Software Defined WAN [SD-WAN]

in Present or Legacy WAN Topology, Business locations are connected to application availability centers over ISP managed Multi-Protocol Label Switch (#MPLS) Circuit & Internet Access over Leased Line and Broadband links. As may costly MPLS links on primary traffic carrier and Internet (ILL with IPSec) as Secondary / Fallback traffic carrier.

Challenges on Legacy WAN Administration:

• Per location multiple last-mile technology and multiple ISP operators.
• Different billing cycles for bandwidth subscription.
• Non uniform bandwidth across the primary and secondary traffic path from location to DC/DR.
• Non centralized ISP link performance monitoring option.
• MPLS feasibility constrain on new business location and change of business location.
• Field side / Location WAN edge device Configuration, Monitoring and Maintenance through remote side.
• Mixed WAN edge devices demands complicated service management including resources and tools.
• Costly MPLS circuit charges.

Objective of SD-WAN Approach:

Reduce the complexity and operating cost factor for WAN topology management without compromising of Service Availability and Security.

Approach to Software Defined WAN (#SD-WAN) Solution:

SD WAN solution differ from legacy WAN concept of active route configuration and management from both peer sides on regardless of last-mile termination to each WAN Edge. Which is defined as one or more of Controller in redundancy named SD WAN Orchestrators who is managing and monitoring each SD WAN Edge devices to enterprise network across disparate geographical locations. SD WAN Edges are included with Transaction Location / User Network Location and DC / NDC / DR Locations.

The SD-WAN Orchestrator automates tunnel configuration between the branch and hub sites. The benefit of the SD-WAN Orchestrator is that WAN links are automatically discovered, and tunnels are orchestrated based on business and topological needs. For example, mapping data centers to branch offices.

SD-WAN Orchestrator enables the distribution of routing information across all sites including branches and headend. It provides route distribution across sites in a dynamic way according to the topology and routing segmentation policy configurations. The main functions of the Overlay Route Orchestrator include:

• Learning routes from hub or branch sites
• Advertising routes across the SD-WAN network with appropriate costs
• Redistributing routes into the LAN side with appropriate costs

SD-WAN technologies enable an organization to implement a secure, optimized corporate WAN. This provides optimized traffic routing between SD-WAN endpoints deployed in an organization’s on-prem and cloud-based infrastructure.

?Key Features and Benefits:

• ?Zero-touch provisioning (#ZTP) of devices—Ability to self-provision without operator's intervention.
• Centralized overlay management and control—A single cloud-based network management interface for managing and monitoring SD Branch devices.
• IPsec based Automatic VPN Tunnels—Support for high-performance and automatic IPsec VPN for secure overlay networking.
• Unified security policy for wired, wireless, and WAN—Support for a common security policy framework based on user roles for WAN, WLAN, and LAN users.
• Dynamic path selection—Support for dynamically steering traffic or a service request to the best available path. For example, you can configure a policy to dynamically route the real-time voice and video traffic on the link with the lowest latency and jitter, and the bulk file traffic on the link with the maximum bandwidth.
• Deep packet inspection (#DPI) and Web Content Classification (#WebCC)—Support for monitoring and analyzing application usage by clients.
• Visibility, analytics, and troubleshooting—Access to dashboards for monitoring branch health, device performance, and client connectivity metrics. Additionally, support for alerts, reports, and audit trails for monitoring and troubleshooting network performance issues.
• Policy-based routing—In addition to the traditional destination-based routing, the SD Branch devices support routing client traffic based on user role or type of application.

?

Security Controls and Understanding on SD WAN Architecture, all WAN Edge locations are monitored and managed by single entity SD WAN Orchestrator, thus regardless of branch / access locations topology is secured with single template of policy which includes location-based identity like IP addresses, Geographic Tagging and time-based access.

• Mainly security controls can be classified as:
• Encrypting Data in Transit
• Segmenting Traffic
• Detecting and Responding to Threats

Advantages by SD WAN Architecture for Any Business:

• Costly and limited bandwidth MPLS links can be replaced with high bandwidth internet links in WAN topology.
• WAN Links can be provisioned with 4G/5G mobile internet links.
• New branch provisioning and branch change process won’t affect by dependency / availability of MPLS circuit in respective location.
• Can include multiple Internet links which is available in lower cost for redundant paths.
• Single management and monitoring space for application traffic as well as ISP performance monitoring.

PseudoWire