29 Aug Doctor Jon Cartu Reports – Deployment Methods — Virtualization Review
SD-WAN Primer Part 3: Deployment Methods
Tom Fenton concludes his three-part series on SD-WAN by outlining some different deployment modes.
In the first two articles (located here and here) in my series on software-defined wide-area networking (SD-WAN), I discussed what SD-WAN is and then took a closer look at some of its components. In this article, I will outline some of SD-WAN’s different deployment modes.
There are many different topologies for SD-WAN and below is an overview of a few different ones that are being used today. Of course, many factors will determine which option is most ideal for a particular enterprise.
- On-prem SD-WAN architecture is perhaps the simplest implementation method. In this scenario, each location in a company has an SD-WAN Edge device. Usually this topology does not require an SD-WAN gateway and and locations connect to one another location either a point-to-point or mesh topology. The SD-WAN components can either be located at one location or spread throughout the organization. This type of topology is best suited for companies that use in-house Software-as-a-Service (Saas), rather than the cloud, to host their applications. The benefits to this deployment model include lower cost and ease of maintenance while still allowing multiple transport mediums and application flow policies to segregate traffic.
- Cloud SD-WAN architecture allows an SD-WAN Edge device to connect to a cloud-based SD-WAN gateway. The SD-WAN provides real-time traffic shaping, multi-circuit load balancing, failover and also access to cloud applications. The cloud gateway can be hosted by various cloud provider applications, including Office 365, Salesforce and Dropbox, which increases its performance. One way companies can decrease cost is to have policies that have business-critical cloud-based and in-house real-time apps running on a small Multiprotocol Label Switching (MPLS) pipe and to have everything else run over the public internet.
- Cloud-Enabled Backbone architecture makes an SD-WAN Edge device connect to a transport medium provider’s nearest network point of presence (POP), at which point the traffic will hop on MPLS and will also have the leased line’s SLAs for network quality. Most MPLS pipes are directly connected to the major cloud providers, which increases the performance and reliability of those applications. This deployment method has proven useful for those companies wanting to test the waters of a full SD-WAN architecture but remain apprehensive of broadband quality of service. This architecture improves the performance of all applications as it frees up non-critical applications by off-loading them to lower-cost broadband networks, allotting more bandwidth to business-critical applications. It also gives secondary or ternary network connectivity.
In real-life situations, an SD-WAN deployment can consist of a collection of different technologies and architectures. The diagram below is taken in part from a case study that discusses an SD-WAN deployment of an organization, comprised of about 3,000 retail locations, which uses a mixture of different transport mediums. The example shows SD-WAN Edge devices being deployed both as physical and virtual appliances and with transportation mediums ranging from MPLS to 5G depending on the use case. MPLS is being used by the Main Office and a Private Cloud for QoS reasons, while the IoT Device is using 5G due to a lack of an available alternative transport medium. The SD-WAN Controllers are being hosted in the Data Center to ensure maximum reliability. The Branch Office uses broadband for low priority/low value traffic and MPLS for higher-value traffic. If either of these transports goes down, the other can take over the load. However, policies are in place to prioritize high-value traffic. Workers in the Home Office are connected primarily with broadband, but they can use LTE for redundancy if needed. If LTE is indeed used, additional policies will be in place to minimize the traffic to reduce cost.
Currently, few open-source SD-WAN implementations exist. This is not unexpected, however, as MEF-70 SD-WAN specifications have only just recently been released and most open-source projects use such specifications to build against. Due to the amount of chatter and excitement about them, I suspect that we will see many projects popping up sooner rather than later.
Features to Look For in a SD-WAN
There are many different SD-WAN products available, and deciding which option is right for you can be difficult. Below is a list of some of the characteristics that you should examine to make an informed decision.
- Path Selection — Routing should be dynamic and based on the state of the transportation medium and application. The SD-WAN should be able to automatically differentiate between the thousands of different applications being run by users.
- Security — Security is potentially the top concern for SD-WAN. An SD-WAN security plan should encompass perimeter firewalls, data transport encryption and any other SD-WAN function. Many SD-WAN solutions allow for third-party security and virtual private networks (VPNs).
- Transport Mediums — Make sure that your SD-WAN solution supports not only the transport medium that you are currently using, but also the ones that you may use in the future. You may want to check with the transport medium’s supplier as they may be able to bundle many different transport mediums together into a single package.
- Reporting — Reporting is an often overlooked or underappreciated factor when considering an SD-WAN solution. Make sure that the one you ultimately decide on has the reporting capabilities that you want and need.
There are also a few other factors to consider. First, you should find out whether the SD-WAN can be deployed by you, or if a professional service engagement will be needed. Many SD-WAN providers and partners offer fully managed SD-WAN deployment scenarios….