Introduction to SD-WAN

Posted by SAS on Nov 5, 2018 02:39:00 PM

Introduction

In this guide, we’ll introduce you to SD WAN, explain its origins and help guide you through the myths and jargon you may come across along your journey to implementing your own solution. 

We’ll also address the concept of Hybrid Networking - showing how blending different types of connectivity can provide you with a strong, cost-effective network. 

Finally, we’ll look where SD WAN is going (spoiler alert! It includes integration of disparate systems and something called SASE), some problems it could create and with the benefits it can bring your organisation.

What is SD WAN & what does it mean to me?

SD WAN refers to the use of software to implement and manage the Wide Area Network, including virtualisation of routers and firewalls (NFV) and techniques to orchestrate the network centrally. The concept is similar to how SDN implements virtualisation within the data centre.  SD WAN promises many benefits.  One aim is to simplify the management of the WAN. Another is to make it more flexible so that, for example, traffic can be offloaded from MPLS to the internet. This in turn can save cost.  SD WAN is deployed as an overlay on top of an underlying infrastructure of  technologies such as MPLS and Internet.

As with any emerging trend the definition of SD WAN is wide and varied. Vendors and carriers are looking to promote a version which fits their own capabilities. 

This has led to confusion as to whether an SD WAN solution includes the underlying connectivity as well as the Customer Premise Equipment (CPE) function (router and security device) and over-arching management.

Well, depending on who you speak to, it can be both. CPE vendors rely on customers to provide their own connectivity whereas carriers are trying to move the market to an all-encompassing SD WAN solution which includes the connectivity and managed services supplied by themselves.

For clarity, we will make the distinction between an SD WAN CPE solution which should be viewed of in terms of the management and functionality of the Customer Premise Equipment (CPE), and a complete SD WAN solution which encompasses the connectivity and more and is detailed further on.

SD-wan-summary v2

In the diagram above we can see an HQ and branch office connecting to an MPLS or VPLS WAN, as well as to the Internet. SD WAN manages rather than replaces this connectivity. 

It's worth noting, in passing, the 4G cloud within the diagram.  Businesses increasingly connect their sites over 4G for Rapid Site Deployment, temporary sites, backup and DR.  The ability of SD WAN to choose paths dynamically is very helpful with multiple network technologies available.

Also note that  as businesses digitalise more of their processes, the performance of their applications over the network becomes increasingly important. Thus, comprehensive monitoring of the full IP path is now becoming more critical, especially when offloading some of your traffic to the internet. SD WAN can help here, although it will be focussed on the network and probably won't cover your applications and on-site infrastructure.  For the full IP path you will probably still need network monitoring. 

 

Benefits of SD WAN

Having explored the definition of SD WAN, let’s consider some of the benefits that people hope to enjoy from an SD WAN deployment.

SD WAN BENEFITS

The SD WAN market grew from the US, partly as an easier way for large enterprises to deploy and manage networks. One of the key benefits of SD WAN was that it offered a centralised GUI-based management and allowed people to take advantage of the reduced cost and delivery lead time of locally-sourced internet connectivity compared to MPLS circuits.

This was further supported by inhouse applications moving to platforms such as Amazon Web Services (AWS) and by Software as a Service (such as Salesforce.com) being consumed from public clouds and accessed via the internet. SD WAN promised to offer private line-like performance over the public internet, a claim which can have some merit when an Optimised IP solution is also included.

The SD WAN CPE solution isn’t necessarily a revolution; more an evolution of existing technologies all brought together under the CPE and rebranded as SD WAN.

Simpler Hybrid Networks

Hybrid Networking has been available and deployed by Managed Service Providers like SAS for years so there’s nothing particularly new in utilising locally-sourced internet, either as a primary or secondary active circuit. SD WAN makes deploying and managing Hybrid Networking solutions easier, and adds monitoring and alerting for those that didn’t have it already.

Standardisation

SD WAN helps with each deployment, since the device calls home to receive its configuration. This also leads to standardisation across regions, and the central controller acts as an inventory repository for all devices and configurations.

Monitoring and visibility

The ability to monitor the entire IP path is a key challenge for businesses as they digitalise their businesses and move applications to the Cloud. In the absence of a complete solution in the market, we had to develop our own monitoring solution over many years, and carriers are also recognising the need to offer advanced monitoring.

Now, SD WAN promises to create greater visibility of the network. Visibility on the utilisation of your connectivity and applications across the network can give insight to what’s actually happening. This allows you to right-size your WAN and to understand what traffic might be offloaded to the internet. The SD WAN benefit here is not so much the ability to do this but the ability for this to be included as part of the CPE solution.

