A slew of rapid technology shifts driven by the explosion of cloud services has created tremendous business opportunities, yet many enterprises and large business networks can’t cope with these changes. Business application-focused requirements and evolving security policies require network operators to continually deploy configuration changes. The common approach of doing this – either manually, or using highly standardized configuration management databases, or simply replacing the complete device configuration, rebooting and hoping it will function – creates unacceptable risks and potential network interruptions as complex network device dependencies are not always recognized.
As a result, enterprises are looking for better ways to automate the management of their networks, using existing capabilities to optimize performance and reducing operational risk through standardization and best-practice architectures.
To solve these challenges, many are looking to software-defined networking (SDN). The goal is to provide network configuration management via software to make a network more agile and adaptable. With SDN , all network configurations are stored and managed centrally, and devices can be reprogrammed as needed on the fly, simplifying hardware infrastructure and administrative overhead. This allows enterprises to free up network expertise from mundane tasks and to refocus on business-critical optimization tasks. It also enables smallerorganizations without deep networking engineering expertise to implement much more sophisticated network architectures.
SDN: From the Data Center to the WAN
With roots in the data center, SDN succeeded at demonstrating the advantages of developing software to automate network management. In addition, network functions virtualization (NFV) replaces many physical network devices by their virtual counterparts running on commodity hardware. This increases the capabilities to custom program, scale, and chain network services to anticipated needs, especially for complex services such as load balancing, firewalling, intrusion detection, and WAN acceleration.
IT departments already found it challenging to manage this complexity in the data center, and adding WAN connectivity provides an additional layer of complexity. WAN connectivity services are bought from service providers, which use their own architectures and technologies that may vary broadly in capabilities and bandwidth by location. Many businesses have also started to roll out VPN solutions over Internet broadband as cost-effective replacements for private MPLS lines for almost all business applications, other than those that are simply the most sensitive and business-critical.
Network managers can now use SD-WAN to build a transparent logical enterprise IP network across service providers’ technologies, architectures, and service offerings. They can also add advanced network features such as application-based traffic routing or custom security provisions meeting strict compliance requirements and optimizing use of existing network capabilities while maintaining SLA. By logically untangling the existing mesh of legacy WAN networks, cost savings can be realized from leveraging Internet broadband and cellular data as cost-effective alternatives to private circuits on a global scale on one simplified overall architecture. However, managing such a network on top of various underlying network architectures at scale remains difficult, and SD-WAN overlay networks cannot themselves address poor-performing WAN connections. Hence, ensuring a well managed underlying network architecture at the same time is key.
SD-WAN: Three Categories
There are currently three categories of SD-WAN vendors, each with a particular focus and strength. In general, they can be classified as follows:
- Controller-based solutions that can auto-discover and configure network devices
- Appliance-based overlay solutions that create a virtual IP network between the vendor’s appliances across any network, combined with vendor-specific management tools
- Advanced automation and change control solutions that can enable and manage SD-WAN and the underlying infrastructure through existing hardware
These categories each have their own pros and cons that determine their standing in the SD-WAN market. Controller-based solutions work effectively when environments are highly standardized. Overlay solutions are attractive for many because they can be deployed quickly, but they may lack sufficient customizations or create additional complexity for troubleshooting. Network automation and change control solutions can address high customization requirements but may need additional time for implementation.
A Difficult Transition
Enterprises now must perform the trick of transitioning successfully from the current state to the fully automated and integrated SD-WAN network of the future. Existing change control mechanisms are often ill-equipped to handle the complexity during transition. Especially with manual processes involved, configuration mistakes are unavoidable, and even the most elaborate testing may not find rare conditions that only reveal themselves when the network is under load at the most critical times.
It’s hard to get independent or formal verification and validation for networks. While computer code can be validated through notational or operational semantic methods to ensure correctness for all possible conditions, such analytical approaches are unpractical for business use, given frequently changing customization requirements. Therefore, enterprises are looking for network automation that will not only provide the capabilities to implement and maintain a logical IP network but also the capabilities to manage the underlying infrastructure, implicitly verifying and validating implemented architectures, detecting hidden dependencies, and understanding the full impact of any change.
While it is true that all SD-WAN solutions create logical IP networks and make their management easier, in order to ensure that the network will perform optimally, they must also provide the next level of operational capabilities such as network-aware orchestration, with functionality that can:
- Apply changes with minimal impact (e.g., avoid unnecessary reboots)
- Provide built-in, proven, best-practice architectures for initial provisioning
- Apply changes “in concert,” understanding architectural dependencies
- Resolve any hidden dependencies automatically when possible
- Understand the network impact of any change (“network-aware”)
- Monitor the configuration state of all devices in the network
- Limit direct manual access through a verifiable audited interface
- Validate changes have been successfully applied or revert when needed
Network professionals can perform additional verification and validation of the network when such advanced management and automation are in place. This provides a solution that the network is in fact correctly configured and that, for example, any non-authorized manual changes are proactively detected and remediated swiftly.
DevOps Eases the Transition
Making the transition to SDN is a challenge, not only technically but culturally and organizationally as well. Nearly everything will change: initial network provisioning; configuration and change management; troubleshooting procedures; performance monitoring; and security, compliance, and audit validation and verification.
Because SD-WAN will simplify the network and bring more standardization, there will also be increased requirements for specific customization when needed. Software developers need to align closely with network operations staff to understand in detail the requirements to be implemented, addressing specific operational needs. This approach, generally referred to as “DevOps ,” has already proven faster time to market, better customization, fewer failures, and more rapid recovery from negative events or misaligned changes.
A Network-Aware Future
The complexity of enterprise networks is on the rise, and that will only increase as enterprise WANs continue to grow. The ability to implement an SD-WAN strategy – one that provides not only the technical ability to create a logical IP network but also related network automation and change management capabilities on the underlying network – is critically important to ensure that the network will perform under critical loads.
Transforming the network is not merely a technology matter; it’s a culture matter as well, and one that will require significant changes in how things are done. Organizations need new tools to manage the underlying, heterogeneous, service provider network technologies on the WAN. This will provide implicit application of validation, verification, and remediation procedures to detect potential error conditions early. The next generation of SD-WAN has the network-aware orchestration capabilities that create needed agility for enterprises today.