Thanks to all who joined us and submitted questions to the Versa SD-WAN webinar Q&A session. Unfortunately there wasn’t enough time to get to all the questions asked during the live event. Below, you can find the answers to all the questions Ciena and Versa presenters were asked. This Q&A post expands on how Versa and the Blue Planet division at Ciena come together to address rampant service delivery challenges.
The use of an Internet connection to either augment or replace existing WAN circuits is one of the macro trends in transforming the WAN. I hear the terms Hybrid WAN & SD-WAN (software-defined wide-area networking). What is the difference?
Versa: Hybrid WAN is the combined use of private lines (eg MPLS) and Internet circuits (eg broadband) together to connect branch offices, and can include the ability to pick which circuit is used per app. SD-WAN goes a step further (eg it’s a super-set of hybrid WAN) and includes central management across all sites and zero-touch provisioning. Thus, it combines the benefits of multiple circuits (lower cost, higher bandwidth, mapping circuits to app types, etc) with much better control/provisioning/agility/lower Opex. A hybrid WAN has static policies where rate limiting is defined up-front, whereas SD-WAN is about dynamic policies that do on-demand application rate limiting based on WAN link characteristics.
If you still haven’t downloaded the SDxCentral Virtual Edge Report, grab your copy before exploring the below Q&A post from the Versa SD-WAN webinar on NFV PoCs.
One of the promises of NFV is choice in VNFs and the ability to service chain them accordingly to deliver a network or security service. I understand the value of a software and a virtualized approach, but doesn’t this also mean I’m essentially replicating a rack of different vendor appliances and the complexity that goes along with that in the form of a virtualized appliance approach or VNF approach?
Versa: No, it’s actually the opposite if service chaining is developed and applied properly, especially if the majority of VNFs are created by the same vendor. First, service chaining is the automation of passing traffic from one network (or security) function to another vs. manual configuration each time. That simplifies creating a service and associated traffic flows. When the majority or all of the VNFs come from the same vendor, then service chaining (as well as any analytics or advanced provisioning) is fully automated and integrated.
What’s required for service providers’ legacy back office systems to support SD-WAN and vCPE?
Versa: Many things. Integration with OSS/BSS thru APIs is a key item. Many providers are adding a MANO (management and orchestration) layer to simplify some of this as well.
In a managed SD-WAN service, what is controlled by the service provider and what is controlled by the end-customer?
Ciena: In a managed SD-WAN service, the service provider manages the controller, public cloud connectors and other datacenter components. On the branch side, the service provider manages the policy provisioning and configuration of WAN circuits, whereas an end-customer administrator will be responsible for branch specific components like DHCP and/or static IP addresses, routes and other local parameters. The branch admin can also override or add to the provisioned policies in some cases- for instance, configure the use of another provider’s default gateway address.
How can QoS be guaranteed with an overlay SD-WAN service?
Versa: Versa SD-WAN measures jitter, packet-loss, and round-trip delay in all the paths between branches or between branch-to-hub. Versa guarantees QoS of applications by making sure that application SLAs are satisfied by the current circuit, chosen based on business policy. When application SLAs cannot be met with existing circuits, Versa takes other actions like throttling low priority traffic. All of this is based on business policy and configuration.
Is Versa an NFV solution or an SD-WAN solution?
Versa: NFV is a technology architecture and SD-WAN is a solution or implementation. Versa has three primary use cases– SD-WAN, vCPE, and datacenter security services. Versa leverages its carrier-grade NFV technology and Virtual Network Functions to deliver the SD-WAN solution.
Does Versa support a Rest API?
Versa: Yes. Versa supports Northbound APIs for a full set of lifecycle services like VM installation, tear-down, auto-scale, service chain, configuration, management, and monitoring.
If we have TWO Carriers, how does the advantage apply to a dual carrier WAN solution?
Versa: Typically, it is easy to use the dual carrier in a primary-backup mode. Versa goes one step further and utilizes the two circuits in an active-active mode. Depending on the cost, available bandwidth, and other circuit characteristics, a weighted round robin algorithm is used to intelligently load balance the traffic on both the circuits.
How much time in days does it take to turn up a new service?
Versa: It ranges from minutes to a few days. For an individual branch office, if it’s a brand new deployment, then an appliance needs to be shipped to it – so 1 to 2+ days. Then the device calls home, the admin is authenticated, and the device is configured – that takes minutes. If the branch already has an active device and service from the provider, and an additional service is being turned up, that takes literally minutes from a central provisioning point or self-service from the customer’s IT team.
How security of data is handled in case of shared VNF based vCPE?
Versa: We supports complete network segmentation through multi-tenancy in the shared mode where multiple tenants exist in a host or VM. Control plane separation involves tenant specific configuration, policies, profiles, objects, zones, networks & resources. Data plane separation involves tenant specific routing instances and traffic specific tunnels. Because of this segmentation, keep alive messages will never mix with user application data traffic. And routes used by one tenant are not exposed to another. Even among the user traffic in the same tenant, a critical POS application can have a different encryption tunnel from other general Internet traffic. Other best practices that are useful in the shared mode are:
– Role-based Access Control for access to all Versa products
– Complete logs in syslog/IPfix format (no sampling) for all the required accesses that need to be tracked. This makes breach investigation easy.
– Resource protection limits for sessions and traffic utilization/bursts, so that one tenant does not hog the resources of another tenant in a shared hosting environment.
Does all the VNFs have to be developed by Versa or can the Multi-Domain orchestrator support 3rd party vendors. Will this require some integration into their framework, i.e such as integration plugins? Is there an open API that a 3rd party vendor can use to integrate their VNF to the Orchestrator?
Versa: Versa can interoperate with other 3rd party VNFs as long as they support the Service Function Chaining (SFC) Architecture RFC 7665. We also have ways to support 3rd party VNFs that do not support this RFC.
For the Versa SD-WAN solution, what hardware or software needs to be located at the Edge or Branch sites?
Versa: A whitebox appliance (can be any third party that meets Versa hardware requirements) or a Versa branded appliance and Versa FlexVNF software
For vCPE POC, any estimate of cost saving?
Versa: Up to 80% lower total cost of ownership (TCO)
Is the Versa solution Transport Agnostic? Meaning… can any transport be used in the service?
Versa: Yes, agnostic to any type of wireline transport.