If you don’t have access to a world class monitoring, alerting and reporting system then the inclusive offering within the SD WAN CPE solution will be a good starting point. However, if an application is running slowly due to a database query then SD WAN monitoring is not going to give you everything you need: you’ll also want to see the LAN, Server, Virtual machine, database and application. For those who want to see all that in a form that’s meaningful, rather than as a long list of nodes, Critical Path Monitoring will be a great help.

Easier deployment

Another problem that SD WAN, or one of the facets of SD WAN, addresses is that it is sometimes difficult to deliver new routers to remote locations. Issues with customs and local engineers as well as in country hardware replacement can be an issue. The SD WAN CPE function can be delivered as virtual devices, basically as software sitting on a standard X86 server. As long as you have the IT staff at site who are knowledgeable on the IT Infrastructure side, SD WAN can help circumvent this issue. Having the SD WAN functionality delivered without the underlying hardware as a VNF (Virtual Network Function) was seen as one of the key components and advantages of SD WAN. As the market continues to evolve, this functionality is often limited to cloud deployments rather than remote branch: not so much due to the lack of vendor options; more from a lack of demand from customers.

Dynamic path selection

Dynamic Path Selection is another feature that isn’t really new. Performance routing has been available with Cisco edge devices for many years but tended to be very expensive. SD WAN CPE vendors have included this feature at a more palatable cost point. The problem this solves is that an application can now be given its own SLA in terms of latency, packet loss and jitter. If the primary connection suffers from a degradation in performance, known as a ‘brown out’ then the SD WAN CPE device will measure any other connectivity available and if it meets the SLA criteria, switch the traffic to that link.

Read more in our Guide to SD WAN Benefits >>

 

Where has SD WAN come from?

The SD WAN CPE market has been maturing for a couple of years having been founded by new start-ups, such as Viptela and Versa Networks in around 2012. 

SD WAN is born out of concerns that were originally seen by forward thinking large enterprises over their static and difficult to manage WAN architectures. With a move to cloud based services and the high cost of international MPLS compared to in-country locally sourced internet there was a desire to be able to deploy and manage the local CPE simply, and to take advantage of internet with its lower costs and shorter route to platforms and applications. Lessons learned from the server virtualisation revolution also showed a future where software-based networking and security features could be deployed without the physical hardware with the associated distribution and maintenance logistical support requirement. 

Gartner, in their 2017 Competitive Landscape: WAN Edge paper recognised that there would likely be 5 waves of disruption in the SD WAN market starting with the SD WAN start-ups followed by a number of existing providers from adjacent markets such as WAN Optimisation, who would pivot from their current position to refocus and rebrand themselves as SD WAN providers. The 3rd wave of disruption would be the major CPE vendors such as Cisco, Juniper and Huawei either purchasing one of the start-ups (as we’ve seen with Cisco and Viptela) or developing their own capabilities.

The 4th wave is where a complete SD WAN solution starts to emerge. This is where carriers bundle the SD WAN hardware with their carrier circuits to provide a one stop shop. They may even supply a much richer monitoring and alerting experience extending way beyond the WAN CPE and into the LAN, infrastructure and applications. This will satisfy those large enterprises who outsource the management of their network but also paves the way for the carriers to develop a volume solution designed to meet the needs of medium enterprises to who have traditionally bought managed WANs.

The 5th wave, which is likely to take place at the same time as the 4th will be Managed Service Providers (MSP) who have the distinct advantage of not only providing a more cost effective hybrid network (marrying together different carriers, network and access types) but also tend to be able to handle a more hybrid approach to management.

MSP’s often allow customers to purchase their own carrier circuits, acting as their own resolver group whilst the MSP maintains overall responsibility for ticket management. MSP’s are also more likely to bring the extensive monitoring capabilities enjoyed by large enterprise customers of global carriers to customers in the medium enterprise level.

 

SD WAN definition

What are the characteristics of an SD WAN CPE solution?

If we accept that when we are talking about SD WAN we are talking about the management and the CPE function itself then we would say that an SD WAN Solution has the following five main characteristics;

• Must support Hybrid Networking and multiple access types at the same time – Internet, MPLS, VPLS, LTE etc

• Can do Dynamic Path Selection – connectivity must act in an Active/Active state with application specific SLA’s determining which access traffic uses.

• Simple management interface – supports Zero Touch Deployments where devices call home to obtain their configuration, along with device monitoring, alerting and reporting.

