SD WAN Overlay
The following post goes into the details of the SDWAN overlay. Firstly, digital transformation is changing businesses in every industry. Both network performance and agility are critical to the success of a digital transformation initiative. However, the WAN ( Wide Area Network ) has not enjoyed much innovation over the last decade compared to other parts of the infrastructure, such as the server and storage modules, which have become more agile and fine-tuned for the cloud and virtual world. You could say that the WAN is the last bastion of a hardware module in the network. However, it is one of the infrastructure’s most essential strategic points.
For additional pre-information, you may find the following helpful:
- A key point: Back to basics with overlay technology
Overlay networking is an approach to computer networking that involves building a layer of virtual networks on top of an existing physical network. This approach provides a way to improve the scalability, performance, and security of the underlying infrastructure. It also allows for the creation of virtual networks that span multiple physical networks, allowing for greater flexibility in how traffic is routed. At the core of overlay networking is the concept of virtualization. This involves separating the physical infrastructure from the virtual networks, allowing greater control over allocating resources. This separation also allows the creation of virtual network segments that span multiple physical networks. This provides an efficient way to route traffic, as well as the ability to provide additional security and privacy measures.
A network underlay is a physical infrastructure that provides the foundation for a network overlay, a logical abstraction of the underlying physical network. The network underlay provides the physical transport of data between nodes, while the overlay provides logical connectivity. The network underlay can comprise various technologies, such as Ethernet, Wi-Fi, cellular, satellite, and fiber optics. The network underlay is the foundation of a network overlay, and it is essential for the proper functioning of the network. It provides the transport of data and the physical connections between nodes. It also provides the physical elements that make up the infrastructure, such as routers, switches, and firewalls.
Back to basics with SD-WAN with SDWAN overlay.
SD-WAN leverages a transport-independent fabric technology that is used to connect remote locations. This is achieved by using overlay technology. The SDWAN overlay works by tunneling traffic over any transport between destinations within the WAN environment. This gives authentic flexibility to routing applications across any network portion regardless of the circuit or transport type. This is the definition of transport independence. Having a fabric SDWAN overlay network means that every remote site, regardless of physical or logical separation, is always a single hop away from another.
SD-WAN overlays offer several advantages over traditional WANs, including improved scalability, reduced complexity, and better control over traffic flows. They also provide better security, as each site is protected by its dedicated security protocols. Additionally, SD-WAN overlays can improve application performance and reliability and reduce latency.
We need more bandwidth.
Modern businesses demand more bandwidth than ever to connect their data, application, and services. As a result, we have many things to consider with the WAN, such as regulations, security, visibility, branch, data center sites, remote workers, internet access, cloud, and traffic prioritization. They were driving the need for SD-WAN. The concepts and design principles of creating a wide area network (WAN) to provide resilient and optimal transit between endpoints have continuously evolved. But the driver behind building a better WAN has remained the same: to support applications that demand performance and resiliency.
SD WAN Overlay
Key SD WAN Features
The WAN is the entry point between inside the perimeter and outside. An outage in the WAN has a large blast radius, affecting many applications and other branch site connectivity. Yet the WAN has had little innovation until now with the advent of both SD-WAN and SASE. SASE is a combination of both network and security functions. If you look at the history of the WAN, there have been several stages in WAN virtualization. Most WAN transformation projects went from the basic hub-and-spoke topologies based on services such as leased lines to fully meshed MPLS-based WAN servers. The cost was the main driver for this evolution and not agility.
Issues with the Traditional Network
As the world of I.T. becomes dispersed, the network and security perimeters are dissolving and becoming less predictable. Before, it was easy to know what was internal and external, but now we live in a world of micro-perimeters with a considerable change in the focal point. The perimeter is now the identity of the user and device – not the fixed point at an H.Q. site. As a result, applications require a WAN to support distributed environments, flexible network points, and a change in the perimeter design.
Suboptimal traffic flow
The optimal route will be the fastest or most efficient and, therefore, preferred to transfer data. Sub-optimal routes will be slower and, therefore, not the preferred route. Centralized-only designs resulted in suboptimal traffic flow and increased latency, which will degrade application performance. A key point to note is that traditional networks focus on centralized points in the network that all applications, network, and security services must adhere to. These network points are fixed and cannot be changed.
