Software-defined wide area networks (SD-WAN) are a red-hot topic with enterprise users and a pain point for telco service providers. Why?
- For enterprises, SD-WAN offers a way to create virtual private networks (VPNs) using low-cost broadband access. At the same time, SD-WAN offers a high degree of dynamism for new or removed sites and offers a means for advanced control of the network.
- For service providers, SD-WAN threatens one of their most lucrative revenue streams – layer 3 VPNs built on MPLS backbones.
What is SD-WAN, and how will it evolve?
There are a variety of SD-WAN suppliers and solutions in the market today and they usually include the following functions:
A central controller that provides the command and control aspects of SD-WAN. It can run on the user’s site or it could be hosted in the cloud. The controller normally includes these capabilities:
- Acting as a repository for configuration of the access nodes
- Administering the network topology
- Setting and distributing policies for quality of service (QoS) and access
- Reporting usage and performance
A set of access nodes that reside at each enterprise site. They may be implemented as an appliance or as a virtual network function (VNF) running on a server. The access nodes include many or most of the following:
- A zero-touch commissioning process for contacting the central controller and acquiring configuration information.
- A routing and tunneling engine for implementing the overlay virtual network.
- Hybrid WAN functionality that provides the ability to send traffic to more than one uplink, providing both an increase in speed as well as resilience.
- Firewall and security functions, including encryption.
- QoS and access policy enforcement including application-level monitoring.
- WAN optimization, including one or more of the following: caching, compression, forward error correction, prioritization and load balancing across a hybrid WAN interface.
- Network loss and latency measurements. These are reported to the end user, and may also be used by the hybrid WAN and WAN optimization capabilities listed above.
To use SD-WAN for building a network, an enterprise user first configures the desired network and policy using the controller. The enterprise user can then deploy access nodes at each site. When installed and activated, the access nodes contact the central controller for their network and policy configuration. The enterprise user can now dynamically define and implement a VPN using a variety of connection media: broadband cable, xDSL, GPON, LTE wireless, and even existing L3VPNs. Sounds great, right? Yes, but …
Drawbacks of SD-WAN
Current SD-WAN solutions offer a good solution in many cases, but they also have some drawbacks.
- SD-WAN is standalone. SD-WAN was designed to provide a simplified networking model, but its self-contained nature means it does not easily integrate with other functions implemented as VNFs.
- SD-WAN is monolithic. The current offerings tend to be built as an all-in-one solution. They typically include several functional components all delivered as a single appliance or software VNF. Most of these functional components such as routing, firewall, traffic management, DPI, and security are tailored to address the core SD-WAN use cases. However, they typically do not address the full range of enterprise customer requirements for each standalone function.
- SD-WAN couples service and technology. SD-WAN is optimized to address the specific use case of enterprise VPNs. The technology components would be useful for the delivery of other services, but they are closely coupled to the appliance or VNF, and not extensible to other services.
- SD-WAN is large. While features may be separately licensed and priced, they are all included. For an appliance approach, this means it is difficult for the supplier to sell features on demand. For a virtualized software implementation, disabling features does not reduce the footprint of the software image or the compute power required. Pay-as-you-go is not easily achieved.
- SD-WAN is a pure overlay technology. It does not support true peering with an operator’s MPLS network. This complicates creating an integrated network and limits the visibility into performance information from the underlay network.
- SD-WAN is user-managed. This can create large hidden operational expenses as the burden of managing the enterprise connectivity solution is now the responsibility of the enterprise itself.
Evolution to SD-WAN 2.0
There is a better way. By applying the principles of cloud and virtualization we can improve on today’s offerings. At ADVA Optical Networking we refer to this as SD-WAN 2.0. With SD-WAN 2.0, we can take the best attributes of SD-WAN and augment them with additional features to address the deficits of current SD-WAN solutions. An example SD-WAN 2.0 network is shown below.
SD-WAN 2.0 starts with the essential functions of SD-WAN, i.e., routing, firewall, WAN optimization, hybrid WAN, policy, etc. As with SD-WAN, SD-WAN 2.0 provides the ability to create a private network using standard broadband connections, wireless broadband connections, and private line VPN connections. The differences with SD-WAN are in how it is constructed and how it operates.
The first big difference is that SD-WAN 2.0 is implemented as software VNFs hosted on an open platform, possibly working in conjunction with SDN-controlled switches for high-speed forwarding. This architecture allows operators to build sophisticated services from best-of-breed VNF components hosted either at the customer site or in the network’s core. Functions might include DPI, security, storage, voice, and others that can be added as needed. An example is shown at Branch 3 and Branch 4 above.
The next difference is underlay versus overlay. Unlike SD-WAN, which is a pure overlay, SD-WAN 2.0 can also peer with an operator’s MPLS network, as shown at the PE router adjacent to Branch 1 in the diagram above. Peering with the operator’s network would seem to be going backwards to the old high-cost model. Why would you implement peering when it appears to increase costs?
It turns out that much of the cost of a traditional L3VPN is for 24×7 support, which may not be necessary in every business case. SD-WAN 2.0 gives the operator the ability to provide a dynamic private network service with a separate service offering to match the requirements and budget of the end user. SD-WAN 2.0 also offers the ability to support a customer portal, so the end user can customize their network and still have the benefit of a managed offering.
Another difference is that SD-WAN 2.0 provides the ability to measure loss and latency that is independent from the networking and WAN optimization components that are monolithically included in standard SD-WAN implementation. These independent measurements can then be used for both dynamic routing and optimization, as well as for SLA assurance.
Finally, the components and platform used in SD-WAN 2.0 can also be used for other services, such as hybrid cloud applications. These additional applications can be constructed and deployed using the hosting platform already in use, increasing the speed and reducing the cost of service innovation.
The table below summarizes how SD-WAN 2.0 compares to SD-WAN.
|Topology||Overlay||Overlay or peered|
|Ownership and management||End-user||End user or operator with user portal|
|Construction||Monolithic||Constructed from micro-services|
|Deployment||Tied to service||Open platform for service innovation|
|Performance assurance||Monolithic||Decoupled and available for SLAs|
|Value driver||Lowest cost||Platform for dynamic and flexible managed services|
A Good Idea Gets Better
SD-WAN provides real value and is a good first step toward creating more dynamic and cost-effective private networks. SD-WAN 2.0 builds on the experience gained with current NFV, SDN, and SD-WAN solutions to provide a more complete and flexible private networking solution, bringing together today’s MPLS backbones with leading edge NFV functionality, all to give the end user more control and choice.