It's important to look back at the key networking advancements of the ‘teens, a decade where networking was dominated by the change to a Software-Defined Networking (SDN) architecture.
SDN has ruled the enterprise network infrastructure migration in two domains: the early part of the decade, it was the virtualization of the network within the data center; in the latter, it has been the use of SDN to virtualize the enterprise WAN with SD-WAN.
SD-WAN delivers a step-change in WAN functionality for the enterprise, comprising:
- The ability to mix and match connectivity types (fiber, Internet, mobile) on a per-branch basis.
- Richer, more consistent management and control via central (web portal) policy creation, distribution, and enforcement, reducing dependence on complex CLI.
- Eliminating the traditional network boundaries between the WAN and the data center.
- Extending the WAN to seamlessly connect cloud compute and applications into the enterprise IT environment.
All of these are business defining changes that significantly improve both the management and functionality of the WAN. Another key advantage that is only just being realized by enterprises who have transitioned their WAN is application awareness.
To understand the difference between an SD-WAN based network service compared to IP-VPN, we must look at branch equipment and the change from proprietary router platforms to common-of-the-shelf (COTS) based servers used as the branch network gateway.
This area of networking technology has come full circle. In the late eighties / early nineties, router hardware was based on general-purpose compute - the same CPU powering desktops in a pre-Windows world (Macintosh, the Motorola 68000 series) was also powering the new WAN routers. Over time as WAN connections increased in speed and routing became more complex, the branch moved from general-purpose compute to ASICs and then to purpose-built Network Processors.
With SD-WAN, we are seeing the re-emergence of general-purpose (x86 based) compute platforms at the enterprise branch. This makes sense: it’s the same evolution that happened in the data center with the move from proprietary application hosts to virtualized compute and the deployment of virtualized machines and containers, which we can pin directly back to Moore’s Law.
With compute-based architectures, SD-WAN inherits a wealth of application and flow-based intelligence with the ability to look into the traffic, identify the application, and then make a per-flow decision on how to treat it. This intelligence is due to the change from processing individual network packets (Layer 2, 3, and 4 information) versus looking deep into the packet (Layer 7) where the information about the application resides and then processing based on flow information.
To make a business decision on the performance of applications across the WAN, the network management team can use this application-awareness to prioritize their business traffic across the entire WAN or for individual branches. This is where the centralized programmability of SD-WAN comes to the forefront. Simply having visibility into every application flow from every endpoint on the WAN is not enough – in fact, it can be daunting. What was just a statistical list of network data (bits/bytes in/out) has now exponentially grown with details on every application, application flow/session, and its source and destination.
To get maximum return from the transition to SD-WAN, enterprises need to focus on visibility and control of the applications across the WAN. With previous technologies, like IP-VPN, we had the control, but it was limited to the lower layers of the network stack. This led to ambiguity in WAN management and a rift between the IT/application teams and the IP/networking teams, as they struggled to pinpoint the cause of application performance. “The network is really slow today!” is a common refrain, even if the problem may actually be server, storage or application-related, caused by employees consuming excessive bandwidth for non-business applications or even due to a security breach.
Diagnosing network and application issues is where SD-WAN truly shines in both proactive and reactive root cause analysis. Extensive branch information can be collected and centrally processed in the SD-WAN policy engine where advanced technologies, including machine learning and artificial intelligence, can perform a proactive diagnosis of network reliability or application performance to measure against performance baselines and threshold alarms. Once the cause is diagnosed, then remedial actions can be implemented via automated policy or by alerting the WAN management team. All this data provides an increased level of reactive diagnosis, too, with network teams able to look back to see individual application performance between specific branches or users, with details of specific network conditions including end-to-end delay, packet loss, and jitter.
SD-WAN is ushering in a new level of WAN functionality that will empower the digital transformation journey nearly all enterprises will undertake over the next decade. After more than a decade of small, incremental changes, SD-WAN has rapidly gone through the hype cycle and emerged as the ‘go-to’ technology to deliver wide-area networking on your business's terms.
Related Network Computing articles: