Executive Summary-: SD-WAN
MPLS Layer 3 VPNs were designed for connectivity when all the traffic of branch flowed to their respective HUB Location (Centralized) or to Data Centre. However, new applications and cloud service models are shifting traffic patterns because cloud gives better value proposition to the customer. Now days CIO’s are more interested to use pay per use model for any required application instead of being putting dedicated Server to access that application which involve huge capex and opex. That’s why, majority of enterprise traffic flows to public clouds and Internet. This change creates new requirements for secure connectivity, video and real-time application performance, efficient Cloud experience, and dynamic change control.
The SD-WAN solution provides the benefits of private MPLS Layer 3 VPNs for the wide area network (WAN) while overcoming the key drawbacks associated with these MPLS VPNs.
Conventional Enterprise WAN Design -
Most of the enterprise use MPLS connectivity for accessing business critical application as a primary Link and internet as Backup Link or for non-critical applications. Every site need to be provisioned and manage independently and takes lots of time for necessary configuration for every hardware. Since new applications and cloud service models are shifting traffic patterns some companies opted Internet Link to access applications which are hosted on Public Cloud. To manage entire show, IT team required virtual devices including routers, WAN path controllers, WAN optimizers and security products and services. This is currently the most mature approach to building and managing WANs and is employed by most enterprises, but is also the most expensive. It allows (but doesn’t require) enterprises to select best-of-breed capabilities in each functional category. Although it is complex to deploy and manage, this complexity can be somewhat mitigated by using reference design templates and/or managed services from managed network services providers or system integrator.
Technical Challenges in Today’s Networks –
Enterprise today face significant business challenges as their legacy networking infrastructure becomes increasingly complex. Providing connectivity across the enterprise involves:
- Managing Multiple Transport Network – (MPLS, Metro-Ethernet, 3G, LTE, SSL over Internet, IPSEC)
- Embedded every policy and control on every hop in the network.
- Addressing security vulnerabilities created by inadequate network-wide segmentation and weak encryption policies.
- Long Provisioning time related to rolling out new applications that require network specific behaviour.
- Performance issues related to public cloud, VDI and bandwidth hungry applications.
Software-defined WAN (SD-WAN) is an approach to designing and deploying an enterprise wide area network (WAN) that uses software-defined networking (SDN) to determine the most effective way to route traffic to branch locations over any transport network. SD-WAN products enable hybrid WAN — dynamically routing traffic over both private and public links, such as MPLS links and broadband, Long Term Evolution (LTE) and/or wireless. An SD-WAN architecture allows administrators to reduce or eliminate relies on expensive leased MPLS circuits by sending lower priority, less-sensitive data over cheaper public Internet connections, reserving private links for mission-critical or latency-sensitive traffic like VOIP. The flexible nature of SD-WAN also reduces the need for over-provisioning, reducing overall WAN expenses by deploying single device to terminate different transport network. SDN-WAN shifts traffic monitoring and management from physical devices to the application itself, capitalizing on SDN’s flexibility and agility. Intelligence is abstracted into a virtual overlay — enabling a secured pooling of both private and public connections and permitting automation, centralized network control, and agile, real-time traffic management over multiple links. This model enables a network administrator to remotely program edge appliances via a central controller, reducing provisioning times and minimizing or eliminating the need to manually configure traditional routers in branch locations.
SD-WAN solutions provide a lightweight replacement for traditional WAN routers and are agnostic to WAN transport (that is, support MPLS, Internet, LTE, etc.) where all the transport links terminate. Every branch device will initiate a session with centralized Controller device which can be hosted on Customer end or on Cloud. This Centralized Controller is the brains of the overlay network. It establishes a secure DTLS connection to each Edge router in the network and runs an Overlay Management Protocol (OMP) to share routes, security and policy information. The centralized policy engine in the controller provides rich inbound and outbound policy constructs to manipulate routing information, access control, segmentation, extranets, and service chaining. And finally, Network Configuration and Monitoring System is a centralized system that enables configuration management and monitoring of the SD-WAN solution along with Network changes can be handled centrally across the entire enterprise, so they take hours instead of days or weeks. The vendor says its target market is the large enterprise that has many locations, including banks, retail merchants and healthcare facilities. There are certain benefits which drive SD-WAN solution to enterprise customer like-:
- SD-WAN solutions allow for load sharing of traffic across multiple WAN connections in an efficient and dynamic fashion that can be based on business and/or application policy.
- SD-WAN solutions dramatically simplify the complexity associated with management, configuration and orchestration of WANs
- Configuration parameters are application-centric and/or business-centric, able to provision Application aware Routing.
- Reduced acquisition costs for hardware, software and support of vendor-provided remote office WAN equipment.
- SD-WAN Solution support zero-touch provisioning for new branches, which entails on-site branch personnel have to make physical (i.e., cabling).
- SD-WAN solution support service-chaining of other network services and devices, such as WAN optimization controllers, firewalls, secure Web gateways, etc.
- Single point of management for all WAN routers.
- Network wide segmentation for lines of businesses, compliance and business partners.