Network point intelligence
However, the network should be evolved to have network points positioned where it makes the most sense for the application and user. Not based on, let’s say, a previously validated design for a different application era. For example, many branch sites do not have local Internet breakouts. So, for this reason, we backhauled internet-bound traffic to secure, centralized internet portals at the H.Q. site. As a result, we sacrificed the performance of Internet and cloud applications. Designs that place the H.Q. site at the center of connectivity requirements inhibit the dynamic access requirements for digital business.
Hub and spoke drawbacks.
Simple spoke-type networks are sub-optimal because you always have to go to the center point of the hub and then out to the machine you need rather than being able to go directly to whichever node you need. As a result, the hub becomes a bottleneck in the network as all data must go through it. With a more scattered network using multiple hubs and switches, a less congested and more optimal route could be found between machines.
- A key point on MPLS agility
Multiprotocol Label Switching, or MPLS, is a networking technology that routes traffic using the shortest path based on “labels,” rather than network addresses, to handle forwarding over private wide area networks. As a protocol-independent solution, MPLS assigns labels to each data packet, controlling the path the packet follows. As a result, MPLS significantly improves traffic speed yet has some drawbacks.
MPLS topologies, once they are provisioned, are challenging to modify. While community tagging and matching do provide some degree of flexibility and are commonly used, meaning the customers set BGP communities on prefixes for specific applications. The SP matches these communities and sets traffic engineering parameters like the MED and Local Preference. However, the network topology essentially remains fixed.
Connecting remote sites to the cloud offering, such as SaaS or IaaS, is far more efficient over the public Internet. However, there are many drawbacks to backhauling traffic to a central data center when it is not required, and it is more efficient to go direct. SD-WAN technologies share similar technologies to DMVPN phases, allowing your branch sites to go directly to the cloud-based applications without backhauling to the central H.Q.
Introducing the SD WAN Overlay
A software-defined wide area network is a wide area network that uses software-defined network technology, such as communicating over the Internet using SDWAN overlay tunnels that are encrypted when destined for internal organization locations. SD-WAN is software-defined networking for the wide area network. SD-WAN decouples (separates) the WAN infrastructure be it physical or virtual, from its control plane mechanism and allows applications or application groups to be placed into virtual WAN overlays.
Types of SD WAN and the SD WAN overlay: The virtual WANs
The separation allows us to bring many enhancements and improvements to a WAN that has had very little innovation in the past compared to the rest of the infrastructure, such as server and storage modules. With server virtualization, several virtual machines create application isolation on a physical server. For example, an application placed in a VM operated in isolation from each other, yet the VMs were installed on the same physical hosts.
Consider SD-WAN to operate with similar principles. Each application or group can operate independently when traversing the WAN to endpoints in the cloud or other remote sites. These applications are placed into a virtual SDWAN overlay.
SD-WAN overlay and SDN combined
- The Fabric
The word fabric comes from the fact that there are many paths to move from one server to another to ease balance and traffic distribution. SDN aims to centralize the order that enables the distribution of the flows over all the fabric paths. Then we have an SDN controller device. The SDN controller can also control several fabrics simultaneously, managing intra and inter-datacenter flows.
- SD-WAN overlay includes SDN
SD-WAN is used to control and manage a company’s multiple WANs. There are different types of WAN: Internet, MPLS, LTE, DSL, fiber, wired network, circuit link, etc. SD-WAN uses SDN technology to control the entire environment. Like SDN, the data plane and control plane are separated. A centralized controller must be added to manage flows, routing or switch policies, packet priority, network policies, etc. SD-WAN technology is based on overlay, meaning nodes representing underlying networks.
- Centralized logic
In a traditional network, each device’s transport functions and controller layer are resident. This is why any configuration or change must be done box-by-box. Configuration was carried out manually or, at the most, an Ansible script. SD-WAN brings Software-Defined Networking (SDN) concepts to the enterprise branch WAN.
Software-defined networking (SDN) is an architecture, whereas SD-WAN is a technology that can be purchased and built on SDN’s foundational concepts. The centralized logic that SD-WAN offers stems from software-defined networking. SDN separates the control from the data plane and uses a central controller to make intelligent decisions, similar to the design that most SD-WAN vendors operate.
- A holistic view
The controller has a holistic view. Same with the SD-WAN overlay. The controller supports central policy management, enabling network-wide policy definitions and traffic visibility. The SD-WAN edge devices perform the data plane. The data plane is where the simple forwarding occurs, and the control plane, which is separate from the data plane, sets up all the controls for the data plane to forward.
Like SDN, the SD-WAN overlay abstracts network hardware into a control plane with multiple data planes to make up one large WAN fabric. As the control layer is abstracted and decoupled above the physicals and running in software, services can be virtualized and delivered from a central location to any point on the network.
