Medium and large enterprise companies are reconsidering their approach to wide-area networking (WAN). Legacy deployment and management approaches will not scale with the ongoing proliferation of mobile and Internet of Things (IoT) devices, and the ever-increasing influx of data. Networking in today’s world is considered more than a simple connection from one source to destination. With Software-Defined WAN, businesses can gain the rewards of improved agility and speed of application delivery and implementation, measured in hours and days, not weeks and months. SD-WAN also brings with it a host of added functionality like automation, orchestration, and zero-touch provisioning which the device-by-device network configuration of the past could not offer. The financial impacts of employing SD-WAN are very important. It leverages of multi-vendor, standards-based networking equipment results in lower capital expenditures (CapEx), while the employment of fewer IT staff resources reduces operational expenditures (OpEx)
A brief description of Traditional WAN technologies
Wide Area Network is a computer network that includes multiple geographical areas, it can span over a specific country or across the globe. In a nutshell, it connects many smaller networks, ideally local area networks (LANs) or metro area networks (MANs). The Internet is the most popular wide area network in the world. The main difference between WAN and LAN is the ability of the WAN to scale into a wide area.
It interconnects a collection of switches and routers to form a Wide Area Network. The switches can be connected in various topologies, e.g. full mesh and half mesh. A wide area network can be privately owned or leased from a service provider, but the term typically denotes public (shared user) networks being included.
The WAN uses both packet switching and circuit switching technologies. Packet switching helps customers to share similar carrier resources so that the carrier can use its network more effectively. Networks provide links into the carrier’s network in a packet switching system, and many consumers use the carrier’s network. The carrier will then create virtual circuits between customer sites from which data packets are transmitted over the network from one to the other.
Circuit Switching allows the establishment of data connections when required and then termination when contact is through. This acts like a standard telephone line working to express speech. Integrated Digital Network Infrastructure (ISDN) is a good example of circuit switching. When a router has data for a remote site it initiates the switched circuit with the remote network circuit code.
Why Do we need SD-WAN ?
To really frame up the knowledge and understand why SD-WAN is such an important conversation in today’s IT industry and why it’s an integral component of our broader multi-cloud and hybrid cloud strategy. To begin this journey lets step back in time a little bit and think about how wide-area networks have evolved over the past couple of decades. Let’s begin with an example as illustrated in, figure 1 where we have a remote office for a large company or organization, and let’s imagine we are in the year 2003.
So, we have employees there, and let’s understand what employees are doing on a day-to-day basis in terms of the type of applications they are using. Back in the early 2000s, a larger portion of the time was spent on solutions like email, some sort of ERP system if they are doing financials or HR, and some custom applications. Most of this application was sitting in a centralized data center that was unique to the company. now it’s interesting as we think about 2003 each one of those applications in terms of architecturally where they ran on infrastructure, they were all heavily dependent upon the infrastructure that sat inside a centralized data center. Mostly for Email, it was Microsoft Exchange server and for ERP it will be a mainframe or in a client-server architecture. So, for that employee in that remote office to be effective and productive we needed a very solid connection between that remote office and that data center. Like this, there will be many remote offices in this organization.
This was accomplished back in 2003 typically by implementing dedicated MPLS circuits. MPLS circuits are very reliable and when you purchase one of these from a service provider, they provide a certain level of uptime that you’re contractually guaranteed to get they have great quality. MPLS can do things like voice and video over them without worrying about any degradation in terms of the quality of those as deliverables. In terms of expenditure, they are relatively expensive in terms of the dollar per bandwidth. But because it’s so reliable and because the quality is so high and because the company just needs a few of these to get to the centralized data center it’s still a very good approach. This was one component of the wide-area network back then.
The other piece was that in each one of these remote offices they would have a dedicated piece of hardware as well as one within the data center called the router. Many of these routers are proprietary technology which is expensive, and you managed them on a box by box basis. This is how wide area network was set up to connect branch offices and head office. But not everything ran in the data center here. Sometimes we needed to pass traffic outside the data center and so we would bring everything through the data center because the data center was a way to consolidate things like security. Where we can make sure a single point of entry into the data center. This includes access into anything out there that you know we might just call the cloud today. But back then in the early 2000s, we probably referred to it as the Internet and this is what a wide area network looked like then.
