Your business is considering SD WAN. As a Cisco Authorised Reseller for Meraki and Viptela, we leverage our BT Premier Partner status to architect BT Internet, MPLS or VPLS connectivity as the underlying platform.
All of the key features of SD WAN defined. How to understand each core area across application flow and security. The process to follow including delivery and setting budgets. The key vendors and their unique selling points listed.
Our previous WAN Mindmap has been used my multiple recognisable organisations from charities such as the Royal British Legion to London based finance companies.
We also offer the live version of our Mindmap in the form of a free workshop hosted at your office. A 2 hour interactive session on all things WAN procurement.
Have you read our latest content over at Techtarget.com? Try the following: https://searchnetworking.techtarget.com/tip/SD-WAN-and-SLAs-Why-crafting-internal-SLAs-is-a-smart-move
Looking back at recent years, the market has moved toward a software WAN environment which is typically delivered as a hybrid of private circuits (MPLS, Ethernet) and Internet VPN. At the core of solutions is some capability to deliver SD WAN features. The complexity for IT teams revolves around the need to consider Cloud and Security along side their WAN projects. And to compound your challenge, deciding which provider is a good fit for your requirements.
Whats more, SD WAN providers are creating huge sweeping marketing statements around cost savings. While there is definitely truth behind using SD WAN and Internet connectivity to save expenditure, the detail behind such a move is often not discussed to any level of detail.
Is MPLS dead? No, the technology is evolving. Our group is witnessing a transformation of MPLS where edge devices are now software enabled. Cisco is one such example where Meraki technology is deployed across MPLS networks to bolster security, improve upon reporting and application performance.
IT are proactively researching WAN technology to avoid making buying decisions based on marketing hype. We have listed the main SD WAN providers/vendors, most of which are partners to help your IT team look at some example capabilities.
Here is a list of SD WAN providers:
To further enhance the value of this article, we have include a basic overview across the leading providers of SD WAN services below.
Meraki is without a doubt the most popular vendor when discussing initial requirements with prospective buyers. The products are cost effective and feature-rich offering functions such as endpoint management which is positioning IT teams to share intelligence and enforce policies across the network based on the device status and where the services are located or installed, software and/or users.
One of the newer features is device enrolment which means policy is enforced without even having to handle the actual hardware. WiFi access can be delivered based on device type, users and security compliance. In short, Cisco Meraki is feature rich with the ability to support/deliver a full stack of connectivity from Security, Switching, WAN and Wireless via a single interface.
It is important to note, and perhaps obvious, but to take advantage of the Meraki capability, your network ‘needs’ to be Meraki end to end. (Not necessary but advised)
Cisco also owns Viptela, how should you decide on Meraki vs Viptela? The major differentiators revolve around the ability to handle three or more uplinks, WAN multicast and TCP optimisation. The value proposition of Viptela is based on customisation allowing customers to control layers 4-7 of the OSI model.
Without going into too much detail, Viptela is extremely competent at WAN segmentation across both on-premise equipment and also cloud architectures. In other words, if your business is of a more complex, global nature, Meraki could be viewed as too simplistic to meet the demands of your network architecture requirements.
With the above said, Meraki and Viptela do intersect as both are able to adjust traffic routing based on the policies your business decides, they are scalable and offer cellular failover.
The Silver Peak proposition looks to be based on cost savings by removing ‘expensive private MPLS’ with their SD WAN solution and Internet. While there is the capability to save money, the question at the core of their approach surrounds the service level agreements from low cost Internet providers.
The overall Silver Peak proposition is feature rich and very capable of supporting applications, user security and intelligent data flow. However, their marketing appears to push SD WAN as an Internet based service rather than a connectivity agnostic vendor. And while their tests show significant benefits when using Silver Peak across Broadband, this is only one part of the story.
If your low cost Broadband provider suffers an outage, the general SLA is generally nowhere near as robust vs private based networks. We take the stance that connectivity should be based on specific requirements when everything else is equal. If your sites are not mission critical, Internet Broadband is a great way to save money and deploy cost effective services.
Where a circuit with an end to end SLA is required, technologies such as MPLS are not going away. Silver Peak offer some interesting features such as forward error correction which is designed to essentially reconstruct packets with faulty data. A further key area of interest is their ability to from an overlay making the transition from MPLS to Internet a less complicated process. As we mentioned earlier, be aware that replacing MPLS with Internet may save money but there is more to consider.
