During my in-depth investigations on SD-WAN, which has grown rapidly in the last 4 years and I think it will grow exponentially in the coming period, I have seen that SD-WAN is actually exaggerated more than necessary.
All the vendors passionately say that, the main benefits of SD-WAN are especially lowering costs, high security, higher performance, flexibility, etc. I suggest my CIO and CTO friends, who have begun or will attempt to set up SD-WAN, to find a new good story to explain why the costs have increased. If not possible, I suggest them to develop their relationship with headhunters.
Why is that?
SD-WAN is an infrastructure that I think many companies should establish technically and architecturally. However, you have to question your reasons for transition from one existing architecture to another.
What can you not do in the existing architecture but expect in SD-WAN architecture? If you do not know exactly the answer to this question, I recommend that you stay where you are and think for a sufficiently long time.
Lots of vendors will come to your door. Don’t forget that in such projects, the safe always wins. Vendors! If a device vendor is recommending you to change the infrastructure, I recommend you to be conservative about changing that infrastructure. Otherwise, you will risk being alone with a new WAN which you do not know the use of.
In its simplest terms, SD-WAN is a private cloud infrastructure that can be established on WAN connections such as 4G, LTE, MPLS, P2P, internet-based Metro Ethernet or XDSL. In fact, the cloud created by the operator in MPLS is to create your own with software support.
As the name suggests, SD-WAN is a Software Defined WAN structure. It is not actually a newly invented protocol or structure. It is exactly the same as the structure between Access Point and Controller in wireless applications.
SD-WAN Structure (Separation of Controller and Data Plane)
Router consists of two basic structures, Controller and Data Plan. In SD-WAN devices that separate the Controller and the Data plane, the controller part is centralized; the data part is turned to Dummy. Thus, by placing only devices that do not have a routing unit on their own, the branch part is weakened, the controller part is also centralized and turns into a strong structure managed by determining all routing and policies from a single center. Anyway, flexibility comes from here. With the centralized controller, you decide all routing and policies and manage the routing, security and access rules of Dummy devices in all branches through a single access console. If you can centrally manage a WAN, it means that all devices are visible and controllable. This leads to the conclusion that you can observe the whole system.
In the traditional WAN structure, especially in companies with a lot of branches; Setting up new branches, managing redundant lines, load balancing, IPSEC, DMVPN, Routing, NAT, Dynamic QoS Firewall configurations are very complex and difficult to manage and time-consuming processes.
All these problems and the ideas of “when the device is connected to the network, let it introduce itself to an administrator (Controls), then to transfer the routing and policies we want to the device remotely and manage the end units in a simple way.” led device vendors to develop solutions. This is how SD-WAN has come out.
Capabilities of SD-WAN
You send the device to the branch without any configuration, when someone in the branch (not necessarily technical personnel) plugs the internet connection (Ethernet, LTE) or MPLS end, it automatically finds the controller and introduces itself. You automatically take over the profile you have prepared before and start working.
• You can turn on the FW feature from the central controller.
• When a rule change is needed in FW, you can do it from a single point.
• You have connected more than one line to the device, like MPLS + LTE + Internet, if you want to load balance, mail traffic from LTE, WEB traffic from internet, SAP traffic from MPLS, you can configure it on the central device and command apply to branches.
• You can add a new rule in UTM feature.
• You can monitor all devices, see which branch is using how much bandwidth, what traffic is going where, and you can optimize traffic by traffic engineering .
• You can change the QoS settings.
So, do we put all the eggs in the same basket? Yes unfortunately because there is only one controller! So what if the controller collapses?
Solution: You have to back up the controller. In addition, the devices start working on their own after receiving their configurations from the controller. It means that the system can run smoothly from the moment the controller problem occurs until the problem is resolved. Only new definitions cannot be made and the existing network cannot be monitored.
Staff Support
Well, let’s get to the staff part. At this point, one of the items that will seriously increase the costs in the SD-WAN part will emerge. Someone is needed to make and manage all these configurations as a second or third backup person, depending on the size of the SD-WAN. People with this type of competence do not grow on trees. They don’t already work for free. In addition, if you have such an infrastructure, you need to continuously increase the number of competent personnel depending on the size of the infrastructure. You need to evaluate and budget as well.
Attention!
If you are going to switch to SD-WAN, you should analyze the existing architecture very well. From which infrastructure will you move to SD-WAN and what is your motivation? Is your company moving to the new way of doing business (office to home)? Are you moving your existing Server infrastructure to the cloud (from local data center to Cloud Azure-AWS etc.)? Are you managing your existing infrastructure and having a problem of competent personnel to work at the branches?
If a CIO-CTO has an MPLS WAN infrastructure that is managed by an operator or an integrator with outsourcing and is considering SD-WAN migration, it should analyze the architecture well. It makes me smile when the provider talks about reducing costs, the flexibility, security and performance compared to the MPLS infrastructure and integration of an infrastructure that is not managed by the provider himself.
I recommend that you switch to SD-WAN infrastructure, only when you are convinced with the answers to all these questions and the reason why you should install SD-WAN.
If you have questions about the subject, my e-mail address is:
Ali Tas
Bern / SWITZERLAND
