KB ID 0001752
SD-WAN?
What is SD-WAN? A (Software Defined Wide Area Network) is a solution that unlike previous WAN architectures, (the type you typically see on a Visio diagram with maybe some MPLS, leased lines, and maybe some Optical DWDM etc. in them).
SD-WAN gives you a more ‘Layered‘ approach, that directs USERS to APPLICATIONS based on POLICIES.
For example, let’s say your main business CRM is a SaaS solution like SalesForce, it’s secured by https, it’s trusted, instead of sending that traffic from all your sites to the Datacenter (where your corporate firewall is) then sending it onwards, why not utilise the local internet connection on each of your sites? Now all that bandwidth is not needed on the the connection to your DC, or more importantly isn’t slowing down the accounts application that’s got it’s database ‘back-end’ in the Datacenter.
In the example below, you can see the topology is very similar. Users in Office 1, who need to go to Microsoft Office 365 (for example) can use their local internet connection. Users in Office 3 have a 5G connection on their router, and SD-WAN has calculated that using that connection is more efficient way to get to Office 365.
But it does not stop there, (hence me saying it’s more layered). To access a corporate application in the Datacenter, you can see in this example the leased line from Office 1 to the Datacenter , is running slowly and is contended, SD-WAN can calculate that if it uses its local internet connection to spin up a dynamic VPN to the Datacenter, the ‘User Experience‘ will be a lot better. Likewise for users in Office 3 SD-WAN can calculate if it spins up a Dynamic VPN to the Corporate HQ, then onwards via MPLS it’s the ‘best‘ route (based on the policies you have specified).
I like the way Juniper describe this as “Elastic Traffic Management” what it gives you, is a collection of Virtual Network Overlays for the routing of different applications.
What SD-WAN ISN’T
I was talking to a client a few weeks ago and they said;
“We are retiring our MPLS network and moving to SD-WAN”
SD-WAN is not a replacement for MPLS! Yes it can provide similar ‘connectivity’ functions. But you need to apply some common sense, if all your company sites need to speak to each other, (phone systems anyone?) Then you’re potentially replacing dedicated bandwidth with a VPN connections, (because SD-WAN will build dynamic VPNs between endpoints). So yes you can replace a lot of CPE routers, or MPLS connections or leased lines on some of your less trafficked sites. But your large offices and data centres may still need fast reliable (read expensive) links, because SD-WAN is the control plane that will steer your applications over your network, but if those links are a ‘wet piece of string’ then performance will not be great.
The best explanation I can give is SD-WAN is a WAN overlay solution, to improve user experience, and add some dynamic resiliency. Or if you are a network engineer think of it like ‘DMVPN with Intelligence‘.
What is SD-WAN, (Isn’t it Just SDN But for WANs?)
That’s a sensible assumption to make, and you can draw a lot of parallels. I prefer to think of them as two different things that share some similarities. (Central control plane, intelligence, and application based routing). But SDN is designed for Data Centers, SD-WAN covers DCs and branch sites. Also SD-WAN has the concept of “Zero Touch Provisioning”, (1. Ship your devices to site, 2. Connect them to the internet, 3. They ‘call home’ 4. They download their configs and policies automatically).
What is SD-WAN and How Do I Deploy SD-WAN?
That depends on which ‘Vendor’ you want to work with, whoever you choose, the deployment will involve deploying new (or updated) Endpoint Devices (typically routers or firewalls) and an SD-WAN Control Plane. The control plane can be an appliance (or several appliances,) or ‘Cloud Based‘. I’ve looked at three solutions. FortiGate, Meraki, and Cisco, (yes I know Cisco own Meraki). Which solution you choose will (normally) depend on what you are happy to support. Of the three I prefer FortiGate, it’s not as simple as Meraki, but if you are replacing your edge devices the cost, throughput, connectivity options make it the most sensible option. Cisco is typically ‘Ciscoesque‘, i.e. I spent about 9 days watching videos about their SD-WAN solution, it only works with ‘some’ of their endpoints (routers) and you need to put some thought into the deployment and design of the control plane. If you have a lot of in house Cisco guys and typically only ever buy Cisco, then, your hands are tied.
Related Articles, References, Credits, or External Links
NA
