This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Software Defined WAN technology makes it possible to create a transparent, logical enterprise IP network across a mix of service provider technologies and add advanced features such as application-based traffic routing or custom security provisions to meet strict compliance requirements.
However, operating such a network on top of various underlying network architectures—at scale—remains difficult, and SD-WAN overlay networks cannot, per se, address poor-performing WAN connections. The key is being able to manage the underlying network architecture, which is handled differently by the various vendors in the business, each of which has its particular focus and strengths. In general, they can be classified as follows:
* Controller-based solutions—mostly vendor specific—that can auto-discover and configure standard network architectures on vendor’s network devices. These solutions work effectively when environments are highly standardized. Their main focus is to reduce the complexity of managing a large number of devices consistently. They provide a single point of administration, but multiple controllers may be needed depending on network architecture and policy requirements.
* Appliance-based overlay solutions that create a virtual IP network between the vendor’s own appliances across any network. Overlay solutions are an attractive choice for many because they can be deployed quickly. They typically use vendor-proprietary appliances and software. This approach results in solutions with features not available with open networking standards, but can lack customizability, and are dependent on the performance of the underlying infrastructure complicating root cause analysis and troubleshooting. End-users must also turn to an additional hardware vendor to manage for support and lifecycle management.
* Advanced automation and change control solutions that leverage existing hardware and enable and manage SD-WAN and the underlying infrastructure. These solutions leverage existing infrastructure, can address high customization needs and enable features that are otherwise difficult to manage manually on complex architectures. Also, they are often cost-effective: in most cases, no hardware refresh is required, and they provide a solution for both the overlay network and the underlying network infrastructure. Troubleshooting is simplified due to existing expertise, and they can be used transparently across multiple vendors. They may need some additional time for setup and training.
Each of these approaches offers benefits, but each also presents challenges. Overlay solutions are attractive for many because they can be deployed quickly, but they may lack sufficient customizations or create additional complexity for troubleshooting. Controller-based solutions work effectively when environments are highly standardized. Network automation and change control solutions can address high customization requirements but may need additional time for implementation.
Regardless of the type of solution chosen, a successful transition to a fully automated and integrated SD-WAN is a challenging process. Existing change control mechanisms are often ill equipped to handle the complexity during transition. Configuration mistakes are unavoidable, especially with manual processes involved, and even the most elaborate testing may not find rare conditions that only reveal themselves when the network is under load at the most critical times.
Because it is difficult to independently verify and validate networks during times of change, enterprises are looking for alternatives that offer more network automation. Solutions must not only provide the capabilities to implement and maintain a logical IP network, but also the capabilities to manage the underlying infrastructure, including verifying and validating implemented architectures, detecting hidden dependencies and understanding the full impact of any change.
In fact, to ensure that the network will perform optimally in an environment of constant change and increasing demands, SD-WAN solutions must also provide the next level of operational capabilities such as network-aware orchestration. The capabilities required might include functionality such as:
- Built-in, best-practice architectures for initial provisioning
- Application of changes with minimal impact (e.g. avoiding unnecessary reboots)
- Understanding and accounting for the overall network impact of any change, a characteristic referred to as “network-aware.”
- Applying changes “in concert,” understanding architectural dependencies
- Resolving hidden dependencies automatically when possible
- Monitoring the configuration state of all devices in the network
- Limiting direct manual access to devices through a verifiable audited interface
- Validating changes have been successfully applied or reverting to the prior configuration when needed
Such advanced management and automation provides verification and validation that the network is, in fact, correctly configured and that, for example, any non-authorized manual changes are pro-actively detected and remediated swiftly.
In addition to the requirements for automation and seamless orchestration, requirements for customization are always present. SD-WAN will simplify and bring more standardization across the network, even when customized features are required for specific business purposes. Software developers need to align closely with network operations staff to understand in detail the requirements to be implemented, addressing specific operational needs. Those process driven approaches, generally referred to as “DevOps,” when done right, have already proven faster time to market, better customization, fewer failures and more rapid recovery from negative events or misaligned changes. An effective SD-WAN solution can enable these benefits while managing consistency across the network.
It is inevitable that complexity will continue to increase. At the same time, so will the number of enterprise WANs. The ability to implement an SD-WAN solution, providing not only the technical ability to create a logical IP network but also related network automation and change management capabilities, is critically important to ensure that the network will perform under critical loads.
Launching a successful SD-WAN implementation will require new tools to manage the heterogeneous network technologies on the WAN. An SD-WAN solution must provide IT teams with automated orchestration, validation, verification and remediation procedures to detect potential error conditions early. These critical network-aware orchestration capabilities are the evolution of SD-WAN solutions, providing the much needed network agility to help companies remain competitive in a world where the pace of change and demand for connectivity is ever increasing.
Dietrich brings to Glue Networks more than 20 years of experience defining innovative strategies and delivering complex technology solutions. Stefan received a Ph.D. in Aerospace Engineering and Computer Science from the University of Stuttgart and served as a Postdoctoral Fellow and faculty member at Cornell University.