SD-WAN is a software-based approach to managing a WAN, and there are a number of reasons why your customers should consider its adoption. Once the decision to move forward with SD-WAN is made, however, it’s important to properly vet solutions and vendors. Continue reading
We are all learning the acronym SD-WAN, but to layer 2 and 3 OSI model aficionados, it can be hard to accept how an upstart layer 7 software application can potentially replace a stalwart layer 3 technology like multiprotocol label switching (MPLS). Which begs the question: Is SD-WAN a contender, or just a pretender in the future generation of networks?
MPLS: The Incumbent
When MPLS was introduced, medium and large businesses rapidly adopted the technology. Deploying an MPLS network to connect offices together provides users with the ability to have a predictable, secure, and high preforming environment. This is done by bringing all your data through a single provider and allowing them to prioritize your traffic at layer 2 or layer 3 using QoS.
Providers can provide QoS through specifically designed networks with logical separation using labels to identify traffic, VRFs, and VRF tags to separate the customer traffic. They then allow customers to apply QoS tags to traffic types to reach higher levels of availability.
Let’s look at how this works in more detail, as this is the meat of what customers care about.
When designing MPLS, it is important to determine how you want to provide this QoS. The first thing to do is identify traffic of similar kind and then a degree of excellence. In a typical deployment, 4 quality queues are seen as defined below:
- Real-time traffic – This is typically voice, video, and/or VDI.
- Business Critical – This includes applications required for a company to do business. Examples might be an EMR for a medical company or credit card transactions for a retail company.
- Business Important – This might be an intranet, active directory, email, or other application that is not sensitive to jitter, latency, or retransmits.
- General Traffic – This queue includes all other traffic.
Once customer traffic has been identified and tagged, the degree of excellence of those tagging/groupings must be defined. Most carriers offer a different service level for each queue and different bandwidth guaranteed to each traffic type across the entire MPLS network. As companies continued to converge, however, holes in this design were found. This brought forth the creation of SD-WAN.
SD-WAN: The Contender
Instead of using QoS (layer 2 or layer 3), SD-WAN uses software definitions. With MPLS, you must either use only a source or destination IP address or port. That would be the same as saying you can only relieve traffic congestion from where you started, where you are going, or based on the type of car you have. This would not be very helpful in a major situation where most traffic is destined for the same general area. But what if you could also consider important factors, like ensuring doctors and first responders were never caught in traffic? That one additional factor could change the landscape in most cities and potentially save lives. In terms of the company network, that would be the same as having a real-time queue.
This is what SD-WAN does to QoS. Video traffic can be prioritized to YouTube over Netflix, for example, or Office 365 email over personal Gmail accounts.
Not Beholden to a Single Carrier
With MPLS, the entire environment must be controlled by a single provider. This means that you cannot choose the most cost effective solutions for each location, which doesn’t work for customers with large geographical environments. SD-WAN allows the most cost effective solution per location be chosen.
Significant Resilience Improvements
With MPLS, providing redundancy is very difficult as MPLS routing uses private IP. For the secondary connection, most customers choose to use a VPN over an internet connection. They then need a device that is intelligent enough to build the VPN and handle routing between the two solutions. Even then, routing with just layer 3 protocols doesn’t allow different levels of resilience or performance increases. Typically, customers settle on having the VPN be active/inactive (or hot/cold), meaning that the other connection is ONLY used when there is a total failure of the MPLS.
With SD-WAN, the world of high-performing resilient networks comes with a lot of options. You can define and build it so that both connections are used, called active/active or hot/hot. You can prioritize based on application type; for example, real-time traffic can be forced down a high-quality connection with SLAs associated with it, and general web traffic can be sent down a more cost effective connection. Other business critical or important traffic can be bundled to go out both connections, maximizing total bandwidth.
The flexibility and design options increase exponentially with the introduction of SD-WAN. MPLS still has its place and will for years to come, but for many customers SD-WAN provides a great alternative that may help them meet their internal goals.
SD-WAN is getting a great deal of air play in the industry right now, promising to solve every network challenge that embattled network architects and operators are experiencing today from insatiable bandwidth requirements and costs through simple network resiliency and management. But what is marketing fluff, and what is real? What are the real drivers behind this latest “transformational” technology, and what problems does it really solve?
