Regístrese ahora para una mejor cotización personalizada!

What is SD-WAN?

Sep, 08, 2018 Hi-network.com

The SD-WAN market is in high gear. The concept is solid and the benefits are real. There are, in fact, very few WAN situations that would not benefit greatly from this technology. However, all SD-WAN is not the same. There are multiple paths you choose as you endeavor to take your existing, running, trusted network...to a brand new modern one.

What is SD-WAN?

The primary value proposition for SD-WAN centers on the high cost of traditional WAN. As the internet has grown, it has become easier (and cheaper) to get broadband internet circuits just about anywhere. For many users, high speed bandwidth was no longer a benefit of driving to the office. I has become harder to explain why we had to build the networks that we did and as traffic patterns have migrated cloud-wise, these designs are showing their age.

More Options. Less Complexity.

MPLS has been the dominant form of enterprise WAN over the past few decades but it finally has a very viable competitor in SD-WAN. MPLS circuits provide a dedicated networkthat iscompletely distinct from any other network. Every remote connection has a specifically sized circuit delivered to them so you know exactly how much bandwidth you get at each site...it is all very predictable. Which is important. If any location needs to access 'the internet' than this is commonly done by routing that connection through a central office which has big pipes to the internet and various security mechanisms for filtering it.

Two big issues have come out of this:

  1. All internet traffic from branch sites is using those precious/expensive MPLS in two directions. This is secure....but wasteful.
  2. Internet use is rising fast along with it's business critical nature with multiple Saas or IaaS resources are now used by the entire enterprise.

Enterprise IT has long been able to connect to the Internet directly from any remote office. This is not a new idea. It just came with too much risk.

SD-WAN is now offering a credible option for enabling a secure 'hybrid' WAN. The hybrid is a reference for how SD-WAN is here to augment, not necessarily replace those expensive MPLS circuits with a less expensive broadband internet.

There will be multiple, physical circuit terminations into the same edge point. Does the vendor have hardware routing experience? Some locations may need an MPLS line, pus two different sources of Internet connectivity. If it's a really critical area, consider adding cellular failover, 4G LTE or other wireless that might be available. Make sure you can run active/active on those cabled circuits as well so that you are not paying for something 'just in case.'

When SD-WAN is done right, it should offer asimplifiedability to route enterprise traffic in asecuremanner with aconsistent quality of experience that is as good or betterthan what you are doing now.

If you are considering an SD-WAN solution, there are quite a few options in the market. Here is my shortlist for things you should make sure you dig into with any option under consideration:

1. Simplicity-the software defined part of SD-WAN refers to the control portion of your routers now being handled somewhere else. This is generally a cloud based that you access with what is hopefully a simple interface. Couple of quick things to check for here:

  • Does the controller HAVE to be in the cloud? You may run a network that does not allow for this...make sure you know what you can do.
  • Is ALL the policy control handled through this same interface? How granular can it get? You should be able to define and manage unique policies for every remote location down to the individual application requirements. Set it and forget it.

2. Securityshould be more than a passing mention to IPsec encryption.

  • Check for how security is being handled across three dimensions: encryption, authentication and integrity. Zero-trust models are the goal but make sure that it's not just a marketing term.
  • The ease of bringing new sites onto the network is a common benefit. Ask what security is in place when doing this. Remote connections back to the centralized controller should have an authorization process that precedes any traffic flows.
  • Security is very personal, unique to every organization. Make sure you like the options available for expanding security controls outside of the ones provided by your SD-WAN vendor.
  • This move to SD-WAN is being driven by the incredible growth of cloud based applications we all now depend on. Security controls need to extend to these services as well..striking that balance between 'secure connection' and 'most optimal route.'
  • SD-WAN brings a lot of flexibility we have not had before. Take fully meshed connections for example. These were once too complex to configure in most situations. Dynamic, policy based routing should be easy for SD-WAN such that performance remains aligned with security. There should be no trade-offs here.

3. Quality of Experience-as opposed the ease of use pointer above, this QoE mention is really about the controls and design in place that benefit the end-user.

  • The internet is still not controllable in the same sense as a private network. However, there are quite a few things that can now be done to minimize this. Hybrid network connectivity, combined with granular controls should allow for policies that can dictate the conditions under which an MPLS path might be chosen. This is a new middle ground option that previously did not exist. The idea is that your SD-WAN implementation should allow you to reduce the size of your MPLS circuits (which reduces operating costs) because you have policies that say that certain applications may work just fine over the internet 'most of the time.' What you want is a real time measurement that can choose that MPLS route for a specific conversation at a specific time...because the network is smart enough to pull it off.
  • Non-core applications are generally the first to move to the cloud model. HR, scheduling, administrative stuff, these have become SaaS applications like Office 365 and Salesforce for example. User experience will vary by the state of multiple things that constantly change: from the internet gateway on one end, all the through to the hosting location on the other. How is this variation measured and then used to optimize the routing path?

Track Record

There are no shortage of SD-WAN vendors right now. This is truly where WAN networking is going, it is not a fad of any sort. But as much as networking changes, it still remains the same. Don't overlook the importance of a good track record in both networking and security. Most vendors seem to have some experience in one but are then partnering for the other. Partnerships are hard.We do it. But if any one element that is important to you, is being handled through a partnership...make sure you are comfortable with how that will work for you if something goes awry. This is your network after all...everything and everyone is impacted.

Don't run towards SD-WAN ONLY because it offers tremendous cost savings when compared to your private lines. There should be no increased risk or settling for sub-standard control options. SD-WAN is a technology your network should aspire to with better security, better visibility, control and ease of use. It's all here and it's fun to show off.

As always, I did not get to cover everything...but I hope it answered a few questions. We have a TechWiseTV episode on this of course but I do encourage you to check out the product page: cisco.com/go/sd-wan.

So, What are you looking to get out of SD-WAN? What would you add to this list of things to look for?

Learn More

Deep: Check out our TechWiseTV episode on SD-WAN. Ramesh Prabagaran and David Klebanov broke down the new options quite well. I believe they were both Cisco employees well before working with Viptela...I am glad to have them back.

Also, check out Anand Oswals blog on vAnalytics. I did not spend any time talking through the visibility options you should be 'looking' for...but he covers it well.

Deeper:David Klebanov also lead our workshop where he took live Q&A. These workshops are great for having a little more time to play with and of course, getting some interaction.

Deepest:Check out David's session from Cisco Live: Delivering Cisco Next Generation SD-WAN with Viptela -BRKCRS-2110. I hardly ever have time to go to the Cisco Live sessions that I want to attend. I think there are over a 1,000 of them or so at each event? Meeting engineers and learning new stuff is what makes Cisco Live such a required event every year. David and Ramesh did a number of sessions in Orlando this summer. You can hear just how much real routing knowledge went into the Viptela design. I love the Q&A especially because a Cisco Live audience is filled with the smartest and most experience network engineers in the business.

TechFieldDay is a great resource. I really liked one that they did in 2016 for Networking Field Day 13. There are quite a few good demos from David in here.

For network security detail, I really got a lot out of some Viptela specific resources: Control Plane Security and Data Plane Security which examine how authentication, encryption, and integrity are implemented throughout the overlay network.

Thank you for watching. Thank you for reading.

Leave me a note below to tell me you read this far down the page...

Robb

@robbboyd

Watch all of our shows at techwisetv.com, follow the show on twitter @techwisetv

 

Integrating Viptela SD-WAN onto Cisco IOS-XE on TechWiseTV

 

 


tag-icon Etiquetas calientes: TechWiseTV SD-WAN ISR WAN mpls Viptela

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.