What exactly is SD-WAN, which is so popular on the Internet?

As a popular concept, SD-WAN has frequently appeared in our field of vision in recent years.

Many people say that it is one of the communication technologies with great development potential in the future and has commercial value.

The established communication equipment vendors and operators in the industry are all optimistic about it, and emerging startups also see it as a once-in-a-lifetime opportunity and are flocking to it.

So, what exactly is SD-WAN? What is it used for? What’s so special about it? In this article today, let Xiaozaojun give you a comprehensive analysis.

[[282388]]

SD-WAN, the full name is Software-Defined WAN, software-defined wide area network. WAN, is Wide Area Network, wide area network.

I believe that students who often come into contact with IT and communications will be familiar with the prefix "SD (Software-Defined)". Yes, in today's era where software is king, concepts such as SDN, SDS, SDR, etc. have been flooded in our work and become popular words.

SDN: Software Defined Network

SDS: Software Defined Storage

SDR: Software Defined Radio

In my previous articles, I have repeatedly mentioned SDN (Software Defined Network). I have said that SDN/NFV is the future development direction of the network and a prominent feature of the 5G era.

SD-WAN is an important branch of SDN and the application of SDN technology in the WAN field.

To put it simply, SD-WAN is SDN+WAN.

What is a WAN (Wide Area Network)?

Let’s start with the most basic concept of WAN.

Many people who are involved in networking should know that WAN is a wide area network. The opposite of WAN is the LAN (Local Area Network) that everyone is familiar with.

The Wi-Fi network in our home, the network in the Internet cafe, and the small-scale network in the company office are LANs.

LAN

A WAN is a computer network with a larger geographical scope, spanning provinces, cities, and even countries and continents.

For example, a group company is headquartered in Beijing, with branches in Shanghai, Guangzhou, and Chengdu. Then, the local network of the branch can be regarded as a local area network, while the network of the entire group company is a wide area network.

WAN

Note: In fact, in addition to the LAN and WAN, there is also a metropolitan area network (MAN), which is a city-scale network that is often mentioned by operators.

I think everyone should understand the reason why we need a wide area network - in the era of digitalization and networking, company operations are inseparable from computers and various information systems and platforms.

From basic email to office automation (attendance system, financial system, etc.), to systems that are closely related to the main business such as PLM (Product Lifecycle Management) and ERP (Enterprise Resource Planning), a strong support network is urgently needed.

Various information systems are the cornerstone of modern enterprise development

For most companies, it is impossible to spend their own money to lay a dedicated network cable or optical fiber to connect the network of the head office and branches. The amount of work and the cost are astronomical.

So, there are usually only two options left.

The first is to connect all employees via the Internet.

DingTalk and WeChat for Enterprise, which are very popular now, are actually such methods.

All on the public network (Internet)

With the rapid development of mobile Internet and fiber broadband, this method seems to be a good choice. However, this method faces two fatal problems: service quality and data security.

The 4G data services we use, as well as most fiber-optic broadband access, are basically civilian-grade communication services. The stability and reliability of such services are very poor, and they often freeze or even drop the connection.

This kind of service quality is barely acceptable for small and micro enterprises, but it is not acceptable for large and medium-sized enterprises or even groups. For example, how can the system of ICBC's Beijing head office and the system of its Jiangsu branch be slow or disconnected at will?

In addition, exposing all the company's business systems to the Internet will also bring great security risks. For example, if the China Railway Corporation puts all its vehicle operation management systems on the public Internet, do you feel safe?

DingTalk and WeChat for Enterprise are also supported by the very strong security protection capabilities and system capacity of large Internet companies.

Therefore, using the Internet as your company's WAN is only suitable for small and micro-enterprises. (After all, small and micro-enterprises don't need WANs.)

The second method, which is also the mainstream choice of users at present, is to connect via the dedicated line provided by the operator.

The most representative of this type of dedicated line is MPLS.

What is MPLS?

MPLS, Multi-Protocol Label Switching. This is an efficient and reliable network transmission technology. Simply put, it is to put a label on the data stream, a bit like a chicken feather letter, telling all the devices along the way: "Who am I and where am I going."

MPLS dedicated line is a dedicated line for WAN services based on MPLS technology.

MPLS Private Line

MPLS private line is a rental service, and its ownership belongs to the telecom operator. The operator rents the private line to you and promises that the SLA (Service Level Agreement, including bandwidth, latency, jitter, packet loss rate, etc.) of this line can meet certain requirements. As for whether your software is fast or stable, it does not care at all.

Just like the broadband installed in your home, the operator will only test the speed for you - is it 100Mbps? Yes, then it's OK. Is your game PUBG lagging? Sorry, it's none of my business. This is a service based on SLA.

