SD-WAN 101 Learn the Basics & What it Means
How the WAN is Changing for Your Future
Learn how the WAN is changing for Your Future SD-WAN 101
Technology is rapidly changing bringing new concepts to your organization; all aimed to help your organization move further into the Digital Transformation age. One key area of focus is the evolution of the Wide Area Network, the main connectivity highway for your Workforce, Cloud and Data Center Application and Services. Software Defined WAN (SD-WAN) is a relatively new and innovate approach intent on offering more optimized connectivity for the Enterprise. Learn the basics of SD-WAN, What it is and why is it being viewed as the next architectural change you need to consider.
Female Voice: Great. Thanks so much, everyone, for joining. Today is our SD-WAN 101 webinar. We have Rob McBride joining us to present. He has over 15 years of experience with us as a software solutions expert, and I’ll just let him take it from there.
Rob: Thanks very much. Good day, everybody, wherever you’re at in the world. Over here in San Jose it’s actually quite a beautiful day, thankfully. I’m going to try and keep this, as much as I can, brief and short. Our agenda today is really just to kind of give you a little bit of a teaser into what software defined WAN is, some of the basic components and just some of the general benefits and things to take into consideration as you look at this as a potential path to some sort of transformative change that you want to do. So with that, I’m going to go ahead and get started.
So to kick it off, I think most here who are listening in or will listen in, understand that there are a lot of things happening from a trend aspect that, of course, are affecting us within the networking world. I picked three here to discuss and just try to characterize how they impact us within the industry. Obviously with cloud, what we see is, there’s a strategy being put in place by a number of you within the enterprise as far as trying to understand how you take advantage of a software as a service strategy or application, for example like Office 365.
In talking to some customers, we’ve come to understand that, while you may deploy Office 365, it becomes apparent to you that there’s a significant performance impact at your various different remote location branches that make you consider: How do I rearchitect my WAN, as an example. It brings a number of new performance considerations and bandwidth considerations at a branch.
From a mobile perspective, I think this one’s fairly obvious. Of course there are a lot of mobile devices and utilities that we use there, but when we look at certain industries like retail and talk to a couple customers, there’s an impact on the network from a security perspective, but also a user experience thing. How do we provide positive, let’s say, in-store experiences to people; but also secure our own store and our own intellectual property.
In addition to that, obviously, from a social perspective, if you’re like me, I spend a lot of time on either Twitter or Facebook. During times of crises, there’s an impact on the network where people want to communicate and socialize what’s going on. But when we’re looking at it from a business angle, that can actually impact performance for some mission critical stuff.
Again, a quick story from a customer: In the recent hurricane, being a food distributor, their main goal after the lights came back on was to ensure they were having some continuity of operations. What they wanted to do was – they needed to suppress people utilizing social media to try to communicate with friends and family, but architect it in such a way that they still can communicate but to prioritize their traffic to their main data centers to address their shipping concerns and things.
In general, and to review, of course these three things impact a network both from a performance perspective as well as a security angle. So when we look at it, we look at the wide area network. We’ve been doing things in the wide area network for years, and there’s a saying that sometimes the current WAN of today is unable to meet some of the needs of what we’re doing tomorrow. That really talks to some of these trends, either cloud or mobile device, social; even sometimes on the Big Data analytics perspective.
To summarize what some of those challenges are, we’re looking at some levels of complexity as …
… perspective to do a quick recap and review here. The trends, of course, have been impacting us. The WAN now becomes challenged, either from a bandwidth angle as a result of a combination of costs to low-bandwidth circuits that we can actually procure today …
Sorry about that. Limited application awareness as far as being able to see your users and the type of traffic flow that’s going, and the levels of fragmentation associated to your security policies and things.
But in general, all these together provide a level of challenges to the WAN today that’s impacting you and you trying to assess how you want to move forward tomorrow in looking at trying to address those trends for your own business strategies.
So when we look at it, there are a number of different answers to those problems. One of them that, obviously, we’re going to talk about today is software defined WAN, or SD-WAN. We took out a quote from Gardner from a report they published in December of 2016. They make a prediction that roughly 30 percent of enterprises will have deployed SD-WAN technology in their branches, which is obviously up from one percent today, considering it’s that new.