Leading on from Silver Peak, the value from Aryaka is actually based on the best of both worlds. The underlying network is a well engineered private MPLS core resulting in end to end traffic prioritisation and better SLAs when compared to general Internet connectivity.
The SD WAN functions are broadly inline with other vendors resulting in the best of both worlds - software flexibility/management with MPLS privacy. The cost and proportion from Aryaka places their business in alignment with large global Enterprise business sending traffic over long distances.
The connectivity offering is based on a tail circuit into their closest point of presence. Aryaka offers accelerated delivery for CDN which again plays into the global WAN customer.
The Aryaka SmartCONNECT product is suited to organisations with a desire to outsource more complex elements of the WAN. Where more detailed configuration changes are required, Aryaka previously required involvement from their support team. However, as of writing this article, a self service portal achieves end to end management.
The VMWare proposition offers some similarities with Silver Peak, they also offer FEC (Forward Error Correction) and TCP optimisation.
VeloCloud offers both hardware and software clients with full Firewall functionality. While researching the VeloCloud proposition, their cloud resident gateways are of benefit to companies requiring a secure overlay that is transport independent, operating across any combination (public or private circuits), with secure connectivity to enterprise data centers, cloud compute and SaaS applications.
Some further key benefits are their application improvement performance over degraded links which also includes delay sensitive apps such as voice and video. The VeloCloud strategy looks very strong over the next 12 months with marketing suggesting intent based WAN features are on the horizon.
After the main Citrix brand application, the Netscaler SD WAN appliance is perhaps one of the best known products when discussing software WAN services with IT Management and their teams. NetScaler offers physical, virtual and cloud products with their management and analytics system - MAS. The Citrix offering includes both WAN optimisation and stateful packet inspection Firewall.
With such a large market share from their core Citrix product, the market for SD WAN across existing customers is significant. The actual SD WAN product is managed by the same UI platform.
There’s a large focus on the ability for Talari to control WAN path access via on premises or cloud management. The capability to aggregate links offering seamless failover even for Voice and UCaas has always been a strong proposition even in the early days of SD WAN.
With this said, Talari does not have the experience of dealing with large WAN deployments - as of writing this article, their global telco provider relationships are limited.
An International company based out of Hong Kong with a reputation for supporting bandwidth constrained/variable performance circuits.
The Peplink strategy offers flexible WAN edge connectivity via products such as SpeedFusion with their Max cellular tower and InControl management system. In short, for companies with a large number of sites requiring connectivity outside of fixed Ethernet services, the Peplink offering has a good level of features. With their current operations small in comparison to other SD WAN providers, large Global should consider other options.
The SteelHead SD WAN platform supports WAN optimisation in a single appliance. With SteelConnect SD WAN gateways and their Ethernet switch devices, they are well position to offer services for both the WAN and LAN.
There are no cloud gateway offerings but the service can be virtualised via AWS or Azure. The competition for SD WAN is becoming stronger month on month, other vendors are looking more capable when compared to resilience and firewall security functions.
Does SD WAN over the Internet replace MPLS or compliment private based services? Is the Internet mature enough to support SD WAN? With the huge expansion of cloud services and the need to drive down costs, we believe the technology is an essential component of your WAN strategy.
There are a number of challenges when IT teams look to procure SD WAN services. The first surrounds gaining clarity on which IP network providers are suited to your specific branch office locations. The second is understanding the vendor / SD WAN service providers that have the capability to layer on managed services or supply hardware for wires only deployment. A data network architecture should be flexible and include ALL WAN connectivity offerings as options without increasing the complexity of the overall design. We meet this initial issue head on with our capability to bring together BT Business with the leading providers of SD WAN services.
IT teams are now positioned to control the flow of user data, self manage their own WAN where required, leverage low-cost Internet, monitor user and application flow, WIFI and even CCTV. What's more, SD WAN services are meeting the demands of multiple connectivity requirements from 3G, 4G and Broadband through to Global Ethernet.
With this said, the basic requirement remains the same. When selecting a WAN vendor/provider, customers needs must be translated into clear products and services that meet specific requirements. If your sales team is not listening, there is the potential for misunderstanding your demands. The sales process should demonstrate capability (not just another solution) in order for businesses and organisations to make an informed decision.
The SD WAN proposition represents the here and now but at the same time, the future of networking regardless of whether you prefer Internet, MPLS, VPLS or metro Ethernet. In the majority of hybrid network designs we put together, based on Cisco involvement, the output is largely based around Meraki or Viptela with BT Internet/MPLS. Just a year or so previous. we would be positioning standard Cisco routers. The main challenge for IT teams working on their WAN procurement project is to understand the detail behind marketing. We’ve written a comparison article for readers considering SD WAN vendors.
