Software Defined Wide Area Network
William Wong, 9/2020
SD-WAN has been all the rage lately, but what exactly is it, and why now? This article was written to shed some light into Software Defined WAN and the solution it provides to the networking world. I promise to do this with as little tech jargon as possible and in a language that mortals can understand. This explainer is broken down into 3 sections - first I'll illustrate how information flows through the internet to provide some baseline knowledge. Then we'll talk about a solution that's been in play for over two decades. Finally we'll cover SD-WAN and why it's such a hot topic right now.
SD-WAN
How Data Travels Thru the Internet
Imagine you’re in California and purchased something from an online retailer who then ships the product from their New York warehouse. When you go and track the shipment, you find that it makes some strange and illogical stops all over the country, sometimes even backtracking it’s route.
Internet traffic operates in a similar fashion and resembles that of our postal delivery service. When you send data thru the internet it follows this ritual:
[ 1 ] Data is broken down into an IP packet (e.g. puts mail in envelope)
[ 2 ] IP packet gets stamped with a sender and destination address (e.g. mail is addressed)
[ 3 ] Packets are sent thru sender's router (e.g. mail is sent to local post office)
[ 4 ] Hop from one router to the next (e.g. mail shipped to destination post office via various routes)
[ 5 ] Packet eventually arrives at the destination router (e.g. mail arrives at destination post office)
First, there aren’t any instructions on how that packet should get to its destination or how it would be treated along the way when it gets handed from one router to the next. Second, each router makes its own decision on where to send the packet based on its own routing table.
All this hopping around (from router to router) and complex lookups (at every single router stop) can really mess up the performance and speed of delivery.
Why This Doesn't Work!
** You may be willing to wait for an email to come in, but this method is horrible for services like VoIP or video conferencing.
Introducing MPLS - In Theory -
A solution for the above challenge was developed at the turn of the century called Multi-Protocol Label Switching (MPLS). This method is very similar to the delivery options that we might get with the postal service (e.g. overnight, two day, standard, etc.). You work with your Internet Service Provider to create predetermined and highly efficient routes inside of their network to deliver your data.
Here's how it works:
Create different categories and slap a label on each packet to reflect said category.
Design predetermined routes for each of these categories.
The sender's router reads the label and knows exactly how the packet should be routed through the network.
The packet hops from router to router on this predetermined route and arrives happily at the destination router.
We can tag packets carrying real-time traffic like video, and then map it to low-latency routes across the network so it can get to its destination quickly. That’s the cool part; once the packet enters the network, the routers don’t need to perform header analysis. It simply looks at the label and automatically knows which predetermined route it should take.
Real Time Saver!
MPLS - In Practice -
How does MPLS work? In the diagram you'll see a typical WAN setup that consists of a HQ, some remote offices and a data center. All of them are connected thru the MPLS instead of the Internet.
Scenario: Let's say a user from a remote office requests an employee file from the HRIS system that's hosted in the data center.
What happens?
[ 1 ]
User's request gets broken down into IP Packets. A label is inserted into packet and moves to remote site's router.
[ 2 ]
Router sees the label and knows the exact path in the MPLS to route this packet.
[ 3 ]
[ 4 ]
[ 5 ]
[ 6 ]
[ 7 ]
[ 8 ]
[ 9 ]
IP packet moves from router to router within the MPLS thru a predetermined path.
IP packet reaches the router at the data center.
Data center router sends this request to the HRIS server.
HRIS server responds with the employee file. Breaks it down into several IP Packets, slaps a label on them, and sends it to the router.
Each IP packet moves thru from router to router on this predetermined path in the MPLS.
Each IP packet reaches the remote site's router.
Router sends employee file to the user.
** The specific path taken will depend on what the IT folks decided for the label. MPLS let's us control what gets routed through our network and at what priority level. It's an extremely reliable technology, dramatically improves up-time, and acts like a traffic cop to lower congestions.
One: You won't have total control of your network and must rely on your service provider to configure the overall networks.
Second: It's expensive! Setting up an MPLS is like buying dedicated fast track lanes inside the service provider's network.
Despite these two negatives, MPLS was a gift from the network gods.
The Move Away From MPLS
Things have been going well for over 2 decades, so why the change? The culprit is the introduction of the cloud.
What Is Needed
Quick Recap: Traditionally offices were connected to a data center(s) thru leased line connections. All the applications were hosted in these enterprise data centers and traffic flowed back and forth with a rhythm.
The Present: But all of this changed when we started hosting applications in the cloud. The public cloud service market is expected to reach $623.3 billion by 2023 worldwide. We have the big 3 cloud provides from Amazon AWS, Microsoft Azure and Google GCP as well as SaaS, IaaS, PaaS solutions like salesforce.com, O365 & Dropbox. Even once traditional on-prem products like a HRIS has gone to the cloud.
A solution that uses the internet to reach apps that are hosted in the internet.
