Software-defined SD-WAN

Modern network architectures contain many technological solutions. The classic approach involves building a network infrastructure in which all traffic follows the same route, regardless of which applications are involved in this information exchange. That is, email, video conferencing traffic and HTTP will all go through one channel. The network administrator, of course, has the ability to prioritize packets of one type over others, but in any case, all these packets will be transmitted along the same route.

However, not all applications require high bandwidth. So, nothing bad will happen if the email arrives to the recipient a minute late. But for videoconferencing, traffic delay can be critical. Thus, we have a need for a network topology that allows us to programmatically determine the routes along which traffic will be transmitted for each specific application. That is, even if we have several applications interacting with the same node, packets can go to it through different routes.

In the old days, corporate resources lived in data centers and server rooms. These data centers could belong to the provider and then it was necessary to rent rack space. These resources required a connection via dedicated communication channels or VPN. At the same time, users from branch offices did not have a direct connection to the Internet, and got into general networks through a central IT platform, even if it was located several thousand kilometers away. This hierarchy of connections imposed its limitations on the throughput of communication channels and network equipment.

With the advent of cloud services, business applications began to be hosted in virtual environments provided by cloud providers. Using a VPN or MPLS to access them no longer provided the required level of performance. In addition, the requirements for the performance of communication channels began to increase significantly. Various services that require real-time operation, such as video conferencing, streaming services and similar systems, required a fairly high channel speed.

Thus the need for a software-defined wide area network arose. In essence, SD-WAN (software-defined networking in a wide area network) is an implementation of the concept of a software-defined network within a global network, that is, on an Internet scale. When using SD-WAN, our goal is to improve performance by abstracting network equipment from its management mechanisms.

How SD-WAN works

In essence, SD-WAN solutions are a virtual superstructure over communication channels, that is, based on the physical cable infrastructure, we create a network cloud, which is used to transfer data between remote nodes of a distributed network, for example, between company branches.

At the same time, software-defined distributed networks support various data transmission technologies: fiber optic and cable wired solutions and wireless (3G, 4G LTE and 5G) and satellite channels. Depending on the tasks being solved, we can redistribute traffic between different data transmission media for load balancing and other needs. Also, SD-WAN class solutions support a combination of various data transmission standards, including IP, MPLS, ATM and others. Traffic redirection can be carried out both via dedicated and public communication channels, for example via the Internet.

SD-WAN infrastructure consists of several components. Access devices are the same routers that were previously used in regular WAN networks. These devices must provide the required level of performance and provide the necessary functionality, such as firewalling, traffic processing and optimization. Since access equipment interacts directly with subscriber devices, we need these devices to have the required type of interfaces, for example Wi-Fi or LTE.

There are two possible options for implementing end devices: hardware and virtual devices. Hardware is essentially our own hardware, which we provide to the customer. Virtual devices are the installation of software solutions on a hardware platform. As a rule, this option is cheaper. Also, the customer can use equipment from any vendor as a platform for virtual end devices, although in practice there may often be limitations here, since software solutions are tested only on certain hardware, and the software developer does not guarantee compatibility with other equipment.

The variety of different network devices requires centralized management – orchestration. To perform these tasks, special servers are used – orchestrators. Their main task is to configure the parameters of end devices, which policies and rules should be applied to our access routers, and which security settings we use on our equipment.

The principle of operation of orchestrators is as follows: configuration files are created on the orchestrator for endpoint devices and other elements of the SD-WAN network, after which these files are sent to the devices themselves. Also, the orchestrator often carries out basic network monitoring – the availability of devices, ports, communication channels, interface loading, that is, everything without which full administration of a software-defined network is impossible.

Another important element of the SD-WAN network is controllers. These devices are responsible for applying traffic routing policies to the network. In traditional communication networks, similar functionality is performed by BGP Route Reflector. Using Route reflectors avoids the need to create a fully mesh topology between all iBGP neighbors and prevents the formation of loops.

As mentioned just above, in the orchestrator we create or modify global policies, controllers change the composition of their routing tables and send updated information to end devices. As a rule, distribution of routing information in SD-WAN networks occurs using proprietary protocols. This is necessary because an SD-WAN route often contains not only prefixes and next-hops, but also an impressive set of additional non-standard attributes necessary for advanced routing to work.

The SD-WAN network is a rather complex technical solution, it uses many different protocols and technologies, and we require analytics tools with which we can receive complex reports based on data collected from end devices: history of the quality of channels, network applications , node availability, etc. Many manufacturers have analytics available only from their own cloud, but there are also solutions deployed on the customer’s premises.

SD-WAN Solutions

There are currently several software-defined networking solutions on the Russian market. Let’s start with Kaspersky SD-WAN. The solution from a well-known antivirus vendor provides not only reliable communication between branches and convenient management using a single console, but also easy connection of company-wide security functions.

With a single security policy, you can manage all your security settings and centrally manage device configurations, security policies, and traffic rules to ensure consistency across your entire network.

Another implementation of SD-WAN technology is offered by a well-known telecom provider. MTS Cloud SD-WAN SD-WAN also features a centralized management and monitoring portal that allows for rule- and policy-based management. At the same time, you can work with the management console through the Cloud MTS cloud.

The SD-WAN Edge core contains a network router that operates as a Virtual Appliance or as a hardware solution. It also has its own security orchestrator, which manages virtual security functions on the equipment, and a data center gateway, which aggregates equipment management tunnels.

Conclusion

In this article, we looked at the basics of building software-defined networks, talked about the main components and services provided. There is no unified approach to implementing SD-WAN networks yet, and different vendors have their own interpretation of the implementation of this technology.

The article was prepared as part of the launch of a new stream specialization Network Engineer. By following the link you can learn more about the specialization, as well as register for free course lessons.