More Affordable Network Needed
With increasing workloads and performance requirements, especially with the proliferation of cloud-based applications, the need for predictable, high-speed, secure, and diversified networks is escalating. It simply isn’t always financially feasible to deploy diverse MPLS links to multiple distributed offices.
SD-WAN enables companies to take advantage of less expensive internet access rather than managed private networks while still getting the benefit of the types of capabilities provided by an MPLS network. In many areas, tier one direct internet access actually (and maybe surprisingly) provides lower latency, lower jitter, and lower packet loss than its expensive MPLS counterpart, so companies with a large number of distributed offices can expect to see real cost benefits with an SD-WAN network versus a traditional MPLS network.
Simpler and Faster Deployment
MPLS circuits can take months to provision and turn up. The underlying internet access types that SD-WAN can take advantage of can be faster and easier to deploy. However, don’t be misled by the myth that SD-WAN is simple to deploy. There is still a substantial amount of planning and configuration to be done. Beware of the “plug and play” misconception and investigate how each solution is deployed, as they are all different.
Not all SD-WAN solutions are as easy to manage as you might think, and not all management portals provide the same functionality. Whether you are looking at a service provider-managed solution, your own “book end” managed solution, or are using a dedicated SD-WAN network provider, look carefully at what priorities you can set and what monitoring you can do. Are these to device level (MAC address) or location level (essentially just network aggregation and optimization solutions)?
And, most importantly, don’t forget about how software updates are applied and managed and how template policies are set and administered — the very things you would think about when managing routers in your network.
There are claims made that MPLS is more secure than SD-WAN. In reality, an MPLS network is only as secure as the accuracy of the MPLS provider’s switching. The use of IPSec connectivity and additional service chaining in an SD-WAN environment should be more than sufficient to address most security concerns.
You can’t simply turn to Gartner’s magic quadrant and pick a leader. The industry is too young, with many new market entrants. Whatever deployment method you are going to use, be sure to check the underlying equipment vendor’s track record. Financial stability and investors are important. Ask for references and don’t forget to look under the hood at the vendor roadmap to understand future solution enhancements such as scalability.
MicroCorp was a pioneer when MPLS came along. We have over 30 years of experience delivering complex network solutions and helping businesses discover the right technology for their operations. Contact us to learn more about a partnership in adding SD-WAN and related technologies to your portfolio of solutions.
Enterprise tech experts believe that 2017 is going to be a big year for integrated network technologies, particularly with regard to appliances. Integrated networks are now far easier to deploy and manage than they were even a couple of years ago, and many pundits are predicting that the enterprise space will see a sharp rise in the number of network appliance deployments this year. Somewhat surprisingly, SD-WAN technology has proven to be a major driver of this shift.
When the integrated network trend first surfaced, it seemed as though NFV technologies were going to be the go-to option for network design and deployment. However, they require a significant investment of IT resources, and many enterprises don’t want to handle all their integration requirements in-house. SD-WAN solutions have stepped in to fill the void, in large part because they offer centralized control and configuration features that greatly reduce the amount of care and feeding the network needs for peak performance.
Major Factors Driving the SD-WAN Trend
In particular, there are five major reasons why SD-WAN has become the solution of choice for integrated networking:
- An application-oriented focus. Because SD-WAN is so centralized, it supports superior network adaptability and application-level reporting. By contrast, branch networks powered by multi-vendor solutions do not achieve nearly the same level of consistency.
- Flexibility and responsiveness to change. This adaptability carries over to the service, integration, and policy spheres. Generally speaking, SD-WAN networks are the least rigid and most suited to change and flexibility, making them a better fit in a constantly shifting technology landscape.
- Better processor technologies. Today’s processors have made it possible to assign a wider range of functions to hardware than ever before, without any loss of performance. SD-WAN networks exploit this to their advantage.
- The rise of cloud computing. Because the cloud has shifted a great deal of Internet traffic to links, SD-WAN has emerged as a prime solution because it vastly reduces the workload placed on other network resources.
- An “easier is better” mentality. Today, enterprises expect technologies to be easy to use without requiring a great deal of setup. SD-WAN fits the bill, and because it is so much easier to create and deploy, it is supplanting older networking techniques that are comparatively complicated and thus seen as outdated.
