ipv6 filtering

IPFIX Big Data

IPFIX Big Data

In today's data-driven world, the ability to extract valuable insights from vast amounts of information has become crucial. One such powerful tool that aids in this endeavor is IPFIX Big Data. In this blog post, we will delve into the world of IPFIX Big Data, exploring its significance, benefits, and applications.

IPFIX (Internet Protocol Flow Information Export) is a standard protocol used for exporting network flow information. It provides a structured format to capture and record data related to network traffic. By leveraging Big Data techniques, organizations can process and analyze IPFIX data on a massive scale, uncovering valuable patterns, trends, and anomalies.

Improved Network Performance Monitoring: IPFIX Big Data enables organizations to gain deep visibility into network traffic, allowing for real-time monitoring and analysis. By identifying bottlenecks, network congestion, and abnormal behavior, administrators can proactively address issues, optimize network performance, and enhance user experience.

Advanced Security Analytics: The abundance of data collected through IPFIX Big Data provides a treasure trove of information for security analysts. By applying sophisticated analytics techniques, organizations can detect and mitigate potential security threats, including intrusion attempts, DDoS attacks, and malware infections. IPFIX Big Data empowers security teams to stay one step ahead of cybercriminals.

Network Capacity Planning: IPFIX Big Data plays a vital role in capacity planning, allowing organizations to anticipate future network demands. By analyzing historical IPFIX data, administrators can accurately forecast resource requirements, optimize network infrastructure, and ensure scalability to meet growing business needs.

Business Intelligence and Decision Making: IPFIX Big Data provides valuable insights into user behavior, application usage, and network performance. By mining this data, organizations can make data-driven decisions, optimize business processes, and uncover new opportunities for growth and innovation.

Data Volume and Scalability: The sheer volume of IPFIX data can pose challenges in terms of storage, processing power, and scalability. Organizations need to have robust infrastructure in place to handle the massive influx of data and employ efficient data management strategies.

Data Privacy and Security: As IPFIX data contains sensitive information about network traffic, ensuring data privacy and security is of utmost importance. Organizations must implement robust security measures and adhere to data protection regulations to safeguard this valuable asset.

IPFIX Big Data has revolutionized the way organizations analyze and leverage network flow information. From improved network performance monitoring to advanced security analytics and driving innovation, the power of IPFIX Big Data is undeniable. By harnessing its potential and overcoming challenges, organizations can unlock valuable insights, enhance operational efficiency, and stay ahead in today's data-driven landscape.

Highlights: IPFIX Big Data

Understanding IPFIX and Big Data

IPFIX, which stands for Internet Protocol Flow Information Export, is a flexible and extensible protocol that allows for the collection and export of network flow data. It provides essential information about network traffic, including source and destination IP addresses, ports, protocols, and more. By capturing and analyzing this data, organizations can gain deep visibility into their network infrastructure and identify potential bottlenecks, anomalies, or security threats.

Big data analytics has revolutionized decision-making processes across industries, and IPFIX is no exception. By applying advanced analytics techniques to IPFIX data, organizations can uncover hidden patterns, detect anomalies, and derive actionable insights. Whether it is monitoring network performance, optimizing resource allocation, or identifying potential security breaches, IPFIX big data analytics empowers businesses to make data-driven decisions and stay ahead of the curve.

IPFIX Big Data Considerations: 

1. Network Performance Optimization:

IPFIX big data enables organizations to monitor and analyze network traffic in real-time, providing valuable insights into bandwidth utilization, latency, and packet loss. By identifying performance bottlenecks and optimizing network resources, businesses can enhance user experience, streamline operations, and reduce costs.

2. Security Threat Detection:

The richness of IPFIX data allows for effective detection and prevention of security threats. By analyzing network flow data, organizations can identify suspicious activities, detect malware infections, and mitigate potential cyber-attacks. IPFIX big data analytics serves as a powerful tool in ensuring network security and safeguarding sensitive information.

3. Capacity Planning:

IPFIX big data analytics provides organizations with the ability to forecast future network demands and plan capacity accordingly. By analyzing historical traffic patterns, businesses can accurately predict resource requirements, optimize infrastructure investments, and ensure scalability to meet growing demands.

4. Quality of Service Enhancement:

With IPFIX big data, organizations can gain insights into network traffic patterns and prioritize critical applications or services. By implementing Quality of Service (QoS) measures based on IPFIX analytics, businesses can optimize network performance, reduce latency, and improve overall user experience.

The Role of Big Data

– Big Data is a field devoted to analyzing, processing, and storage of extensive collections of data that continually originate from disparate sources. Consequently, Big Data solutions and practices are typically required when more than traditional data analysis, processing, and storage technologies and techniques are needed. Mainly, Big Data addresses distinct requirements, such as combining multiple unrelated datasets, processing large amounts of unstructured data, and harvesting hidden information time-sensitively.

– IPFIX, short for IP Flow Information Export, is a protocol that allows for the collection and export of flow records from network devices. It provides valuable insights into network traffic patterns, including source and destination IP addresses, ports, and protocols. By capturing and analyzing IPFIX data, organizations gain a comprehensive understanding of their network infrastructure and can make data-driven decisions to optimize performance and security.

– The true power of IPFIX lies in its ability to handle big data. With the exponential growth of network traffic, traditional analysis methods fall short. IPFIX big data solutions, on the other hand, leverage advanced analytics and machine learning algorithms to process massive amounts of flow data in real time. This enables network administrators to identify anomalies, detect security threats, and troubleshoot performance issues with unmatched precision and speed.

Use Cases of IPFIX Big Data

1. Network Performance Optimization: By analyzing IPFIX data, organizations can identify bandwidth bottlenecks, optimize network configurations, and ensure efficient resource allocation. This leads to enhanced network performance, reduced latency, and improved user experience.

2. Security Threat Detection: With the help of IPFIX big data analytics, organizations can detect and mitigate security threats in real-time. By monitoring flow patterns, identifying suspicious behavior, and employing machine learning algorithms, IPFIX enables proactive threat detection and response, safeguarding networks from cyberattacks.

3. Capacity Planning and Traffic Engineering: IPFIX big data offers valuable insights into network traffic patterns, allowing organizations to plan for future capacity needs. Organizations can ensure smooth operations and avoid costly downtime by analyzing historical data, predicting traffic trends, and optimizing network infrastructure.

IP Flow Information Export

a) IPFIX is overseen by the Internet Engineering Task Force (IETF). Flow information can be exported from routers, switches, firewalls, and other infrastructure devices using IPFIX. Exporters and collectors use IPFIX to format and transfer flow information. Several RFCs, including 7011 through 7015 and RFC 503, describe IPFIX. Version 9 of NetFlow is the basis and primary reference for IPFIX. IPFIX is essentially the same as NetFlow Version 9, except for a few terminologies.

b) Push protocols are considered IPFIX protocols. IPFIX-enabled devices automatically send IPFIX messages to configured collectors (receivers) without user input. In most cases, the sender orchestrates IPFIX data messages. To construct these flow data messages, IPFIX introduces the concept of templates. User-defined data types can also be used in IPFIX messages. IPFIX prefers Stream Control Transmission Protocol (SCTP) as the transport layer protocol; however, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) can also be used.

c) UDP messages are usually used to export Cisco NetFlow records. On the sending device, the IP address of the NetFlow collector and the destination UDP port must be configured. The NetFlow standard does not specify a specific NetFlow listening port (RFC 3954). In addition to UDP port 2055, NetFlow can use ports such as 9555 or 9995, 9025, and 9026. IPFIX uses UDP port 4739 by default.