• Multiple CPE functions – routing, firewall, WAN Optimisation, WiFi, caching etc

• CPE can be either physical or virtual – vCPE can be deployed as software only, residing on a standard X86 Server.

 

A more complete SD WAN service

Although the term ‘SD WAN’ is grabbing all the marketing headlines (with Hybrid Networking also getting some column inches), we at SAS believe they are not the only elements required for an optimal future network.

A complete SD WAN solution will include;

• SD WAN CPE – whether physical (device and its software) or virtual (just the software);

• Hybrid Networks – multiple access technologies and network types from multiple carriers;

• End to End Application Performance Monitoring including End User Experience Monitoring;

• The digital integration of all of the quoting, provisioning, management, fault ticketing and billing systems to support the above;

• Professional Services to advise, set-up and optimise the solution;

• Flexible In-life Managed Services to dovetail into existing suppliers and resolver groups.

The SD WAN CPE solutions have created the market and now carriers are looking at how they bundle the connectivity and enhanced performance together to create a more complete solution. This second major evolution is still in its early stages with solutions likely to be separate components until digital integration of multiple systems from multiple vendors can be achieved.

 

SD-WAN is an overlay. You still need an underlay!

When you ask “What is SD WAN?” it’s really important to understand exactly which definition of SD WAN is being described to you. Since most SD WAN vendors are WAN edge device companies, they will not be offering the connectivity within their solution. That will be left to you or your Managed Service Provider (who may or not be a carrier) to provide and manage, or at least to monitor. 

WAN edge devices are sometimes known as Customer Premise Equipment, or CPE. The functionality and management of SD WAN edge devices is known collectively as the Overlay, since they overlay the Wide Area Network.

Similarly, the connectivity is known as the Underlay. The Underlay could be build using a public network (internet), a private network (such as MPLS, VPLS, Ethernet Point to Point etc), or a semi-private network (such as Optimised IP: internet local access pointing to a core private global backbone).

SD WAN makes it easier to mix connectivity types within your underlay to create Hybrid Networking. 

Alongside your SD WAN CPE solution, you also need to give careful thought to your Underlay, in order to get the best price and performance for your network.

To maximise application performance while minimising cost and management overhead, you need an in-depth understanding of the carrier market place.

You need to understand access options and associated SLAs, private and public networks, and details of your users and applications (and where they both reside). Take a look at our Guide to Reducing WAN Costs for further information.

 

Where is SD WAN going?

We see SD WAN developing in two general directions:

  1. The integration of overlay and Underlay technologies under a common OSS and BSS structure.
  2. The combination of Network as a Service (SD WAN) and Security as a Service to address the security issues that arise from moving applications to the cloud and users to more home working over the internet.

Let us look first at item 1: the management platforms to tie the Underlay and Overlay together.

The utopian vision for a complete SD WAN solution would be a single interface that combined your SD WAN CPE with the various underlay providers and networks, that also integrates into the ticketing platform for assurance. You would be able to monitor and control not only your SD WAN CPE but further into the network to be able to measure application performance and diagnose any issues. You’d be able to place an order at the start of the process and see it accurately reflected on you bill at the end. 

We may be some way off this dream. At present the SD WAN management function is fairly simple; the central controller just needs to be able to communicate with the SD WAN CPE and as every SD WAN CPE company has their own controller this is a given. When we expand the requirements to other components and systems we can see that there is a major piece of work to combine this eco-system. 

SD WAN makes promises that you can change your bandwidth in an instant. Well if your central controller doesn’t control the underlay and the overlay then this isn’t possible.

In the future there may also need to be a different commercial model from the carriers and their third party tail providers. At present with most carriers the commercial model is based around fixed monthly pricing for an agreed speed on a standard access bearer, for example 20Mbps on a 100Mbps bearer. If you want to change the port speed, then there is a change in the commercials so a quote needs to be supplied and an order placed. Further complications come with international MPLS as they tend to use tiered long line access circuits from third parties. To make a change to the port speed the carrier will often have to ask their third party to change their tiered access circuit before they can also make the changes to their own network.

If one of the advantages of Hybrid Networking is that you can provide your own locally sourced internet connectivity, then this makes controlling the underlay with the overlay very difficult indeed. 

However, there are moves afoot to address this interoperability. The Metro Ethernet Forum (MEF) is a non-profit industry association made up of over 200 members. MEF members include Tier 1, 2 and 3 service providers, hardware and OSS/ orchestration software providers, as well as test labs, test equipment and test software providers. MEF are maybe best known for creating standards for Metro Ethernet that international carriers could all sign up to and are now looking at SD WAN orchestration with MEF 3.0. MEF 3.0 introductory video . Having an industry standard may give rise to separate SD WAN Orchestration vendors but in the meantime companies will need to develop their own solutions with each of their chosen overlay and underlay providers.

