This is SD-WAN in a nutshell: it transforms the delivery of Wide Area Network (WAN) services to business users, improving connectivity and WAN management. Research firms forecast a continued bright future for SD-WAN and its near-primacy in the network services market.
Most businesses can see the benefits of SD-WAN, but many underestimate the complexities of successfully installing and incorporating it into their current network infrastructure. Choosing an SD-WAN solution and implementing it on your own can be risky business, especially when you realize that not all SD-WAN vendors are created equal.
AireSpring specializes in helping businesses understand and integrate this all-important advance in network services by customizing the approach—and the choice of providers—that best fit each customer’s needs. Here’s a primer to help you get more comfortable in the world of SD-WAN.
The first thing to know about SD-WAN is:
- SD-WAN isn’t built to uproot the world of connectivity and networking. In fact, it works to support existing technologies, rather than replace them.
The second thing to know about SD-WAN is:
- It is not “plug-and-play,” and achieving the right outcomes requires an experienced partner to configure, install and manage the new system.
SD-WAN is a highly complex product at the back end, one that with proper set-up and management delivers a better, easier-to-use result at the front end. The key to your enterprise success with SD-WAN could come down to choosing the right partner, selecting the right vendor, then installing and managing the implementation.
Your outcomes, once you’ve made the transition to SD-WAN, have a greater chance of success if you first have a basic understanding and then choose the right Managed Services Carrier to fulfill your company’s needs. Here are some tips to help you understand how SD-WAN technology can work with your existing network services.
Part 1: SD-WAN Technology AnalysisOverlay vs. Underlay
One key to understanding SD-WAN is to realize that it is an OVERLAY technology. Your existing network becomes the UNDERLAY. SD-WAN overlays encrypted tunnels across every single upstream underlay circuit you have (MPLS, internet, fiber, broadband, T1, T3, LTE, etc.) to create inter-site connectivity. It doesn’t care if the circuits are wildly different from each other or if the speeds up/down don’t match–it’ll drive each circuit to its maximum potential in terms of utilization, packet loss, packet sequence, errors, latency, jitter, and much more.
SD-WAN implements strict monitoring of all traffic over all paths. Utilizing your detailed, customized policy inputs (your instructions), it gets right to work with a rich set of features and the ability to steer traffic sub-seconds between paths, using per-packet steering and its very smart application-aware IP stack. SD-WAN is network virtualization or abstraction which is similar to the way hypervisors work with servers. A hypervisor is a function which abstracts—isolates—operating systems and applications from the underlying computer hardware. This abstraction allows the underlying host machine hardware to independently operate one or more virtual machines as guests, allowing multiple guest VMs to effectively share the system's physical computing resources, such as processor cycles, memory space, network bandwidth and so on. A hypervisor is sometimes also called a virtual machine monitor. Similarly, SD-WAN abstracts –isolates—your network traffic from the underlying circuits used to transport it.
Goodbye Active/Passive Failover. Hello Active/Active sub-second failover SD-WAN.
In the past, you may have paid a lot of money for failover circuits that just sat there. And, who knows if they really work—until that moment of truth when they are called upon to save your business from downtime! Well, not anymore: with SD-WAN, you can remain active/passive if you like, but it can also revise your network architecture so that all circuits are active/active with sub-second failover. This makes failover, migrations, circuits, adds/changes, IP block portability, inbound congestion avoidance, and so many other things not only possible, but easy.
Goodbye IPsec VPN. Hello SD-WAN AES256 bit military grade encryption plus dynamic topologies.
Point-to-point IPsec VPN tunnels were never easy to configure or manage, often involving a lot of static manual coding for every connection while offering limited and often unreliable or equally hard to manage dynamic full-mesh topology creation coupled with cryptic troubleshooting. In contrast to IPsec VPN, SD-WAN not only has AES256 bit encryption but adds rich capabilities to dynamically and easily create different topologies such as full mesh, hub and spoke, or hybrid topologies with powerful yet easy to configure traffic routing, app prioritization, and security features. Rolling this out to thousands of devices –or rolling changes back– takes seconds, not hours or days. How is this possible? You get a block of IP’s from AireSpring and we can deliver that to you via SD-WAN wherever you are. Very basic reconfiguration of your gear and you’re back up in seconds. Easy!
Goodbye MPLS limitations. Hello SD-WAN-powered MPLS.
Many talk about the rise of SD-WAN and the fall of MPLS as if the two technologies are incompatible or competitive instead of what they truly are to each other: complementary. Among the 30-plus SD-WAN vendors that AireSpring evaluated this year, every single one of the SD-WAN company founders or CEOs we spoke to stated in one way or another that “SD-WAN is a marriage, not a divorce from MPLS.” Why? Because there’s no replacement for guaranteed quality of service (QoS) end-to-end in a network and that’s what MPLS delivers. For this reason, some of the largest carriers in the world, including AT&T and even AireSpring, are built on MPLS as their IP Core. The ability of SD-WAN to centrally configure, deploy and even easily rollback QoS, Security, Routing and other policies/settings to any number of devices instantly, saves a tremendous amount of time, money and frustration.
Augmenting MPLS with SD-WAN means:
- MPLS Quality of Service (QoS) is augmented by SD-WAN Quality of Experience (QoE), a close cousin, capable of replicating a similar (albeit not identical) quality across a wider diversity of non-MPLS circuits, including internet over broadband, fiber, LTE, and others, at attractive price points.
- MPLS failover times go from a BGP-controlled 5-60 seconds to SD-WAN sub-second failover with no impact to voice, video or other stateful, orderly-sensitive traffic.
- MPLS active/passive redundant circuits now become SD-WAN active/active circuits and are bonded as one big pipe.