Attacking Tools are Readily Available

Attacker tools are readily available, making DDoS defense much harder than attack. It’s hard to blame anyone; the ISP is just transiting traffic, and end users don’t know if they are compromised and part of a BotNet farm. There is no service of abuse or license for the Internet, making tracking and detection between independent service provider locations difficult. Recently, there has been a shift in application footprints. We now have multi-tiered applications dispersed across various sites, all requiring cross-communication.

  • New Attack Surface

New application architecture results in new attacks, and with any application segment, you are only as strong as the weakest link, requiring a new set of network visibility. That can help you correlate disparate data points. The birth of the cloud and new technologies increased the attack surface, making quick and accurate DDoS detection using tools such as IPFIX Big data an enchantment to other DDoS solutions such as BGP Flowspec.

  • The Ability to Stop DDoS

Companies require mechanisms to stop and slow down DDoS attacks. The IETF introduced best practices with BCP38, and service providers started incorporating ingress filtering into their designs and cross-checking incoming frames. However, ISPs are not forced by contract to implement these features. The only way to adequately mitigate DDoS attacks is adequate detection. How long should this take? What timeframe is acceptable?

All this depends on the traffic analysis solution you have in place. Initially, traffic analysis began monitoring up/down interfaces with introductory statistics. They then moved to Syslog servers and single source basic flow capturing. We need a system that captures enriched flow data and groups infrastructure and application information together. Enriching data from all elements allows the network and its traffic to be viewed as one holistic entity.

Before you proceed, you may find the following helpful:

  1. OpenFlow Protocol
  2. How BGP Works
  3. BGP SDN
  4. DDoS Attacks
  5. Microservices Observability

IPFIX Big Data

The Rise of Big Data:

Big Data refers to the exponential growth and availability of structured and unstructured data. IPFIX Big Data refers to applying Big Data principles to IPFIX data. With the increasing volume, velocity, and variety of network traffic, traditional network monitoring tools struggle to keep up. IPFIX Big Data leverages advanced analytics and processing techniques to extract valuable insights from this massive data.

Benefits of IPFIX Big Data:

Advanced Network Monitoring: Organizations comprehensively understand their network behavior by analyzing IPFIX Big Data. This allows for proactive monitoring, rapid detection of anomalies, and improved security incident response. Additionally, IPFIX Big Data enables the identification of network bottlenecks, performance optimization, and capacity planning.

Enhanced Traffic Analysis: IPFIX Big Data allows for granular analysis of network traffic patterns, allowing organizations to identify trends, troubleshoot issues, and optimize network performance. By leveraging advanced analytics and machine learning algorithms, IPFIX Big Data can detect and classify different types of traffic, leading to a better quality of service and improved user experience.

Real-Time Insights: IPFIX Big Data provides near real-time insights into network traffic, allowing organizations to respond quickly to emerging threats or issues. By combining streaming analytics with historical data analysis, organizations can detect and respond to network incidents faster, minimizing downtime and maintaining service reliability.

Enhanced Network Security: IPFIX big data is pivotal in bolstering network security. By analyzing flow data, organizations can identify and mitigate potential threats in real time. Suspicious traffic patterns, anomalies, and known attack signatures can be detected promptly, enabling swift action to safeguard the network.

Network Performance Optimization: IPFIX big data offers valuable insights into network performance. Organizations can identify bottlenecks, optimize bandwidth allocation, and improve overall network efficiency by monitoring flow data. This enables them to provide a seamless user experience and maximize productivity.

Capacity Planning and Resource Allocation: With IPFIX big data, organizations can accurately forecast resource requirements and plan their network capacity accordingly. They gain insights into traffic patterns, peak usage times, and resource utilization trends through comprehensive flow analysis. This empowers them to allocate resources effectively and avoid potential network congestion.

Challenges and Considerations:

Implementing IPFIX Big Data comes with its own set of challenges. Organizations must ensure they have sufficient storage and processing capabilities to handle large volumes of data. They must also consider privacy and security concerns when collecting and storing IPFIX data. Additionally, the complexity of IPFIX data requires specialized skills and tools for practical analysis and interpretation.

IPFIX Big Data: Enhanced Data Sources

DDoS traffic analysis solutions extract various types of flow data from network devices. The flow record consists of fields from multiple data types, including NetFlow, IPFIX, and sFlow. In addition, DDoS Big Data solutions can enrich records at the ingest layer by performing a lookup of the source and destination in the flow, BGP table, and GeoIP database. These values are added as volumes and fields stored with the original flow. The extra information lets administrators slice the traffic at ingesting, enabling a fantastic multi-dimensional view of network traffic.

Tools like sFlOW and IPFIX variants like IPFIX BGP are critical in DDoS detection. Classic flow fields based on 5-tuples include IP address and source/destination port numbers, which are later expanded to include MAC address, MPLS, and application schematics like URLs, HTTP host headers, DNS queries, and responses.

The availability of advanced fields enables the detection of sophisticated attacks higher up the protocol stack. For example, access to the HTTP host header for each request allows precise identification down to the URL

A key point: Different attacking vectors.

Not all DDoS attacks and DNS reflection attacks are easily detected. Volumetric attacks, such as SynFlood, are more accessible to catch than SlowLoris and RUDY attacks. Layer 7 attacks usually don’t exceed the packet/sec threshold, a standard parameter for detecting volumetric-based attacks.

To combat this, we must go deeper than the standard 5-tuple with augmented flows. Augmented flows contain additional fields to include a variety of advanced metrics such as connection counts, congestion windows, and TCP RTT. Traditional flow data does not provide this level of detailed information.

IPFIX Big Data
Diagram: IPFIX Big Data.

Data source variations

Netflow and IPFIX, flow record creation, is based on packets sharing the same fields. Flow state is held, hitting system resources. To save system resources, flows are exported at predefined times. As a result, traffic measurement is accurate, but it might not hit the detector for up to one minute.

sFlow sends packet samples every 1 in N, streaming flows as soon as they are prepared. sFlOW draws fewer system resources than its Netflow counterpart. It is considered faster and has better accuracy, meaning it’s an excellent tool for DDoS detection.

sFlow is better at carrying the source MAC address than NetFlow and IPFIX. With NetFlow and IPFIX, the source MAC is possible but not usually implemented by all vendors. NetFlow is useful for some requirements, while IPFIX and sFlow are for others.

To get all the possible knobs, it’s better to extract them from all data sources and combine them into one database that can easily be viewed with a single portal. Combining all data sources into one unified store makes the protocol type less relevant.