Let us look next at item 2: the combination of SD WAN with security.

This second element is driven by technology, and by two questions: Where are the applications and where are the users?

We know that more and more applications are moving away from the corporate network and to the cloud, presented as either Software as a Service or within an Infrastructure or Platform as a Service setting.

We know that this has caused us to re-think how traffic gets to these applications, often highlighting that the internet is the shortest path. We know that SD WAN has made this easier to implement and manage.

Another factor in the change to our corporate network is the need to consider Remote Workers.

Remote workers are effectively very small branch offices that are also sometimes mobile!

When most applications were based within the Corporate network, remote workers would simply have a VPN client that took all their traffic back to the corporate firewall and then on to those apps inside the network or back out to the internet. But with more apps being delivered from the cloud, remote workers also want to go directly over the internet rather than trombone in and out of the corporate HQ.

So, with both Remote Offices and Remote Workers now wanting to go directly to the applications over the internet, the traditional network design of centralised security is no longer efficient or appropriate. We still need the same level of security but instead of it being solely at the HQ or DC it needs to be where the users and the applications are.

Some SD WAN vendors added Next Generation Firewall style services such as Content Filtering, Intrusion Detection and Prevention and Malware protection to the software on their devices and this provides cover for branch offices, but an SD WAN router is not appropriate at an individual remote worker level. The benefits of load balancing multiple circuits is not a requirement here. If remote workers are at home, then they are simply using their existing home broadband connection. If they are out and about then they may be using public WiFi in a café or a 4G connection.

In order to cover remote workers and remote branches, the WAN security needed to be re-thought. The answer was to put the Security functions in the cloud rather than at each location, thus catching users wherever they are.

This has given rise to a new type of solution that combines Network as a Service (SD WAN) and Security as a Service (Secure Web Gateways) and has become known as SASE (pronounced Sassy) or Secure Access Service Edge.

All the prominent SD WAN vendors (Cisco, Fortinet, VMware, Silver Peak etc) are now talking about SASE rather than just SD WAN solutions. Some (such as Cisco) will have their own solutions and some (such as Silver Peak) will partner with cloudbased security providers like Zscaler.

When SAS’ Technical consultants design a WAN, they don’t just ask about the applications and the corporate offices; they also incorporate the smallest kind of site - the remote worker.

What next?

Well, SASE solutions are talking about a concept called Zero Trust. This takes a couple of different forms, but its basis is that traditionally we have assumed that traffic coming from within the corporate network (branch sites) is trustworthy. Zero Trust takes the position that trust should not be location based. It is a combination of validated User and endpoint that earns trust, not the network.

As we have seen above, Networking and Security are becoming ever more entwined.Another development is the bringing-together all of the security alerts that we might see from our SD WAN devices, firewalls, IPS, Malware, Web Security etc and not only providing context and correlation to the alerts for IT Teams to make sense of but also having a platform that automates responses to these alerts.

 

 

What problems does SD WAN create?

A number of SD WAN CPE vendors want to take the credit for the cost savings of Hybrid Networking without accepting the responsibilities for its DIY shortcomings.

The challenge of managing SD WAN yourself

If SD WAN helps you swap your expensive international MPLS connection with locally bought internet at a fraction of the price (not always true!) then they are also suggesting that you become your own Managed Service Provider to scour the local market, order, install, support and bill that circuit.

It takes a great deal of in-country expertise and effort to achieve and support this and hope that the local teams maintain records and pass on the local contacts and knowledge.

You’ll need carrier savvy IT staff in every office or at the least, region. It’s very easy to compare the cost of international MPLS against local internet circuits but more difficult to quantify the management overhead both locally and centrally of having multiple providers.

Carrier-delivered SD WAN can make it harder to get the benefits you seek from Hybrid WAN

A recent development of SD WAN is a move by the carriers to incorporate SD WAN with their connectivity. The logic on this is sound – once the carrier’s systems are integrated with SD WAN CPE devices, customers will be able to get a quote to change their bandwidth and then the systems will make changes to the network as well  as the router at the same time. This is something that the SD WAN CPE vendors can’t do because they don’t supply the connectivity.

The downside of this approach for customers is that it goes against one of the potential advantages of Hybrid Networking: which is that you can connect each site with the best carrier and technology. For example, you could buy a local internet connection to make considerable savings over International MPLS.

Are there really cost benefits of SD WAN versus MPLS?

