An Overview of SD-WAN

The permeating adoption of cloud-based services with related applications has culminated into a large portion of traffic- travelling back and forth across broadband Internet and WAN connections. In today’s world of ubiquitous connectivity, legacy WAN Architectures face some significant challenges, which typically consist of multiple MPLS transport(s) or MPLS paired with an Internet circuit (used as active/backup). Internet traffic is often backhauled to the regional data centre for Internet access. This architecture faces a few challenges along with routing-related issues. Some of the problems with such architectures are:

1. Insufficient bandwidth along with high bandwidth costs
2. Application downtime
3. Poor SaaS performance
4. Complex operations
5. Complex workflows for cloud connectivity
6. Long deployment times and policy changes
7. Limited application visibility, and
8. Difficulty in securing the network.

Components of WAN

A standard WAN Router consists of the following three fundamental components:

1. Control Plane: Consists of a Routing Table or Routing Information Base (RIB) created with the help of routes.
2. Data Plane or I/O Module: Consists of a Forwarding Information Base (FIB), which is a replica of the RIB.
3. Switch Fabric or Backplane: The Router Control plane and the data plane are connected via a common backplane.

If any of the above planes become faulty, organizations would face outages in the network.

SD-WAN: The answer to network outages

SD-WAN is a technology that has evolved as a solution to address the above challenges related to architectures and routers. Software-defined networking is a centralized approach to network management.

In SD-WAN, the Data Plane forwarding and Control Plane are segregated to centralize the network’s intelligence. This architecture allows for centralized provisioning, monitoring, troubleshooting, better network automation, and operations simplification.

Need for SD-WAN

SD-WAN is an enterprise-grade WAN architecture that enables digital transformation for enterprises. It helps to integrate all facets of secure networks, such as routing, security, centralized policy, and orchestration into large-scale networks.

Previously, everything was managed from the data centres, which made all routing processes complex and time-consuming. Nowadays, the fundamental architectural model consists of a Central Controller and Edge devices distributed at branch offices and data centres. This architecture will likely evolve into multi-controller models and open APIs for integrating the controller with higher-level orchestration systems.

Benefits of SD-WAN

1. Comprehensive security and end-to-end network segmentation: Usage of VPN tunnels, next-generation firewalls, and the micro-segmentation of application traffic
2. Centralized Policy Management: Single pane of glass for policy-push across the entire network
3. Transport-independent: SD-WAN delivers independence from underlying transport, whether internet or MPLS
4. Deployment flexibility: Due to the separation of the control plane and data plane, controllers can be deployed on-premises/cloud or a combination of both
5. Application visibility: End-to-end visibility into applications and infrastructure across the entire SD-WAN infrastructure
6. Recognition and application-aware policies: Micro-segmentation of applications with policy-based filtering
7. Easy troubleshooting, configuration, and monitoring: Single dashboard and real-time monitoring for configuration and troubleshooting
8. Reduces costs: SD-WAN can reduce this cost by utilizing low-cost local Internet access, providing direct internet access, and reducing the load on the data centre.

Requirements for SD-WAN Solution

Business-Centric Policies: Connecting and configuring networking devices has required a tremendous technical translation of business needs to underlying rules and protocols over the last three decades. This complexity has stimulated an entire ecosystem of deep but costly technical proficiency; SD-WAN creates a chasm between business need and deployment.

Uncompromised Cloud-Readiness for Remote Offices: Traditional WAN architectures are no longer serving businesses. Legacy models route application traffic from remote offices via expensive low-bandwidth WAN links to centralized data centres equipped with perimeter monitoring and security technology. By imposing SDWAN architecture, customers may adversely utilize the performance of cloud and Software-as-a-Service (SaaS) applications using reducing latency can avoid bandwidth constraints by utilizing cost-efficient Internet transport.

Transport-independent: SD-WAN delivers independence from underlying transport, whether internet or MPLS.

Modular, High-Performance Software: Most networking devices in the market today are built with computing, memory, and storage technologies that are more than five years old and were not designed to operate or function in general-purpose computing environments (such as Intel x86). Antiquated technology cannot keep up with modern business demands, particularly regarding transforming their WAN from one dominated by esoteric networking commands to one managed following business policy. Furthermore, because this antiquated technology is not virtualization friendly, businesses are unable to virtualize these devices on general-purpose computing hardware of their choice.

Actionable Analytics, Self-Healing: With legacy networking devices that are practically blind to the intricacies of application performance, businesses have been forced to augment their network infrastructure with a host of performance monitoring and visibility solutions. It needs significant investment for servers, storage, and management to provide limited value in scenarios where these systems do not see application traffic, which is common in direct Internet scenarios.