IPFIX BGP

DDoS solution: Irregularities with ASN Information

DDoS solutions can peer EBGP with customers by giving them a copy of the BGP table. Customer route updates are reflected through the standard BGP propagation procedure. It’s a non-intrusive peering agreement; BGP’s next hops are not altered, meaning customers’ data plane traffic flows as usual. The contents of the BGP table provide access to customers’ control plane information, enabling complete visibility of the data source and destination.

The manual approach with BGP can be cumbersome. BGP offers a string of information about DDoS sources and destinations, but it can be hard to craft regular expressions to extract this information. Not everyone can craft regular expressions, a skill for senior engineers.

Netflow and BGP

Netflow does provide some BGP ASN information, but you only have access to the source and destination of the Peer or Origin ASN. Some high-end platforms do both, but it’s restricted to specific devices and vendor discretion. NetFlow should not hold all BGP-type information; this would be a suboptimal solution.

Also, Netflow does have drawbacks and inaccuracies when determining the source ASN. The destination ASN is never usually a problem. The BGP process/daemon performs a REVERSE BGP Lookup to determine the source ASN and populate the FIB.

However, this type of BGP lookup does not guarantee the correctness of results. A REVERSE BGP Lookup primarily determines how to route back to the source, but this does not correlate with how the source may route to you.

Most networks are asymmetric, meaning the source-destination path differs from the reverse direction. An IP packet traversing from source A to destination B will take a different return path. Due to the shared nature of asymmetric routing, traditional monitoring systems misrepresent the BGP table with inaccurate source ASNs.

Legacy traffic analysis systems that don’t peer EBGP with customers will report inaccurate source ASN. It is not very good when troubleshooting a DDoS attack, and the source ASN information is incorrect.

Most legacy systems don’t offer accurate, complete AS-Path information, leading to false positives and the inability to determine friend from foe. It’s far better for the solution to peer BGP with the customer, extract NetFlow / IPFIX BGP / sFlow locally, and then correlate the data to provide a unified source of truth.

A key point: IPFIX BGP

BGP data can be correlated with IPFIX data so that the paths available in the network are shown, what paths are being used, and the traffic volume on each path between autonomous systems. BGP IPFIX Analysis correlates IPFIX records with BGP routing info to visualize AS paths and how much traffic is traversing these paths in real-time. IPFIX BGP: Analysis correlates IPFIX records with BGP routing info to visualize AS paths and how much traffic is traversing these paths in real-time.

Origin ASN and Peer ASN provide the data flow endpoints, and NetFlow is used in the middle. We can utilize GeoIP Information to analyze the county, region, and city. Correlate this with the complete AS-Path list, and you now have a full view of the source and destination paths with all the details of the middle points.

Closing Points on IPFIX Big Data

IPFIX is a protocol developed for exporting flow information from routers, switches, and other network devices. It allows organizations to capture detailed information about IP traffic, thus providing a comprehensive view of network behavior. By exporting flow records to a collector, IPFIX facilitates real-time monitoring and analysis, making it an indispensable tool in network management.

In the realm of Big Data, the ability to process and analyze vast amounts of information quickly is crucial. IPFIX contributes significantly by providing structured, high-fidelity data that can be easily ingested into Big Data platforms. This integration allows organizations to conduct deeper network analysis, detect anomalies, and optimize traffic flow efficiently. The granularity of IPFIX data ensures that even the most minute details are available for scrutiny, enhancing the overall analytical capability.

1. **Enhanced Network Security:** By providing detailed insights into network traffic, IPFIX helps in identifying potential security threats and breaches, allowing for timely intervention.

2. **Optimized Network Performance:** With IPFIX data, organizations can monitor network performance in real-time, identifying bottlenecks and ensuring optimal operation.

3. **Cost Efficiency:** By enabling precise traffic analysis, IPFIX aids in resource allocation and bandwidth management, leading to reduced operational costs.

While the benefits are substantial, integrating IPFIX with Big Data analytics poses certain challenges. These include the need for robust data storage solutions to handle the volume of data generated and ensuring data privacy and security. Additionally, organizations must invest in skilled personnel to interpret and act on the insights provided by IPFIX data effectively.

 

Summary: IPFIX Big Data

In today’s digital age, the amount of data generated is growing exponentially. This data holds immense potential for businesses and organizations to gain valuable insights and make informed decisions. One such powerful tool for harnessing this data is IPFIX Big Data. In this blog post, we delved into the world of IPFIX Big Data, its applications, and the impact it can have on various industries.

Understanding IPFIX Big Data

IPFIX, which stands for Internet Protocol Flow Information Export, is a standard protocol for collecting and exporting network flow data. It provides detailed information about network traffic, including source and destination IP addresses, protocols, ports, and more. When this flow data is collected on a large scale and processed using big data analytics techniques, it becomes IPFIX Big Data. This rich dataset opens up a world of possibilities for analysis and insights.

Applications of IPFIX Big Data

The applications of IPFIX Big Data are vast and diverse. In cybersecurity, it can be used for real-time threat detection and network anomaly detection. By analyzing network flow data at a large scale, security professionals can identify patterns and behaviors that indicate potential security breaches or attacks. This proactive approach allows for faster response times and better protection against cyber threats.

IPFIX Big Data can offer valuable insights into network performance, bandwidth utilization, and traffic patterns in network optimization. By identifying bottlenecks and optimizing network resources, organizations can enhance the efficiency and reliability of their networks, leading to improved user experiences and cost savings.

Leveraging IPFIX Big Data in Business Intelligence

Businesses can leverage IPFIX Big Data to gain deep insights into user behavior, customer preferences, and market trends. Organizations can analyze network flow data to understand how users interact with their digital platforms, which features are most popular, and what drives user engagement. This information can then be used to optimize products, personalize marketing campaigns, and improve overall business strategies.

The Future of IPFIX Big Data

As the volume and complexity of network data continue to grow, the importance of IPFIX Big Data will only increase. Advancements in machine learning and artificial intelligence will further enhance the capabilities of IPFIX Big Data analytics, enabling more accurate predictions, automated responses, and proactive decision-making. Additionally, integrating IPFIX Big Data with other emerging technologies like the Internet of Things (IoT) will unlock new possibilities for data-driven innovation.

Conclusion:

In conclusion, IPFIX Big Data is a powerful tool that can revolutionize how organizations understand and utilize network flow data. Its applications span across various industries, from cybersecurity to business intelligence. By harnessing the potential of IPFIX Big Data, businesses can gain a competitive edge, make informed decisions, and unlock new opportunities for growth and success.

WAN Design Requirements

WAN SDN

WAN SDN

In today's fast-paced digital world, organizations constantly seek ways to optimize their network infrastructure for improved performance, scalability, and cost efficiency. One emerging technology that has gained significant traction is WAN Software-Defined Networking (SDN). By decoupling the control and data planes, WAN SDN provides organizations unprecedented flexibility, agility, and control over their wide area networks (WANs). In this blog post, we will delve into the world of WAN SDN, exploring its key benefits, implementation considerations, and real-world use cases.

WAN SDN is a network architecture that allows organizations to manage and control their wide area networks using software centrally. Traditionally, WANs have been complex and time-consuming to configure, often requiring manual network provisioning and management intervention. However, with WAN SDN, network administrators can automate these tasks through a centralized controller, simplifying network operations and reducing human errors.