The real question here is whether SD WAN, in promoting the use of Internet connectivity, creates a benefit over traditional MPLS networks. It is not the SD WAN itself that saves money, but this is a question that we often see asked by SD WAN vendors who make assumptions about Underlay costs.

If you have a primarily UK-based network, then the cost differential between MPLS and Internet may not really exist. It depends who has supplied your MPLS and Internet.

If you do have international sites, a better solution may be to use a Managed Services Providers who can integrate several carrier networks to give you the best pricing, performance and delivery speed at every site.

SD WAN creates security issues

If SD WAN promotes ‘direct to Internet’ connectivity, then it is also opening up each branch site to direct cyber-attacks. In traditional MPLS networks the only access to the internet was via the HQ or Data Centre.

These acted like the drawbridge to the castle. There was only one way in and out and this reduced the potential attack surface where cyber criminals on the internet could attack an organisation. A high level of security functionality was placed at this point; Next Generation Firewalls with IPS and Malware protection, email and web security.

If SD WAN allows direct to Internet connectivity, then it must cover the same security functions that was expected at the HQ or DC.

 

What is a Hybrid Network (and why might I want one)?

A Hybrid Network is as simple as having two (or more) different active network connections to a site, but there is much more to it than that. 

Perhaps the most common hybrid network definition we see is a primary MPLS and a secondary internet connection. You’ll often see this in literature describing SD WAN, with the benefit being reduced costs. Actually, the internet connection is sometimes put forward as multiple consumer grade broadband connections by SD WAN CPE vendors looking to support their cost-saving argument.

Can an MPLS/Internet hybrid network reduce cost?

Hybrid Networks are often mentioned while discussing SD WAN. This is because one of the benefits of SD WAN is that it can help you create a hybrid network to reduce costs.

It is often asserted that internet connectivity is cheap and MPLS connectivity expensive. Consequently, one can save money by reducing the port on MPLS circuits (reserving them for applications that need Class of Service or private cloud access) and moving other traffic to the internet.

This may be true in certain countries, such as the US, but it is less so in the UK where comparable circuit types can be similarly priced. In the UK, a 50Mbps port on a 100Mbps Ethernet bearer can often be the same whether it points to the internet or to the MPLS network. It really depends on your WAN provider.

Where there is still a difference is with globally diverse networks. International MPLS circuits can be a whole lot more expensive than buying a locally purchased internet circuit. The trade-off for using the internet to reduce costs is that you may lose some performance and you may also lose the central billing and management that an MPLS network brings.

Access to the cloud

There is also a growing reliance on Public Cloud (internet) based applications (e.g. Salesforce.com and MS365) or platforms (e.g. MS Azure and AWS) and therefore it makes more sense to direct traffic straight to the internet rather than sending the traffic to a central site over the MPLS network and then reaching the internet from that site. (This is commonly known as tromboning out of a central site.)

However, we are seeing a number of carriers providing connectivity to a growing range of Cloud based applications and platforms through their MPLS networks thus giving the security and performance of a private network. MPLS access to new cloud apps and platforms will always lag being the internet as carriers have to specifically provide the interconnections to their networks whereas the application and platform providers themselves are in control of the Internet interconnectivity. 

There are, however, potentially large cost savings to connecting privately to platforms such as AWS and Azure due to the lower cost of Data Transfer. See our calculator here for more details

Optimised IP

One new, and increasing, development which some of the SD WAN vendors can take credit for is the creation of a new network type. There’s now a third option between Internet and MPLS and that is Optimised IP. This is where SD WAN providers are putting their own equipment or software in data centres around the world and next to Platform and Software as a Service providers to improve the performance of the internet. 

There are a couple of variations to this model but on the whole a Customer will still purchase their own local internet circuit with the SD WAN CPE creating a secure tunnel to the SD WAN vendors nearest Point of Presence on the internet. Once at this PoP the data will use private connectivity to reach the nearest egress PoP to where the data is trying to reach, thus not traversing multiple AS networks on the internet. It’s like a private cloud within the internet. 

This solution looks to combine the advantage of MPLS performance with the cost advantages of local internet access and again works best when competing against international MPLS solutions.

A full hybrid network is the best of all worlds

When you take the concept of a Hybrid network to its logical conclusion, you can get the best of all worlds. The logical conclusion is the more general selection of the right technology from the right carrier at each site. 

To illustrate, we create our customer networks by joining multiple carrier networks and associated services such as Cloud access and Hosted telephony, and integrating them in a best of breed solution.