The Issue: Sending cloud traffic (which is meant for the internet) thru the MPLS just does not make any sense. This creates a lot of noise for your on-prem applications that actually needs the help of the MPLS. It adds delay, degrades application performance and is going to eat up all the expensive bandwidth that you bought from the Internet Service Provider.
Introduction of SD-WAN
The growing popularity of the cloud has created a need for a networking product that has dual capabilities to:
[ 1 ] Route traffic thru the Internet for any cloud apps
[ 2 ] Route traffic thru the MPLS for any on-premise apps hosted by the datacenter.
The industry developed a product that uses an intelligent software driven (or software defined) model for the WAN to accomplish this task. Welcome to the birth of the SD-WAN.
Instead of pushing traffic based on IP addresses (the MPLS method), an SD-WAN knows what application the IP packet originated from. It does this using software, and then routes the traffic according to the needs for the application.
You can now set the priority, performance and security thresholds for any application on the network using software.
SD-WAN ARCHITECTURE
But do you notice there's also a bunch of green and pink lines labeled Broadband and 4G LTE? If the SD-WAN router determines that the application you're trying to interact with is hosted in the cloud, then it will automatically route that traffic thru the broadband.
HOW IT WORKS
So what does our network layout look like now? With SD-WAN you'll still have the HQ and branch offices connected to the data center through a MPLS. Any applications hosted at the data center will still be routed thru these dedicated leased lines.
If you are accessing an app hosted in AWS, then the SD-WAN router will send your packet out through the Internet. However, if you're retrieving email from an Exchange Server that is being hosted from your data center, then it'll route that thru the MPLS. That's a pretty smart cookie!
Benefits of SD-WAN
Let's take a look at SD-WAN in details. We can summarize its PROs into five main categories.
Application Performance and Availability
-
Hybrid Model: Your WAN architecture will still be able to connect your offices to applications hosted in the data center thru the MPLS. But it'll also have the capabilities to access all the cloud apps via broadband/4G LTE.
-
Performance: SD-WANs can even combine multiple transport services together to support demanding apps. For example, they may use MPLS + broadband to supercharge video conferencing capabilities.
-
Up-Time: This combo action also helps with application availability. Let's say the broadband connection is down, you can still use 4G LTE or MPLS to continue service.
Agility and Responsiveness
-
Quick Setup: Simply plug in the SD-WAN device into the WAN port of your office and walk away. A zero touch provisioning feature takes over to authenticate the device and configure it remotely.
-
Fast Provisioning: While MPLS may take 60 to 120 days to set up the dedicated circuits, you can get broadband up and running in a matter of days. Same goes for adding an application or changing a QOS or security policy.
-
It's Flexible: An MPLS needs to be provisioned by your service provider and once the circuits are up, it's up. It's no easy task to reconfigure them. SD-WAN on the other hand, can be easily reconfigured with a few point and click of a mouse. The WAN Architect can centrally configure any policies across all WAN devices. Life has never been easier!
Simplified WAN Edge Infrastructure
-
Unification: Can bring all WAN edge network functions into a single platform. This means routing, firewall, visibility & control, WAN optimization and SD-WAN capabilities can all sit under one roof.
-
Centralized Orchestration: You can program all your configs and policies at once and send to all devices/locations. Long gone are the days of having to manually program each device thru a CLI.
Improved WAN Security
-
Isolation: Because SD-WAN can detect packets based on application usage, it has the ability to separate traffic from specific applications like voice traffic, ERP, guest WIFI, etc. This end to end segmentation can help prevent and contain security breaches to one application from spreading into the rest of the company (e.g. hacking into my guest WIFI will not grant you access to my ERP system).
-
Cloud Hosted Security: Cloud security actually provides more comprehensive and consistent solutions than their on-prem counterparts. This is because cloud based security is easier to keep up to date and is deployed centrally vs having to update every firewall daily. This cuts out so much human error that was plaguing the old way.
-
Carbon Footprint: Reduce hardware needs and power consumption.
Lower WAN Costs
-
Cost Savings: The ability to use inexpensive broadband to augment or in many cases replace MPLS will produce significant cost savings over time.
-
Automation: This has become the norm and Network Admins are accustomed to deploying monitoring solutions to tap into the health of the network and raise a flag at the first sign of a problem. Automation and simplified management reduces maintenance costs significantly.
Cloud usage has been on a warpath to domination. Not only is 90% of companies on the cloud, their utilization has increased dramatically.
Just look at these numbers:
2018
The cloud hosted 45% of workloads.
2019
This number shoot up to 60%
2020
Year isn't even over but looks like we're going to be clocking 83% by the end.
41% on public cloud, 20% on private cloud and 22% as hybrid
2021
Experts are predicting cloud data centers will process 94% of workloads in 2021.
So does this mean SD-WAN will eventually kill off MPLS? My answer --------------------->