Types of SD WAN and SD-WAN Overlay Features
Enterprises that employ SD-WAN solutions for their network architecture will simplify the complexity of their WAN. Enterprises should look at the SD-WAN options available in various deployment options, ranging from the thin devices with most of the functionality in the cloud to more, let’s say, thicker devices at the branch location performing most of the work. Whichever SD-WAN vendor you choose, there will be similar features.
Today’s WAN environment requires us to manage many elements: numerous physical components that include both network and security devices, complex routing protocols, configurations, complex high availability designs, and various path optimizations and encryption techniques.
- A key point: Gaining the SD-WAN benefits
By employing the features discussed below, you will gain the benefits of SD-WAN: its higher capacity bandwidth, centralized management, network visibility, and multiple connection types. In addition, SD-WAN technology allows organizations to use cheaper connection types than MPLS.
Types of SD WAN: Combining the transports
At its core, SD-WAN shapes and steers application traffic across multiple WAN means of transport. Building off the concept of link bonding to combine multiple means of transport and transport types, the SD-WAN overlay improves the concept by moving the functionality up the stack. First, SD-WAN aggregates last-mile services, representing them as a single pipe to the application. SD-WAN allows you to combine all transport links into one big pipe. SD-WAN is transport agnostic. As it works by abstraction, it does not care what transport links you have. Maybe you have MPLS, private Internet, or LTE. It can combine all these or use them separately.
Types of SD WAN: Central location
From a central location, SD-WAN pulls all of these WAN resources together, creating one large WAN fabric which allows administrators to slice up the WAN to match the application requirements that sit on top. Different applications traverse the WAN, so we need the WAN to react differently. For example, if you’re running a call center, you want a low delay, latency, and high availability with Voice traffic. You may want this traffic to use an excellent service-level agreement path.
Types of SD WAN: Traffic steering
There may also be a requirement for traffic steering: voice traffic to another path if, for example, the first Path is experiencing high latency. Or, if it’s not possible to steer traffic automatically to a link that is better performing, run a series of path remediation techniques to try and improve performance. File transfer differs from real-time Voice: you can tolerate more delay but need more B/W.
Here you may want to use a combination of WAN transports ( such as customer broadband and LTE ) and combine them for higher aggregate B/W. It also allows you to automatically steer traffic over different WAN transports when there is a deflagration on one link. With the SD-WAN overlay, we must start thinking about paths, not links.
- SD-WAN overlay makes intelligent decisions
At its core, SD-WAN enables real-time application traffic steering over any link, such as broadband, LTE, and MPLS, assigning pre-defined policies based on business intent. Steering policies support many application types, making intelligent decisions about how WAN links are utilized and which paths are taken.
Types of SD WAN: Steering traffic
The concept of an underlay and overlay are not new, and SD-WAN borrows these designs. First, the underlay is the physical or virtual world, such as the physical infrastructure. Then we have the overlay, where all the intelligence can be set. The SDWAN overlay represents the virtual WANs that hold your different applications. A virtual WAN overlay enables us to steer traffic and combine all bandwidths. Similar to how applications are mapped to V.M. in the server world, with SD-WAN, each application is mapped to its own virtual SDWAN overlay. And each virtual SDWAN overlay can have its SD WAN security policies, topologies, and performance requirements.
- SD-WAN overlay path monitoring
SD-WAN monitors the paths and the application performance on each link (Internet, MPLS, LTE ) and then chooses the best Path based on real-time conditions and the policy set by the business. In summary, the underlay network is the physical or virtual infrastructure above which the overlay network is built. An SDWAN overlay network is a virtual network built on top of an underlying Network infrastructure/Network layer (the underlay).
Types of SD WAN: Controller-based policy
An additional layer of information is needed to make more intelligent decisions about how and where to forward application traffic. This is the controller-based policy approach that SD-WAN offers, incorporating a holistic view. A central controller can now make decisions based on global information, not solely on a path-by-path basis with traditional routing protocols. Getting all the routing information and compiling it into the controller to make a decision is much more efficient than making local decisions that only see a limited part of the network.
The SD-WAN Controller provides physical or virtual device management for all SD-WAN Edges associated with the controller. This includes but is not limited to configuration and activation, IP address management, and pushing down policies onto SD-WAN Edges that are located at the branch sites.