But there’s a reason why they seem to be predicting, quite frankly, a very large explosion of adoption related to this particular technology. What SD-WAN wants to provide for us is – it gives you the ability to increase your bandwidth as a result of easily integrating different types of circuits in your WAN to help reduce your circuit costs but also improve your bandwidth at these particular locations; giving you the ability to deploy more of a hybrid WAN strategy.
Associated, too – there are some other embedded elements associated to what any one SD-WAN vendor might provide to you as far as their technology and solution is concerned. That really pertains to application awareness as well as simplification as to how you manage your operations as well as to how you control your WAN infrastructure and assets.
So when we look at just the basics of what SD-WAN is, what SD-WAN really is, it’s really about taking software defined networking to rearchitect the WAN to optimize and control traffic between locations. At its most basic, that is what SD-WAN is.
When we look at the how, the how is really utilizing controllers to control infrastructure to create encrypted overlays on top of an existing WAN transport infrastructure. This can be accomplished by either replacing existing CPE devices or augmenting or putting in place with existing CPE devices. At a higher level, when you look at SD-WAN, there are four categories or functions or features, if you will, that you attain from it, or that it provides you.
There’s a level at the top that’s analytics, monitoring operations, and the ability to drive and direct application based policies through the WAN infrastructure; having a very robust forwarding infrastructure that’s distributed; and of course being able to attach to a very transport independent fabric.
Obviously you see the words here. It’s kind of great, but let’s get a little bit more deeply into this. What I want to do is just show you a little bit more detailed picture about what SD-WAN looks like and what some of the layers are. We’ll talk about a customer example here in a minute. Before we kick that off, what I want to do is just open up a poll. Take your time in reading it and actually answering it. It helps us understand where you come from within the WAN and what you’re utilizing there. It’s a little bit relevant as far as looking at things from a hybrid angle.
So, great. You guys are starting to answer in. We’ll close the poll out here in a minute or two. Thank you. So when we look at SD-WAN as far as an overall architecture here, I had articulated four layers before. I’m depicting, here, three. We’re going to start from the bottom. We’re going to start from the distributed forwarding layer. View this as your CPE, or your premise device; previously your existing router, or any sort of managed device that you have from a provider. This is actually what takes care of forwarding your traffic; whether layer two or layer three traffic, moving bits from point A to point B.
In an SD-WAN architecture, these are all distributed. These are the ingress and egress points, if you will, to the tunnels that you’re going to utilize and encrypt through your transport, creating a variety of different types of topologies associated across your WAN; whether it’s full mesh, hug and spoke, or partial mesh.
Then from there, of course, your endpoints – your data centers, your branches, remote sites, campuses, even some of your cloud assets – of course connect into some level of transport. With that I’m going to actually close the poll, just so we can see some of the results associated with what you guys are using.
Now, the important part of SD-WAN, or the great part of SD-WAN, I should say – it’s also important – is actually transport. It’s what provides you the ability to take different types of transport and utilize them seamlessly and used them almost as if they’re a singular infrastructure. So when we look at it, it’s really about consuming [unintelligible 00:10:17], MPLS services, business internet services, LTE; or, in some cases, for some of our customers that we’ve talked to, they actually leverage commodity based internet as well.
So when we take a look at that, we see some of you guys as far as – about 21 percent seem to be deploying hybrid, 18 percent are deploying MPLS, and six percent use dual MPLS VPNs and circuits. A couple are using public internet. The beauty about SD-WAN is, it gives you the power to be able to use all of them simultaneously and be able to then derive specific application based policies to determine which path is going to be best for your particular SLAs. When I go through the customer example, this makes a little bit more sense as far as utilizing hybrid based transport connectivity.
So that’s the transport layer. It’s really our pipes: Utilize a wide variety and hybrid variants through those pipes, connecting to all of our distributed forwarding endpoints that are basically the tunnel initiators as well as tunnel terminations.
Then, of course, the top layer: We look at it as a control layer. The control layer is typical of what’s in an SD-WAN architecture. There’s kind of a brain behind it all that manages the configurations, the control plane policies between all the distributed elements. It’s basically a controller, to use a very simple word. But also associated to this top level portion of an SD-WAN architecture are automation elements, things like zero touch provisioning to facilitate your bring-up of a particular site or autoconfiguration of your particular business needs; as well as providing your management layer, being able to actually look at your devices and take a look at any sort of analysis as far as what the flows are doing and what your traffic is doing.