Enhanced Agility: WAN SDN empowers network administrators with the ability to quickly adapt to changing business needs. With programmable policies and dynamic control, organizations can easily adjust network configurations, prioritize traffic, and implement changes without the need for manual reconfiguration of individual devices.

Improved Scalability: Traditional wide area networks often face scalability challenges due to the complex nature of managing numerous remote sites. WAN SDN addresses this issue by providing centralized control, allowing for streamlined network expansion, and efficient resource allocation.

Optimal Resource Utilization: WAN SDN enables organizations to maximize their network resources by intelligently routing traffic and dynamically allocating bandwidth based on real-time demands. This ensures that critical applications receive the necessary resources while minimizing wastage.

Multi-site Enterprises: WAN SDN is particularly beneficial for organizations with multiple branch locations. It allows for simplified network management across geographically dispersed sites, enabling efficient resource allocation, centralized security policies, and rapid deployment of new services.

Cloud Connectivity: WAN SDN plays a crucial role in connecting enterprise networks with cloud service providers. It offers seamless integration, secure connections, and dynamic bandwidth allocation, ensuring optimal performance and reliability for cloud-based applications.

Service Providers: WAN SDN can revolutionize how service providers deliver network services to their customers. It enables the creation of virtual private networks (VPNs) on-demand, facilitates network slicing for different tenants, and provides granular control and visibility for service-level agreements (SLAs).

WAN SDN represents a paradigm shift in wide area network management. Its ability to centralize control, enhance agility, and optimize resource utilization make it a game-changer for modern networking infrastructures. As organizations continue to embrace digital transformation and demand more from their networks, WAN SDN will undoubtedly play a pivotal role in shaping the future of networking.

Highlights: WAN SDN

Discussing WAN SDN

1: – ) Traditional WANs have long been plagued by various limitations, such as complexity, lack of agility, and high operational costs. These legacy networks typically rely on manual configurations and proprietary hardware, making them inflexible and time-consuming. SDN brings a paradigm shift to WANs by decoupling the network control plane from the underlying infrastructure. With centralized control and programmability, SDN enables network administrators to manage and orchestrate their WANs through a single interface, simplifying network operations and promoting agility.

2: – ) At its core, WAN SDN separates the control plane from the data plane, allowing network administrators to manage network traffic dynamically and programmatically. This separation leads to more efficient network management, reducing the complexity associated with traditional network infrastructures. With WAN SDN, businesses can optimize traffic flow, enhance security, and reduce operational costs by leveraging centralized control and automation.

3: – ) One of the key advantages of SDN in WANs is its inherent flexibility and scalability. With SDN, network administrators can dynamically allocate bandwidth, reroute traffic, and prioritize applications based on real-time needs. This level of granular control allows organizations to optimize their network resources efficiently and adapt to changing demands.

4: – )  SDN brings enhanced security features to WANs through centralized policy enforcement and monitoring. By abstracting network control, SDN allows for consistent security policies across the entire network, minimizing vulnerabilities and ensuring better threat detection and mitigation. Additionally, SDN enables rapid network recovery and failover mechanisms, enhancing overall resilience.

**Key Benefits of WAN SDN**

1. **Scalability and Flexibility**: WAN SDN enables networks to adapt quickly to changing demands without the need for significant hardware investments. This flexibility is crucial for organizations looking to scale their operations efficiently.

2. **Improved Network Performance**: By optimizing traffic routing and prioritizing critical applications, WAN SDN ensures that networks operate at peak performance levels. This capability is particularly beneficial for businesses with high bandwidth demands.

3. **Enhanced Security**: WAN SDN allows for the implementation of robust security measures, including automated threat detection and response. This proactive approach to security helps protect sensitive data and maintain compliance with industry regulations.

**Application Challenges**

Compared to a network-centric model, business intent-based WAN networks have great potential. By using a WAN architecture, applications can be deployed and managed more efficiently. However, application services topologies must replace network topologies. Supporting new and existing applications on the WAN is a common challenge for network operations staff. Applications such as these consume large amounts of bandwidth and are extremely sensitive to variations in bandwidth quality. Improving the WAN environment for these applications is more critical due to jitter, loss, and delay.

**WAN SLA**

In addition, cloud-based applications such as Enterprise Resource Planning (ERP) and Customer Relationship Management (CRM) are increasing bandwidth demands on the WAN. As cloud applications require increasing bandwidth, provisioning new applications and services is becoming increasingly complex and expensive. In today’s business environment, WAN routing and network SLAs are controlled by MPLS L3VPN service providers. As a result, they are less able to adapt to new delivery methods, such as cloud-based and SaaS-based applications.

These applications could take months to implement in service providers’ environments. These changes can also be expensive for some service providers, and some may not be made at all. There is no way to instantiate VPNs independent of underlying transport since service providers control the WAN core. Implementing differentiated service levels for different applications becomes challenging, if not impossible.

WAN SDN Technology: DMVPN

DMVPN is a Cisco-developed solution that enables the creation of virtual private networks over public or private networks. Unlike traditional VPNs that require point-to-point connections, DMVPN utilizes a hub-and-spoke architecture, allowing for dynamic and scalable network deployments. DMVPN simplifies network management and reduces administrative overhead by leveraging multipoint GRE tunnels.

– Multipoint GRE Tunnels: At the core of DMVPN lies the concept of multipoint GRE tunnels. These tunnels create a virtual network, connecting multiple sites while encapsulating packets in GRE headers. This enables efficient traffic routing between sites, reducing the complexity and overhead associated with traditional point-to-point VPNs.

– Next-Hop Resolution Protocol (NHRP): NHRP plays a crucial role in DMVPN by dynamically mapping tunnel IP addresses to physical addresses. It allows for the efficient resolution of next-hop information, eliminating the need for static routes. NHRP also enables on-demand tunnel establishment, improving scalability and reducing administrative overhead.

– IPsec Encryption: DMVPN utilizes IPsec encryption to ensure secure communication over the VPN. IPsec provides confidentiality, integrity, and authentication of data, making it ideal for protecting sensitive information transmitted over the network. With DMVPN, IPsec is applied dynamically per-tunnelly, enhancing flexibility and scalability.

DMVPN over IPSec

Understanding DMVPN & IPSec

IPsec, a widely adopted security protocol, is integral to DMVPN deployments. It provides the cryptographic framework necessary for securing data transmitted over the network. By leveraging IPsec, DMVPN ensures the transmitted information’s confidentiality, integrity, and authenticity, protecting sensitive data from unauthorized access and tampering.

Firstly, the dynamic mesh topology eliminates the need for complex hub-and-spoke configurations, simplifying network management and reducing administrative overhead. Additionally, DMVPN’s scalability enables seamless integration of new sites and facilitates rapid expansion without compromising performance. Furthermore, the inherent flexibility ensures optimal routing, load balancing, and efficient bandwidth utilization.