SD-WAN Overlay Case Study
I recently consulted for a private enterprise. Like many enterprises, they have many applications, both legacy and new. No one knew about courses and applications running over the WAN. Visibility was at an all-time low. For the network design, the H.Q. has MPLS and Direct Internet access. So nothing new here, and this design has been in place for the last decade. All traffic is backhauled to the HQ/MPLS headend for security screening. The H.Q. was where the security stack was located. This will include firewalls, IDS/IPS, and anti-malware. The remote sites have high latency and limited connectivity options.
Drivers for SD-WAN
More importantly, they are transitioning their ERP system to the cloud. As apps move to the cloud, they want to avoid fixed WAN, a big driver for a flexible SD-WAN solution. They also have remote branches. These branches are hindered by high latency and poorly managed I.T. infrastructure. But they don’t want an I.T. representative at each site location. They have heard that SD-WAN has a centralized logic and can view the entire network from one central location. These remote sites must receive large files from the H.Q.; the branch sites’ transport links are only single-customer broadband links.
The cost of remote sites
Some remote sites have LTE, and the bills are getting more significant. The company wants to reduce costs with either dedicated Internet access or customer/business broadband. They have heard that you can combine different transports with SD-WAN and have several path remediations on degraded transports for better performance. So they decided to roll out SD-WAN. From this new architecture, they gained several benefits.
When your business-critical applications operate over different provider networks, it gets harder to troubleshoot and find the root cause of problems. So visibility is critical to business. SD-WAN allows you to see network performance data in real-time and is critical for determining where packet loss, latency, and jitter are occurring so you can resolve the problem quickly. You also need to be able to see who or what is consuming bandwidth so you can spot intermittent problems. For all these reasons, SD-WAN visibility needs to go beyond network performance metrics and provide greater insight into the delivery chains that run from applications to users.
- Understand your baselines
Visibility is needed to complete the network baseline before the SD-WAN is deployed. This enables the organization to understand existing capabilities, the norm, what applications are running, the number of sites connected, what service providers used, and whether they’re meeting their SLAs. Visibility is a critical phase in getting a complete picture, so teams understand how to optimize the infrastructure for the business. SD-WAN gives you an intelligent edge so you can see all the traffic and do something with the traffic immediately.
First, look at the visibility of the various flows and what links are used, and any issues on those links. Then, if necessary, you can tweak the bonding policy to optimize the traffic flow. Before the rollout of SD-WAN, there was no visibility and types of traffic, and different apps used what B.W. They had limited knowledge of WAN performance.
SD-WAN offers higher visibility
With SD-WAN, they have the visibility to control and class traffic on layer seven values, such as what URL you are using and what Domain you are trying to hit, along with the standard port and protocol. All applications are not equal; some applications run better on different links. You can route to a different circuit if a particular application is not performing correctly. With the SD-WAN orchestrator, you have complete visibility across all locations, all links, and into the different traffic across all circuits.
The goal of any high-availability solution is to ensure that all network services are resilient to failure. Such a solution aims to provide continuous access to network resources by addressing the potential causes of downtime through functionality, design, and best practices. The previous high-availability design was active and passive with manual failover. It was hard to maintain, and there was a lot of unused bandwidth. Now they have more efficient use of resources and are no longer tied to the bandwidth of the first circuit.
There is a better granular applications failover mechanism; You can also select what apps are prioritized if there is a link failure or when a certain congestion ratio is hit. For example, you have LTE as a backup which can be very expensive. So applications marked high priority are steered over the backup link, but guest wifi traffic doesn’t.
Before, they had a hub and spoke MPLS design for all applications. They wanted a complete mesh architecture for some applications, kept the existing hub, and spoke for others. However, the service provider couldn’t accommodate the level of granularity that they wanted. Now with SD-WAN, they can choose topologies better suited to the application type. As a result, the network design is now more flexible and matches the application than the application matching a network design it doesn’t want.
Going Deeper on the SD-WAN Overlay Components
SD-WAN combines transports, SDWAN overlay, and underlay
Look at it this way. With an SD-WAN topology, there are different levels of networking. There is an underlay network, the physical infrastructure, and an SDWAN overlay network. The physical infrastructure is the router, switches, and WAN transports; the overlay network is the virtual WAN overlays. The SDWAN overlay presents a different network to the application. For example, the voice overlay will see only the voice overlay. The logical virtual pipe the overlay creates and the application sees differs from the underlay.
An SDWAN overlay network is a virtual or logical network created on top of an existing physical network. The internet, which connects many nodes via circuit switching, is an example of an SDWAN overlay network. An overlay network is any virtual layer on top of physical network infrastructure.
