This is the second installment of a three-part series discussing SD-WAN (Software Defined WAN), what current problems it may solve for your organization, and what new challenges it may introduce. Part 1 of the series, which discusses some of the drawbacks and challenges of our current WANs, can be found HERE. If you haven’t already, I would recommend reading that post before proceeding.
Great! Now that everyone has a common baseline on where we are now, the all-important question is…
Where are we going?
This is where SD-WAN comes into the picture. SD-WAN is a generic term for a controller driven and orchestrated Wide Area Network. I say it’s generic because there is no definition of what does and does not constitute an SD-WAN solution and as can be expected, every vendor approaches these challenges from their own unique perspectives and strengths. While the approaches do have unique qualities about them, the reality is that they are all solving for the same set of problems and consequently have been coming to form a set of similar solutions. Below we are going to take a look at these “shared” SD-WAN concepts on how these changes in functionality can solve some of the challenges we’ve been facing on the WAN for a long time.
Abstraction – This is at the heart of SD-WAN solutions even though abstraction in and of itself isn't a solution to any particular problem. Think of abstraction like you think about system virtualization. All the parts and pieces remain but we separate the logic/processing (VM/OS) from the hardware (Server). Although in the WAN scenario we are separating the logic (routing, path selection) from the underlying hardware (WAN links and traditional routing hardware).
The core benefit of abstraction is that it increases flexibility in route decisions and reduces dependency on any one piece of underlying infrastructure. All of the topics below build upon this idea of separating the intelligence (overlay) from the devices responsible for forwarding that traffic (underlay). Additionally, abstraction reduces the impact of any one change in the underlay, again drawing parallels from the virtualization of systems architecture. Changing circuit providers or routing hardware in our current networks can be a time consuming, costly and challenging tasks. When those components exist as part of an underlay, migration from one platform to another, or one circuit provider to another, becomes a much simpler task.
Centralized Perspective - Unlike our current generation of WANs, SD-WAN networks almost universally utilize some sort of controller technology. This centrally located controller is able to collect information on the entirety of the network and intelligently influence traffic based on analysis of the performance of all hardware and links. These decisions then get pushed down to local routing devices to enforce the optimal routing policy determined by the controller.
This is a significant shift from what we are doing today as each and every routing device is making decisions off of a very localized view of the network and only is only aware of performance characteristics for the links it is directly connected to. By being able to see trouble many hops away from the source of the traffic, a centralized controller can route around it at the most opportune location, providing the best possible service level for the data flow.
Application Awareness - Application identification isn't exactly new to router platforms. What is new, is the ability to make dynamic routing decisions based off of specific applications, or even sub-components of those applications. Splitting traffic between links based off of business criticality and ancillary business requirements has long been a request of both small and large shops alike. Implementing these policy based routing decisions in the current generation networks has almost always resulted in messy and unpredictable results.
Imagine being able to route SaaS traffic directly out to the internet (since we trust it and it doesn’t require additional security filtering), file sharing across your internet based IPSec VPN (since performance isn’t as critical as other applications), and voice/video across an MPLS line with an SLA (since performance, rather than overall bandwidth, are more important). Now add 5% packet loss on your MPLS link… SD-WAN solutions will be able to dynamically shift your voice/video traffic to IPSec VPN since overall performance is better on that path. Application centric routing, policy, and performance guarantees are significant advancements made possible with a centralized controller and abstraction.
Real Time Error Detection/Telemetry – One of the most frustrating conditions to work around on today’s networks is a brown out type condition that doesn’t bring down a routing protocol neighbor relationship. While a visible look at the interfaces will tell you there is a problem, if the thresholds aren’t set correctly manual intervention is required to route around such a problem. Between the centralized visibility of both sides of the link and the collection/analysis of real time telemetry data provided by a controller based architecture, SD-WAN solutions have the ability to route around these brown out conditions dynamically. Below are three different types of error conditions one might encounter on a network and how current networks and SD-WAN networks might react to them. This comparison is done based off a branch with 2 unique uplink paths.
Black Out: One link fully out of service.
Current Routers: This is handled well by current equipment and protocols. Traffic will fail over to the backup link and only return once service has been restored.
SD-WAN: SD-WAN handles this in identical fashion.
Single Primary Link Brown Out: Link degradation (packet loss or jitter) is occurring on only one of multiple links.
Current Routers: Traditional networks don't handle this condition well until the packet loss is significant enough for routing protocols to fail over. All traffic will continue to use the degraded link, even with a non-degraded link available for use.
SD-WAN: SD-WAN solutions have the advantage of centralized perspective and can detect these conditions without additional overhead of probe traffic. Critical traffic can be moved to stable links, and if allowed in the policy, traffic more tolerant of brown out conditions can still use the degraded link.
Both Link Brown Out: All available links are degraded.
Current Routers: No remediation possible. Traffic will traverse the best available link that can maintain a routing neighbor relationship.
SD-WAN: Some SD-WAN solutions provide answers even for this condition. Through a process commonly referred to as Forward Error Correction, traffic is duplicated and sent out all of your degraded links. A small buffer is maintained on the receiving end and packets are re-ordered once they are received. This can significantly improve application performance even across multiple degraded links.
Regardless of the specific condition, the addition of a controller to the network gives a centralized perspective and the ability to identify and make routing decisions based on real-time performance data.
Efficient Use of Resources - This is the kicker, and I say that because all of the above solutions solve truly technical problems. This one hits home where most executive care the most. Due to the active/passive nature of current networks, companies who need redundancy are forced to purchase double their required bandwidth capacity and leave 50% of it idle when conditions are nominal. Current routing protocols just doesn't have the ability to easily utilize disparate WAN capacity and then fall back to a single link when necessary.
Is it better to pay for 200% of the capacity you need for the few occasions when you need it, or pay for 100% of what you need and deal with only 50% capacity when there is trouble?
To add to this argument, many SD-WAN providers are so confident in their solutions that they pitch being able to drop more expensive SLA based circuits (MPLS/Direct) in favor of far cheaper generic internet bandwidth. If you are able to procure 10 times the bandwidth, split across 3 diverse providers, would your performance be better than a smaller circuit with guaranteed bandwidth even with the anticipated oversubscription? These claims need to be proven out but the intelligence that the controller based overlay network gives you could very well prove to negate the need to pay for provider based performances promises.
Reading the above list could likely convince someone that SD-WAN is the WAN panacea we’ve all been waiting for. But, like all technological advancement, it’s never quite that easy. Controller orchestrated WANs make a lot of sense in solving some of the more difficult questions we face with our current routing protocols but no change comes without its own risks and challenges. Keep a look out for the third and final installment in this series where we will address the potential pitfalls associated with implementing an SD-WAN solution and discuss some ideas on how you might mitigate them.