Software-defined wide area networks
Versatile Connections
The term "software-defined" usually refers to a technology that entered the IT market in the 2000s: virtualization. Although virtualization has been customary in a server environment for many years, the question arises as to how such basic structures as wide area network (WAN) routes can be virtualized and what their inherent benefits might be. A software-defined WAN (SD-WAN) comprises multiple components:
- Virtualization: frees the network from the physical infrastructure.
- Zero-touch provisioning: allows the timely addition of routes to the virtual infrastructure.
- Centralized management, automation, and the technologies of dynamic path conditioning.
- WAN optimization technologies: compression and deduplication, as well as high-speed TCP packet order correction and forward error correction.
Some manufacturers do without the last set of technologies listed; however, two definitive vendors, Silver Peak [1] and Riverbed [2], come from exactly this sector and continue to use their (partly) patented technologies for this new product line.
Network virtualization is the basis on which SD-WANs are built. At this level, the overlay network (logical connections) abstracts itself from the underlay network (physical connections). Examples of underlay networks include private multiprotocol label-switching (MPLS) networks leased from providers, directly leased point-to-point routes, and simple xDSL (i.e., ADSL, SDSL, etc.), cable, and LTE/UMTS Internet connections.
Separating the Network Layers
A well-known technology is used to separate the underlay networks from the logical (overlay) network: VPN connections that work with 256-bit IPsec encryption on all well-known SD-WAN products. These VPN connections form the underlay tunnel through which each site exchanges data. This abstraction alone still does not offer any advantages in terms of the dynamics of the WAN routes, but it does make Internet connections usable for site-to-site links.
Another abstraction layer is added to gain more flexibility. Above the underlay tunnel, more tunnels (i.e., the overlay tunnels) span the locations. These tunnels use encapsulation-only protocols; all manufacturers currently use generic routing encapsulation (GRE), which does not include any security features (e.g., encryption) and therefore only ensures logical separation of the data paths. These overlay tunnels are configured and optimized, depending on the application profile and purpose, and rely on one or more underlay tunnels to provide the connections. The total number of all overlay tunnels, along with their parameters, forms the virtualized overlay network, which is decoupled from the physical networks.
Transmission Capacity
At this point, it would be possible to replace individual site connections with other types of connections (e.g., expensive leased lines with less expensive Internet connections or MPLS with a faster LTE link). However, the different characteristics of the lines then play a role. An MPLS route typically has a service-level agreement (SLA) of 0.1 to 0.5 percent packet loss, compared with a connection on the public Internet of 0.5 to 1 percent. If you want to operate sensitive applications such as VoIP, video, or data acquisition systems on these modified routes, this amount of packet loss can quickly cause problems.
Latencies in the range of 50 to 200msec are also common for connections between continents via the Internet, often disrupting sensitive applications because of their susceptibility to interference. Also, manual connection management would be extremely complex given such a mass of tunnels and would completely rule out any advantages gained from its flexibility.
Automated Network Tunnels
Now the next two basic components of SD-WAN enter the scene: automation and dynamic path conditioning. Automation means that the process of creating underlay and overlay tunnels is completely automated for all fully functional SD-WAN solutions. The administrator specifies which sites to connect, and the IPsec configuration is done autonomously, with no need to define keys or exchange certificates; the systems handle this work.
The overlay tunnels are created as a function of the application profile. Silver Peak coined the term "Business Intent Overlay" for its SD-WAN product line. This defines exactly which applications have which requirements with respect to line bandwidth, packet loss, latency, and jitter. On the basis of these definitions, dynamic path conditioning then comes into its own.
One part of path conditioning is handled by means of load balancing across lines of different bandwidth, latency, and error rate. Previously it was only possible to distribute load in equal proportions across identical lines on the network. The algorithms used in dynamic path conditioning let you, for example, combine an MPLS and an LTE path for an application, which not only allows an increase in the bandwidth, but also provides resilience.
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.