As illustrated in figure 2 if we compare it in 2020 we know we got a similar employee now in this remote office and let’s think about the type of applications that he or she is using daily. Now they will be still using email and using ERP and still using custom apps. But they also probably spending a lot more time on things like social media and several other SaaS-based applications that have become an integral part of the day-to-day jobs. And if we think about how email and ERP changed during this time period, email in the 2000s was running on a dedicated server in the data center now we might be using something like office 365 which is a cloud-based email solution for ERP maybe ERP is still in the data center or maybe components of ERP like my HR system shifted to something like workday or salesforce.com. Again cloud-based or SaaS-based applications that are primarily running from the cloud and if we think about custom apps it might still have a server farm in my data center where a lot of these run on virtual machines but a great quantity of them also may be sitting on things like AWS or Azure.
So, a lot has changed in terms of the infrastructure that’s running the day-to-day business in 2020 from then. But the wide-area network hasn’t fundamentally evolved we are still passing all of the office traffic over these dedicated circuits which are very reliable but also very costly. Which goes into the data center and then going out through the cloud to access all of them in terms of where they live and breathe on a daily basis. So, this presents an interesting problem because these applications that are based here also drive just huge amounts of traffic, and these circuits that we purchased in the past are being tasked in terms of the amount of bandwidth and data.
Passing them over on a day-to-day basis and it’s only getting worse each and every day. And still complex to manage this WAN as we must go device by device. We are looking for some operational simplicity here and this is where software-defined Wan (SD-WAN) comes into the story. That’s why software-defined Wan is the conversation that almost everyone in the industry wants to have right now. So, to begin with, software-defined Wan allows us to have central control and what is meant by that is software-defined Wan has a virtual cloud orchestrator which allows us to look at end to end in wide area network and understand all the endpoints. It gets access to all the endpoints by accessing X86 devices that have now replaced these routers at all these remote locations as well as in the data center. A standard-based hardware piece of infrastructure through this centralized orchestration gives access to all these endpoints giving end to end visibility of the entire wide area network. In addition, there are also virtual cloud gateways out at each one of these major public cloud providers and SAS application providers. To be specific there are a couple of thousands of those throughout the global network that we know here currently. What we can do with that is to start to get an end to end view of the network and think about more efficient ways that we can start to pass traffic as opposed to these very expensive and dedicated MPLS circuits. One way to go is to take advantage of broadband and this is the same broadband that we use in our homes. Contrasting it with MPLS reliability is lower quality but the cost per bandwidth is also significantly lower.
Illustrated in figure 3 is a graph which explains the cost in percentage while using MPLS and Broadband connection. This may vary based on region and location. If we are running a100% MPLS circuit today as illustrated the cost is very high and if we can move to a model where we can get to 50% MPLS and 50% broadband we can cut the cost to about 50% of what it was over MPLS previously. Now, this still allows us to maintain certain critical apps running over the MPLS circuit. Eventually, the goal for many of the enterprise users who move to Software-Defined WAN is to get through 100% broadband, and if you can accomplish that you’re getting down to about 25% of the data transport cost which we will be spending today. These are real expenses for enterprise users. They are driving a lot of their operating costs (OPEX) and this is one of the key reasons why it’s so compelling for so many of the enterprise users who want to have Software-Defined WAN in their infrastructure today.
As per the above graph (figure 3) and explanation it’s clear how do we get to this 50:50 mix (MPLS and BroadBand) and move on to the 100% broadband. If the reliability and quality are so important on these dedicated MPLS circuits this is where the great beauty of software-defined WAN comes into play. When using Software-Defined WAN, we can start to utilize multiple broadband connections and through the ability, through a centralized orchestration and policy engine, we can have deep visibility in performance, latency, jitter on each of the paths. We can direct the traffic over the optimal path for all the data on the wide-area network over broadband. Guaranteeing that the level of quality and service that we expect on the MPLS circuits now. That is the journey of the enterprise users who are anticipating to have a software-defined wan in their infrastructure. Above mentioned OPEX reduction with the same level of performance which we experienced with MPLS is the end result which all the Software-Defined WAN user will expect. The great thing about SD Wan is we can transition into that end state by providing the ability to offload this and move applications in a measured way and a Safeway without impacting any of the performance.
