Getting started with SD-WAN, just read this article

In 2019, the global market for SD-WAN grew by 70% to $2.3 billion, and is expected to grow at a cumulative annual growth rate (CAGR) of 45.5% over the next five years, reaching a market size of $22 billion by 2024. Although SD-WAN is developing in full swing, many people still don't know what SD-WAN is and what it can bring to us. Let's take a look!

Traditional WAN

Before we dive into SD-WAN, let’s review how and why network communications have been handled the way they have in the past.

Until now, the main method of handling corporate network traffic has been for branch offices to connect to the corporate data center or head office via leased lines, usually using MPLS. This method accounts for about 80% of corporate network traffic, and the WAN routers are hardware-based, proprietary, expensive and relatively inflexible.

Companies use this model because it allows tight control over routers and provides a secure, reliable quality of service, but in the case of multinational companies, each country often has its own regulations, so a truly global network requires very complex arrangements.

This exposes the limitations of WANs: namely, centralized management of WAN routers is difficult. In many cases, routers require physical access through ports on the back of the device and require the use of proprietary command languages.

Although this situation is improving, there is still a lot of legacy equipment in use today. Most WAN routers separate traffic at the TCP layer, so they cannot separate business-critical traffic from less urgent traffic, and many applications and processes require jitter-free network connections. For example, VoIP voice applications.

Another huge factor that has prompted people to look for ways to move away from traditional WAN topologies is cost. In traditional WAN deployments, each network segment requires dedicated physical hardware, which is often very expensive. Even a small expansion, upgrade, or reconfiguration can incur huge expenses. The cost difference between MPLS and broadband is huge. Cisco once released a public case study claiming that replacing MPLS with SD-WAN can save 70% of network costs.

SD-WAN

With the development of software and hardware, the functions of traditional WAN hardware devices can now be realized with software. Software-based devices can analyze traffic in real time and make intelligent decisions. It is also possible to create large-scale overlay networks using broadband and general-purpose x86 hardware or virtual machines (VMs). These networks can replicate all the functions of traditional WANs at a fraction of the cost of traditional WANs.

SD-WAN can create a mature private network, adding the ability to dynamically share network bandwidth, and can also achieve central control, zero-touch configuration, integrated analysis, and on-demand circuit configuration, thereby achieving policy-based centralized security and management. In addition, SD-WAN can also increase bandwidth at a lower cost. This configuration achieves optimal speed and has the ability to limit low-priority applications.

SD-WAN allows branch networks to be centrally managed through a central management console, eliminating the need for physical access to WAN routers and manual configuration by on-site IT personnel. It also provides more visibility into the network and provides a common network view for IT personnel and mid-level managers. Since the network uses both private and public transport media to route traffic, this also provides more choices in transport media type and transport vendor selection.

MPLS operates similarly to switches and routers, sitting between Layer 2 and Layer 3, and uses packet forwarding technology and labels to develop data forwarding strategies. SD-WAN routes traffic based on the application layer, thus ensuring user experience. In addition, SD-WAN technology can monitor and reroute traffic as needed to meet service level agreements (SLAs).

The benefits of SD-WAN can be summarized into three categories: flexibility, manageability, and low cost:

• Flexibility: SD-WAN can choose between available transports, selecting the most appropriate transport for a given application at a given time, and adds the ability to reroute applications to different transports during peak usage. It can also set policies to select more expensive or cheaper transports on demand. The key point is that it is SD-WAN, not the operator, that controls bandwidth allocation. In addition, because SD-WAN components are software-based, deployment is flexible and cycle time is short.
• Manageability: SD-WAN's central management console allows global changes to be made on the fly when needed, such as in the event of a new security threat or to control costs. SD-WAN also enhances network connectivity by using multiple transport/network operators, if one fails, another can be used, and this failover can be completed in seconds. In addition, SD-WAN can also help improve security by encrypting all traffic or traffic classes.
• Low cost: SD-WAN technology can help reduce the overall cost of WAN connections in several ways: by removing or replacing expensive leased lines (MPLS), allowing centralized management and reducing the need for IT staff, and providing commercial hardware deployment capabilities. However, SD-WAN also has some potential disadvantages. Compared with MPLS, the biggest disadvantage of using broadband services is that broadband is more unpredictable and SLAs cannot be guaranteed. In comparison, MPLS has lower latency and less packet loss. Many companies choose to use MPLS for critical business traffic, while other situations choose to use cheaper broadband and 4G/5G.

SD-WAN Architecture

In August 2019, MEF released MEF 70, which introduced the first standardized definition of SD-WAN. The components listed by MEF include SD-WAN Edge, SD-WAN controller, service orchestrator, SD-WAN gateway and user interface.

(1) SD-WAN Edge can be a physical device or virtual machine (VM) that provides SD-WAN functionality in data centers, headquarters, IoT, public/private clouds, or other places where network access is required. They can replace or supplement existing physical WAN routers.

SD-WAN Edge devices are generally cheaper because they tend to be VMs or run on general-purpose x86 servers. Many traditional WAN routers are dedicated, proprietary hardware based on ASIC chips, and are not scalable and difficult to update. x86 chips are able to process network traffic at speeds similar to ASIC chips, and their flexibility and scalability make up for the performance loss to a certain extent. SD-WAN devices are easier to deploy and set up in remote locations because they are centrally managed and do not rely on local IT talent.

