When we look at what is happening in the service provider space today, then SD-WAN can certainly be described as a “killer application” driving network transformation. So why is this so? SD-WAN is an acronym for Software-Defined Networking in a Wide Area Network. So why all the interest? It essentially boils down to money and the potential savings it generates over traditional MPLS based Virtual Private Networks (VPNs). There are other considerations too. It provides a speedy service delivery mechanism and allows providers to offer service in areas where they have no fiber based first mile connectivity.
SD-WAN allows any first mile transport technology to be used to provide connectivity to the customer premises. Any transport technology can be traditional MPLS based access, LTE, public internet or any wholesale copper access. An SD-WAN solution will look to combine these access circuits to provide aggregated bandwidth or use them as back up option. The diagram below illustrates the principle.
In the above example, the first mile transport comprises LTE, xDSL based Internet and a fixed MPLS based service. The SD-WAN solution will treat the various transport mechanism as a pool of resources. These will be allocated to the service based on policies defined by the IT department. Clearly, this is needed as the Internet, by its very nature, will not provide as good a quality of service as the fixed MPLS access and so the policy may dictate that best efforts, low priority traffic uses this access. Mission critical traffic can be allocated to the MPLS services. Most SD-WAN solutions allow this form of bandwidth allocation where the percentage of any access type can be assigned to a traffic class or even application based on TCP port. This policy assignment can also steer traffic to a particular form of access such as LTE. This essentially means that the traditional edge router is no longer needed and traditional routing gives way to policy-based forwarding.
Policy based forwarding is not the only consideration. Security will also be needed where public Internet or LTE is used as a form of access. IPSec at layer 3 is still the go to protocol since most traffic is IP based and the protocol is well understood. However, many services are layer 2 based and so using IPSec is inefficient when layer 2 services are tunneled into layer 3. This leads to a fundamental issue in the way SD-WAN services are delivered today. More of that later.
And what about Quality of Service (QoS)? Policy based forwarding will help with QoS, but the per-hop treatment of QoS used by switches and routers no longer applies in the Internet. QoS markings are simply not honored. So, what can be done?Forward Error Correction (FEC) is a technology that allows a packets to be corrected for any errors rather the discarded. FEC does add overhead, but this can still lead to an overall improvement in throughput. With all TCP transmissions there is a window size set by the protocol. The window is the number of packets that are transmitted before the receiver sends an acknowledgement. If packets are lost or corrupted, all the packets in the window will need to be re-transmitted. This will lead to a reduction in throughput. Also, we need to consider the fact that TCP will reduce its transmission rate if packets are lost. FEC will certainly help reduce TCP packet loss and improve overall throughput.
At the time of writing there are in the order of sixty SD-WAN solution providers and they offer a wide range of solutions driven by customer demand. However, different customers will demand different features. Most suppliers will have one or two key customers and they will focus development around the needs if those customers. This means there is not one supplier who will meet the specification for SD-WAN functionality for all service providers. The suppliers have a choice. Focus on a few key customers or build a complex product that may become self-defeating – e.g. too large, too complex to configure and too difficult to support and too expensive. This is compounded by the fact that SD-WAN came to market before Network Function Virtualization (NFV)was deployed on mass within the service provider domain. NFV is covered in another post, but the upshot is that most SD-WAN vendors need to supply their product with dedicated hardware. This leads to a monolithic product may be difficult to upgrade and means another hardware box at the customer premises. Most SD-WAN vendors would prefer to offer product as a software image to run over and NFV infrastructure where generic white-box x86 capable CPE is deployed as the hardware platform.It is easier to change SD-WAN functionality if pure software is the basis of the solution. It also means security can be off loaded to another function and optimized for the type of service, e.g. IPSec at layer 3 and MACSec at layer 2.
Commercial Benefits of SD-WAN
So why is SD-WAN attractive? Traditional VPNs are delivered using fixed connectivity. This is often fiber based. This form a of connectivity provides high bandwidth and is generally a solid, highly reliable connection. The issue is that it is expensive. Lead times are slow especially if ducting needs to be installed to offer that fiber. MPLS as a technology is expensive and lifts the price of any routing equipment supporting it. Clearly, public Internet is cheaper. And really for a small site, the performance may be adequate. The traffic overheads associated with FEC and security may well be negated by such a low access cost.Reducing the time to deliver a service is a commercial benefit. A site can be initially installed using LTE as the access mechanism and billed as soon as the service is turned up. The site can then be upgraded to a fixed line when it is ready and needed.
If you want to know more about SD-WAN, then I recommend you check out the offerings and application notes of the many vendors with current product.