We have used multiple carriers and providers for more than 20 years so we know that they each have different strengths and weaknesses. No single carrier gets 5 stars in all the boxes. Some carriers have markedly superior delivery SLA’s; some have a more comprehensive selection of access options; some are good when they’re on-net for both delivery and price; and some are stronger in certain geographies.

Often the best Cloud services are with companies who purely focus on just that, rather than bolting on a service to a WAN as a carrier often does. We have found the best results by having a more open approach to incorporating the best the market has to offer.

What we have found really exciting about Hybrid over the last few years is the ability to incorporate new offerings without the lengthy development cycles endured by the carriers. This approach means that customers aren’t held hostage to a single carrier’s product development roadmap.

A hybrid network can reduce delivery times

The current accepted definition of Hybrid Networking also tends to focus on the in-life stage of the connectivity lifecycle whereas we believe that there are further advantages to be had by looking at the deployment stage as well. With our Network in Advance and bonded 4G services, we offer cradle to grave connectivity options. Get your site up and running on multiple 4G connections whilst the fixed connectivity is delivered and then have the 4G as back-up. See our page on Infrastructure Readiness Services for further detail - https://www.sas.co.uk/service/infrastructure-readiness-services 

Alternatively, 4G can be used for temporary sites or even mobile sites, such as boats, buses and trains. 

We have delivered thousands of 4G circuits over the last few years. It’s still non-trivial to do it well but, nevertheless, in that time we have seen the technology move from niche to mainstream. So much so that it is now a regular part of our customers’ circuit portfolio, whether for large sites of hundreds of users or large deployments of hundreds of sites.

Interestingly, back when we started, nobody called it Hybrid and nobody called it SD WAN, but the market now defines it as both.

 

SD WAN is the replacement for MPLS (and other myths)

There are almost as many views about SD WAN as there are people talking about it, so it is perhaps inevitable that there is a little bit of bunkum being spoken. We have seen a number of opinions that have dubious merit so we thought we would try to set the record straight. Here are six commonly heard myths about SD WAN, along with our view of the real situation.

1. SD WAN is the replacement for MPLS!

I think we’ve all seen this one! 

Let’s start by positioning the two terms. SD WAN is an overlay technology and MPLS is one of the options for the underlay that sits underneath to provide the connectivity for an SD WAN network (along with VPLS, the internet, and other networks). Since the two aren’t the same thing it’s not really a logical statement. SD WAN may be clever and full of eastern promise but it still needs an underlay!

So, if it’s not the replacement, will SD WAN lead to the demise of MPLS? We expect it will cause a decline, but not the demise - at least, not for a considerable time. Let’s examine the drivers that might cause SD WAN to kill MPLS.

WAN cost and performance

First, it’s not so much SD WAN that would kill it, but the fact that SD WAN makes it easier to use alternatives to MPLS for some or all of your traffic. Will we start moving our traffic from MPLS to the internet? That depends. For that to make sense, the internet would need to be better or cheaper, or perhaps good enough and cheaper ... or some other sensible combination of the two.

So, ... is it? That, of course, depends on your situation. 

If you’re running everything from the cloud you might care less about MPLS performance, whereas if you’re running a latency sensitive application over highly-utilised circuits, you might think twice about the internet being good enough. 

Likewise, if you’re an international business with hundreds of sites outside the UK then you would certainly find opportunities to save money by moving traffic from MPLS to locally sourced internet. However, if many of your sites are in the UK then that assumption breaks down: MPLS circuits are not far more expensive than the internet in the UK! In some cases we’ve seen them to be cheaper!

Hybrid networks

Actually, there is another way to save money compared to MPLS, and that is to use a hybrid network. People frequently define a hybrid network as the connection of a site to both MPLS and the internet (to save money), enabled by SD WAN. We don’t think that definition is great, on two counts. 

First, it excludes the many benefits (to cost, installation speed and performance) of blending multiple technologies from multiple carriers. We see a hybrid network as the fusion of multiple technologies (MPLS, VPLS, Internet and the many access technologies they employ) from multiple carriers. 

Second, it implies SD WAN is a required driver for a hybrid network. Most of our customers have run a hybrid network without SD WAN for many years.

So, if anything it’s Hybrid Networking with more applications delivered from the cloud that will cause the decline of MPLS.

An aside on internet performance 

Let’s go back to the point about internet performance for a minute. To be fair, you can get similar latency out of a dedicated internet access (DIA) circuit than you can out of MPLS. With one major UK carrier their DIA latency SLA is actually better than for their MPLS before Class of Service prioritisation is applied. However, to realise this performance you need to stay on-net. In other words, if you use one carrier to connect several of your sites over the internet then the site to site traffic that stays on the carrier’s network should enjoy sparkling performance. It’s just that if you want to go outside of the carrier’s DIA cloud then you’ll lose that benefit: once on the open internet you’re on a best-endeavours network that does not support end to end prioritisation. 