So at a high level, there are three portions to this. There’s your controller or controlled, centralized monitoring and operations, your transport layer, and then of course your distributed forwarding elements. All of these provide connectivity. There are a variety of different types of policies that you need between your data centers, your campuses, your branches, remote sites; as well as these cloud assets, whether it’s an infrastructure as a service or software as a service asset.
So moving on, in just a little bit more detail on some of the things SD-WAN can give you: There’s operational simplicity that you hear about. We talk about it quite a bit; hybrid WAN; application or cloud awareness; as well as having a secure infrastructure. As you can see through the boxes there, I give some characteristics of what each of those really mean.
When we look at simplicity, it’s about making it so that you really have as little touch on your network infrastructure to the WAN as possible. SD-WAN is intended to make this simple for you. You want to be able to deploy a CPE or be able to automate deployment of a CPE, in a virtual [unintelligible 00:13:30], so you’re actually not really touching it. ZTP is what we call it – zero touch provisioning.
You want to have that view being centralized. This is the control layer, the controller that we were talking about. Of course there’s another piece that you want to ensure – that interoperability with existing devices or premised devices you have. This could be something so simple as connectivity options physically or integration as to tool sets that you might be particular in using, as well as protocol usage.
Hybrid WAN is really about empowering you to look at your transport layer and be agnostic to it. You want to be able to support multiple types of transport in order to increase your bandwidth but also increase your availability and [unintelligible 00:14:11] associated to it. We’re getting to a point where business internet – or, let’s say, commercial internet – is actually becoming good enough that you can actually drive certain critical services and applications like voice over IP across that. But SD-WAN helps to be able to determine, is right now a good time for me to use that particular link for this application; or is some other link I’m using to transport not good enough; do I need to switch.
That really, then, drives into the application and cloud awareness. You want to have a level of integrated intelligence directly at the distributed forwarding layer, that’s close to where your users of the applications are, to actually understand and be able to monitor those apps so you can make intelligent decisions as to how you want to reroute or re-forward your traffic flow across your multi-transport infrastructure.
With that comes a level of distributive analytics, to really understand what the traffic is doing. Very importantly, of course, depending on the SD-WAN path that you go, there’s a level of topology support on a per application basis. Some applications, for example, like a POS system, utilize a hub and spoke kind of architecture because of the centralization. Others may not require a hub and spoke architecture. It may be more full mesh, like voice over IP for example. But the ability to have that awareness, and ability to have multiple topologies based on your application is also part of this.
Of course the infrastructure level: You want to secure your connectivity. You want to be able to support the existing protocols you’re used to that are in your branches or in your data center, like OSPF or BGP, and be able to centralize the control of that but distribute the forwarding associated to those things.
So I see a couple questions coming in. We’ll take those here in about a minute or two. So please, keep them coming in, if you have some questions you want to ask me. If I am unable to answer questions, I’ll make sure I reach out to you directly and get you something appropriate.
So when we look at SD-WAN, there are a couple of things you want to take into consideration when you either evaluate your vendor or you evaluate the technology in and of itself. In no order of importance, I’ve put a couple of bullets here for things for you to think about. I’ll run through a couple of them. The first one is really topology and segmentation support. You’ve heard me mention a couple of things about that. What that really is, is what’s the level of support, or what’s your need to actually have hub and spoke topologies for X application; full mesh topologies for different types of applications; and can that be supported in the SD-WAN appliances or solution that you might be looking at.
Then, also, you can look at it from a security standpoint; which, I think, is the obvious statement. We have a couple of customers that are involved in M&As. They need to have levels of segmentation to protect different organizations until such time as they begin to merge. In other cases, when you look at IoT as a potential application or solution, you obviously have a lot of third-party partners or third-party businesses, or what have you, that need to have a point of presence inside of your network. So you want to be able to segment them so you don’t allow for them to become an attack vector from a security angle into your own corporate infrastructure.
Key management is also another one for you to look at. As you heard me mention before, part of SD-WAN is about creating an encrypted tunnel overlay on top of your transport. There are some implementations that use pure IPsec, use IP2, et cetera. However, there comes a level of key management that’s critical, depending on the scale of your operations and the number of sites that you have being deployed.