The connectivity and communication professionals at MicroCorp offer industry-leading expertise and a comprehensive suite of business-oriented, SD-WAN-powered integrated networking solutions. Please contact a MicroCorp client services representative to learn more.
While SD-WAN officially flew past the hype stage of Gartner’s emerging technologies cycle in 2015, but it is still in that stage for many a partner, agent, and CIO.
It’s important to step back and recognize what SD-WAN can and cannot do for businesses. With all the noise out there, SD-WAN is still in its “wild west” phase. How do we cut past the industry buzz and get to the heart of what SD-WAN is all about?
Examine how its benefits apply to your customer’s business.
Not everyone needs SD-WAN, contrary to what you’ve been hearing. Additionally, some SD-WAN providers have crafted marketing to make it seem like their solutions apply to everyone, but they can’t look at each business’s network. Partners should look at what applications their customers are running to determine if SD-WAN is for them.
If your customer is primarily a mid-market account that’s not doing much other than running voice across a WAN and their apps are in-house, that is a perfect case for SD-WAN. But if you’ve got an organization that is highly regulated (such as banking, healthcare, or government), they are going to be slower to adopt, and it might hamper their business instead of bolstering it. Remember: they were also slow to adopt MPLS.
Oh yeah, what about MPLS?
Great question. MPLS is not going away — it’s a proven technology. There are likely to be some improvements to MPLS because the SD-WAN market is forcing the hand of the providers to change the way they deal with MPLS from a customer standpoint.
Some carriers are urging not to sell SD-WAN against MPLS, but instead, with it. This is an important point considering that not all businesses need SD-WAN, and some are going to continue to do just fine with their MPLS solutions.
So, if some verticals aren’t suited best to SD-WAN, which ones are?
Retail is a great example of a market that will benefit. With dispersed malls, various stores, and large footprints, those outlets are running on slim margins, so they want good bang for their buck.
Where does security fit in?
This is tied to the vertical point. Banks need high-level security, and some SD-WAN solutions aren’t there yet. While every business needs top-shelf security (including retail), those businesses that consistently deal with classified or confidential information might need something stronger than what many SD-WAN solutions can offer right now. This is why partnering with the proper provider, can help layer on additional services that SD-WAN does not solve.
SD-WAN is on the incline that’s getting ready to peak, but there are a lot of things left to prove with this technology. Security is one of them.
As SD-WAN entrenches itself in the networking world, education will be a consistent requirement for partners. Contact us today to learn more about how the latest changes to the software-defined world affect how partners can succeed with new technologies.
The IT space has been abuzz with whispers that security and networking could soon be headed for a convergence, with networking taking over security needs (or vice-versa). Some pundits are predicting this shift could take place as early as this year, with SD-WAN technologies drawing particular attention due to two main factors: their popularity, and their perceived vulnerability.
As a result, IT experts are predicting SD-WAN will have a strong influence on both networking and security trends in 2017. Here are five specific ways in which this could influence the near future of enterprise IT:
SD-WAN Networks Have Heightened Security Needs
SD-WAN technologies, by their very nature, require a great deal of direct Internet access (DIA) expansion. This, in turn, brings about a major increase in the amount of digital assets that are exposed to security vulnerabilities.
Most businesses still aren’t paying enough attention to their security needs, with a recent survey sponsored by Versa Networks through Dimension Data finding that 40 percent of enterprise branch networks don’t even deploy basic firewall technologies, and that as many as half of these networks don’t use more advanced firewall security solutions.
When SD-WAN is used to power DIA, businesses open themselves up to two types of threats. SD-WAN increases the amount of attackable surface elements, while DIA means enterprises have a larger number of potential threat entry points to secure.
Vendors Are Taking Several Different Approaches to SD-WAN Security
Fortunately, experts in the SD-WAN space are fully cognizant of the security risks, and several solutions have emerged. Network segmentation and stateful firewalls are leading the charge, but there are still significant challenges at the application level. Vendors are working to meet these challenges by putting together customized mix-and-match solutions that combine as many as four security technologies.
Security Through Service Chaining
When paired with deep packet inspection (DPI), service chaining provides an effective means of securing SD-WAN networks. DPI works by collecting traffic from the edges of the network, and service chaining supports it by merging multiple security functions into a single, centralized hub that analyzes that traffic and identifies threats.