SD-WAN Market Analysis

Today, enterprises seek a lean setup for a new branch/office. The SD-WAN solutions available today are easy to deploy and have the ability to grow gradually based on need. However, there is inconsistent vendor support across WAN capabilities faced in the market today. Some of them are:

• Inconsistent Routing Support: Few vendors support both LAN and WAN-side dynamic routing. Another classification is based on routing on the WAN side, static routing, while other vendors support no routing at all
• Automated IP address discovery and address table creation is being supported by less than half the vendors in the SD-WAN market
• A few vendors in the SD-WAN market support legacy WAN interfaces such as T1/E1
• Not all vendors support integration with orchestration systems and northbound REST APIs
• A few application features are readily available across vendors in the market. Enlisting some of them below:
• Support of multiple form factors, including x86 platforms and virtualized platforms
• Full application discovery, including separating voice, video, and data within a WebRTC collaboration application
• Reporting and visualization capabilities
• The breadth of algorithms available to load-balance across multiple pipes effectively
• The scalability of the number of sites, VPN tunnels, and throughput capacity of edge devices

Components of SD-WAN:

The SD-WAN market is seeing an evolution concerning greater functionality embedded within SD-WAN solutions, along with the evolution of vendors’ architectural options.

Let us look at each of the components of the architecture in detail:

The Management Plane

The Management Plane is the system’s user interface and the dashboard with which network administrators interact daily. It is responsible for collecting network telemetry data, running analytics, and alerting SD-WAN fabric events.

Admin uses it to create device templates, push configurations, and accomplish overlay traffic engineering. Management Plane can be deployed on-premise or in the public cloud. However, it is extremely resource-intensive, so most customers opt for cloud-based solutions.

The Orchestration Plane

The Orchestration Plane’s role is to manage the process of adding new unconfigured devices to the SD-WAN fabric. It is responsible for the authentication and access controls of Edge routers and the distribution of control/management information.

The Control Plane

The Control Plane is the brain of the overlay fabric. They promote routing, policies, and security. In the control plane topology, they are configured as hub routers. Controllers are analogous to BGP Route-reflectors or DMVPN NHRP routers in the eyes of experienced network engineers. However, it is critical to understand that these appliances are not part of the Data Plane and do not engage in packet forwarding.

Data Plane

Edge devices represent the Data Plane of the SD-WAN system. They sit at the WAN edge, establish the network fabric, and join the SD-WAN overlay. Everything southbound of the Edge routers is typically traditional networking – offices, data centres, and branches. The SD-WAN system is comprised of everything northbound of the Edge routers.

Every organization’s need differs while deploying cloud-based solutions. We at Hughes Systique can help you evaluate the best solution based on your needs. Here are a few facets that we can help you in:

• Understanding the Architectural requirement (Hardware/software components) for your organization:Team of specialists, tailoring a custom-made solution reviewing all aspects of WAN infrastructure
• Solution applicability within your network: Hughes Systique can help you design a cost-effective solution with an in-depth analysis of northbound traffic and application.
• Evaluate session-based or packet-based solutions: Reducing the network complexity by using session-based routing and dynamic routing decisions specifically for application-centric infra
• Embedded security features: Leveraging inbuilt FW, IPS, VPN along with secure zero-touch provisioning
• Low latency platforms for networks: Application quality of service (QoS) categorization and policy changes for predictable performance for low-latency network

HSC's SD-WAN Expertise

HSC serves one of the enterprise business giants, which utilizes SD-WAN technology as the core of their application traffic with a combination of multiple modes of transport (MPLS/Internet/5G/Broadband) and its centralized management for their testbed. This allows testing and representing the demo environment for fleet. Various defined business-focused policies, including Application-aware routings, enable the network analytics to collaborate with multiple security components. The centralized dashboard provides significant insight into the overall network, easy management of network components, and tools to push topology control policies via its centralized dashboard.

HSC supports network transformations & solutions from legacy to SDWAN deployments for on-premises & on-cloud solutions. This network transformation enables customers to reduce their WAN costings and utilize their network in more optimized passion. HSC also supports SDWAN to private/public cloud integrations, for example, Viptela SDWAN-Prisma Integration, Edge-Zscalar Tunnels, services like a cloud on-ramp, SAAS, IAAS. SDWAN also enables automatic SLA-based traffic shifting, which provides incredible End User Quality of Experience.

Let’s connect if you are looking forward to transform your networks and embark on a digital transformation journey