Example WAN Techniques: 

Understanding Virtual Routing and Forwarding

VRF is a technology that enables the creation of multiple virtual routing tables within a single physical router. Each VRF instance acts as an independent router with its routing table, interfaces, and forwarding decisions. This separation allows different networks or customers to coexist on the same physical infrastructure while maintaining complete isolation.

One critical advantage of VRF is its ability to provide network segmentation. By dividing a physical router into multiple VRF instances, organizations can isolate their networks, ensuring that traffic from one VRF does not leak into another. This enhances security and provides a robust framework for multi-tenancy scenarios.

Use Cases for VRF

VRF finds application in various scenarios, including:

1. Service Providers: VRF allows providers to offer their customers virtual private network (VPN) services. Each customer can have their own VRF, ensuring their traffic remains separate and secure.

2. Enterprise Networks: VRF can segregate different organizational departments, creating independent virtual networks.

3. Internet of Things (IoT): With the proliferation of IoT devices, VRF can create separate routing domains for different IoT deployments, improving scalability and security.

Understanding Policy-Based Routing

Policy-based Routing, at its core, involves manipulating routing decisions based on predefined policies. Unlike traditional routing protocols that rely solely on destination addresses, PBR considers additional factors such as source IP, ports, protocols, and even time of day. By implementing PBR, network administrators gain flexibility in directing traffic flows to specific paths based on specified conditions.

The adoption of Policy Based Routing brings forth a multitude of benefits. Firstly, it enables efficient utilization of network resources by allowing administrators to prioritize or allocate bandwidth for specific applications or user groups. Additionally, PBR enhances security by allowing traffic redirection to dedicated firewalls or intrusion detection systems. Furthermore, PBR facilitates load balancing and traffic engineering, ensuring optimal performance across the network.

Implementing Policy-Based Routing

To implement PBR, network administrators must follow a series of steps. Firstly, the traffic classification criteria are defined by specifying the match criteria based on desired conditions. Secondly, create route maps that outline the actions for matched traffic. These actions may include altering the next-hop address, setting specific Quality of Service (QoS) parameters, or redirecting traffic to a different interface. Lastly, the route maps should be applied to the appropriate interfaces or specific traffic flows.

Example SD WAN Product: Cisco Meraki

**Seamless Cloud Management**

One of the standout features of Cisco Meraki is its seamless cloud management. Unlike traditional network systems, Meraki’s cloud-based platform allows IT administrators to manage their entire network from a single, intuitive dashboard. This centralization not only simplifies network management but also provides real-time visibility and control over all connected devices. With automatic updates and zero-touch provisioning, businesses can ensure their network is always up-to-date and secure without the need for extensive manual intervention.

**Cutting-Edge Security Features**

Security is at the core of Cisco Meraki’s suite of products. With cyber threats becoming more sophisticated, Meraki offers a multi-layered security approach to protect sensitive data. Features such as Advanced Malware Protection (AMP), Intrusion Prevention System (IPS), and secure VPNs ensure that the network is safeguarded against intrusions and malware. Additionally, Meraki’s security appliances are designed to detect and mitigate threats in real-time, providing businesses with peace of mind knowing their data is secure.

**Scalability and Flexibility**

As businesses grow, so do their networking needs. Cisco Meraki’s scalable solutions are designed to grow with your organization. Whether you are expanding your office space, adding new branches, or integrating more IoT devices, Meraki’s flexible infrastructure can easily adapt to these changes. The platform supports a wide range of devices, from access points and switches to security cameras and mobile device management, making it a comprehensive solution for various networking requirements.

**Enhanced User Experience**

Beyond security and management, Cisco Meraki enhances the user experience by ensuring reliable and high-performance network connectivity. Features such as intelligent traffic shaping, load balancing, and seamless roaming between access points ensure that users enjoy consistent and fast internet access. Furthermore, Meraki’s analytics tools provide insights into network usage and performance, allowing businesses to optimize their network for better efficiency and user satisfaction.

Performance at the WAN Edge

Understanding Performance-Based Routing

Performance-based routing is a dynamic approach to network traffic management that prioritizes route selection based on real-time performance metrics. Instead of relying on traditional static routing protocols, performance-based routing algorithms assess the current conditions of network paths, such as latency, packet loss, and available bandwidth, to make informed routing decisions. By dynamically adapting to changing network conditions, performance-based routing aims to optimize traffic flow and enhance overall network performance.

The adoption of performance-based routing brings forth a multitude of benefits for businesses.

1- Firstly, it enhances network reliability by automatically rerouting traffic away from congested or underperforming paths, minimizing the chances of bottlenecks and service disruptions.

2- Secondly, it optimizes application performance by intelligently selecting the best path based on real-time network conditions, thus reducing latency and improving end-user experience. A

3- Additionally, performance-based routing allows for efficient utilization of available network resources, maximizing bandwidth utilization and cost-effectiveness.

Implementation Details:

Implementing performance-based routing requires a thoughtful approach. Firstly, businesses must invest in monitoring tools that provide real-time insights into network performance metrics. These tools can range from simple latency monitoring to more advanced solutions that analyze packet loss and bandwidth availability.

Once the necessary monitoring infrastructure is in place, configuring performance-based routing algorithms within network devices becomes the next step. This involves setting up rules and policies that dictate how traffic should be routed based on specific performance metrics.

Lastly, regular monitoring and fine-tuning performance-based routing configurations are essential to ensure optimal network performance.

WAN Performance Parameters

TCP Performance Parameters

TCP (Transmission Control Protocol) is the backbone of modern Internet communication, ensuring reliable data transmission across networks. Behind the scenes, TCP performance is influenced by several key parameters that can significantly impact network efficiency.

TCP performance parameters govern how TCP behaves in various network conditions. These parameters can be fine-tuned to adapt TCP’s behavior to specific network characteristics, such as latency, bandwidth, and congestion. By adjusting these parameters, network administrators and system engineers can optimize TCP performance for better throughput, reduced latency, and improved overall network efficiency.

Congestion Control Algorithms: Congestion control algorithms are crucial in TCP performance. They monitor network conditions, detect congestion, and adjust TCP’s sending rate accordingly. Popular algorithms like Reno, Cubic, and BBR implement different strategies to handle congestion, balancing fairness and efficiency. Understanding these algorithms and their impact on TCP behavior is essential for maintaining a stable and responsive network.

Window Size and Bandwidth Delay Product: The window size parameter, often called the congestion window, determines the amount of data that can be sent before receiving an acknowledgment. The bandwidth-delay product should set the window size, a value calculated by multiplying the available bandwidth with the round-trip time (RTT). Adjusting the window size to match the bandwidth-delay product ensures optimal data transfer and prevents underutilization or overutilization of network resources.

Maximum Segment Size (MSS): The Maximum Segment Size is another TCP performance parameter defining the maximum amount of data encapsulated within a single TCP segment. By carefully configuring the MSS, it is possible to reduce packet fragmentation, enhance data transmission efficiency, and mitigate issues related to network overhead.

Selective Acknowledgment (SACK): Selective Acknowledgment is a TCP extension that allows the receiver to acknowledge out-of-order segments and provide more precise information about the received data. Enabling SACK can improve TCP performance by reducing retransmissions and enhancing the overall reliability of data transmission.

