SD-WAN
Click On Section Or Scroll Down To Read More
SD-WAN
SD-WAN is also known as Software Defined Wide Area Network. It is an application-aware, over-the-top WAN connectivity service. It utilizes policies to determine application flows and how they are directed over multiple underlay networks, regardless of the underlay technologies or the suppliers who deliver them. There are certain key terms and features that come with a desktop as a service solution described below:
SD-WAN Controller – Centralizes management, and allows network admins to see the network through a single pane of glass; sets policies for the orchestrator to execute.
SD-WAN Service Orchestrator – A virtualized manager for the network, overseeing traffic and applying/pushing policies and protocols set by network admins.
SD-WAN Edge – A device in which the network endpoints reside. Can be located in a branch office, data center, or cloud platform. Actually handles the application flows and packets affected by the policies and protocols defined by the orchestrator.
SD-WAN Gateway – A virtual cloud gateway accessible over the internet that allows the SD-WAN edge at branches to communicate in the cloud. Will handle SD-WAN traffic and control and provides an extra layer of protection by insulating applications from interruptions during circuit flapping. Because the user sessions are connected to the gateway, the sessions are kept active during the interruptions as opposed to sessions connecting directly to the cloud service.
Application Flow – A sequence of application packets from a source to a destination; in this case usually office to office, office to the datacenter, or office to cloud platform.
Internet Breakout – When one or more of the underlay connectivity services is an Internet Service, certain application flows can be forwarded directly out to the Internet as opposed to sending it to another SD-WAN device.
Policies – A set of rules that are assigned to an application flow to determine how the packets are handled
Virtual Tunnels – The virtual point to point tunnels, built over the top of an underlay connectivity service such as internet or MPLS connecting various SD-WAN Edge devices to another Edge device or to an SD-WAN Gateway.
Things to Consider
You should consider the following questions when considering SD-WAN services:
- How many offices do you have and where are they located?
- What is your current network topology?
- What type of connectivity do you have at each location? MPLS, the internet, etc.
- What are your mission critical applications?
- What are you using for your voice or video applications?
- What cloud or SaaS applications are you utilizing today? Azure, AWS, O365?
- Do you have remote workers?
- What kind of firewall are you utilizing today?
- Are you using any WAN optimization devices?
SD-WAN can provide the following benefits:
- How many offices do you have and where are they located?
- What is your current network topology?
- What type of connectivity do you have at each location? MPLS, the internet, etc.
- What are your mission critical applications?
- What are you using for your voice or video applications?
- What cloud or SaaS applications are you utilizing today? Azure, AWS, O365?
- Do you have remote workers?
- What kind of firewall are you utilizing today?
- Are you using any WAN optimization devices?
Where Qrapht can help?
- We are independent and can deliver multiple options
- We will learn your existing business structure and goals
- We will understand your existing topology and future state
- We will determine the optimal SD-WAN solution
- We will adequately research to source the optimal supplier
- We will implement and support the solution that best fits your needs
- After implementation we will provide ongoing support, this includes excellent customer service and escalations
- We will operate as integrated features of your organization’s ecosystem
SD-WAN Frequently Asked Questions
There are no single points of failure in the SD-Wan architecture. For the distributed WAN architecture, a hybrid SDN approach offers the benefits of centralized control plane policies, but with distributed local control plane forwarding with local real-time knowledge of link conditions for reliability. All local Edge devices will continue functioning as normal even if communications with centralized orchestrators is disrupted. Onsite Edge devices support high availability configurations and any cloud gateways utilized are also redundant with sub-second failovers.
SD-WAN provides the flexibility to support hybrid WAN connectivity combining private with public Internet circuits or pure Internet only connected sites. The various Dynamic Multi-path Optimization techniques ensure all different WAN circuits are utilized to their fullest based upon pre-defined performance and capacity rules.
Traditional QOS with the DSCP and TOS markings is not possible over the internet. However, if you look at the way traditional QOS rules operate, they only go into effect if you run out of bandwidth. And when you run out of bandwidth, then the QOS rules are designed to reserve bandwidth for the critical applications like voice and video to prevent loss and jitter. If you think about it, traditional QOS rules are basically designed to eliminate loss/jitter and to ensure the voice/video packets have the best chance possible to get to the end destination.
SD-WAN techniques like packet replication and best path selection provide the same end results. Replicating each voice packet over 2 or 3 internet links eliminates the chance for loss or jitter affecting the call. Best path selection used in conjunction also chooses the links that have the least amount of loss and jitter; not just low latency or up/down status. While they don’t utilize the same tagging concept, the techniques utilized still yield the same end result — eliminating loss and jitter and ensuring the packets have the best chance possible to get to the destination.
By default, all site-to-site enterprise traffic are sent over encrypted tunnels independent of the underlying transport — usually AES128/SHA1 ipsec tunnels. Internet-bound traffic typically isn’t as much. However, settings can typically be changed — even the encryption levels.
Still have questions but don’t have time to get on a call? Click Here to view our full FAQs page to learn more!