- Services that were traditionally only delivered by MPLS, such as SIP, UCaaS, video and more can now be delivered over SD-WAN.
- Services that were traditionally only publicly-delivered, like internet, can now be delivered over MPLS with a new twist: full IP block portability without the use of BGP or Domain Name Servers (DNS). If your internet circuit goes down, your IP blocks stay UP via SD-WAN failover across MPLS or any other path.
- Inbound congestion avoidance, upstream distributed denial of service (DDoS) protection, and more can be easily added by leveraging SD-WAN.
- MPLS has always been private, now with SD-WAN encryption it is SECURE, thanks to AES256 bit military grade encryption.
- Traffic visibility, remote packet captures (pcap files), prioritization, throttling, blocking, and filtering all become real-time (vs. polled interval data) and easy to view/implement/adjust.
Goodbye complex, boring internet. Hello SD-WAN-powered internet.
The value-add that SD-WAN brings to internet cannot be overstated:
- You no longer need BGP or have to get fancy with DNS to control your IP blocks and self-hosted internet-facing resources. IPv4/IPv6 blocks can be provisioned over SD-WAN! No more BGP autonomous system number (BGP ASN), no more BGP routing, no more mucking with dynamic or regular DNS, no worrying that when an internet circuit goes down your IP block goes down with it. No more having to own a portable IP block or be held hostage by an Internet Service Provider (IPS) who does. Locate and even re-locate your office wherever you want, even into the Cloud, even across numerous ISP’s, and SD-WAN can make sure your IP block(s) follow. Wow!
- SD-WAN allows for upstream service chaining. Everything from a cloud-based firewall, UCaaS, DDoS protection, web filtering, IPS, you name it, can be part of SD-WAN.
- Virtual xconnects (cross connects) to over 1,000 plus SaaS providers, 100’s of colocation datacenters, and dozens of Cloud & Managed Service Providers is now possible. Private connects vs. internet-only are experiencing an exponential rise because many businesses now rely heavily on many different types of Cloud-based services, which means getting to them at the mercy of the internet is no longer an option. SD-WAN lets you poke a private hole into your favorite Cloud and let it rain!
Part 2: The Future of SD-WAN: UCPE, NFV, VNF
The future is already being rolled out across carriers who are automating the provisioning and operation of their IP core networks all the way to the customer edge in order to deliver services faster and easier. This effort is often referred to as Network Function Virtualization (NFV). Most carriers will have this completed by 2020. What you will see in your business moving forward is a single box, or uCPE which means Universal Customer Premise Equipment. This box will have all the physical ports that a router, switch, wireless or voice gateway would have – all in one. Various Virtualized Network Functions (VNF’s) can be added to the box to upsell things like:
- Security (firewalls and unified threat management),
- Virtual xconnects, SD-WAN capabilities,
- WAN acceleration (WANx),
- Wireless (LTE, 4g, 5g, LTE-M, Wi-Fi),
- Unified Communications as a Service (UCaaS hosted phones, SIP trunks, faxing, you name it) and more.
When it comes to VNF’s, the sky is the limit, particularly as the Internet of Things (IoT) rolls out and the need for a bit of “edge computing” supplied by a localized VNF will come in handy, even if some big Cloud in the sky is actually calling the shots. The ability to keep your “orchestrator” or brains (management plane) in the Cloud, but still have traffic and features operating in a local “controller” (data plane)--even if the orchestrator is unreachable for some period of time—is a common architecture on which the future is being built to enhance continuity.
So SD-WAN will morph into uCPE, particularly as fiber-based circuits become more ubiquitous, making connectivity and bandwidth cheap AND reliable. Features, functionality, and a LOT more benefits are coming. They will be wrapped in the speed and convenience of automation, which will become par for the course moving forward.
Part 3: All SD-WAN Solutions Are Not Created Equal
SD-WAN is not a commodity. As a rapidly evolving technology, features and capabilities vary wildly among SD-WAN vendors. The reality is, even features such as “forward error correction” or FEC, and are implemented in vastly different ways–or not at all— among competitors. Glaring gaps in routing protocol support, public/private circuit integration, troubleshooting capabilities and more, is just the tip of a mostly unseen SD-WAN iceberg.
Don’t go down with the ship! Knowing the peaks and valleys of SD-WAN will save you a lot of frustration, embarrassment, and unnecessary cost while realizing the many real benefits. AireSpring’s solutions and engineering teams have done an extensive deep-dive into dozens of SD-WAN vendors to understand the unique strengths, weaknesses, gaps, and differentiators. This treasure trove of technical knowledge gleaned during live trials and in-depth analysis of each solution under varying simulated WAN conditions, is the information you need to build the network you know best—your own.
Choose an All-In-One Resource
Why choose AireSpring to help you manage the selection and implementation of your ideal SD-WAN system? AireSpring is uniquely positioned to transparently glue 16+ carriers, numerous technologies, and multiple SD-WAN vendors together nationwide. It all adds up to deliver a unified channel-only team, a unified network (all carriers tied to our datacenters via NNI gateways), unified support, and a unified bill. AireSpring’s QuoteSpring and other tools can tell you what all your options are via real-time APIs to all carriers, technologies and vendors.
About the Author
Mike Chase recently rejoined AireSpring’s executive team in the role of Principal Solutions Architect and Senior VP of Solutions Engineering. He is responsible for leading the development and implementation of customer solutions, like SD-WAN, in advanced network scenarios. Mike has deep experience in the telecom industry, with special expertise in SD-WAN networking, datacenters and Cloud communications. He co-founded and was former CTO of several Cloud ventures, including one of the first Cloud Service Providers to offer hosted virtual desktops worldwide.
Mike L. Chase, J.D., CCIE #7726 | firstname.lastname@example.org | o. 818.922.1147 | c. 760.547.6080