SD-WAN Edge devices can provide additional virtual network function (VNF) services, such as load balancing, and because they are software rather than hardware-based, there is no need to upgrade the SD-WAN Edge devices to implement additional VNFs.

(2) SD-WAN controllers provide centralized management for SD-WAN implementations. The entire corporate network can be viewed through a central console or user interface. SD-WAN controllers can be deployed on-premises or implemented in the cloud. Since it only pushes network overlays and policies to SD-WAN Edge devices, it does not actually perform packet inspection and its network usage is minimal. Through the console, IT staff can set policies, and the orchestrator will then enforce them.

The SD-WAN controller will generate relevant reports, through which IT staff can make comprehensive decisions about the organization's network activities. Reporting is often an overlooked aspect of SD-WAN because historical WAN implementations often do not provide the detailed information that SD-WAN controllers can provide.

(3) An SD-WAN orchestrator is a virtualized network manager that monitors traffic and applies policies and protocols. An SD-WAN orchestrator typically also includes SD-WAN controller functionality for setting centralized policies and then using those policies to make forwarding decisions for application flows. An application flow is an IP packet that is classified to determine its user application or the application grouping associated with it. Application flow groupings based on common types (e.g., conferencing applications) are referred to as AFGs (Application Group Flows) in MEF-70.

Because SD-WAN is still in its infancy, many of the terms and their boundaries are still being worked out. One of the more ambiguous terms is SD-WAN gateway. In some cases, an SD-WAN gateway may be used in a data center or main office to optimize traffic and provide additional security, while in some approaches, all network traffic may be routed to a central site, with traffic having to travel a long distance before being routed back to its origin. To alleviate this problem, there are now SD-WAN gateways for public clouds and data centers.

Basically, SD-WAN gateways provide the best data flow for applications from endpoints to provide network services between clouds. A distributed network of gateways provides scalability, redundancy, and on-demand flexibility.

Strategy

SD-WAN is a policy-driven structure where IP packets are divided into AGFs. AGFs can be classified based on OSI layer 2 to layer 7. In addition, AGFs can block or allow forwarding IP packets based on the availability of routes to the target SD-WAN UNI on the remote SD-WAN Edge.

MEF has proposed a set of basic policies for SD-WAN, including encryption, public/private, Internet Breakout, billing method, and primary/backup. Public/private is used to specify that the AGF can use public or private transmission media. Internet Breakout specifies whether the AGF should be forwarded to an Internet destination. The billing method specifies whether the AGF is based on usage or a fixed billing model. Bandwidth sets the rate limit of the AGF. Because the MEF standards are not yet popular, not all providers currently use these terms, but as the technology matures, common terms and definitions will surely become more popular in the future.

SD-WAN Architecture

There are many different SD-WAN architectures. Here is an introduction to several different architectures currently in use.

• Local SD-WAN architecture: This is the simplest implementation. In this architecture, each location of the company has an SD-WAN Edge device. Usually this architecture does not require an SD-WAN gateway, and the locations can be connected to each other through a point-to-point or mesh topology. SD-WAN components can be located in one location or distributed throughout the organization. This architecture is best suited for companies that use internal SaaS rather than the cloud to host applications, which can reduce costs and is easy to maintain.
• Cloud SD-WAN Architecture: Cloud SD-WAN architecture allows SD-WAN Edge devices to connect to cloud-based SD-WAN gateways. SD-WAN provides real-time traffic shaping, multi-circuit load balancing, failover, and access to cloud applications. Cloud gateways can be hosted by a variety of cloud provider applications, including Office 365, Salesforce, and Dropbox. Enterprises can reduce costs by having critical cloud-based internal real-time applications run on small MPLS pipes and other applications run on the public Internet.
• The cloud backbone architecture connects the SD-WAN Edge device to the nearest network POP point, at which point the traffic will jump to MPLS and will also have the SLA quality of the dedicated line. Most MPLS pipes are directly connected to major cloud providers, which improves the performance and reliability of these applications. This deployment method is available for companies that want to have a complete SD-WAN architecture but are still concerned about the quality of broadband service. The architecture offloads non-critical applications to low-cost broadband networks, allocating more bandwidth to critical business applications, thereby improving the performance of all applications.

How to choose SD-WAN

We usually need to consider the following characteristics when selecting SD-WAN:

• Path Selection – Path selection should be dynamic and based on the transport medium and the application. SD-WAN should be able to automatically differentiate between the thousands of different applications that users are running.
• Security - Security is key to SD-WAN. SD-WAN security should include perimeter firewalls, data transmission encryption, etc. Many SD-WAN solutions support third-party security and virtual private networks.
• Transport media - You need to ensure that your SD-WAN solution supports not only the transport media you are currently using, but also the transport media you may use in the future.
• Reporting - Reporting is an often overlooked factor when considering an SD-WAN solution. We need to ensure we have the reporting capabilities we need.

There are other factors to consider. First, you need to determine whether the enterprise will deploy SD-WAN by itself or use the services of other providers. Many SD-WAN providers provide fully managed SD-WAN deployment scenarios. Secondly, make sure that the organization is fully evaluated and the appropriate architecture is determined for the needs of the enterprise. Finally, SD-WAN should also provide high availability and resilience.