Menu

Poland

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

Sweden

Drottninggatan 86
111 36 Stockholm
+46 762 041 514
info@grandmetric.com

UK

Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com

US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com

  • en
  • pl
  • se
  • What is SD-WAN (SDWAN)

    What is SD-WAN (SDWAN)

    Date: 03.04.2019

    Author:


    Buzzwords in a buzzworld

    Today, let’s clarify what is SD-WAN. Sometimes I feel like we live in buzzworld. Most of (not all) social networking posts, marketing chats, videos talk buzzwords. I am mostly in the IT business, but I suppose the buzzword space is a rule in other businesses too. Here in IT we have AI, ML, SD-WAN, IoT, SDN, XaaS, DevOps, Serverless and many more. As a tech guy, I prefer to make sure I fully understand the buzzword, before I start to talk this and then explain, what the hell is that. In this post, I will stick with 3rd one from the list – SD-WAN.

    As we have already posted on Viptela (now Cisco SD-WAN), we are familiar now with SD-WAN design, configuration, abstraction and pros. However, I feel like most of customers and IT people still have no clue, what exactly SD-WAN is. And why it is forced today, as the way to go for enterprises and service providers. Personally, I think there is no single and short definition. That is why I will elaborate on few important aspects of SDWAN below.

    So what is SD-WAN?

    What is SDWANSD-WAN (SDWAN) is short for Software Defined-Wide Area Network (WAN). This explains something, but just a little. First, SD-WAN is in some sense the application of Software Defined Network (SDN, another buzz). Specifically, the paradigm called data, control and management plane dissagregation and network automation. Here, you can read about paradigms and characteristics that the SDN idea brings. Dissagregation approach simplifies the process of building & maintaining something called network overlay. Overlay is an abstraction that SDWAN idea relies on (you will read more on dissagregation and overlay concepts below). Despite the overlay is not a new idea for network engineers (examples here are: GRE tunnels, VTIs or DMVPN structures, to name a few), it is the main idea behind the SD-WAN that enables sophisticated routing of production traffic (for example: service chaining), network visibility and maintenance activities’ automation. Next is the idea called ZTP that stands for Zero Touch Provisioning (or Zero Touch Deployment, ZTD). ZTP makes SD-WAN edge routers really easy to be setup from scratch. Application-aware and performance-aware routing is the 3rd pillar of something called SD-WAN. It allows for custom WAN links utilization (multi-path) and application routing policy building. The 4th thing, is the software part that resides on on-prem cloud (private cloud) or public cloud. This allows for SD-WAN controllers and edge routers configuration, monitoring and maintenance using one dashboard with an admin-firendly GUI.

    Disaggregation and overlay

    Disaggregation comes from separation of planes. Data plane – responsible for packets forwarding, control plane – responsible for routing control and management plane – responsible for management traffic and activities like pooling, or access to device. Based on Cisco Viptela SD-WAN example, those three are executed in a following scenario:

    • Control plane – vSmart controller communicates with routers with DTLS sending and receiving routing information. This DTLS  channel is independent from WAN production traffic. Thanks to SDWAN controller each router has information about routing in the WAN. Focal point is the vSmart controller being able to manage routing centrally and enforceing routing policies.
    • Management plane – vManage controller sets up the DTLS communication channels with vEdge routers to be able to push the policies and configuration templates. Templates are pushed to routers on-the-fly in out-of-production-band manner.
    • Data plane – IPSec VPN between routers themselves are based on policies pushed from vSmart and vManage controllers. Those IPSec tunnels create a said overlay in different flavors for example full mesh or hub-and-spoke. The overlay is built independently from underlaying infrastructure like MPLS links, radio links or some leased lines. This makes SD-WAN independent of Service Provider.

