• United States
Contributing Writer

SD-WAN: The inside scoop from real-world deployments

Oct 30, 20189 mins

Enterprise network pros share SD-WAN best practices and lessons learned.

Graphic collage of laptop with international map and networking
Credit: Thinkstock

Harrison Lewis wasn’t looking for SD-WAN, but he’s glad he found it.

Northgate Gonzalez, which operates 40 specialty grocery stores throughout Southern California, had distributed its compute power for years. Each store individually supported applications with servers and other key infrastructure and relied on batch processing to deal with nightly backups and storage, according to Lewis, the privately held company’s CIO.

Over time, the company’s needs changed, and it began centralizing more services, including HR and buying systems, as well as Microsoft Office, in the cloud or at the company’s two data centers. With this shift came a heavier burden on the single T-1 lines running MPLS into each store and the 3G wireless backup. Complicating matters, Lewis says, rainy weather in the region would flood the wiring, taking down terrestrial-network connectivity.

“It was problematic. We even doubled up on T-1 lines to each location, but it still wasn’t enough. The network had to be a lot more reliable,” Lewis says.

Lewis searched for a suitable – and cost-effective – alternative, researching incremental options that could have increased bandwidth and addressed the company’s security needs. “They all came with a significant price tag,” he says.

In July 2016, Lewis and his team came upon software-defined wide-area networking (SD-WAN), technology that decouples the control plane from the data plane and enables networking groups to control the entire WAN in a centralized manner. Uniquely, SD-WAN supports the use of multiple types of connectivity (such as MPLS, broadband, broadband wireless), offering flexibility and ease of use for organizations with multiple locations.

Lewis thought the technology was too immature to deploy at the time, but he kept an eye on its growth and by late 2017, considered it ready for a proof of production. With the NSX SD-WAN appliance from VeloCloud (VMware acquired VeloCloud in December 2017), he, along with his carrier AT&T, created a test zone at a single store, running the SD-WAN and traditional network side by side. The SD-WAN linked to two broadband connections and 4G wireless as a backup, along with ZScaler for Internet security. He put a similar configuration in the two data centers, which soon proved a viable approach. Today, Northgate Gonzalez has deployed SD-WAN in all 40 stores, with a recent bump to 5G wireless as backup.

The move to broadband and wireless backup increased bandwidth because all three connections can be used interchangeably by SD-WAN, Lewis says. It also decreased monthly connectivity expenses by about 40%. He’s particularly proud of this result, as he is mindful of his fiduciary responsibility to not just keep throwing T-1 lines at the problem. Doing so could have led Northgate Gonzalez to have to raise prices or negatively impacted shareholders. “That just doesn’t make sense if there are alternatives,” he says.

He appreciates SD-WAN’s ability to prioritize traffic in support of business-critical activities, including payments and ordering, allowing them “to take precedence over all else,” and the “somewhat” zero-touch nature of provisioning the appliances. “It doesn’t require a great deal of skill to install the appliance,” he says, adding he leveraged store technicians and help desk members to get the preconfigured appliances up and running at each site.

SD-WAN handles diversity of circuits

Luis Castillo, senior network manager for global network engineering at National Instruments, also was drawn to SD-WAN for its ease of deployment. National Instruments, an Austin-based maker of scientific equipment and software, operates in 50 countries and needed a solution that could handle the complexity of its distributed workflow. Customer service calls and research and development are handled by teams around the world, requiring tight attention to quality of service.

“We were throwing money at QoS toolsets to get classification, packet shaping, queuing, etc. – that was the only way we could maintain a certain quality of service,” Castillo says.

Along with the cost of the toolsets, requirements for bandwidth would climb – as much as 25% or more. “We only got approved for 1% or 2% increases in our annual budget, so the gap kept getting wider,” he says. As bandwidth demands grew, the company began to bump up against issues surrounding availability and the cost of more lines into their offices. “In Russia, a 4M bit/sec [connection] cost $10,000 a month. We couldn’t pay that,” he says.

The global nature of their business also made it difficult to get a single MPLS provider to handle all locations – and some locations, such as Armenia, didn’t have MPLS.

Castillo first began looking for alternatives in 2008, and deemed “performance-based routing,” a precursor to SD-WAN, not good enough to operationalize. “Most of the efforts in those early days didn’t leave the lab,” he says.

When SD-WAN emerged, he connected with Viptela (Cisco closed its acquisition of Viptela in August 2017), and determined the software-driven technology (atop Cisco vEdge routers) to be the best bet to integrate with National Instruments’ environment, especially its diversity of circuits.

Viptela’s zero-touch provisioning was also a draw. “It saved money because we didn’t have to ship engineers around the world,” Castillo says. He drew up an implementation document and shared it with the local IT worker (in-house or contract). He acknowledges that the pre-configuration and post-configuration can be a little more difficult as you have to integrate the SD-WAN with the attached devices. “Those parts can be disruptive,” he says.

Castillo has not had to add MPLS lines and, as he says, has been able to “peel off dollars from MPLS.” But he has kept MPLS in the mix “because there are still sensitive applications where the Internet would not be good for transport, especially if you’re transmitting overseas.”

Having started deployment in mid-2017, SD-WAN technology is currently in use for 80% of the company’s 8,400 employees. Castillo looks forward to more features and functionality he expects will come once Viptela is more integrated into Cisco.

SD-WAN boosts QoS via traffic shaping

At Gerresheimer AG, Greg Taylor, manager of IT infrastructure for the Americas, came across SD-WAN as he was trying to problem-solve how to get faster and more reliable connectivity between the company’s locations – the maximum speed was 3M bit/sec T-1 links that were really slow – in a standardized way. Globally, the company, which makes glass and plastic products for pharmaceutical, biotechnology, and scientific research, has 43 sites in more than 15 countries. But Taylor was focused on his territory, which comprises six locations in U.S. and Mexico. “Our WAN was neither homogenous nor easy to manage,” he says, adding that some sites, such as India, were using site-to-site VPNs between firewalls.

Taylor, who considers himself extremely radical, wanted to junk the company’s commitment to MPLS and go all-broadband along with the deployment of SD-WAN. He knew the European-based company couldn’t – and wouldn’t – tolerate that. “We needed to go with a hybrid WAN,” he says.

The company’s proof-of-concept, and later deployment, made use of the Silver Peak Unity EdgeConnect SD-WAN edge appliances to create a hybrid WAN that uses MPLS and Broadband to deliver up to 200M bit/sec to some sites.

Similar to Castillo, Taylor crafted a 15-page manual as well as a QuickStart Guide for each site involved. “They would have to plug it in and share it, and then we could configure it from here [in New Jersey],” he says. “I wouldn’t call it zero-touch, though, because you have to prep the switches and firewalls before the EdgeConnect appliances arrive.”

He says the “special sauce” of SD-WAN is giving the company a tremendous boost in terms of quality of service through built-in traffic shaping and other optimization functionality, even with some “poorer” links still in place.

The move to SD-WAN has saved Gerresheimer $10,000 a month, mostly because MPLS has tripled in speed (Taylor effectively renegotiated his MPLS contracts to get faster speeds for less money). Each site can now make some use of Internet connections, and the secondary MPLS line (which was usually lying dormant, he says) is slated to be canceled.

SD-WAN has improved the experience for users, especially those working with the manufacturing execution system and financial reporting system (Citrix). “The executives and shop floor employees overseas say they feel like they are in the U.S. now,” he says.

At 80% site deployment globally, Taylor has bigger plans for the network now that SD-WAN has proven itself, including eliminating physical firewalls in favor of using EdgeConnect to service chain application traffic with cloud-based firewall services.