How to Select a good SD-WAN Provider
Over the last couple of years and since that time a lot of service providers have launched an SD-WAN solution offering. With so many different SD-WAN services out there in the market the challenge for a potential customer is to make the right decision on selecting a Software-Defined WAN provider. If we are to assess all providers, we will end up getting quotes from all the providers. As a trusted advisor the Network Engineer will be tasked to select the best SD-WAN provider which will end up calling each one of them individually and talking to them and attending the webinars and really learning the intricacies of what makes each SD-WAN service different.
After all these hard ways of learning, we came up with seven main differentiators for SD-WAN service. So, knowing these Seven questions you need to ask yourself will really help an organization quickly find the right group of service providers to quote. Let’s see the seven differentiators below.
What is meant by application peering is that whether platforms like Salesforce, Azure, AWS, Sugar CRM, Office365, Google are used by your organization? And if you are using these cloud applications, what is your performance been like? If it’s been poor, then the service providers out there could directly peer with these applications and give you somewhat of a fast Lane into these applications. They can really improve the performance that your employees are experiencing.
So, when it comes to different SD-WAN service offerings, we can differentiate this into three different types of SD-WAN architectures
Cloud-enabled; it means that you’re on Prem devices connecting to the service providers cloud gateway
On-Prem connected by a backbone network.
So, knowing which architecture is the best fit for your company is going to really help you narrow down the service providers.
There is a ton of different features out there that SD-WAN service providers offer, like the ability to keep a voice call active even if your primary circuit goes down and you have to flip to a secondary circuit the voice call or cloud session stays active that’s one feature. Load balancing between multiple service providers, Traffic shaping both inbound and outbound, giving a set of IPS directly from the SD-WAN service provider are some of thee features. There are a ton of different service provider features out there included with SD-WAN. So, it’s important to understand the main ones in which ones really apply to your company’s needs.
Is your company really heavily leaning towards CAPEX or OPEX? obviously, there’s some CAPEX options and OPEX options. So, you really want to get that right and know which providers are quoting and if it’s a CAPEX or OPEX model.
Security is a big one as well so when it comes to security do you have your firewall ready ? are you happy with your current firewall configurations and setup ? are you absolutely content with firewalls you have in place? if so you want to find an SD-WAN service provider who’s firewall agnostic and who their service will play very well in the sandbox with your current firewalls. If you are open to using an SD-WAN and firewall combination some service providers offer a built-in firewall into their SD-WAN platform and some of those firewalls are very basic. Some are like the full UTM advanced firewall that has things like content filtering and email protection all kinds of required features and options. So, knowing your firewall and security situation will really help you kind of know those providers as well.
So if you’re getting SD-WAN where your locations at and can these service providers service those areas? So, if you are going with an On-Prem only does that service provider that manufacture offers support? or can you find a vendor who will support that SD-WAN solution locally on your sites? If you are going with a cloud-enabled solution where you’re on-premise devices connecting up to a cloud gateway where the providers’ cloud gateways are? Where are those located? Are those near your locations? If you have international locations does that SD-WAN service provider have cloud gateways or POPs in those international regions?
So this is a big one if your company is really having a big network on like Meraki or Aryaka then you know for certain you want a Velo cloud solution or you want a big leaf. Definitely you want one type of service provider, one type of solution manufacturer but you want to get quotes on that solution manufacturer from different service providers. So those are the Seven different differentiators and obviously there is a lot of sub differentiators underneath each of those. But those are the Seven main ones that will help an organization select the best Software-Defined WAN provider.
Author: Ahmed Alavi is a Cisco Certified Senior Network Administrator at CMS - Remote Technology Center of Bluecorp. He has extensive experience working on global data center networking, network security and cloud networking. His is planning to be CCIE certified soon.