    Deep packet inspection (DPI) – The driver for app-aware routing

    This is really new. Historicaly there were technologies used to decide, where to route, based on factors like packet loss, delay, or jitter. An example, was performance routing or PfR. But the real improvement, is with the app-aware routing that makes use of DPI engine, recognizes the appplication and based on this and performance metrics decide which link to push the traffic to. An example, can be facebook traffic, or SAP traffic. With app-aware routing and two active links: A and B , you can design a following configuration: SAP traffic should use link that has max. 15 ms RTT, while facebook is always using link B. In traditional routing mechanisms, routing decisions were made based on the destination IP of IP header that was compared with a routing table. Thus, such an app-aware scenario was not available. You could force to route packets only by setting the destination IP prefix, so that was not really scalable, consistent and managable.

    Zero Touch Provisioning – ZTP

    The way you setup the WAN network, may be done with old approach, or the modern modern one. Zero Touch Provisioning is the latter. In traditional way, for example in DMVPN, network engineer had to prepare router config template, put on router via console, connect on site, and verify if it was connected to Hub with NHRP, IPSec SAs up. If there was an RSA type of ISAKMP phase authentication, certificate was manually loaded onto router or sometimes enrolled with SCEP. In ideal ZTP process, you unbox the SD-WAN, router connects to Ethernet, router gets an IP from DHCP, and it’s done – it is from now visible in ZTP portal and / or controllers.

    Single pain of glass – admin-friendly dashboard

    Cute dashboard. This is the tactile sign of software definition 🙂 We might joke a little, but yes, in the SD-WAN case, the dashboard is a really “single pane of glass” to the WAN world. With a unified dashboard, you can configure, push, change, monitor, diagnose, backup and upgrade whole SD-WAN infrastructure. The software behind, takes care of API modules, config pushes, schema validation, or measurments like jitter, or delay interpretation. But this sophistication is, of course, behind the scene.

    Real-life example: WAN tunnel, Octets Rx & Tx.  Try to get such chart in legacy WAN implementations “out of the box”.

    Cisco SD-WAN traffic stats octets

    UPDATE: Troubleshooting and vizualization? (in SD-WAN out of the box). Here you are:

    SDWAN_troubleshooting_cisco

    After setting up the fiber on ISP side and marking TLOC as a Gold. We see clearly TLOC setup at. 9:00

    What SD-WAN brings to business?

    Because the above post was stripped from marketing slogans and talked technology and functions behind SD-WAN, now in summary, let’s capsulize what mentioned components of Software Defined WAN bring to business and why IT Managers could decide to go with SD-WAN:

    • Cost optimization – many SD-WAN solutions are a relatively mature products (be aware that not all are). In addition, Internet links are efficient, fast and with good SLA. That is, why it is worth to buy two 100 Mbps links and resign from 10 Mbps MPLS / IP VPN link. Often, building an overlay over Internet links should bring similar SLA and better user experience in forwarding traffic between WAN sites. MPLS is often costly.
    • Simplification – the “software definition” of WAN, makes the solution easy for management and day-to-day operations that should save the IT crew time.
    • Quick setup of new WAN locations.
    • Greater flexibility and independence of Service Providers in terms of contract agreements.
    • Ability to route traffic, based on applications requirements limiting the downtime for business.

    If you want to know more about the SD-WAN approach in your particular case, how the transition process can look like, read our offering, setup free video call to talk with engineers. See you soon!

    Author

    Marcin Bialy

    Marcin Biały is Network and Security Architect with over 14 years of experience, with Service Provider and Enterprise networking background. He used to work for large service providers, global vendors and integration services companies as Network Architect, Leading Architect and Techincal Solution Manager positions. He designed, implemented and supported dozens large scale projects and infrastructure migrations, solved hundreds of tickets and spent hours with CLI and GUI of many flavors. Marcin is also holding industry recognizable certificates such as CCNP, CCNA, CCSI #35269, FCNSP #7207, FCNSA and more.

    1 Comment

    Leave a Reply

    Your email address will not be published. Required fields are marked *


    Grandmetric