ideally per application, per site, and per ISP) to determine how individual ISPs are performing, and to drill down and isolate specific issues. Metrics to monitor include packet loss, latency, jitter, and WAN capacity utilization.

Changes in security policies

Inevitably, new SD-WANs require different security strategies than traditional networks. For example, SD-WANs allow for encryption of traffic as it moves from one site to another and allow for network segmentation for layered protection. Therefore, everything from employee and guest access, to creating DMZs, to Internet access, to building site-to-site connections may need to be reviewed. It is also important to ensure that audit data is captured and policy validation is performed to ensure that the network is operating with the security (and performance) expected.

If deployed and managed properly, SD-WAN can bring unquestionable value to an organization. Understanding these deployment roadblocks and having the right tools to help circumvent these challenges is key to success.