In addition to the usual telco suspects, I have also included a list of the top SD WAN vendors to align with connectivity service providers. If your business is embarking on a WAN procurement project, your IT team will need to consider hardware and software, the physical and virtual across CPE, gateways and controllers. In addition, delivery and support remain at the top of the buying criteria points list. While software solutions do offer significant capability, the challenge is in deciphering marketing material. There is also the challenge of understanding how underlying connectivity will support your applications. We’re reading about the demise of MPLS and while not every site will require end to end privacy and QoS, we cannot see every Global Enterprise selecting low-cost Internet.
As businesses create RFP content, the basics remain important. How prospective vendors fit across their financial health, how they invest in their own products but equally the strength of relationships with telcos when a vendor does not operate or own network connectivity.
The list below details the considerations your team should note when buying SD, MPLS or VPLS WAN provider services.
How does the provider interface with 3G, 4G and 5G connectivity from the perspective of degraded services but also into their respective connectivity whether Internet, MPLS or VPLS?
Without wanting to make sweeping statements based on no conclusive research, I would probably say that cost is a significant driver creating the buzz surrounding SDN services. However, in addition to pricing, some important business drivers cannot be ignored.
We see the cloud as representing the biggest force behind software-based networking. If you consider the majority of leading cloud providers, their services are accessed by public based networks (i.e.The Internet). There are of course exceptions, cloud services are also made available via private data center interconnects but the majority of growth surrounds public based access.
The reasons are fairly obvious with huge growth in remote access, BYOD (bring your device) and collaboration with outside entities. In the majority of cases, smartphones are becoming a natural way of communicating across 3G and 4G networks on an almost permanent basis. In this sense, the business case for using the Internet as a platform for your WAN combined with software-driven functionality which allows greater flexibility to control user access, branch and remote user security, performance and more makes perfect sense.
The Internet of today is maturing and developing faster than ever before. If we think back to connectivity just a decade ago, the difference in performance is startling.
Got a project? Start a proposal.
With the past in mind, MPLS Layer 3 routed networks grew out of the need to provide predictable performance without the complexity and overhead of security with encryption. The internet of the 2000’s simply was not up to the task of providing a consistent experience. Also, the technology of today (tablets, phones etc) did not exist, therefore the reliance on a 'permanently on' internet connection was not a requirement. If you’re phone looses connectivity for an hour in 2016, you soon realise the productivity decline. In 2006, you would be lucky to have connectivity. A huge step change.
The Internet is now a viable platform to deliver mission critical data applications including voice and video. As a home or business user, the Internet is regularly leveraged, and for the most part, the experience is positive. In many cases, access to a private data network is a restrictive experience unless setup correctly.
An SD WAN Internet deployment represents a lower cost vs. MPLS private networks; availability is everywhere, in the main, and the platform just gets better and better. At this stage, you would be forgiven for not reading any further with the belief that SD WAN is leading the way. However, your organisation must carefully consider your locations and requirements vs. using a private or public based network. There are still use cases for both scenarios.
To leverage the best possible cost savings from an SD-WAN deployment, the best practice would be to put in place in country connectivity based on the best provider for the given location. As an example, an Enterprise might select BT in the UK, Verizon in the US and so on. In order to really maximise savings, we would recommend further granularity by selecting in-country, per state providers.
To better explain the challenges, we'll use a scenario.
TGWC is an expanding business with 60 branch offices across the globe, some of which only contain a few people and remote users. The challenge for TGWC surrounds a few key areas:
An Enterprise organisation deploying voice and video would, as I mentioned earlier, typically look to MPLS or VPLS due to the traffic prioritisation across the network via QoS. However, the Internet as a platform is maturing, bandwidth is becoming cheaper, and our devices (e.g. CiscoiWAN) are using Software Defined Networking to ensure application performance is met. The laws of physics always apply regardless which platform you select. This is highlighted by the fact (as an example) the UK and Australia are some distance away from each other which means packets have to travel thousands of miles regardless of technology. In other words, you cannot fix distance. With this in mind, any SD-WAN circuit providers must be transparent with regards to their real world latency performance in order that your business is able to get a handle on how your voice or video will perform. Also, the tail circuit must also be factored - i.e. the distance between your office and the provider's edge network (PE). Once you’ve done the basics, SD-WAN (we know Cisco in-depth so your mileage may vary) will dynamically consider any connected services by monitoring latency, jitter and packet loss. This awareness enables load balancing and failover options on a dynamic real time basis thus maximising network uptime. This not only has a positive impact to head office and branch locations but also to remote users as they traverse the globe. Regardless of where they are, the connectivity type they are using, SD-WAN will sense how well applications may perform.
