SD-WAN – also referred to as Software Defined Wide Area Network, is an application-aware, over-the-top WAN connectivity service that uses policies to determine how application flows are directed over multiple underlay networks, irrespective of the underlay technologies or service providers who deliver them.
SD-WAN Controller – Centralizes management, and allows network admins to see the network through a single pane of glass; sets policies for the orchestrator to execute.
SD-WAN Service Orchestrator – A virtualized manager for the network, overseeing traffic and applying/pushing policies and protocols set by network admins.
SD-WAN Edge – A device in which the network endpoints reside. Can be located in a branch office, data center, or cloud platform. Actually handles the application flows and packets affected by the policies and protocols defined by the orchestrator.
SD-WAN Gateway – A virtual cloud gateway accessible over the internet that allows the SD-WAN edge at branches to communicate in the cloud. Will handle SD-WAN traffic and control and provides an extra layer of protection by insulating applications from interruptions during circuit flapping. Because the user sessions are connected to the gateway, the sessions are kept active during the interruptions as opposed to sessions connecting directly to the cloud service.
Application Flow – A sequence of application packets from a source to a destination; in this case usually office to office, office to the datacenter, or office to cloud platform.
Internet Breakout – When one or more of the underlay connectivity services is an Internet Service, certain application flows can be forwarded directly out to the Internet as opposed to sending it to another SD-WAN device.
Policies – A set of rules that are assigned to an application flow to determine how the packets are handled
Virtual Tunnels – The virtual point to point tunnels, built over the top of an underlay connectivity service such as internet or MPLS connecting various SD-WAN Edge devices to another Edge device or to an SD-WAN Gateway.
Enterprises have been increasingly investing in open and flexible cloud solutions, and SD-WAN represents an effort to engineer similar benefits in their data center architecture. SD-WAN architecture is particularly beneficial to environments separated by distance — for example, between main offices and branch offices. Whereas traditional WAN can be expensive and complex, SD-WAN architecture reduces recurring network costs, offers network-wide control and visibility, and simplifies the technology with zero-touch deployment and centralized management. The key to the SD-WAN architecture is that it can communicate with all network endpoints without the need for external mechanisms or additional protocols.
This means customers have the flexibility to choose the type of underlay network that works best for their users and environment, maximizing the utilization by allowing you to use all available bandwidth across available underlay networks.
As cloud based applications continue to be adopted and consumed, leveraging a flexible SD-WAN platform allows you to maximize application performance and efficiency in a way that traditional hub-and-spoke networks cannot. Consider the following:
There are no single points of failure in the SD-Wan architecture. For the distributed WAN architecture, a hybrid SDN approach offers the benefits of centralized control plane policies, but with distributed local control plane forwarding with local real-time knowledge of link conditions for reliability. All local Edge devices will continue functioning as normal even if communications with centralized orchestrators is disrupted. Onsite Edge devices support high availability configurations and any cloud gateways utilized are also redundant with sub-second failovers.
SD-WAN provides the flexibility to support hybrid WAN connectivity combining private with public Internet circuits or pure Internet only connected sites. The various Dynamic Multi-path Optimization techniques ensure all different WAN circuits are utilized to their fullest based upon pre-defined performance and capacity rules.
Traditional QOS with the DSCP and TOS markings is not possible over internet. However, if you look at the way traditional QOS rules operate, they only go into effect if you run out of bandwidth. And when you run out of bandwidth, then the QOS rules are designed to reserve bandwidth for the critical applications like voice and video to prevent loss and jitter. If you think about it, traditional QOS rules are basically designed to eliminate loss/jitter and to ensure the voice/video packets have the best chance possible to get to the end destination.
SDWAN techniques like packet replication and best path selection provide the same end results. Replicating each voice packet over 2 or 3 internet links eliminates the chance for loss or jitter affecting the call. Best path selection used in conjunction also choose the links that have the least amount of loss and jitter; not just low latency or up/down status. While they don’t utilize the same tagging concept, the techniques utilized still yield the same end result — eliminating loss and jitter and ensuring the packets has the best chance possible to getting to the destination.
By default, all site-to-site enterprise traffic are sent over encrypted tunnels independent of the underlying transport — usually AES128/SHA1 ipsec tunnels. Internet-bound traffic typically isn’t as much. However, settings can typically be changed — even the encryption levels.
Our experts will help you protect your organization and meet compliance requirements.
All Rights Reserved | Secure Tech Solutions Inc