Consider an SDWAN overlay as a flexible tag.
This may be as simple as a virtual local area network (VLAN) but typically refers to more complex virtual layers from SDN or an SD-WAN). Think of an SDWAN overlay as a tag so that building the overlays is not expensive or time-consuming. In addition, you don’t need to buy physical equipment for each overlay as the overlay is virtualized and in the software. Similar to software-defined networking (SDN), the critical part is that SD-WAN works by abstraction. All the complexities are abstracted into application overlays. For example, application type A can use this SDWAN overlay, and application type B can use that SDWAN overlay.
I.P. and port number, orchestrations, and end-to-end
Recent application requirements drive a new type of WAN that more accurately supports today’s environment with an additional layer of policy management. The world has moved away from looking at I.P. addresses and Port numbers used to identify applications and made the correct forwarding decision.
Types of SD WAN
The market for branch ofﬁce wide-area network functionality is shifting from dedicated routing, security, and WAN optimization appliances to feature-rich SD-WAN. As a result, WAN edge infrastructure now incorporates a widening set of network functions, including secure routers, ﬁrewalls, SD-WAN, WAN path control, and WAN optimization, along with traditional routing functionality. Therefore, consider the following approach to deploying SD-WAN.
SD WAN Overlay Approach
SD WAN Feature
1. Application-based approach
With SD-WAN, we are shifting from a network-based approach to an application-based approach. The new WAN no longer looks solely at the network to forward packets. Instead, it looks at the business requirements and decides how to optimize the application with the correct forwarding behavior. This new way of forwarding would be problematic when using traditional WAN architectures.
Making business logic decisions with I.P. and port number information is challenging. Standard routing is the most common way to forward application traffic today, but it only assesses part of the picture when making its forwarding decision. These devices have routing tables to perform forwarding. Still, with this model, they operate and decide on their little island, losing the holistic view required for accurate end-to-end decision-making.
2. SD-WAN: Holistic decision
The WAN must start to make decisions holistically. The WAN should not be viewed as a single module in the network design. Instead, it must incorporate several elements it has not incorporated to capture the correct per-application forwarding behavior. The ideal WAN should be automatable to form a comprehensive end-to-end solution centrally orchestrated from a single pane of glass.
Managed and orchestrated centrally, this new WAN fabric is transport agnostic. It offers application-aware routing, regional-specific routing topologies, encryption on all transports regardless of link type, and high availability with automatic failover. All of these will be discussed shortly and are the essence of SD-WAN.
3. SD-WAN and central logic
Besides the virtual SDWAN overlay, another key SD-WAN concept is centralized logic. Upon examining a standard router, local routing tables are computed from an algorithm to forward a packet to a given destination. It receives routes from its peers or neighbors but computes paths locally and makes local routing decisions. The critical point to note is that everything is computed locally. SD-WAN functions on a different paradigm.
Rather than using distributed logic, it utilizes centralized logic. This allows you to view the entire network holistically and with a distributed forwarding plane that makes real-time decisions based on better metrics than before. This paradigm enables SD-WAN to see how the flows behave along the path. This is because they are taking the fragmented control approach and centralizing it while benefiting from a distributed system.
The SD-WAN controller, which acts as the brain, can set different applications to run over different paths based on business requirements and performance SLAs, not on a fixed topology. So, for example, if one path does not have acceptable packet loss and latency is high, we can move to another path dynamically.
4. Independent topologies
SD-WAN has different levels of networking and brings the concepts of SDN into the Wide Area Network. Similar to SDN, we have an underlay and an overlay network with SD-WAN. The WAN infrastructure, either physical or virtual, is the underlay, and the SDWAN overlay is in software on top of the underlay where the applications are mapped. This decoupling or separation of functions allows a different application or group overlays. Previously, the application had to work with a fixed and pre-built network infrastructure. With SD-WAN, the application can choose the type of topology it wants, such as a full mesh or hub and spoke. The topologies with SD-WAN are a lot more flexible.
- A key point: SD-WAN abstracts the underlay
The virtual WAN overlays are abstracted from the physical device’s underlay with SD-WAN. Therefore, the virtual WAN overlays can take on topologies independent of each other without being pinned to the configuration of the underlay network. SD-WAN changes how you map application requirements to the network allowing for the creation of independent topologies per application.
For example, mission-critical applications may use expensive leased lines, while lower-priority applications can use inexpensive best-effort Internet links. This can all change on the fly if specific performance metrics are unmet. Previously, the application had to match and “fit” into the network with the legacy WAN, but with an SD-WAN, the application now controls the network topology. Multiple independent topologies per application are a crucial driver for SD-WAN.
