This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
If you want to get a sense for how rapidly the SD-WAN market is evolving, go back and read some of the articles from, say, two years ago. Some of the talk was about startup companies entering the market, while other items describe how traditional WAN hardware vendors were pivoting to get into the lucrative new market of building network functions in software.
Predictions of the eventual market size varied back then, but everyone knew it would be big. Doyle Research thought it might get to $3.2 billion by 2018. IDC projected a $6 billion market by 2020. I wouldn’t be surprised if those estimates from a few years ago turn out to be too conservative.
SD-WAN is showing very rapid adoption in enterprises because it solves a number of pressing issues. Organizations with a lot of branches spend a significant amount of time and money supporting those branches. Before SD-WAN, MPLS was the only serious connectivity choice for branch locations. Now SD-WAN vendors offer both broadband and 4G LTE as secure and reliable alternatives (or complements) to MPLS at a fraction of the cost. What’s more, broadband and LTE services can be turned up much more quickly than MPLS, which provides a lot of flexibility in servicing remote or temporary locations.
SD-WAN also eliminates the problem of backhauling traffic from branches through the central data center and out to the Internet to get to SaaS applications. With an SD-WAN “edge” device in the branch, traffic can go straight to the Internet, thus increasing performance while saving bandwidth. The same is true for mobile users whose traffic no longer has to be brought into the data center before going to applications in the cloud. Mobile and remote users don’t have to put up with slow application performance anymore.
Silver Peak has been in the SD-WAN market going on two years. The company has its roots in WAN optimization, and now it has parlayed its network expertise and technology to improving the branch experience using SD-WAN. With a couple of recent advancements to the Silver Peak Unity EdgeConnect product line the company is trying to redefine the thin edge branch with an application-driven WAN edge.
Silver Peak defines the thin branch concept as a way to simplify and consolidate the stack that is typically running in the branch office at the WAN edge. The company is using several new approaches to achieve this simplification.
One way to simplify the branch is to remove existing legacy routing and firewall hardware, if possible, by consolidating branch office infrastructure at the WAN edge. Some branches may be able to operate with an EdgeConnect device that leverages built-in routing and secure Internet breakout with service chaining for higher level security functions. For those branches that choose to maintain the legacy routing functions, however, Silver Peak’s SD-WAN edge device offers BGP routing interoperability to allow the branch to migrate to full SD-WAN at its own pace. The company says it simplifies security at the branch with an integrated stateful firewall that supports foundational firewall and security capabilities for branch offices that don’t host applications.
An advance that Silver Peak says is a differentiator in the EdgeConnect device is something it calls First-packet iQ. It is application classification based on the first packet of traffic flow, and the company says it enables the product to do secure Internet breakout with granular security policies. Silver Peak leverages some of its WAN optimization technology for this feature.
In its cloud, Silver Peak maintains what is essentially a look-up table of the IP addresses of tens of thousands of Internet applications. So for instance, it can identify traffic targeted at Office 365, or Salesforce.com, or most other popular cloud apps. For applications whose IP addresses are not in the table, Silver Peak has other methods to map the IP addresses to applications. Being able to identify these various applications enables granular packet steering from the branch.
Say there is an EdgeConnect device in a branch office. Traffic that is destined for the Internet goes through the device and has First-packet iQ techniques applied to determine what application the packets are intended for. If it’s a trusted business application, EdgeConnect can locally push that traffic out to the Internet connection so it isn’t backhauled to the data center. That saves bandwidth on the MPLS connection to the data center, and also improves the application response time by sending traffic directly to the application in the cloud.
For applications such as Facebook and YouTube that employees want to use from work, but which aren’t strictly business applications, there might be a concern about sensitive data being sent to these websites. That traffic can be routed to a web-based firewall such as Zscaler. All other traffic that is considered untrusted can be forwarded to the corporate firewall sitting in the data center for further scrutiny.
This is what’s meant by “granular Internet breakout”—the traffic is steered to the optimal place where security can be applied. The customer can use the Internet to access trusted applications in order to get the best performance and the best cost solution.
Silver Peak says it orchestrates all of this through a single pane of glass so customers with hundreds or thousands of branches can create a policy and stamp it down into the network for consistent application everywhere. This orchestration process is another way to simplify the setup and management of the SD-WAN.