Application optimisation and control (AVC in Cisco terms) combined with WAAS (Cisco WAN acceleration) offers deep packet inspection. At a high level, this allows the software to perform tuning on the actual application. As an example, your organisation may decide that a particular app is critically important to the user. In this scenario, the tuning could provide priority onto the wire vs other traffic such as the Internet. The use of applications using well-known ports (e.g. HTTP port 80) is increasing meaning that deep packet inspection is necessary to ensure applications are correctly picked up for prioritisation.
We’ve kind of covered this earlier but perhaps budget is one of the biggest SD-WAN providers selling points. The cost of ownership is typically lower as you’re able to source Internet connectivity on a global basis vs. the required SLA. As an example, and at the risk of selling, our WAN procurement team can search almost all Global Internet providers via our portal. The data returned shows exactly which provider is available and the associated costs. The overall cost for iWAN is competitive based on the amount of features available as standard. In short, average savings of 30% are typically available vs. managed MPLS. However, we have seen even stronger results, but the results are dependent on region.
This scenario occurs for a couple of reasons. The first is more obvious - your business is simply in locations where no single provider can offer end to end connectivity. The result is normally an NNI (Network to Network Interconnect) connection which is delivered via a 3rd party telco, usually withing a data centre environment. With SD-WAN and Internet, this scenario is rarely a problem since the whole connectivity market is available to your organisation. The issue then becomes one of checking latency and performance.
The second is acquisition, where two network providers are involved as each company is using connectivity from different providers. Where this scenario occurs, an interconnect is required to join the two networks which are often problematic as MPLS VPRn is a private technology. The SD-WAN network provider proposition would essentially deliver the managed hardware remaining agnostic regarding the installed connectivity. This again highlights the flexibility of Internet-based WAN services.
There is growing interest in using public IP networks (Internet). The business is growing rapidly with new cloud application resources arriving on a constant basis, more users with more devices and so on.
Any WAN today must support remote and BYoD (Bring your device) users together with static branch office locations. An MPLS network supports only private based connectivity with private Cloud. Of course, it is possible to route traffic via an Internet breakout but, architectural speaking, there are disadvantages vs. SD-WAN deployments. Using the Internet is growing regardless of whether your core sites are connected via private WAN based technology.
With the growth of the organisation, management of data application security is a concern as each user requires a different level of access. Software based deployments are, by their nature, very flexible regarding capability to control security. In much the same way as the ‘software’ detects granular network conditions, it is also possible for the device to become very ‘granular’ when allowing access. This kind of functionality would normally require dedicated Firewall appliances to achieve.
Above - latency across multiple networks.
SD-WAN is currently offered by some vendors providing some choice with regards to cost and capability.
Setting WAN pricing is important. The detail is critical to understand.
However, connectivity procurement is clearly a large part of the decision regardless of whether you have selected a vendor. There are certain WAN providers who are offering SD-WAN as part of their overall offering, but the capability is often only a tiny subset of SDN capability. The potential issue is one of change control. As an example, the promise of SDN revolves around flexibility and agility.
However, if a cumbersome and bureaucratic service provider offers a five-day turn around on charge requests, it doesn't matter how flexible your new software driven WAN is if you’re still at the mercy of your provider. It makes sense to ensure your prospective WAN services are well aligned.
As we alluded to earlier, Internet connectivity is growing exponentially. It is a common misconception that an MPLS network is somehow different in technology to public IP. In fact, core network engineers working on both private and public networks use MPLS as a traffic management technology. The difference covers three distinct areas:
To conclude, the Internet is a much more robust and well-scaled platform today vs the past. Software Defined Networking has developed some different use mechanisms to meet with the lack of application data QoS which in many ways is much more flexible than QoS. We’ll be covering these features in more depth over the next few months. The encryption created by devices such as Cisco iWAN is also highly secure which, is always a concern with Internet-based services and when coupled with deep packet inspection, the risks of a network intrusion are minimal. It would, in fact, be easier for a hacker to gain physical entrance to your premises.
Further reading on Software Defined Networking
An further article on SDN networking
Wiki article on SDN services