Software-defined revolution: SD-Branch is coming!

Software is taking over the world, and software-defined networking is expanding to every aspect of networking, completely changing the way we think about, configure, and deploy networks.

[[400374]]

SD-WAN provides enterprises with a variety of options. Compared with MPLS, SD-WAN provides greater network flexibility, lower costs, and more control over WAN connections.

From SD-WAN to SD-Branch

SD-Branch is the next step for SD-WAN. The improvements in visibility and control that SD-WAN provides for the WAN have been extended to the branch LAN as well.

SD-Branch provides a common interface for configuring, monitoring and troubleshooting multiple functions such as routing, switching, Wi-Fi, network security, micro-segmentation and application support, eliminating the need to use separate user interfaces for each function.

With SD-Branch, the hardware platform with the virtual device installed will replace the original typical network device set, which is not only simpler but also has greatly enhanced maintenance capabilities. If new firewall functions are needed, only the firewall virtual instance needs to be updated; assuming that BGP is not needed in the router, only the image without BGP can be installed. The installation of new software takes into account new features and functions, which is usually achieved by replacing the hardware platform.

SD-Branch is more than just automation

Some might compare SD-Branch to using automation. SD-Branch is a more holistic approach that provides a unified user interface for monitoring, management, and troubleshooting. It can use multiple components under the hood but hides this implementation detail. SD-Branch, similar to SD-WAN, supports the definition of policies that define connectivity, quality of service, and security for endpoints and applications. For example, an SD-Branch product can be used to define new VLANs, provision across routers, switches, and Wi-Fi infrastructure, and add application and security policies.

Automation is often focused on lower-level network configuration and control, often performing one function at a time. Enterprises and users need to implement automated processes for every functional element of the infrastructure. SD-Branch can turn policy definitions into actions, not just network automation.

Advantages of SD-Branch

A centralized control point makes it easier to manage multiple sites. All branches need to be consistent, and consistency can use the same interface for the same functions.

Improved IT security is a major benefit of SD-Branch. Standardization of security policies eliminates the possibility of the network being attacked by intruders due to slightly different site configurations. Currently, large DMZ boundary firewalls are outdated. Centralized control of security policies can help enterprises or users better protect IoT devices from intrusions and make it easier to deploy new security practices such as SASE and zero-trust network access. Security needs to be universal and consistent - SD-Branch is an important step to achieve this goal.

Because SD-WAN is an integral part of SD-Branch, routing can be optimized through custom policies to ensure that application traffic is on the link that best meets application needs.

Centralized control extends to LAN configuration. Network monitoring and troubleshooting are easier when VLAN configurations are consistent. When changes are needed, applying them to all branches becomes simple.

Disadvantages of SD-Branch

SD-Branch is a new field, and there are no interoperability standards between vendors. Enterprises must choose a vendor whose products best meet their requirements, but this also means that they may not be able to obtain the best capabilities in some aspects of branch visibility and control. Because it is very likely that one product does a better job in visibility and troubleshooting, while another product best meets the needs of defining and applying security policies.

If an enterprise has many branch sites that use unique designs (often called snowflake networks), then SD-Branch may not be as advantageous. Standardizing sites is the best approach in the long run and can reduce operating costs.

The Future of SD-Branch

The scope of software-defined everything will continue to expand, and network equipment will become more standardized and easier to manage. In the future, we may even see the disappearance of command line interfaces, replaced by programmable interfaces driven by centralized control systems, and future network operations will become more simplified and easier to understand.

Original link:

https://www.nojitter.com/enterprise-networking/software-defined-revolution-making-sd-branch-possible