The title to this blog is a question that I have been hearing a lot from customers in the last few months. With Gartner’s recent prediction that spending on SD-WAN will rise from $129 million in 2016 to $1.24 billion in 2020, I figured it’s about time I write up a little blog article all about this latest offering to revolutionize the enterprise WAN, or perhaps not!
Let’s start with the first question “What is SD-WAN?”
SD-WAN is an acronym for Software Defined Wide Area Network, and is the latest area in the network to be addressed by the current Software Defined Networking (SDN) movement going on within the IT industry.
SDN (championed by the Open Networking Foundation “ONF”) within itself is a new approach to computer networking where we separate and centralize the control plane (ospf, eigrp, spanning-tree, lacp, etc.) away from forwarding plane – or as some people refer to it, the separation of the brains from the muscle.
This separation and centralized control provides us with greater automation, orchestration, visibility and programmability for our network devices. ‘Ok that all sounds great and thanks for the marketing spill Chris’, I hear you say, ‘But what does this really mean to me and what is this SD-WAN thing going to do for my WAN’. Well to answer that question let’s look at some of the issues that we have with our current WAN and how an SD-WAN solution is propositioned to address them:
Issue 1 – High Cost of WAN Circuits
Many Customers utilize private WAN circuits such as MPLS, VPLS or Metro Ethernet to connect their geographically dispersed sites. These solutions provide us with guaranteed bandwidth and end to end service levels, but (isn’t there always a but) the downside here is that these guarantees do not come at a cheap price. I surveyed LookingPoint customers and found the average MPLS price per megabit per month to be $36 compared to $6 for business grade internet.
SD-WAN solutions are well suited to run over low cost internet circuits, meaning that we can replace our current low bandwidth - high cost private circuits with high bandwidth - low cost commodity internet circuits.
Taking the average prices discovered above the annual cost for a 10Mbps MPLS circuit would be $4,320, while the same business grade internet circuit would cost $720. That’s a whopping six times more for the MPLS circuit each year. Multiply these savings across each of your sites and you can quickly see the numbers stack up.
Issue 2 – Provider lock in and long lead times
Private circuits are great but I can’t mix an MPLS circuit from AT&T at site A with a VPLS circuit from Level 3 at site B. This results in provider lock-in, which in turn can lead to noncompetitive pricing. Providers know that you now have little choice but to use them for all your WAN connectivity needs, the alternative is a costly and time consuming WAN migration project. This situation does not offer much motivation to the provider to offer competitive prices for new circuits. This lack of flexibility coupled with long lead times to provision new circuits. 90-day minimum lead times are common place for new turn-ups, although I have personally experienced wait times as long as 7 months for new circuit provisioning.
SD-WAN solutions utilize overlay technology (some form of encapsulation, think IPsec) for the data plane, which means that the solution is transport independent. I can have a LTE 4G Verizon provided internet connection at site A connect to a Comcast provided broadband internet connection at site B. This independence of the transport or “underlay” provides us with great flexibility when choosing circuits for new sites. We can now select the provider that has the best price with the shortest lead times.
Issue 3 – Inefficient use of bandwidth
As is the case in all good network designs, the WAN edge module should be architected to be resilient to failure. This redundancy is often provided by having multiple routers, WAN circuits and running a dynamic routing protocol (reference the left side of the diagram below). With traditional route based forwarding a single path is chosen for a given destination resulting in our secondary circuit not being utilized. This results in paying for bandwidth that will only be used in the event of a failure.
SD-WAN solutions centralize the control plan, which allows for forwarding decisions to be made with more perspective. Because the solution has visibility into all traffic flows in can dynamically move flows between WAN transports, resulting in greater use of all bandwidth.
Issue 4 – Lack of Visibility
As highlighted above, current WAN forwarding decisions are based either on static or dynamic routing. The issue here is that these legacy mechanisms determine a paths viability based on rudimentary criteria such as interface status (static routing) or the ability to maintain a neighbor peering (dynamic routing). The issue here is that it is entirely feasible to send traffic over a less than optimal path. For example, imagine a situation where your primary WAN circuit is experiencing 50% packet loss. Users Application responsiveness grinds to a sludge and all the while our routing protocol continues to happily forward packets down this broken path rather than moving traffic to our backup circuit which is currently sitting ideal. The reason for this is that our routing protocol believes that all is good in the world as long as it can receive the occasional hello packet. It has no visibility into the end to end performance of the circuit.
SD-WAN forwarding decisions are not based on static metrics, and the ability to receive the occasional packet from our neighbor SD-WAN forwarding decisions are based on user defined policies from the central controller that enforces application thresholds such as minimum packet loss, maximum delay and jitter. An example of this would be a policy that requires all voice rtp traffic to only be sent across links that can provide 50ms one way delay with less than 1% packet loss and a maximum jitter of 10ms.
So, in summary deploying SD-WAN will result in more bandwidth at a lower cost without sacrificing performance, it’s a win, win, win situation or it is? There are a few cautionary notes to be aware of when assessing SD-WAN.
SD-WAN is currently proprietary, so you can’t mix SD-WAN vendors in your environment. Enterprise buyers need to be careful about suppliers that don't have the pockets for the long term.
With great power comes great responsibility. One central controller to rule them all offers many benefits as outlined above, but also offers the potential to bring down your entire WAN with one pre-coffee click of the mouse. Enterprises should ensure that the process and failsafe are in place around this solution.
With all the benefits outlined above I believe that SD-WAN is here to stay, and I suspect I’ll be working more and more with this new technology throughout 2017.
That’s all for now. Happy new Year everyone
Written By: Chris Marshall, LookingPoint Senior Solutions Architect - CCIE #29940