Network Computing is part of the Informa Tech Division of Informa PLC
SD-WAN: Controller and Router Placement
Once you have made a good business case for SD-WAN, then you are ready to take the leap forward. You have to convert your motivation into technical requirements. After all, SD-WAN is a technology play in addition to cost savings. As a network manager or an architect, you have to pick the best technology that’s affordable and meets your business requirements and design goals.
SD-WAN is a hot space and as a result, it’s saturated with vendors. It's practically impossible to talk to each vendor, learn about their offerings, and test their products in your network. So how do you differentiate between the “good” and the “best”? First, do some research to narrow down the list of SD-WAN vendors, and look for ones that have many customers with sizable deployments. Vendors with successful customer deployments have their product and their code baked in, which means that there's less chance of encountering a bug that's not known to the vendor. That means less risk of network downtime, which is critical since network availability is an important factor for running the business smoothly. However, if you have risk-taking appetite, then you should explore new vendors too.
As you shortlist your vendors, you need to make a couple of key decisions that will be important for your SD-WAN proof of concept: Placement of SD-WAN controllers and the edge routers. This needs to be decided before you can proceed to technical requirements.
SD-WAN controller placement
One of the key advantage of SD-WAN technology in general is the separation of control plane and data plane. Most of the SD-WAN vendors in the industry have a control plane and a data plane separation. These controllers can be deployed in multiple locations for geographical redundancy. Most of the SD-WAN vendors support two modes of controller deployments: on-premises and cloud hosted. Both deployment methods have their own advantages.
If you choose to deploy controllers on-premises then you are responsible for both the control plane and data plane and will have full control over your network. Third-party cloud vendor outages and the risk of human errors at the SD-WAN vendor will be taken out of the equation. You will also need a good virtualization stack to deploy the controllers, which normally run as a VMs. The biggest downside of deploying controllers on-prem is that you cannot deploy them geographically; your options are limited to regions where you have your own data centers or colos.
If you deploy your controllers in cloud, then you can take advantage of cloud scalability and geographical redundancy. Most cloud-managed SD-WAN controllers are managed by the SD-WAN vendors. As an end user, you don’t have to worry about controller resources or managing and patching the system on which the controllers are running. The cloud model also comes with a vendor SLA for control plane availability. Vendor-managed SD-WAN controllers in the cloud provide a lot of flexibility. However, while I’ve seen an increasing number of enterprises interested in the cloud-hosted model, some enterprises might have a strict policy against cloud-based controllers even if the controllers manage only the control plane.
SD-WAN edge routers
Placement of SD-WAN edge routers at branches is the second key decision that you have to make. This decision can have a major impact on the opex for some verticals like hospitality, retailers and healthcare where these enterprises have hundreds and thousands of branches. Some vendors recommend customers install the SD-WAN edge routers behind their existing WAN edge routers at the branches. While that is a very creative way to test a new SD-WAN product, this mode of deployment should be limited to lab testing only and not adopted for production deployment.
If you are planning to deploy SD-WAN, be prepared to replace the existing WAN edge routers at your branches with SD-WAN edge routers. Otherwise, the support costs for two WAN routers, power, and cooling can add up quickly. Your operations team will also have to support two routers at each branches, which introduces one more component that can fail and impact network availability.
One of the downside to swapping your existing WAN edger router with an SD-WAN edge router is that some of the SD-WAN vendors do not support serial interfaces for T1/E1 circuits. You might have to order new circuits if your choice of SD-WAN vendor does not support serial interfaces. One option is media converters for converting the circuit from serial to Ethernet, however that introduces another component that can fail and impact your network availability. You can also negotiate with your SD-WAN vendor to add serial interfaces to their edge routers if you want to avoid ordering new circuits. I believe using the SD-WAN router as the edge router is a good reason to take an opportunity to replace your serial circuits with Ethernet hand-offs.
Things get exciting once you have shortlisted vendors and finalized controller and edge router placement. Before you bring the vendors in, make sure you have a solid test plan ready. Every vendor will have some proprietary feature or they have their own way of doing things and you need a strong plan to test those features. Most of those features should work as advertised, but making them fit into your network based on your requirements is the key. Almost every vendor will support role-based access control (RBAC), APIs, SNMP, and DHCP.
In my opinion, some key features to consider are routing, encryption, security and segmentation, centralized policies, and scalability. I will talk about these features in upcoming blogs. In the meantime, please share your feedback or questions in the comment section below.
You can hear more from Snehal Patel live and in person next week at Interop ITX, where he will be on a panel, "SDN: What is it Good For?" Don't miss out! Register now for Interop ITX, May 15-19 in Las Vegas.
Recommended For You
Enterprise IT managers seeking to deliver great online experiences should use the same strategies as those responsible for delivering streaming coverage of massive online events like the World Series and the US Open.
Cloud data security must become a top priority for organizations to protect the integrity of their businesses. Here are some thoughts on how to do that.
The companies will combine efforts to offer more software solutions aimed at AI cybersecurity.