Introduction

In this article I will go into two aspects of SD-WAN – Manufacturers and Services. On manufacturers aspect, I will refer to the equipment manufacturers and network topologies. Providing services, existing services, what are their benefits, how and whether to go in this direction.

SD-WAN is a Software Defined Networking (SDN) technology that came to provide a solution for WAN links and services. In its first form, it is a managed controller and end components that allow the transfer of traffic between remote sites through several lines, with the system choosing the best route according to the type of traffic.

SD-WAN manufacturers

There are many manufacturers in the field of SD-WAN products, including manufacturers in the field of communications, manufacturers in the field of operating systems and servers and manufacturers who specialize in the field.

In the field of communications, of course, we have Cisco with Viptela’s products acquired in 2017 and Meraki’s products, designed for different market segments and for different purposes. Juniper, who was among the first to release products in the field of SD-WAN in particular, and in the field of SDN in general, with Contrail, Extreme company with XR600P Nokia with Nuage Networks and others.

From the software fields there is VMware with VeloCloud, Oracle with various products, Citrix and others. There are of course also many service providers, some also equipment and software manufacturers themselves, which I will expand on in the following sections.

SD-WAN services

SD-WAN services can be set up in several ways:

1. In the acquisition of the communications provider – Bezeq International with Verizon and British Telecom, Cellcom with PCCW and others. There are a few international communications companies that also sell SD-WAN services, but because this technology competes directly with the MPLS networks of those companies then There are not many of these.
2. In the do-it-yourself method (DIY). A possible method for particularly large customers, when the equipment is purchased and implemented independently by the customer.
3. When purchasing from companies that provide managed international communication services (Managed Service Providers). There are many companies here, including CATO Networks, Aryaka and others. In companies of this type (MSP companies) I will focus on the next section

Managed Service Providers (MSPs)

Managed Service Providers will use one of two methods to provide managed communication services – connectivity over the Internet or connectivity through wired communication providers with MPLS links. We see this service is also called Secure Access Service Edge (SASE), which means secure network access service.

We see the topology of the MSP provider in the following drawing (Please note- this a sample only).

In the drawing we see a global network of MSP providers, where the provider has many access points (PoPs), with connections between them. The connections are made by links from Tier 1 providers, i.e., providers that own the infrastructure (Cogent, CenturyLink, GTT and others).

This mode of connection has two main purposes:

1. The first goal is of course survival – Tier 1 providers are the owners of the network and infrastructure, so a situation will not be possible where a fault in one’s network will cause all links between different PoPs to be disabled.
2. A second goal is that at any given moment it is possible to select the routing from end to end (from PoP to PoP) in a way that will provide the optimal service according to the requirement and the type of application. For example, a managed service provider can route telephone calls through the path with the lowest delay, and file transfer traffic through a path where the delay is higher but has more free bandwidth at the same time.

The competitors for this type of service are:

1. Direct links via the Internet, with Site-to-Site VPNs between Firewalls. This link is of course the cheapest but there is no security for any level of service.
2. Direct links on international MPLS lines. These links are at a very high level of service, and accordingly so are the prices.

Managed SD-WAN service has several advantages:

1. POP (Point of Presence) Close to the customer – When there are offices in many places in the world, we will have PoP close to each of the sites. Once we are connected to the network, we have the option to connect to any of the points in the world that have the same provider.
2. Quick set-up of a service – Once we are connected to the network, setting up the service takes minutes. Log in to the vendor management system, set up a link to PoP available anywhere in the world and the service works.
3. Transmission of information in multiple routings – SD-WAN providers have at least two Tier 1 infrastructure providers on which they are based, so we get in addition to the high survivability also the option to distribute loads in different routings in our endpoint network.
4. Improved performance – Their various providers also offer WAN Acceleration service between the routers in PoPs, which can significantly improve performance, depending on the type of application of course.
5. Costs – Managed SD-WAN services can be cheap, and even significantly cheaper than MPLS services but should be checked. MPLS providers also discount prices and even there you can get quite reasonable deals.

