It is not often that we witness the birth of such an explosive technology as SD-WAN. Governed by the foundational principles of software-defined networking, SD-WAN has burst onto the scene offering enterprises and service providers the ability to reimagine the way wide area networks have been constructed for the past two decades.
Whether you are an organization looking to simplify WAN management, an enterprise looking for a feature-rich WAN deployment, or a service provider looking for the ability to launch new service offerings, SD-WAN caters to a large variety of use cases.
Most conversations around SD-WAN adoption tend to focus on the four pillars of the solution: cloud-delivered architecture, comprehensive security, better application experience, and agile operations. The value of SD-WAN is very apparent, yet critical considerations regarding transitioning from traditional WAN architecture to SD-WAN get many times overlooked.
Cisco SD-WAN technology powered by Viptela creates an approach consisting of three main solution tiers as depicted by the following figure.
Figure: Cisco SD-WAN Solution Tiers
The most fundamental principle of Cisco SD-WAN is the principle of abstraction through constructing a transport-independent fabric across the physical transports, also known as the underlay. The power of abstraction allows rapid innovation in the overlay with no dependency on the individual physical transport characteristics. For example, services such as segmentation with multi-topology, quality of service, multicast, service insertion and so on can be offered irrespective of the underlying transport’s capabilities. This allows enterprises to strike a proper balance between using private SLA-bound MPLS circuits and public best-effort Internet, and at the same time it also creates opportunity for the service providers to diversify service offerings based on market demands.
Cisco SD-WAN fabric is governed by the principles of zero-trust security where all elements of the solution, be that the vManage management system, vSmart controllers, or the vEdge routers, mutually authenticate each other using certificate-based identities. This approach safeguards the fabric from rogue elements and strictly enforces the white-listing model.
The ability to deliver better application experience starts with the ability to recognize applications flowing through the network. Cisco SD-WAN fabric is equipped with deep packet inspection (DPI) capabilities integrated into each and every vEdge router that participates in the fabric. Application traffic can be steered along the paths based on default active/active forwarding or based on administratively-defined SLAs thresholds. The latter behavior is called application-aware routing.
Transitioning to the cloud creates tectonic shifts in WAN architecture which historically catered to branch-to-branch and branch-to-data center type of communication. The use of hybrid transports consisting of both MPLS and Internet coupled with Cisco SD-WAN intelligence in regards to providing best performing direct Internet access (DIA) towards the popular SaaS applications such as Office365, Salesforce, SAP and so on allows enterprises to properly engineer cloud access for the optimal user experience. At the same time, local and regional secure perimeters delivered through distributed security at the branch, or regional security at the hubs, establish strong security posture for both on-premise communication and cloud application access.
Centralized management of the Cisco SD-WAN solution through the vManage tool creates an “easy button” for common administrative tasks performed against the fabric such as adding and removing vEdge routers, defining device configuration templates, defining application policies, performing software upgrades and so on. vManage also collects fabric-wide statistics in regards to application visibility and path performance, as well as the alarms and events generated by the fabric elements. Common troubleshooting steps can be performed straight from the vManage graphical user interface (GUI), while deep level troubleshooting can involve fully-featured command line interface (CLI) and Linux bash shell exposed on every single element of the fabric. Existing IT tools relying on Syslog, SNMP, and NetFlow Export are fully supported and can continue to operate with Cisco SD-WAN fabric.
Transitioning from existing WAN architecture into SD-WAN strongly depends on routing interaction between the two domains. Careful design of BGP and OSPF routing protocols ensures a smooth transition and eliminates routing loops associated with overlay and underlay protocol redistribution. Cisco SD-WAN offers mature routing protocol implementation backed by the vast operational experience.
The future of SD-WAN looks very bright and as always, Cisco is at the very front of this transformation.