As some may attest in your current status quo approaches, building networks from your branches into your data centers, key management can potentially be a big pain point. I know I have from some installs that I’ve done.
The last one I’ll really touch on, and then we’ll move on here, is really about cloud. Is there an ability for you to be able to extend your WAN directly into your infrastructure as a service vendor, or even into your own private cloud you’ve built? Can I place an SD-WAN distributed forwarding endpoint inside of Amazon, inside of Azure, in order for you to have some sort of seamless transport connectivity into that workload that you’ve got there?
The other part about SaaS: There’s an element of integration. But what it really is is about deep awareness of what the SaaS is, and where it’s going, and what it needs. We find a lot of SaaS vendors – I touched on O-365 a couple of times here. They recommend direct internet access. From a level of integration, it’s about, is there a level of intelligence and awareness in the SD-WAN infrastructure to understand, what’s my best exit point to actually get to my SaaS application. That’s something to actually take into consideration as you look at SD-WAN to potentially meet your needs.
So this is an actual customer. I’ve held the name due to their request. This is a retail based enterprise [unintelligible 00:19:41], both company as well as franchise owned. They’ve got a little over 4200 sites across the world, basically. We broke this down into the four different components that they actually looked at. Obviously, as you can see, they’ve done a comparison, before and after.
The components they’re really talking about: Their circuits, their transport; MPLS, what kind of circuits they use to increase their bandwidth; how fast were they actually able to look at their stores and make changes to their stores across their entire infrastructure. Security: Their need to actually secure applications like POS from other services that they’ve got being delivered to each of the in-store properties; and then, of course, management.
When you look at before, they were looking at a poor price of bandwidth. So basically, they could increase their bandwidth; but it was at very, very high cost. I think some of you can relate to this. When we look at implementation for them, it took about nine to 12 months to plan; and then they could only do two stores per day. When you look at 4200 sites, that’s a lot of stores. If you can only do two stores per day, that really takes a long time to get there.
Security: They were using both firewalls and MPLS to isolate some traffic. Then they were utilizing a mishmash from a variety of different tools as a result of corporate standards and some on the franchise side as well.
So after utilizing – of course it was a Viptela SD-WAN solution that they purchased. They’ve been able to claim roughly up to about 70 percent cost savings on their circuit. They went to a broadband in order to bring higher bandwidth into their stores, in order to address some in-store experience stuff; things like guest Wi-Fi, as well as some in-store digital advertisements. They were able to get higher bandwidth at a cheaper cost as a result of utilizing broadband and then utilizing SD-WAN to make that seamless transition and integration between MPLS circuits and broadband circuits.
They were able to, now, start rolling out 25 stores a night. So clearly this is a great benefit to them, because now – 4200 divided by 25 versus 4200 divided by two – it helps them to actually roll things out much quicker.
There was security built into the SD-WAN solution as a result of segmentation capabilities that we provide, allowing for them to secure their POS and guest Wi-Fi, as well as some other services like video that they provide in store. Then they were able to finally centralize and standardize their level of management for their visibility purposes and requirements here.
We do have some notes available on our website you can take a look at that actually might give you a little more detail as far as this specific customer deployment example.
So really, who benefits from SD-WAN? Truthfully, everyone does. It doesn’t really matter what industry you are, whether you’re in oil and gas, whether you’re in manufacturing, you’re a service provider; no matter what size you are, from small to large enterprises – some huge banks and things. Ultimately there’s a lot of benefit SD-WAN can provide you from control, really putting the destiny of the WAN back into your hands; or taking advantage of cheaper circuit costs as a result of really looking at commodity internet or business space internet to help augment some of your MPLS VPN cost, if you will, but still be able to deliver positive experiences with those critical applications like voice.
On that note, what we had – I’ll end with the customer story before I look at the questions here. Again, this was a hurricane customer. They were impacted there, but they had an MPLS added before the hurricane actually hit. They’re a distributed enterprise across all the continental United States. They had some concerns about running voice over IP over their broadband internet services. When we were working with them, we told them about a customer of ours that runs all of their IP [unintelligible 00:24:00] for 911. But that was obviously within a single city. So they were concerned about it being widespread across the states.
