SD-WAN

What is SDWAN? SDWAN vs traditional WAN?

SDWAN 

SDWAN is most advanced technology in WAN.Today there are multiple SDWAN vendors exists. However this discussion will not be vendor specific.It will be a general high level overview about SDWAN solution.

• SDWAN stands for Software Defined Wide Area Network.
• In SDWAN  control plane ,data plane and management planes are segregated.
• In addition to this we have new term in SDWAN which is orchestration plane.
• Orchestration plane is policy driven segment of SD-WAN where we can push any action on sites using policies.
• This action can be traffic flow,routing changes,transport change etc.
• SDWAN has application aware routing functionality.Which means it can identify the applications.So,accordingly critical applications traffic engineering can be done.
• SDWAN solution is transport independent.It's does't matter if you have MPLS, private cloud or Internet link.Just need reachability till controllers.
• SDWAN has controllers which can be hosted on public cloud or on customer on premises  data centres.
• These controllers serve Management ,Orchestration and Control plane services.
• The data plane reside inside the another SDWAN customer edge router device which will be installed on remote sites or Data Center.
• The remote site or customer data center should have underlay reachability till controllers.
• The term underlay and overlay is frequently used in SDWAN environment.
• Underlay is physical connectivity and reachability  of site A to site B or site A to any DC or Site A to internet.
• Overlay is a logical connectivity which is build over underlay using IPSec in case of SDWAN.
• All the Customer Edges SDWAN routers  will connect to controllers using secured encrypted tunnels.
• All the SDWAN controllers will have to exchange the encrypted keys before establishing the secure connection.
• For control plane traffic there will be direct tunnels towards SDWAN which will be established after whitelisting and key exchange mechanism.
• All the SDWAN edges devices will have serial number tagged to a particular organisation.
• Once the control connection between controllers and SDWAN edges is established, All SDWAN edges devices will receive the information about the destination from controllers.
• After getting the the destination information the SDWAN edges will establish the dynamic IPSec full mesh tunnels with all site for data plane connectivity.
• These IPSec tunnel connection is more faster ,dynamic and different from tradition IPSec.
• Advantage of SDWAN is if site has two WAN links either MPLS-Internet,MPLS-MPLS,Internet-Internet.Both can be utilized using policy driven routing.  
• Customer SDWAN edges have plug and play feature no manual intervention required.
• Inbuilt  traffic inspection and detection, no separate hardware required. 
• SDWAN will monitor the all possible underlay end to end hop connections as well.So,  any issues can be reported proactively.
• As SD-WAN controllers are hosted in cloud, this solution has capability of Cloud integration.
• Deployment time is very less.

Traditional WAN:

• In tradition WAN there is no application visibility.
• For each site CPE need manual intervention and Provider dependency for routing and peering setup.
• Does not have flexibility and fast enough to do application aware routing.
• In traditional WAN there is a DMVPN solution to use internet as underlay however that is not much scalable and have limitations.
• Control Plane lies on same CPE so have to login to each CPE for any changes.
• For WAN  Traffic optimization,inspection and detection separate hardware required. 
• Required more bandwidth and both WAN links will not be utilized optimally.
• It has legacy way for cloud integration.When enterprise use multi-cloud, its difficult to manage and troubleshoot.
• If any of the WAN link is highly utilized it require a manual intervention to offload the traffic to backup link.
• The manual offloading is expensive if both links are MPLS as enterprise need to opt for active/active load sharing WAN connection which will increase the operational cost.
• If backup link is DMVPN it has limitation voice and video traffic performance will be degraded.There is no dynamic tunnel tracking.Sometimes required a manual bounce to refresh the tunnel.
• Some of the service providers use 3G/4G backup links on which performance will be very poor with unoptimized traffic flow.
• Enterprises will have very less visibility at provider end.For any issue enterprises need to log a case with service provider where getting response and resolution on time is challenging.
• For each WAN changes enterprise need to engage provider engineer and have to careful about prefix limits.Requires downtime and sometime failover will also not work due to many issues.
• It's very expensive and time consuming.

        

 

Overall because of these advantages most of the organisations are moving towards SDWAN solutions.It is single fabric to manage all the WAN devices.Can SD-WAN replace MPLS? Follow us for upcoming blogs to know more.