Anyway, it is a dedicated line after all, and the network quality of MPLS is still good.

The question arises again. If you rent, I rent, and everyone rents, the operator has only one physical network, and so many companies are running their businesses on it, how can we ensure differentiation and isolation?

Here, we have to mention a term that everyone is familiar with - VPN.

VPN, Virtual Private Network, is actually a virtual private network that creates a dedicated channel based on a normal physical connection to ensure the isolation and confidentiality of communications.

VPN Tunnel

Depending on the network they are based on, VPNs usually include IPsec-VPN and MPLS-VPN.

Ipsec-VPN, Internet-based VPN. This is commonly used. When employees of large companies are on business trips, they will dial VPN, which is equivalent to the company's intranet, and they can access intranet websites.

MPLS-VPN is a VPN based on the operator's MPLS private network. Through this connection, the entire branch and the headquarters are logically equivalent to being in the same intranet.

Let's briefly talk about the two concepts of Overlay and Underlay that you may often see. Literally, Overlay is above the lay (layer), and Underlay is below the lay (layer). Hoho, in fact, everyone will understand it by drawing a picture -

The packaging position is different

MPLS technology began to take shape when Cisco proposed Tag/Label Switching in 1996. It has dominated the enterprise network market for more than 20 years without any major improvements during this period.

Compared with the Internet, the advantages of MPLS private lines are that they are relatively stable and reliable, and their security is also guaranteed to a certain extent. However, with the development of the times, its shortcomings are becoming more and more obvious, and users have complained about them:

1. High cost of use.

For a long time, whether it is dedicated line or VPN service, the prices offered by operators are very expensive.

For example, the price of a provincial telecom's transnational 10M MPLS-VPN is 80,000 yuan/month. For a large corporate user with many branches and offices, the annual cost of renting dedicated lines may be as high as tens of millions or even hundreds of millions of yuan.

This level of cost is unimaginable for home users who pay only a few hundred yuan for a gigabit monthly subscription. As competition intensifies, this huge cost pressure is enough to make CEOs/CFOs/CIOs feel uncomfortable and unable to sleep or eat.

2. The deployment cycle is long.

After applying for the installation of a dedicated line, the operator has to go through the internal process, and a human visit is required to install and configure the terminal. The entire installation period is very long, usually one week to one month.

For today's increasingly fast-paced business operations, this time period is unbearable.

3. Troubleshooting is difficult.

Private line networks are "black box networks". For enterprise users, when private line problems occur, it is difficult to quickly determine the cause. The enterprise's IT engineers can only check the enterprise's internal firewalls, switches, routers and other equipment. If the cause of the problem is not found, they will seek help from the operator.

For operators, troubleshooting is also very difficult. Often, at the end of the investigation, they find that there is no problem with themselves, but rather the problem lies with the user.

This back and forth wasted a lot of time and affected the normal operation of the company's business.

4. Maintenance manpower is tight.

For corporate headquarters, there are usually dedicated IT engineers to perform maintenance. However, for branch companies or offices, due to cost considerations, they are generally not equipped with dedicated IT engineers. This makes it difficult to maintain the MPLS private line and indirectly increases the cost.

In short, MPLS dedicated lines are expensive and difficult to use. “The world has suffered from MPLS for a long time”!

SD-WAN’s debut

Well, it’s finally time for the protagonist of our article today to appear.

SD-WAN is an emerging WAN technology that emerged to solve the above-mentioned problems.

SD-WAN is derived from SDN. There is no end to the knowledge of SDN, so I won’t introduce it in detail today. You just need to know that the essence of SDN technology is to centralize the control of the network.

Separation of forwarding and control

SD (Software Defined) does not replace hardware with software, but rather extracts more capabilities from the hardware and gives them to unified software control. To put it bluntly, it makes the hardware universal and simple, turning it into something “silly and cute”. The software controller becomes the core that controls everything.

What kind of architecture is SD-WAN based on SDN? The picture is not as good as the text. I drew an architecture diagram based on the SD-WAN solution of a certain equipment manufacturer. Please see:

SD-WAN Network Architecture

As you can see, the backbone of the entire network architecture is still the Internet and MPLS dedicated lines. However, on top of the architecture, there is an SD-WAN controller. This controller is the management and control core of SD-WAN.

At the branch nodes and the headquarters nodes, there are more things like uCPE and vCPE.

When introducing 5G, I mentioned that CPE stands for Customer Premise Equipment, which is called "customer terminal equipment" in the industry. The CPE here is different from the 5G CPE. The 5G CPE converts the 5G signal into a Wi-Fi signal. The CPE here is an interface box connected to the network (it can be understood as a small router).

uCPE is Universal CPE, universal customer premise equipment. vCPE is Virtual CPE, virtual customer premise equipment.