SaaS applications are encouraging a move to more internet-focussed networks

With cloud applications and platforms being accessed from the internet, customers are evaluating the best way of reaching these from remote sites and increasingly, remote workers. Traditionally, SaaS application traffic from branch office users has traversed the MPLS to the HQ and then broken out to the internet. This adds another couple of legs of latency, which limits performance and throughput. 

SD WAN devices are typically configured to recognise this traffic and break out to the internet directly from the remote site. This trend acts to reduce traffic over the MPLS, hastening its decline.

The MPLS providers are fighting back, though, by creating private connections with the associated Class of Service, and Data Transfer cost savings, into the Cloud Provider’s networks, giving remote sites direct connectivity over the secure MPLS network. Private networks such as MPLS are always going to be slightly behind public networks such as Internet because it’s much easier for SaaS to be launched via the internet to all customers rather than to a subset with each carrier.

2. SD WAN will allow me to provision sites in an instant!

To consider this claim, we need to look at the connectivity. Once we see SD WAN as an overlay on top of underlying connectivity, it becomes clear that we cannot deploy an SD WAN site any faster than we can get connectivity to site. 

How long for a new site? 

For a brand new connection, Fibre Ethernet circuits take months to deliver, EFM circuits take several weeks and fixed broadband takes a couple of weeks. To get below that time you need to use 4G LTE circuits, which can have you connected within days if done well. So, for a new site, it’s clearly the provision of connectivity that defines the fastest you can connect.

SD WAN can play a role in configuring the new site quickly onto the network, of course. so it could help if you’re in a terrible hurry and you opt for 4G rapid site deployment of a new site. Incidentally, people new to 4G often don’t appreciate how fast it can deliver and how many users it can support. We have had new sites connected within two days, and we’ve had it supporting up to 650 users.

Like for like 

Some SD WAN CPE providers claim that with SD WAN, their customer could provision a new site in minutes whereas with MPLS it would be months. That’s an unfair comparison, of course. It seems to be comparing an existing internet connection with a new MPLS connection!

In reality, if there was an existing internet connection then a simple IP Sec tunnel to a carrier’s secure VPN service would provide the solution as well: it hardly needs to be SD WAN! 

However, this does highlight where SD WAN can bring great flexibility. If you do have an existing internet circuit then you certainly can connect it quickly with SD WAN, and you certainly can adjust the balance of traffic quickly between MPLS and internet.

3. SD WAN and hybrid networks are cheaper!

Sometimes! This is a common assertion whose accuracy depends upon what we’re comparing. Traditionally, IP VPN was more expensive than Internet connections but nowadays we see carriers pricing them fairly similarly in the UK. A 50Mbps port on a 100Mbps Ethernet bearer can be the same whether it points to the internet or to the MPLS network, in the UK at least. Where there is still a difference is internationally. International MPLS circuits can be a whole lot more expensive than buying a locally purchased internet circuit although you do lose the central procurement, billing and management that MPLS brings.

Sometimes the argument is put forward that with SD WAN you could use multiple consumer grade broadband so yes, that is likely to be cheaper but you may need a more expensive router to bond or load balance the multiple connections thus offsetting some of the cost saving. And also you now have consumer broadband with its lower availability and reliability and longer time to fix. There’s more chance that if one of your broadband connections suffers from a degradation then so will the others as they will share a lot of the same underlying infrastructure.

4. SD WAN will allow me to change my bandwidth and COS settings in an instant! 

Yes, quite possibly, but only if this is a carrier Complete SD WAN solution and not an SD WAN CPE solution and if that particular provider has linked their front end quoting engine, with their ordering process and then their billing system. 

This is one of the big pushes of SD WAN – agility. But in what circumstances would you want to do this and how much are you willing to pay for the premium? We have seen customers ask for this and then baulk at the price which some complete SD WAN providers are charging. We have also seen customers ask for this who rarely make changes on their network. We have seen some suppliers offer this but only where they are on-net. And this doesn’t apply to ADSL and SuperFast services where by default you already get the maximum speed that the circuit can deliver. 