5. The SD-WAN overlay
SD-WAN optimizes traffic over multiple available connections. It will dynamically steer traffic to the best available link. Suppose the available links show any transmission issues. In that case, it will immediately transfer to a better path or apply remediation to a link if, for example, you only have a single link. SD-WAN delivers application flows from a source to a destination based on the configured policy and best available network path. A core concept of SD-WAN is the overlays.
SD-WAN solutions provide the software abstraction to create the SDWAN overlay and decouple network software services from the underlying physical infrastructure. Multiple virtual overlays may be defined to abstract the underlying physical transport services, each supporting different quality of service, preferred transport, and high availability characteristics.
6. Application mapping
Application mapping also allows you to steer traffic over different WAN transports. This steering is automatic and can be implemented when specific performance metrics are unmet. For example, if Internet transport has a 15% packet loss, the policy can be set to steer all or some of the application traffic over to better-performing MPLS transport.
Applications are mapped to different overlays based on business intent, not infrastructure details like I.P. addresses. When you think about overlays, it’s common to have, on average, four overlays. For example, you may have a gold, platinum, and bronze SDWAN overlay and then map the applications to these overlays. The applications will have different networking requirements, and overlays allow you to slice and dice your network if you have multiple application types.
- A key point: SD-WAN & WAN metrics
SD-WAN captures metrics that go far beyond the standard WAN measurements. For example, the traditional way would measure packet loss, latency, and jitter metrics to determine path quality. These measurements are insufficient for routing protocols that only make the packet flow decision at layer 3 of the OSI model. As we know, layer 3 of the OSI model lacks intelligence and misses the overall user experience. Rather than relying on bits, bytes jitter, and latency, we must start to look at the application transactions.
SD-WAN incorporates better metrics that look beyond those considered by a standard WAN edge router. These metrics may include application response time, network transfer, and service response time. Some SD-WAN solutions monitor each flow’s RTT, sliding windows, and ACK delays. Not just the I.P. or TCP. This creates a more accurate view of the performance of the application.
SD-WAN Features and Benefits
Leverage all available connectivity types.
All SD-WAN vendors can balance traffic across all transports regardless of transport type, which can be done per flow or packet. This ensures that existing redundant links sitting idle are not being used. SD-WAN creates an active-active network and eliminates the need to use and maintain traditional routing protocols for active–standby setups.
App-aware routing capabilities
As we know, application visibility is critical to forward efficiently over either transport. Still, we also need to go one step further and examine deep inside the application and understand what sub-applications exist, such as determining Facebook chat over regular Facebook. This allows you to balance loads across the WAN based on sub-applications.
Regional-specific routing topologies
Several topologies include a hub and spoke full mesh and Internet PoP topologies. Each organization will have different requirements for choosing a topology. For example, Voice should use a full mesh design, while data requires a hub and spoke connecting to a central data center.
As we are moving heavily into the use of cloud applications. Local internet access/internet breakout is a better strategic option than backhauling traffic to a central site when it doesn’t need to. SD-WAN abstracts the details of WAN enabling application-independent topologies. Each application can have its topology, and this can be dynamically changed. All of which are managed by an SD-WAN control plane.
Centralized device management & policy administration
With the controller-based approach that SD-WAN has, you are not embedding the control plane in the network. This allows you to centrally provision and pushes policy down any instructions to the data plane from a central location. This simplifies management and increases scale. The manual box-by-box approach to policy enforcement is not the way forward.
The ability to tie everything to a template and automate enables rapid branch deployments, security updates, and other policy changes. It’s much better to manage it all in one central place with the ability to dynamically push out what’s needed, such as updates and other configuration changes.
High availability with automatic failovers
You cannot apply a single viewpoint to high availability. Many components are involved in creating a high availability plan, such as device, link, and site level’s high availability requirements; these should be addressed in an end-to-end solution. In addition, traditional WANs require additional telemetry information to detect failures and brown-out events.
Encryption on all transports, irrespective of link type
Regardless of link type, MPLS, LTE, or the Internet, we need the capacity to encrypt all those paths without the excess baggage and complications that IPsec brings. Encryption should happen automatically, and the complexity of IPsec should be abstracted.
- Fortinet’s new FortiOS 7.4 enhances SASE - April 5, 2023
- Comcast SD-WAN Expansion to SMBs - April 4, 2023
- Cisco CloudLock - April 4, 2023