Sunday, September 18, 2022

Introduction to SD-WAN

Inefficiencies of Traditional WAN

Private WAN connections like MPLS are reliable but also expensive. WAN connections are usually a big chunk of the IT budget, so it’s understandable that organizations are interested in replacing their private WAN connections with regular Internet connections to reduce costs.

To understand SD-WAN, we first must talk about some “problems” with traditional WAN connections. We can choose between private WAN connections or public Internet connections. Let’s compare these two options:

  • Cost: private WAN connections like MPLS are way more expensive than regular Internet connections.
  • Time to deploy: It takes longer to deploy a private WAN connection than a regular Internet connection.
  • SLA: Service providers offer SLAs for private WAN connections that we don’t have for regular Internet connections. There are providers who offer SLAs for “business” class Internet connections, but these are usually way more expensive than regular (consumer) Internet connections.
  • Packet loss: Internet connections have a higher packet loss rate compared to private WAN connections like MPLS.
  • QoS: Internet connections don’t offer any QoS. You can prioritize your outgoing traffic but that’s it, the Internet itself is like the wild west. Private WAN connections often support end-to-end QoS.
The way we use our WAN has also changed throughout the years. Most organizations had an HQ, remote users, and perhaps some branch offices. Branch offices were connected to the HQ with private WAN or VPNs over the Internet. Remote users used remote VPN over the Internet to connect.
Nowadays, organizations also run their own applications in the cloud instead of on-premises, and they use applications like Office 365 or Gsuite. Our traffic patterns look different now:

What about network management? Each router has its own control plane, and we use the CLI to manually create our router configurations “box-by-box”. This is time-consuming and prone to errors. We can use network automation tools to make our lives easier, but the control plane remains decentralized.

Benefits of SD-WAN

SD-WAN promises to save money by using a combination of Internet and private WAN connections and make network management much easier.

  • Cisco SD-WAN provides a flexible architecture to extend SD-WAN to any environment. 
  • The solution automatically discovers, authenticates, and provisions both new and existing Cisco SD-WAN devices.
  • After connecting to Cisco SD-WAN, each network device can find the best path to the applications that reside in the data center or AWS Cloud. 
  • Cisco SD-WAN can use any transport method (satellite, broadband, MPLS, 5G/LTE) from any location (core, edge, cloud) for any network service (security, application Quality of Experience [QoE], voice).
  • Through OMP, Cisco SD-WAN supports both common and advanced routing protocols that are necessary for managing networks across the WAN and cloud. Protocols include Border Gateway Protocol (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP), Equal-Cost-Multi-Path (ECMP) routing, Open Shortest Path First (OSPF), Virtual Router Redundancy Protocol (VRRP), and IPv6. 
  • Cisco SD-WAN provides this flexibility in both full and partial mesh encrypted deliveries, allowing maximum customization based on business needs.

There are four major use case categories for the Cisco SD-WAN solution:

  • Automated Zero-Touch Provisioning: The ability to remotely provision a router anywhere in the WAN by just connecting it with a cable to the transport network and powering it on. The WAN Edge router discovers its controllers automatically and fully authenticates to them and automatically downloads its prepared configuration before proceeding to establish IPsec tunnels with the rest of the existing network. Automated provisioning helps to lower IT costs.
  • Bandwidth Augmentation: Allows customers to increase WAN bandwidth by leveraging all available WAN transports and routing capabilities to distribute traffic across available paths in an active/active fashion. Traffic can be offloaded from higher quality, more expensive circuits like MPLS to broadband circuits which can achieve the same availability and performance for a fraction of the cost. Application availability is maximized through performance monitoring and proactive rerouting around impairments.
  • VPN Segmentation: Traffic isolation is key to any security strategy. Traffic that enters the router is assigned to a VPN, which not only isolates user traffic, but also provides routing table isolation. This ensures that a user in one VPN cannot transmit data to another VPN unless explicitly configured to do so. When traffic is transmitted across the WAN, a label is inserted after the ESP header to identify the VPN that the user’s traffic belongs to when it reaches the remote destination.
  • Centralized Management: vManage offers centralized fault, configuration, accounting, performance, and security management as a single pane of glass for Day 0, Day 1, and Day 2 operations. vManage offers operational simplicity and streamlines deployment by using ubiquitous policies and templates, resulting in reduced change control and deployment times.

The following Cisco SD-WAN capabilities helps to address application performance optimization:

  • Application-Aware Routing: Application-aware routing allows the ability to create customized SLA policies for traffic and measures real-time performance taken by BFD probes. The application traffic is directed to WAN links that support the SLAs for that application. During periods of performance degradation, the traffic can be directed to other paths if SLAs are exceeded.
  • Quality of Service (QoS): QoS includes classification, scheduling, queueing, shaping and policing of traffic on the WAN router interfaces. Together, the feature is designed to minimize the delay, jitter and packet loss of critical application flows.
  • Forward Error Correction (FEC) and Packet Duplication: Both features are used for packet loss mitigation. With FEC, the transmitting WAN Edge inserts a parity packet for every four data packets, and the receiving WAN Edge can reconstruct a lost packet based on the parity value. With packet duplication, the transmitting WAN Edge replicates all packets for selected critical applications over two tunnels at a time, and the receiving WAN Edge reconstructs critical application flows and discards the duplicate packets.
  • TCP optimization and Session Persistence: These features can address high latency and poor throughput for long-haul or high latency satellite links, for example. With TCP optimization, a WAN Edge router acts as a TCP proxy between a client and server. With Session Persistence, instead of a new connection for every single TCP request and response pair, a single TCP connection is used to send and receive multiple requests and responses.

Cisco's SD-WAN solutions

Cisco offers two different SD-WAN products through its acquisitions of Meraki and Viptela. Both products are full-fledged SD-WAN solutions and have several overlapping features. However, Cisco has made it clear that Meraki and Viptela are geared toward two different markets.

  • Meraki is designed for small and mid-sized companies that want simplicity and ease of use above everything else. Deploying the Meraki SD-WAN solution is easier than Viptela and if the organization does not have any specific niche requirements, it would be the right choice.
  • Viptela has more advanced features available and requires a sophisticated network design and architecture. The product is designed for large-scale enterprise-level networks and has a high degree of customization.

What is SD-WAN?

Cisco SD-WAN is a Wide Area Network (WAN) overlay architecture that applies the principles of Software-Defined Networking (SDN) into the traditional WAN. It is designed to meet the needs of modern enterprise applications and the rapidly growing security requirements.

The main principles that the Cisco Software-defined Wide-area Network (SD-WAN) architecture has adopted to solve the inefficiencies of the traditional WAN. The solution utilizes some well-known and time-tested network technologies in combination with some new innovative ideas. It transforms the complex legacy WAN infrastructure into a secure and scalable overlay fabric. Cisco SD-WAN achieves this by using the following techniques:

  • Separating transport from the service side of the network
  • Separating control, data, and management planes
  • Secure the Data-Plane Automatically
  • Managing the fabric through centralized policies
  • Secure zero-touch provisioning and onboarding of new devices

By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)