In the UK Ethernet PoPs are ubiquitous and the access circuits are either full 100Mbps or 1Gbps but internationally where the carriers have fewer PoPs, the access circuits tend to be long line and to save costs, are throttled. Look very carefully at the quotes you receive from your MPLS provider for international connections - they will often show the access circuit from the 3rd party as a 20/100Mbps with a 20Mbps MPLS port. To have the ability to flex up this circuit to 50Mbps, the MPLS provider would need their 3rd party to provide a 50/100Mbps access circuit from day 1, so the customer is paying for the privilege to invoke the SD-WAN capabilities.

Another theme of SD WAN is that the customer can provide their own local internet service to lower costs but the question there again is how will the central management platform change a 3rd party circuit? So here DIY Hybrid Networks and the complete SD WAN solution are at odds.

What we have seen is that customers aren’t happy with waiting 4 weeks to get a change of CoS or a bandwidth increase but what would be an acceptable amount of time? 2-5 days from quote to change? 

It may be some time before there is a choice of carriers that will offer an integrated solution but in the meantime there are providers that can do the individual steps, although manually, much more quickly than some traditional carriers. 

If complete agility in this area is what you desire then your choice of carrier may be limited and costs maybe be higher but if you’re looking for more agility, there are many more options in the market.

5. SD WANs are easier to manage!

True, but the extent of this depends on whether you have bought a managed network in the past or whether you have taken the DIY approach, bought wires only connectivity services from a Carrier and then bought, configured and managed the routers yourself.

If you want to go down the DIY route then indeed, the SD WAN overlay and functionality will be of great benefit although the cost savings will more likely be realised if you have international sites. But with the DIY approach a much higher level of management overhead is borne by the organisation’s internal IT team. When you buy a Managed WAN you are given access to consultants, profession installation services, a 24/7 global support service and a single bill. If there is a problem with one of the sites, your Managed Service Provider (MSP) will see it first and already be calling the site contact to resolve the issue.

 Zero (or more likely low) touch deployments and central management will be beneficial to the Service Provider rather than the customer, although the customer should receive a better service at a slightly reduced cost. Whereas Carriers have tended to want to supply everything within a managed service and in particular the connectivity, more dynamic Managed Service Providers will offer flexible management allowing customers to provide their own connectivity and therefore be their own resolver groups whilst the MSP still maintains the overall ownership of the fault tickets. 

Some MSP’s, such as SAS, have been providing application visibility way beyond that which is included in an SD WAN CPE solution for many years so the argument that SD WAN will be easier to manage really depends on what version of a WAN you currently have. If you have a pure international MPLS network where you manage the edge routers yourself then an SD WAN CPE solution, coupled with hybrid networking will certainly bring a great deal of benefits; operationally, technically and commercially.

6. SD WAN and hybrid networking allows my users to get to cloud apps (such as Office 365) more quickly and therefore have a better experience!

True, maybe! The rise in applications being located in the public cloud rather than in a customer’s data centre has shifted the emphasis on how to connect to the applications most effectively. Ideally, you would want to take the shortest path to that application as possible and traditional WANs tended to only have an internet breakout at the head office. Local internet breakout would seem the obvious choice (therefore Hybrid Networking) with SD WAN CPE providing the security, visibility and management.

However, many carriers are now linking to the major IaaS/PaaS/SaaS providers from their MPLS networks to provide the Quality of Service and security that customers require. We have also seen some SD WAN providers developing Optimised IP networks over the internet to these applications and platforms so if there is a variety of choices to suit all customers.

 

Closing thoughts on SD WAN

In summary, SD WAN solutions are currently just one part of the complete future networking solution. Hybrid networking and a comprehensive application aware monitoring solution are equally as important. The integration of these into a provider's OSS and BSS platforms will ultimately be the goal.

If you normally buy a managed WAN service then much of the benefit of SD WAN will come indirectly via your Managed Service Provider.  If you source, purchase and support your own WAN then buying SD WAN components yourself will mean you see the benefits directly.  However, see our guide to choosing between  DIY vs Managed SD WAN.

In general SD WAN will provide the management and control. Hybrid Networking will provide the cost savings and an Application Path Monitoring solution will provide the detailed analysis to help you understand what is impacting on the end user application experience.

Your next steps: Meet Simon

If you are thinking about:

• Your next network

• IT projects that will impact your network

• Problems with your network

Then SD WAN, Hybrid networks and monitoring will be important considerations.

If you would like to explore these ideas informally and without pressure, we would be delighted to offer a consultation with Simon Cranford.

Simon is an experienced CIO who has been involved in consulting and designing many of the networks that we have provided for customers over the years. He has extremely broad experience of the issues that medium sized businesses and small enterprises have and will be able to provide real insight into opportunities for your situation.

If you would like to speak to Simon or one of our other consultants, then please click here.