Understanding TCP MSS

TCP MSS refers to the maximum amount of data encapsulated within a single TCP segment. It represents the most significant data payload that can be transmitted without fragmentation. By limiting the segment size, TCP aims to prevent excessive overhead and ensure efficient data transmission across networks.

Several factors influence the determination of TCP MSS. One crucial aspect is the underlying network infrastructure’s Maximum Transmission Unit (MTU). The MTU represents the maximum packet size that can be transmitted over the network without fragmentation. TCP MSS must be set to a value equal to or lower than the MTU to avoid fragmentation and subsequent performance degradation.

Path MTU Discovery (PMTUD) is a mechanism TCP employs to dynamically determine the optimal MSS value for a given network path. By exchanging ICMP messages with routers along the path, TCP can ascertain the MTU and adjust the MSS accordingly. PMTUD helps prevent packet fragmentation and ensures efficient data transmission across network segments.

The TCP MSS value directly affects network performance. A smaller MSS can increase overhead due to more segments and headers, potentially reducing overall throughput. On the other hand, a larger MSS can increase the risk of fragmentation and subsequent retransmissions, impacting latency and overall network efficiency. Striking the right balance is crucial for optimal performance.

Example WAN Technology: DMVPN Phase 3

Understanding DMVPN Phase 3

DMVPN Phase 3 builds upon the foundation of its predecessors, bringing forth even more advanced features. This section will provide an overview of DMVPN Phase 3, highlighting its main enhancements, such as increased scalability, simplified configuration, and enhanced security protocols.

One of the standout features of DMVPN Phase 3 is its scalability. This section will explain how DMVPN Phase 3 allows organizations to effortlessly add new sites to the network without complex manual configurations. By leveraging multipoint GRE tunnels, DMVPN Phase 3 offers a dynamic and flexible solution that can easily accommodate growing networks.

Example WAN Technology: FlexVPN Site-to-Site Smart Defaults

Understanding FlexVPN Site-to-Site Smart Defaults

FlexVPN Site-to-Site Smart Defaults is a powerful feature that simplifies site-to-site VPN configuration and deployment process. Providing pre-defined templates and configurations eliminates the need for manual configuration, reducing the chances of misconfigurations or human errors. This feature ensures a secure and reliable VPN connection between sites, enabling organizations to establish a robust network infrastructure.

FlexVPN Site-to-Site Smart Defaults offers several key features and benefits that contribute to improved network security. Firstly, it provides secure cryptographic algorithms that protect data transmission, ensuring the confidentiality and integrity of sensitive information. Additionally, it supports various authentication methods, such as digital certificates and pre-shared keys, further enhancing the overall security of the VPN connection. The feature also allows for easy scalability, enabling organizations to expand their network infrastructure without compromising security.

Example WAN Technology: FlexVPN IKEv2 Routing

Understanding FlexVPN

FlexVPN, short for Flexible VPN, is a versatile framework offering various VPN solutions. It provides a secure and scalable approach to establishing Virtual Private Networks (VPNs) over various network infrastructures. With its flexibility, it allows for seamless integration and interoperability across different platforms and devices.

IKEv2, or Internet Key Exchange version 2, is a secure and efficient protocol for establishing and managing VPN connections. It boasts numerous advantages, including its robust security features, ability to handle network disruptions, and support for rapid reconnection. IKEv2 is highly regarded for its ability to maintain stable and uninterrupted VPN connections, making it an ideal choice for FlexVPN.

a. Enhanced Security: FlexVPN IKEv2 Routing offers advanced encryption algorithms and authentication methods, ensuring the confidentiality and integrity of data transmitted over the VPN.

b. Scalability: With its flexible architecture, FlexVPN IKEv2 Routing effortlessly scales to accommodate growing network demands, making it suitable for small—to large-scale deployments.

c. Dynamic Routing: One of FlexVPN IKEv2 Routing’s standout features is its support for dynamic routing protocols, such as OSPF and EIGRP. This enables efficient and dynamic routing of traffic within the VPN network.

d. Seamless Failover: FlexVPN IKEv2 Routing provides automatic failover capabilities, ensuring uninterrupted connectivity even during network disruptions or hardware failures.

Understanding MPLS (Multi-Protocol Label Switching)

MPLS serves as the foundation for MPLS VPNs. It is a versatile and efficient routing technique that uses labels to forward data packets through a network. By assigning labels to packets, MPLS routers can make fast-forwarding decisions based on the labels, reducing the need for complex and time-consuming lookups in routing tables. This results in improved network performance and scalability.

Understanding MPLS LDP

MPLS LDP is a crucial component in establishing label-switched paths within MPLS networks. MPLS LDP facilitates efficient packet forwarding and routing by enabling the distribution of labels and creating forwarding equivalency classes. Let’s take a closer look at how MPLS LDP operates.

One of the fundamental aspects of MPLS LDP is label distribution. Through signaling protocols, MPLS LDP ensures that labels are assigned and distributed across network nodes. This enables routers to make forwarding decisions based on labels, resulting in streamlined and efficient data transmission.

In MPLS LDP, labels serve as the building blocks of label-switched paths. These paths allow routers to forward packets based on labels rather than traditional IP routing. Additionally, MPLS LDP employs forwarding equivalency classes (FECs) to group packets with similar characteristics, further enhancing network performance.

MPLS Virtual Private Networks (VPNs) Explained

VPNs provide secure communication over public networks by creating a private tunnel through which data can travel. They employ encryption and tunneling protocols to protect data from eavesdropping and unauthorized access. MPLS VPNs utilize this VPN concept to establish secure connections between geographically dispersed sites or remote users.

MPLS VPN Components

Customer Edge (CE) Router: The CE router acts as the entry and exit point for customer networks. It connects to the provider network and exchanges routing information. It encapsulates customer data into MPLS packets and forwards them to the provider network.

Provider Edge (PE) Router: The PE router sits at the edge of the service provider’s network and connects to the CE routers. It acts as a bridge between the customer and provider networks and handles the MPLS label switching. The PE router assigns labels to incoming packets and forwards them based on the labels’ instructions.

Provider (P) Router: P routers form the backbone of the service provider’s network. They forward MPLS packets based on the labels without inspecting the packet’s content, ensuring efficient data transmission within the provider’s network.

Virtual Routing and Forwarding (VRF) Tables: VRF tables maintain separate routing instances within a single PE router. Each VRF table represents a unique VPN and keeps the customer’s routing information isolated from other VPNs. VRF tables enable the PE router to handle multiple VPNs concurrently, providing secure and independent communication channels.

Use Case – DMVPN Single Hub, Dual Cloud

Single Hub, Dual Cloud is a specific configuration within the DMVPN architecture. In this setup, a central hub device acts as the primary connection point for branch offices while utilizing two separate cloud providers for redundancy and load balancing. This configuration offers several advantages, including improved availability, increased bandwidth, and enhanced failover capabilities.

1. Enhanced Redundancy: By leveraging two cloud providers, organizations can achieve high availability and minimize downtime. If one cloud provider experiences an issue or outage, the traffic can seamlessly be redirected to the alternate provider, ensuring uninterrupted connectivity.

