SDWAN: Chapter-1: Introduction to SDWAN

SD-WAN Definition

A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services – including ILL, MPLS, LTE & broadband internet services – to securely connect users to applications hosted within the Data Centers.

It is a virtual WAN architecture that gives enterprises the flexibility to take maximum advantage of any combination of transport services for securely connecting users to applications. The top five advantages of SD-WAN technology include improved performance, boosting security, lowering complexity, enabling cloud usage, and reduced cost.

So, in nutshell, A software-defined wide area network (SD-WAN) is a network that is abstracted from its hardware, creating a virtualized network overlay as a Hub-Spoke topology

 

Need of SD-WAN

Clients are using the traditional MPLS network to cope up with their application connectivity within the DC (Active-Passive or Active-Active Scenario) and to accomplish organizations are paying considerable amount of money to ISP for large bandwidth MPLS links. Along with MPLS, link client also needs to have Internet leased line to complete the internet requirement. SO, this mix affair of MPLS+ILL is shooting the IT budget for almost every organization across the globe.

Also, Traditional WANs based on conventional routers were never designed for the cloud. They typically require backhauling all traffic, including cloud-destined traffic, from branch offices to a hub or headquarters data center where advanced security inspection services can be applied. The delay caused by backhaul impairs application performance resulting in a poor user experience and lost productivity.

With inclusion of SDWAN technology, the MPLS/Leased line (ILL) becomes a mere transport medium for DC application connectivity. It chooses the optimal path from the public Internet connections and MPLS links. With this solution, the performance & the cost is balanced on a per-application basis. SDWAN introduces a flexibility to use any medium as a transport medium regardless of its nature (except P2P links). Unlike the traditional router-centric WAN architecture, the SD-WAN model is designed to fully support applications hosted in on-premises data centers, public or private clouds, and SaaS services such as Salesforce.com, Workday, Dropbox, Microsoft 365, and more, while delivering the highest levels of application performance.

Basic SDWAN Architecture

SD-WAN uses an abstracted architecture for its network. In an abstracted architecture, the network is divided into two parts: the control plane and the forwarding plane. The SD-WAN architecture moves the control plane to a centralized location like an organization’s headquarters

 

 

Most of the SDWAN vendor solution consist of following component to create a SDWAN solution (Exact solution being different from Vendor to Vendor)

1.     SDWAN Hub Persona

2.     SDWAN Spoke Persona

3.     SDWAN Orchestrator

4.     The SDWAN controller

5.     SDWAN Event Logging Server

S    SDWAN WAN Management

SDWAN creates network overlays between SDWAN boxes using existing underlay networks (MPLS, ILL, 3G/4G, broadband) to connect with applications, alleviating need to have a hop-hop transfer of packets using legacy network. SDWAN security is based largely on the use of IP security (IPsec), VPN tunnels, next-generation firewalls (NGFWs), and the micro segmentation of application traffic.

A more recent secure networking technology that many SD-WAN vendors have started offering as well as SD-WAN is secure access service edge (SASE). SD-WAN and SASE are built on the principles of virtualization and using multiple connection types. However, what SASE does differently is decentralize the network. Instead of the hub-and-spoke topology typical of SD-WAN; SASE securely connects users no matter their location to the nearest network point of presence (PoP) where security and networking functions are executed.

Below are the Network Technologies used while delivering the SDWAN solution (this again varies vendor to vendor)

1. Network overlay (Dynamic IPSEC VPNs)

2. Static routing for selected networks

3. BGP using community routing (optional but strongly recommended)

4. SLAs for link monitoring

5. Policy routes for traffic steering

Key SDWAN Vendors

1.     Secure SDWAN by Fortinet 

2.     Aruba Edge Connect

3.     Palo Alto Prisma

4.     Cisco Viptella Meraki SDWAN

5.     Vmware SASE

6.     Citrix SADWAN

7.     Versa Secure SDWAN

 

Key Takeaway from SDWAN Technology

1.     SDWAN offers a simple way to merge the networks of a multi-site business into one. 

2.  The most cost-effective medium to connect sites together is over the internet. SD-WANs deploy techniques to create a private network link over the internet.

3.     Increased bandwidth at a lower cost since the network traffic can be provisioned for optimal speeds and throttle low-priority applications.

4.     More options for connection type and vendor selection since the network can reside on COTS (commercial off the shelf) hardware and use both private and public connections to route its traffic.

5.     Continuous Network learning via Automated traffic steering using pre-defined rules

6.    Continuous monitoring the links using SLAs to ensure seamless connectivity with the applications

7. End-to End Secure communication for Hub-Spoke, spoke-Hub, or spoke-spoke communication.

8.     Secure local breakout for the internet application along with load balancing.

 

In next Blog, let’s start with industry leading Fortinet’s way of delivering the Secure SD-WAN solution and lets deep dive more into it in subsequent blogs.