While this strategy is generally effective, it is still developing. One of its shortcomings is that security and the analytics specific to networking are separate. This can result in slower IT responses to security threats when they happen.
Because enterprises are trending towards reducing the amount of on-premises resources they maintain, a growing number of vendors are integrating SD-WAN networks with security solutions prior to implementation.
While this does offer key advantages, including improved analytics and reduced costs, it also comes with some drawbacks. One of the biggest downsides relates to industry-leading security providers, many of which aren’t fully integrated with SD-WAN networking solutions as of yet.
Security and Networking Will Converge
Even though the industry isn’t quite there yet, experts expect that security and networking will converge as the aforementioned technologies continue to mature. SD-WAN is noted for its ability to support collaboration, which bodes well for
IT teams working to secure these networks.
MicroCorp is a leading agency and distributor of advanced enterprise telecommunications solutions. Prospective partners interested in adding SD-WAN and related security technologies to their service suites are invited to contact MicroCorp to learn more.
T1s = Tried and True (but a little dated…)
T1s dominated the enterprise WAN market until the past few years. T1s were widely used for enterprise WAN networks, and provided modest speeds – carriers bonded T1s to achieve up to 10 Mbps. T1s were an established technology, but soon became outdated with the emergence of cable modem and Ethernet fiber access, which often offered 10x the speed, and often at a greatly reduced cost.
What Drove WAN Access Technology? Need for Speed
Emerging applications drove ever-increasing WAN speed requirements. New cloud-based applications like fast, reliable transport. User experience for these applications is highly contingent upon WAN speed and quality. Fast, reliable networks act as the underlying infrastructure required to deliver a satisfying user experience (A network for an application is not unlike steel girders in a skyscraper – they hold everything up).
Today’s High Speed Options – Cable Modem vs. Ethernet Fiber
Cable Modems (Coax)
Cable modem solutions currently dominate the small business market where there are a small number of users. Cable modems are a mass-consumed product, but can be a good fit for some enterprise WAN needs.
- Ideal for backup Internet connectivity (business continuity)
- Good fit for locations with no fiber access or locations where fiber build-out costs are prohibitive
- Often used for 5 users or less (micro-businesses, which is where cable modems dominate the market)
- Cable Modems are the “Why Not?” product – they offer the most bang for your buck for download speed – 50 Mbps download for less than $200 per month? Why not?
- Least expensive technology used for delivering high broadband speeds – up to 150 Mbps Down/20 Mbps Up
- Asymmetrical by nature – a lot more download than upload
- Designed for mass consumption of downloaded data
- Do not present Service Level Availability (SLAs) – Frequent outages are typical
- When outages occur, cable modem companies are notorious for their lack of customer service
- Not reliable enough transport for many emerging applications – which demand speed + high SLA levels
- Cable modem networks are copper-based, and have all the problems associated with degradation of this physical medium over time
- Cable modem networks are shared and oversubscribed by nature and often will not produce the download/upload advertised
- Cable companies don’t compete against each other – Their footprints don’t overlap – cable company choice is dictated by where your business is located
Ethernet fiber is the new T1 for enterprises. Most enterprises consider Ethernet fiber as the preferred option to satisfy their need for fast, reliable transport.
- Ideal for primary WAN connectivity (MPLS and Dedicated Internet Access)
- Will offer much higher SLA levels (great for emerging applications)
- New physical fiber plant – not as many problems with new physical media
- Private and dedicated – not oversubscribed
- Speeds of up to 10 Gbps
- Offer great flexibility and scalability – more bandwidth is a phone call away and only requires configuration changes
- Fiber companies compete against each other – presenting multiple carrier options
- More expensive than cable modems – you get what you pay for
- Typical Installation intervals are 90 days or more
- Business geographic location can limit options – fiber isn’t everywhere
Engineering Best Practice / Conclusion
Consider Ethernet fiber as the primary access technology for your enterprise’s WAN. The fast, reliable transport offered by Ethernet fiber will provide the infrastructure necessary to provide a quality user experience that will support emerging business-critical applications in the future.
Don’t Go It Alone!
IT budgets are shrinking, and IT staff is focused on other priority projects. iTransit has seasoned WAN and telecom engineers that will guide you throughout the process of designing a WAN strategy that meets your requirements. There are a lot of choices and we ensure you get the right solution for your enterprise’s unique technology needs…