2. Load Balancing: Distributing network traffic across two cloud providers allows for better resource utilization and improved performance. Organizations can optimize their bandwidth usage and mitigate potential bottlenecks.

3. Scalability: Single Hub, Dual Cloud DMVPN allows organizations to easily scale their network infrastructure by adding more branch offices or cloud providers as needed. This flexibility ensures that the network can adapt to changing business requirements.

4. Cost Efficiency: Utilizing multiple cloud providers can lead to cost savings through competitive pricing and the ability to negotiate better service level agreements (SLAs). Organizations can choose the most cost-effective options while maintaining the desired level of performance and reliability.

The role of SDN

With software-defined networking (SDN), network configurations can be dynamic and programmatically optimized, improving network performance and monitoring more like cloud computing than traditional network management. By disassociating the forwarding of network packets from routing (control plane), SDN can be used to centralize network intelligence within a single network component by improving the static architecture of traditional networks.

Controllers make up the control plane of an SDN network, which contains all of the network’s intelligence. They are considered the brains of the network. Security, scalability, and elasticity are some of the drawbacks of centralization.

Since OpenFlow’s emergence in 2011, SDN was commonly associated with remote communication with network plane elements to determine the path of network packets across network switches. Additionally, proprietary network virtualization platforms, such as Cisco Systems’ Open Network Environment and Nicira’s, use the term.

The SD-WAN technology is used in wide area networks (WANs)

SD-WAN, short for Software-Defined Wide Area Networking, is a transformative approach to network connectivity. Unlike traditional WAN, which relies on hardware-based infrastructure, SD-WAN utilizes software and cloud-based technologies to connect networks over large geographic areas securely. By separating the control plane from the data plane, SD-WAN provides centralized management and enhanced flexibility, enabling businesses to optimize their network performance.

Transport Independance: Hybrid WAN

The hybrid WAN concept was born out of this need. An alternative path that applications can take across a WAN environment is provided by hybrid WAN, which involves businesses acquiring non-MPLS networks and adding them to their LANs. Business enterprises can control these circuits, including routing and application performance. VPN tunnels are typically created over the top of these circuits to provide secure transport over any link. 4G/LTE, L2VPN, commodity broadband Internet, and L2VPN are all examples of these types of links.

As a result, transport independence is achieved. In this way, any transport type can be used under the VPN, and deterministic routing and application performance can be achieved. These commodity links can transmit some applications rather than the traditionally controlled L3VPN MPLS links provided by service providers.

SDN and APIs

WAN SDN is a modern approach to network management that uses a centralized control model to manage, configure, and monitor large and complex networks. It allows network administrators to use software to configure, monitor, and manage network elements from a single, centralized system. This enables the network to be managed more efficiently and cost-effectively than traditional networks.

SDN uses an application programming interface (API) to abstract the underlying physical network infrastructure, allowing for more agile network control and easier management. It also enables network administrators to rapidly configure and deploy services from a centralized location. This enables network administrators to respond quickly to changes in traffic patterns or network conditions, allowing for more efficient use of resources.

Scalability and Automation

SDN also allows for improved scalability and automation. Network administrators can quickly scale up or down the network by leveraging automated scripts depending on its current needs. Automation also enables the network to be maintained more rapidly and efficiently, saving time and resources.

Before you proceed, you may find the following posts helpful:

  1. WAN Virtualization
  2. Software Defined Perimeter Solutions
  3. What is OpenFlow
  4. SD WAN Tutorial
  5. What Does SDN Mean
  6. Data Center Site Selection

WAN SDN

A Deterministic Solution

Technology typically starts as a highly engineered, expensive, deterministic solution. As the marketplace evolves and competition rises, the need for a non-deterministic, inexpensive solution comes into play. We see this throughout history. First, mainframes were/are expensive, and with the arrival of a microprocessor personal computer, the client/server model was born. The Static RAM ( SRAM ) technology was replaced with cheaper Dynamic RAM ( DRAM ). These patterns consistently apply to all areas of technology.

Finally, deterministic and costly technology is replaced with intelligent technology using redundancy and optimization techniques. This process is now appearing in Wide Area Networks (WAN). Now, we are witnessing changes to routing space with the incorporation of Software Defined Networking (SDN) and BGP (Border Gateway Protocol). By combining these two technologies, companies can now perform  intelligent routing, aka SD-WAN path selection, with an SD WAN Overlay

**SD-WAN Path Selection**

SD-WAN path selection is essential to a Software-Defined Wide Area Network (SD-WAN) architecture. SD-WAN path selection selects the most optimal network path for a given application or user. This process is automated and based on user-defined criteria, such as latency, jitter, cost, availability, and security. As a result, SD-WAN can ensure that applications and users experience the best possible performance by making intelligent decisions on which network path to use.

When selecting the best path for a given application or user, SD-WAN looks at the quality of the connection and the available bandwidth. It then looks at the cost associated with each path. Cost can be a significant factor when selecting a path, especially for large enterprises or organizations with multiple sites.

SD-WAN can also prioritize certain types of traffic over others. This is done by assigning different weights or priorities for various kinds of traffic. For example, an organization may prioritize voice traffic over other types of traffic. This ensures that voice traffic has the best possible chance of completing its journey without interruption.

SD WAN traffic steering
Diagram: SD WAN traffic steering. Source Cisco.

Critical Considerations for Implementation:

Network Security:

When adopting WAN SDN, organizations must consider the potential security risks associated with software-defined networks. Robust security measures, including authentication, encryption, and access controls, should be implemented to protect against unauthorized access and potential vulnerabilities.

Staff Training and Expertise:

Implementing WAN SDN requires skilled network administrators proficient in configuring and managing the software-defined network infrastructure. Organizations must train and upskill their IT teams to ensure successful implementation and ongoing management.

Real-World Use Cases:

Multi-Site Connectivity:

WAN SDN enables organizations with multiple geographically dispersed locations to connect their sites seamlessly. Administrators can prioritize traffic, optimize bandwidth utilization, and ensure consistent network performance across all locations by centrally controlling the network.

Cloud Connectivity:

With the increasing adoption of cloud services, WAN SDN allows organizations to connect their data centers to public and private clouds securely and efficiently. This facilitates smooth data transfers, supports workload mobility, and enhances cloud performance.

Disaster Recovery:

WAN SDN simplifies disaster recovery planning by allowing organizations to reroute network traffic dynamically during a network failure. This ensures business continuity and minimizes downtime, as the network can automatically adapt to changing conditions and reroute traffic through alternative paths.

The Rise of WAN SDN

The foundation for business and cloud services are crucial elements of business operations. The transport network used for these services is best efforts, weak, and offers no guarantee of an acceptable delay. More services are being brought to the Internet, yet the Internet is managed inefficiently and cheaply.

Every Autonomous System (AS) acts independently, and there is a price war between transit providers, leading to poor quality of transit services. Operating over this flawed network, customers must find ways to guarantee applications receive the expected level of quality.