Is the switch to Switch to MSP SD-WAN advisable?

When checking whether to take such services, we need to check a number of things.

First, is PoP  is physically close to us, and more importantly close to the offices or sites we want to connect to in the world. If, for example, our head office is in Israel, and we connect to the service that the nearest PoP is in Europe, then we will join to take expensive communication lines to PoP in Europe, and the delay will also be another 50-80mS, which will significantly reduce the viability of this service. This type of service has a significant advantage when we need to reach more “remote” places. To New York, Paris, and London we can also purchase MPLS lines at reasonable prices. Ask for suggestions for MPLS lines to Australia, New Zealand, South – you will find that prices jump significantly.

Second, it is important to check what kind of applications we are working with. Giving performance to file sharing is easy (some games with TCP and it works). Improving performance or even maintaining performance of sample video calls is more difficult. There are also vendors that specialize in certain areas. Make sure with the potential carrier regarding each of the applications we intend to have transferred over the network.

Another issue to consider is of course the issue of costs and whether it is worthwhile. dependent. If we have one or two links to Europe or the US, MPLS lines will probably also be reasonably priced (with of course you will negotiate with the suppliers and you will get a good offer ..)

If you have many links, and a connection with FWs via the Internet is not stable or quality enough for you, depending on the required availability and dependence on applications, MSP SD-WAN is probably a good solution.

If you have links to less routine places, and high availability is required, MSP SD-WAN is a great solution, provided the PoPs belong to the service provider close enough.

And most importantly, availability and reliability. Although service providers commit to five ninths (99.999% availability, which is a maximum unavailability of about 5 minutes per year), if communication to remote sites is critical, there should be some additional backup, for example Site-to-Site VPN as backup.

Technology

There are a few technologies that enable SD-WAN services, on which I will elaborate a bit in this section.

WAN Acceleration

There are several technologies that can be used to improve performance on WANs. These technologies are under the concept of WAN Acceleration. These WAN Acceleration products have been around for many years, such as Riverbed’s Steelhead products, Steelhead’s VX / NX series and many others. The methods here are many. Let us start with improvements to the TCP protocol itself – you can for example increase the Window Size of TCP and by this to improve the performance of TCP. You can change the – TCP Ack Frequency, intervene in the mechanism of the Slow Start and more.

Other mechanisms are payload compression mechanisms, where compression of course depends on the protocol itself, and how efficient compression is in each protocol. Of course, it is also important to make sure that the compression does not significantly delay the transfer, because the delay also has an effect on performance.

For some applications it is also possible to run the endpoints as a proxy, where transmitted information, for example files, will be saved at the endpoints in case someone else uses this information (very similar to the caching mechanism in internet access). This technology is particularly effective in applications that work with NetBIOS / SMB protocols, such as Microsoft File Transfer.

AAR – Application Aware Routing

SD-WAN managed service providers, that are based on communication lines from two different providers, have the option to choose which routing and through which lines the traffic will be transmitted. This is where the topic of Application Aware Routing comes in, which is the ability of the managed network to select the information transmission path according to the type and needs of the transmitted applications.

In this method, as we see in the following drawing, different tunnels are set up between the user’s endpoints, each of which continuously measures the end-to-end communication quality data (QoS) – Delay, Jitter – Packet Loss.

In this way, for example, if in Tunnel 1 up the delay and jitter are lower than Voice traffic will pass through it, even if the bandwidth there is lower, while file transfer traffic will pass through Tunnel 2 where for example Jitter is bad More, but it has more free bandwidth.

In SD-WAN systems the end components will identify the type of application according to levels 3, 4 and 7 or according to their work pattern, when this can be set statically or dynamically, and according to this the network controllers will know through which tunnel to transfer the traffic.

Summary

In this article we talked about SD-WAN services, their benefits and whether to go in that direction. With all technology (mostly based on existing principles and systems), the bottom line is always performance and price, cost versus benefit. Since this is also a relatively new technology and services, it is advisable to request a pilot, check, and only if you really improve the work then go in that direction. The technology is already matured and can certainly be a pretty good for many cases.