So when their VPN actually got impacted, all their services based off the configuration of policies we had flipped over to their broadband. They were pleasantly surprised and commented that broadband now is good enough to be able to drive their voice services, because not a single user was impacted or even noticed they flipped over to a different, arguably – perception wise – less mission critical capable type of utility.
Bottom line: What it means is, there is some automation that can be derived from SD-WAN, but at this moment broadband based internet can be good enough for you in order to help drive some mission critical types of apps and services.
So with that, I’m going to take a look at some of the questions; and then we’ll talk about [unintelligible 00:24:55] kind of stuff. Then we’ll go ahead and end the webinar.
Female Voice: Great. Thanks for that. Rob. That was really great. We have several questions coming in. Everybody’s been really engaged. Thank you for that, participating. We have, what is the difference between SD-WAN tunnel architecture and the queues in the COS for MPLS.
Rob: So I’ll try to answer as best I can. I have some technical expertise, but I’m not really deep there. So if my answer doesn’t answer your question, let me know and reach out to me through my contact I’ve put here. We can discuss some more stuff in detail.
At a high level from a tunnel perspective, this is a really about creating, say, an IPsec tunnel, end to end, between – in Viptela’s world, we call them vEdges, vEdge routers, which is [unintelligible 00:25:43] device that would be deployed. An IPsec tunnel is created between these two endpoints. Within this tunnel, we segment. A nice comparison here would be, it’s almost like creating a VRF and putting a VRF per application, and punching that through the tunnel.
From an MPLS COS, this is obviously about class of service and the level of priority I want to put on a specific type of application. Now, simultaneously, prioritization can be done, also, through the segments and through the tunnel; but what we’re talking about for tunnel and segmentation is basically creating a separate topology or a separate network within the tunnel in and of itself for a specific service that you actually classify. I hope that actually answered your particular question there.
Another question that came in was, from a transport perspective, assuming that [unintelligible 00:26:40] private lines can now be mixed in SD-WAN, because it’s not IP based. If I could I’d ask for clarity: Maybe I’m not understanding on the private line piece of it. Really it’s going to depend on your vendor. An example for Viptela: We support a wide variety. We do support T-1 access for low-speed interfaces. We support those, but we also have some native LTE support that allows you to put a [SIM] inside of it. So my best guidance for your question there is, really it’s going to depend on the vendor. Look at the vendor and what kind of transport options they provide you as it relates to their SD-WAN solution.
Female Voice: Great. Then a bit more information is being asked about distributed analytics, if you can tell us a little bit …
Rob: Yes. So, distributed analytics is – as you saw me mention before, part of the SD-WAN architecture – you may not have guessed already – is kind of hinting at what Viptela actually offers here. At the endpoints themselves are distributed forwarding elements. Inside of those forwarding elements, or vEdges as you heard me call them, there are analytics being captured; flow statistics, measuring of latency and jitter as well as delay; in order to help attribute and achieve a variety of different SLAs based off of policies you define from the centralized controller.
So all that information is distributed to each endpoint; and then obviously the information [unintelligible 00:28:15] up and centralized to a product we call vManage, which is your control endpoint, so you can see what’s going from a flow perspective. That’s what I mean from an analytics angle there. If you want to know more, by all means reach out to me, and we can chat a little bit more with some of our product team.
Female Voice: Great. That puts us right at the 30 minute mark; so again, reach out to us, multiple ways; certainly through our website. It’s firstname.lastname@example.org, a quick and easy way to continue submitting questions. We look forward to seeing you next time. We are hosting webinars every other Thursday, the first and third Thursdays of the month. That will wrap it up for us.
Rob: Just to close out, thank you guys for your time. Reach out to me directly. As you see, you can either reach me on Twitter or my email, or you can reach us on Twitter. I’ve put some pretty good resources for you guys to learn more, either about Viptela or just what customers in the industry are doing. One piece [unintelligible 00:29:14] for you guys to maybe take a look at, if you’re looking at deploying Office 365 or actually have, we’ve got a nice little piece from an analyst that addresses that and gives you some guidance.
The last question from one of our attendees here: Yes, we will be posting today’s deck. We’ve actually recorded this presentation so you can listen to this on demand, and we’ll give you a copy of this in PDF format so you can actually utilize it further. With that, I appreciate your time. I hope all of you have a great today, no matter where you’re at in the world. Thank you.