This week SD-WAN takes centre stage at the SD-WAN Summit 2018 in Paris. Infradata is joining market leading SD-WAN vendors and experts at the event to share insights and discuss the current state of SD-WAN, including operability challenges. In this exclusive blog, SD-WAN expert Jan-Willem Keinke shares his expectations and views on opportunities for SD-WAN in 2018 and beyond.
Introduction to SD-WAN
SD-WAN is a progressive way of building WAN infrastructures that is being adopted by enterprises great and small. Today SD-WAN offers many advantages:
- Provisioning agility through Zero Touch Provisioning and configuration automation
- Integrated central management and performance monitoring
- Application aware routing to choose the WAN-service most appropriate for the application
- Service chaining capabilities allowing advanced functions to be strategically placed in the network
- Reduction of the total cost of WAN-links
- Service provider independence
- High flexibility when adding new sites and applications
- Extension of the existing WAN to include cloud-based applications
- Enhance the level of security at the branch to be equal to the security at the data centre
But despite being a mature solution today, the potential of what SD-WAN can offer in the future is far greater. This blog dives into how SD-WAN is expected to evolve to provide even greater benefits.
1. Deepening visibility
Understanding what application a flow belongs to is key for SD-WAN. After all, SD-WANs steer traffic across one path or the other based on the needs of a particular application. Today a lot of application recognition is based on Deep Packet Inspection (DPI) or understanding which (public) IP addresses are used for which applications. Many vendors have their own tracking service or use one from a third-party. DNS snooping and inspection of certificate names for encrypted sessions are two common ways of mapping an application to an IP address. Obviously, this doesn’t work for applications that are hosted internally and DPI doesn’t work for encrypted applications. It also doesn’t take into consideration that applications are often multimedia in nature with some parts being static and others real-time. Skype for Business is a good example with voice being delivered as well as video streams, and the ability to share the desktop and transfer files. These added features can impair the VoIP quality if not handled properly by the network.
Traffic profiling: Complementing DNS snooping, certificate inspection and DPI
Increasingly we will see application flows classified based on communication profiles. File transfers are recognised as big blocks of large packets flowing in one direction whereas voice comprises small packets that flow at consistent intervals in both directions. Traffic profiling will become complementary to existing techniques such as DNS-snooping, certificate inspection and DPI.
2. SD-WAN and improving application performance reporting
Every IT help desk receives this call frequently - “My application is slow today!”. Whether this is a valid statement and what causes it is often difficult to determine. Usually IT staff will look at various indicators to try to find a possible cause. If there is nothing obvious, further investigation is needed. Traffic encryption makes investigations and network-based monitoring difficult. Only via the endpoints can we get an insight into the performance of the application, but finding the root causes of poor performance remains hard. Advancements in log processing and data analysis will allow endpoint and network monitoring to merge into a single application performance monitoring and troubleshooting solution. The next logical step is to feed this information into the SD-WAN orchestration platform so that it can make automated adjustments to the network.
3. Finding even better paths
SD-WAN solutions combine multiple WAN underlay services to create a virtualised WAN-service, typically using MPLS and the Internet. To maximize flexibility and minimise cost, a solution that uses Internet links exclusively could be considered. While some SD-WAN solutions can compensate for increased packet loss and jitter, none can dictate the actual path taken across the Internet. As an example, if you have a connection between New York and London using Megapath and Verizon as your ISPs in New York and Virgin and BT in London, there’s a high chance that both your SD-WAN tunnels between these two cities will traverse the same Internet exchanges, and the same transatlantic cable. If that path is congested SD-WAN won’t help because path selection is limited to the direct paths available between the nodes in New York and London.
SD-WAN and calculating the best path
Today the Orchestrators in SD-WAN solutions have all the information needed to find an alternative path via a different node, for instance New York > Dublin > London. The Orchestrator has a complete overview of the utilisation and quality of all paths. It is relatively easy to calculate the best path based on various quality metrics similar to your car’s route planner taking closed roads and traffic jams into consideration when selecting the fastest route.
4. Beyond IP addresses
An SD-WAN makes new ways of routing application traffic possible. SD-WAN will progressively find a better view on which (SaaS) applications are hosted where and which server will provide optimal performance given the available paths. Traditional technologies like DNS load balancing and anycast IP addresses will remain in use for years to come, but SD-WAN could well complement these to connect a user to the best application server available.
5. Smarter QoS
The available bandwidth on an Internet VPN connection is never equal to the nominal speed. Usually it is oversubscribed, either by your local ISP or because the peering points between ISPs are. Most QoS implementations today will prioritise traffic and throttle low priority traffic to ensure high priority traffic gets through. If the current output is less than the configured (nominal) bandwidth there is no need for the throttling to kick in. Link characteristics like delay variations and packet loss will need to be considered in real-time to keep tabs on the actual available capacity and to prioritise accordingly. Smarter QoS schemes such as CAKE are increasingly being adopted.
6. User and entity-based path selection in SD-WAN
User and entity behaviour analysis is already becoming the norm in network security. It will also become a feature in SD-WAN. Voice between a call centre phone and a customer is inherently more valuable than other calls that may be on the network. Downloading a patch to protect against a zero-day exploit is more important than a regular software update from Microsoft. Adding knowledge to the SD-WAN about the endpoint and the person using it makes it even more intelligent than it is today.
SD-WAN: the way forward
Don’t let the future improvements described above make you hesitate about SD-WAN today. SD-WAN provides a lot of value right now and will continue to evolve in ways that traditional routing simply cannot. Managing the (routed) underlay infrastructure is something you should leave to your service provider. Using SD-WAN instead of routers is already easier today. However considering SD-WAN technology for your next WAN-refresh is an absolute must - make no mistake, traditional WANs are rapidly becoming the dinosaurs of tomorrow.
Jan-Willem Keinke - September 26 2018
Cloud Solution Architect