This technology brief looks at the emergence of software-defined wide-area networks (SD-WANs) as the next step in the evolution of WAN optimization for typical enterprise WAN networks.
Many traditional WANs use Multiprotocol Label Switching (MPLS) networks to link remote sites to a central data center in what is essentially a private, static architecture. The performance of the network depends on the amount of bandwidth available and any WAN optimization techniques employed on the links. Often, complex devices that combine WAN optimization, network security, and switching into a tightly integrated solution are completely customized to meet specific traffic requirements when deployed at remote sites. This tends to make installation and maintenance of the WAN network somewhat expensive and complicated.
With the development of WAN connectivity to include new applications and cloud computing, methods to enhance and manage the increased traffic has given rise to the software-defined WAN. An SD-WAN enables multiple WAN links to be centrally controlled and managed, providing optimization through the monitoring of packet loss, jitter, and latency on the various transport links. SD-WAN architectures allow flexible open platforms to be deployed that can not only provide WAN optimization on links, but also offer application acceleration, security, and the visibility to manage the WAN network performance effectively.
Traditional WAN Limitations
Many distributed large organizations have employed traditional high-performance WAN connections built on MPLS networks to create links between a central data center and other branch locations. Often, multiple MPLS circuits are deployed to provide the required service level for various applications. This dedicated, LAN-like performance comes at an increasing cost for many bandwidth-hungry, real-time applications.
Traditional WAN connections between a data center and remote branch offices have evolved over time and often implement some form of optimization to make full use of available bandwidth. Typical optimization techniques include compression, deduplication, and caching. However, these WAN links not only need to be efficient, there is also network security, QoS, and other issues that need to be accommodated.
MPLS networks are expensive and complex to set up and operate. What’s more, they are generally static, private networks lacking flexibility and scalability. As software services migrate to the cloud, there is a need to accommodate these new services that offer accessibility from anywhere together with a level of flexibility and agility that traditional private WAN networks cannot easily meet. However, simply replacing these networks with lower-cost Internet service provider links does no deliver the reliable business-grade performance that organizations demand. Businesses need availability, performance, and security when using Internet-based cloud solutions.
The central principle of any software-defined network is the concept of abstraction – defining a set of capabilities in software that are independent of the underlying hardware that provides them. This foundation enables a consistent way to control and manage networks without being tied to physical components. Essentially, software services and applications become separated from the network equipment, offering high flexibility and agility for the services provided.
The key functions of a software-defined network is divided into separate layers, or planes. The “control plane” includes configuration and management information as well as signaling for data traffic switching and routing decisions. The “data plane,” as its name implies, includes the network functions that carry actual data traffic. A standard protocol, such as OpenFlow, provides the communication method between the control plane and data plane equipment, generally referred to as the “southbound interface” of the software-defined network. Similarly, an application-programming interface (API) provides access to the network control plane for service applications, often referred to as the “northbound interface.” It is the programmability of the control plane through the API that enables various applications to provide flexible services over cost-effective hardware in the data plane.
For an SD-WAN network, the application service becomes a software construct, or network virtualization. Therefore, the application traffic is carried independent of the transport links, which enables multiple links of different types and from different providers become a pool of resources for the WAN network. If the performance of a link degrades, other links can be used or new links added to maintain the level of service required.
An important component of an SD-WAN is the security overlay that operates independently of the underlying data plane. Standard AES encryption provides the secure connectivity in an SD-WAN network, with devices in the network being fully authenticated an authorized before gaining access as a resource. Specific security policies can be applied to certain devices with sensitive traffic being delivered over the best combination of links that can maintain the security and performance demanded.
With a secure virtualized network, a range of services and applications can be deployed at an enterprise data center, branch locations, or in the cloud. These services often include firewall and WAN optimization features.
On top of the SD-WAN control plane are management features that monitor and analyze the network operations. This “orchestration” layer is not only for monitoring and troubleshooting the network, it simplifies user deployments by enabling CPE devices to be added at locations without requiring administrator installation. Branch location CPEs can be automatically provisioned, authenticated, and configured, allowing these devices to be based on open hardware platforms for optimum flexibility and cost-effectiveness. In addition, today’s mobile users might also require WAN access from smartphones or tablets through Wi-Fi or LTE connections that change dynamically. An SD-WAN enables this extension based on the policies and security of the network.
It can be expected that SD-WANs will increasingly replace or merge with existing WAN networks over the next few years. The flexibility and scalability that an SD-WAN provides is a clear advantage, allowing new networks to accommodate a whole range of private or public, wired or wireless, cloud or other Internet links. The performance of the WAN links can also be continuously monitored and managed to meet specific service requirements, as well as to troubleshoot any potential problems.
In terms of hardware deployment, SD-WAN links are also quick and simple to install at remote sites. The availability of cost-effective open network appliances provide the flexibility and high performance for many applications. In addition to edge deployments, SD-WAN networks seamlessly adapt to applications and services that migrate to the cloud, offering optimum agility as business models change and evolve.