Administrators can configure the SD-WAN controller through the application layer interface, and can also send vFW (virtual firewall) and vWOC (virtual WAN optimization controller) functions to CPE to implement corresponding functions without purchasing special hardware.

We will analyze the changes that SD-WAN will bring based on the network architecture and node devices:

1. All interfaces are covered, load balancing

From the perspective of the branch office, SD-WAN no longer forces the use of only MPLS, but allows multiple connection types such as MPLS, xSDL, PON fiber broadband, 4G LTE, and even 5G. CPE can support the bonding of multiple interfaces, thus becoming an interface resource pool.

With the help of software capabilities, CPE of some equipment manufacturers can identify the levels of thousands of different applications and arrange different service qualities.

For example, video conferencing requires higher network quality, so the priority and QoS should be set higher. Text chat and the like should be set to the first level, so that it can use networks such as LTE.

In this way, enterprise users' reliance on MPLS private lines is greatly reduced, and ordinary fiber broadband and 4G can also be used. Users' bandwidth utilization rate is improved and traffic costs are reduced.

2. Autonomously select the best path

The key to WAN technology is actually path selection. For different branches, SD-WAN can independently select the best path based on the existing network conditions and configuration strategies.

SD-WAN also has load balancing capabilities to enhance network reliability.

In fact, there are many POPs (point-of-presence) in the operator network to help solve link congestion and load problems between operators.

3. Simple deployment, completed in seconds

When evaluating the deployment speed of SD-WAN, people often mention a word called ZTP, which stands for Zero Touch Provisioning. In simple terms, it is almost plug-and-play.

In addition to automatically obtaining configuration after the CPE is powered on, you can also use QR code scanning or email configuration.

Take the email deployment method as an example. When deploying SD-WAN, the IT engineer at the headquarters only needs to prepare the configuration data in advance, and then send the configuration to any employee of the branch by email. The employee can then complete the configuration deployment of the device through the link.

It is so convenient and quick that there is no need for professional IT personnel to be on site for configuration and installation.

4. Self-management and self-control, intelligent operation and maintenance

SD-WAN has the genes of SDN, so it has inherent advantages in network management. All SD-WAN management platforms are graphically visualized. Administrators can clearly see the operation of SD-WAN through the network management interface and deal with problems in a timely manner. This greatly reduces the difficulty of maintenance and reduces the time to deal with faults.

In short, the benefits of SD-WAN are that it is economical and easy to use. According to calculations, under the same bandwidth ratio, SD-WAN can save at least 30% of cost investment each year compared to MPLS. Therefore, some people jokingly call SD-WAN "Save Dollars-WAN".

The evolution of SD-WAN

Money is the bottom line. The real return of money is driving the development of SD-WAN at an astonishing speed.

SDN was first proposed in 2006 and officially named in 2011. The first spark between SDN and WAN came into being in 2014.

This year, ONUG (Open Network User Group), a consulting firm formerly an investment company, proposed several application scenarios of SDN technology at a seminar with its corporate users on future enterprise network needs. As a result, SDN and enterprise WAN networks truly met.

At the same time, an article titled "Software-Defined WAN: A Primer" was published on the website networkcomputing.com, which introduced the name SD-WAN to the public for the first time. (Primer means enlightenment or entry.)

Since then, SD-WAN has quickly attracted widespread attention in the industry, and major giants have begun to flock to it.

In 2015, the market revenue of SD-WAN was only US$225 million, and the application rate was less than 1%. In 2018, the application rate of SD-WAN abroad has reached an astonishing 40%. Industry analysis agency IDC predicts that the SD-WAN market size will grow to US$8 billion by 2021.

Companies engaged in SD-WAN services are divided into many categories, and we will briefly introduce them.

The first category is companies that focus on providing WAN solutions. They purchase dedicated lines from operators, build their own WANs, and provide SD-WAN services to enterprise users.

The second category is traditional equipment manufacturers, such as Huawei, ZTE, H3C, etc. There is no need to introduce them in detail, they sell everything, including solutions, hardware, and software.

The third category is companies that sell optimization, security, encryption and other technologies and products around SD-WAN. They have their own software and hardware products and sell them together to SD-WAN users.

Traditional telecom operators also attach great importance to SD-WAN, after all, it is a technology that threatens their jobs. At present, domestic operators have carried out SD-WAN service pilots in many places. Their business model is mainly based on existing infrastructure services, using their advantages in hardware resources to provide network value-added services, such as firewalls, WAN acceleration and network security.

In short, SD-WAN is a fast-deployed, low-cost, and highly flexible WAN solution. There is no doubt that it will become the mainstream of the industry. The only thing we need to focus on now is who will win in this fierce battle around SD-WAN and who will become the biggest winner in the future WAN market!