Border Gateway Protocol (BGP), the Internet’s glue, has several path selection flaws. The main drawback of BGP is the routing paradigm relating to the path-selection process. BGP default path selection is based on Autonomous System (AS) Path length; prefer the path with the shortest AS_PATH. It misses the shape of the network with its current path selection process. It does not care if propagation delay, packet loss, or link congestion exists. It resulted in long path selection and utilizing paths potentially experiencing packet loss.

Example: WAN SDN with Border6 

Border6 is a French company that started in 2012. It offers non-stop internet and an integrated WAN SDN solution, influencing BGP to perform optimum routing. It’s not a replacement for BGP but a complementary tool to enhance routing decisions. For example, it automates changes in routing in cases of link congestion/blackouts.

“The agile way of improving BGP paths by the Border 6 tool improves network stability” Brandon Wade, iCastCenter Owner.

As the Internet became more popular, customers wanted to add additional intelligence to routing. Additionally, businesses require SDN traffic optimizations, as many run their entire service offerings on top of it.

What is non-stop internet?

Border6 offers an integrated WAN SDN solution with BGP that adds intelligence to outbound routing. A common approach when designing SDN in real-world networks is to prefer that SDN solutions incorporate existing field testing mechanisms (BGP) and not reinvent all the wheels ever invented. Therefore, the border6 approach to influence BGP with SDN is a welcomed and less risky approach to implementing a greenfield startup. In addition, Microsoft and Viptela use the SDN solution to control BGP behavior.

Border6 uses BGP to guide what might be reachable. Based on various performance metrics, they measure how well paths perform. They use BGP to learn the structure of the Internet and then run their algorithms to determine what is essential for individual customers. Every customer has different needs to reach different subnets. Some prefer costs; others prefer performance.

They elect several interesting “best” performing prefixes, and the most critical prefixes are selected. Next, they find probing locations and measure the source with automatic probes to determine the best path. All these tools combined enhance the behavior of BGP. Their mechanism can detect if an ISP has hardware/software problems, drops packets, or rerouting packets worldwide. 

Thousands of tests per minute

The Solution offers the best path by executing thousands of tests per minute and enabling results to include the best paths for packet delivery. Outputs from the live probing of path delays and packet loss inform BGP on which path to route traffic. The “best path” is different for each customer. It depends on the routing policy the customer wants to take. Some customers prefer paths without packet loss; others wish to cheap costs or paths under 100ms. It comes down to customer requirements and the applications they serve.

**BGP – Unrelated to Performance**

Traditionally, BGP gets its information to make decisions based on data unrelated to performance. Broder 6 tries to correlate your packet’s path to the Internet by choosing the fastest or cheapest link, depending on your requirements.

They are taking BGP data service providers and sending them as a baseline. Based on that broad connectivity picture, they have their measurements – lowest latency, packets lost, etc.- and adjust the data from BGP to consider these other measures. They were, eventually, performing optimum packet traffic forwarding. They first look at Netflow or Sflow data to determine what is essential and use their tool to collect and aggregate the data. From this data, they know what destinations are critical to that customer.

BGP for outbound | Locator/ID Separation Protocol (LISP) for inbound

Border6 products relate to outbound traffic optimizations. It can be hard to influence inbound traffic optimization with BGP. Most AS behave selfishly and optimize the traffic in their interest. They are trying to provide tools that help AS optimize inbound flows by integrating their product set with the Locator/ID Separation Protocol (LISP). The diagram below displays generic LISP components. It’s not necessarily related to Border6 LISP design.

LISP decouples the address space so you can optimize inbound traffic flows. Many LISP uses cases are seen with active-active data centers and VM mobility. It decouples the “who” and the “where,” which allows end-host addressing not to correlate with the actual host location. The drawback is that LISP requires endpoints that can build LISP tunnels.

Currently, they are trying to provide a solution using LISP as a signaling protocol between Border6 devices. They are also working on performing statistical analysis for data received to mitigate potential denial-of-service (DDoS) events. More DDoS algorithms are coming in future releases.

Closing Points: On WAN SDN

At its core, WAN SDN separates the control plane from the data plane, facilitating centralized network management. This separation allows for dynamic adjustments to network configurations, providing businesses with the agility to respond to changing conditions and demands. By leveraging software to control network resources, organizations can achieve significant improvements in performance and cost-effectiveness.

One of the primary advantages of WAN SDN is its ability to optimize network traffic and improve bandwidth utilization. By intelligently routing data, WAN SDN minimizes latency and enhances the overall user experience. Additionally, it simplifies network management by providing a single, centralized platform to control and configure network policies, reducing the complexity and time required for network maintenance.

Summary: WAN SDN

In today’s digital age, where connectivity and speed are paramount, traditional Wide Area Networks (WANs) often fall short of meeting the demands of modern businesses. However, a revolutionary solution that promises to transform how we think about and utilize WANs has emerged. Enter Software-Defined Networking (SDN), a paradigm-shifting approach that brings unprecedented flexibility, efficiency, and control to WAN infrastructure.

Understanding SDN

At its core, SDN is a network architecture that separates the control plane from the data plane. By decoupling network control and forwarding functions, SDN enables centralized management and programmability of the entire network, regardless of its geographical spread. Traditional WANs relied on complex and static configurations, but SDN introduced a level of agility and simplicity that was previously unimaginable.

Benefits of SDN for WANs

Enhanced Flexibility

SDN empowers network administrators to dynamically configure and customize WANs based on specific requirements. With a software-based control plane, they can quickly implement changes, allocate bandwidth, and optimize traffic routing, all in real time. This flexibility allows businesses to adapt swiftly to evolving needs and drive innovation.

Improved Efficiency

By leveraging SDN, WANs can achieve higher levels of efficiency through centralized management and automation. Network policies can be defined and enforced holistically, reducing manual configuration efforts and minimizing human errors. Additionally, SDN enables the intelligent allocation of network resources, optimizing bandwidth utilization and enhancing overall network performance.

Enhanced Security

Security threats are a constant concern in any network infrastructure. SDN brings a new layer of security to WANs by providing granular control over traffic flows and implementing sophisticated security policies. With SDN, network administrators can easily monitor, detect, and mitigate potential threats, ensuring data integrity and protecting against unauthorized access.

Use Cases and Implementation Examples

Dynamic Multi-site Connectivity

SDN enables seamless connectivity between multiple sites, allowing businesses to establish secure and scalable networks. With SDN, organizations can dynamically create and manage virtual private networks (VPNs) across geographically dispersed locations, simplifying network expansion and enabling agile resource allocation.

Cloud Integration and Hybrid WANs

Integrating SDN with cloud services unlocks a whole new level of scalability and flexibility for WANs. By combining SDN with cloud-based infrastructure, organizations can easily extend their networks to the cloud, access resources on demand, and leverage the benefits of hybrid WAN architectures.

Conclusion:

With its ability to enhance flexibility, improve efficiency, and bolster security, SDN is ushering in a new era for Wide-Area Networks (WANs). By embracing the power of software-defined networking, businesses can overcome the limitations of traditional WANs and build robust, agile, and future-proof network infrastructures. It’s time to embrace the SDN revolution and unlock the full potential of your WAN.