What is SDWAN. How it works?

Don’t forget our ultimate aim of connecting a branch office to the head office or data center.

Using SD-WAN the resources we would require.

A commodity HW based dedicated device, that will be running as a router, switch, Firewall, Load balancer, Traffic optimizer on a single Hardware (x86 server) also called uCPE (universal Customer Premise Equipment). This uCPE will be capable of running multiple VNFs to provide various network functions like routing, switching, security, traffic prioritization, etc.

This uCPE will be connected to its Head office again using an MPLS link (Primary),  Internet Broadband Link (secondary), or any other tertiary link (LTE-4G) to be used in case primary or secondary links fail.

There will be a central server (cloud-hosted over the internet or Hosted by MPLS service provider) that will be centrally controlling and managing the uCPE. This centralized server would again be deployed over commodity HW (x86 servers). There can be one or more components under this centralized server having multiple functions (configuration and management, control, monitor, authentication & accounting). This centrally controlled server will be used for the following purposes:

  • For pushing initial configuration on uCPE with all the routing, switching, security, QoS, etc Policies.
  • Used for monitoring the working of uCPE through the collection of various analytic reports.
  • Pushing any specific config/policy changes in the future.
  • Switching to a secondary link based on agile policies. For example, intermittent packet drops, High RTD/Jitter experience, frequent flaps observed on a primary link, etc. and dynamically switching back to secondary link when the primary link is stable.
  • Benefit on cost-saving (expensive routers/switches/firewalls etc.), decreasing complexity and increasing overall network performance.

Overall, The uCPE will handle the Data plane/Forwarding and the Centralized server will handle the control plane for multiple uCPEs of an enterprise customer).

Conclusion

SD-WAN is providing us the WAN connectivity to our head office using the same WAN technologies (Underlay) but in a more flexible and intelligent way. SD-WAN enables enterprises to dynamically route traffic across a hybrid WAN based on the current network status.

Examples of SD-WAN providers

SD-WAN providers can be divided into 2 categories. Vendor based and Managed Network Service provider based.

  • Cisco Systems:  Intelligent WAN
  • Juniper: Contrail
  • Riverbed: Steelconnect
  • Viptela (now a Cisco company), etc.
  • AT&T
  • Orange Business Services
  • British Telecom
  • Singtel
  • Sprint
  • Telefonica etc.

SD-WAN concept explained – Vendor Viptela

SD-WAN Components (Viptela) – Control Plane

Viptela Control Plane components that will be located at a centralized location (cloud or internet) as explained below:

vSmart Controller

vSmart controllers are the brains of the overlay network. They establish secure SSL connections to all other components in the network and run an Overlay Management Protocol (OMP) to exchange routing, security and policy information. The centralized policy engine in vSmart provides policy constructs to manipulate routing information, access control, segmentation, extranets and service chaining.

vManage

The vManage is a centralized dashboard that enables automatic configuration, management and monitoring of the Viptela overlay network.  Users login to vManage to centrally manage all aspects of the network life cycle from initial deployment, on-going monitoring, and troubleshooting to change control and software upgrades.

vBond Orchestrator

The vBond orchestrator facilitates the initial bring-up by performing initial authentication and authorization of all elements into the network. vBond provides information on how each of the components connects to other components.  It plays an important role in enabling Viptela devices that sit behind the NAT to communicate with the network.

The vEdge routers (or uCPE) are full-featured IP routers that perform standard functions such as BGP, OSPF, ACLs, Qos and various routing policies in addition to the overlay communication. Each vEdge router establishes secure connectivity to all of the control components and also establishes IPSec sessions with other vEdge routers in the WAN network. The routing, switching, security functions will be executed by various VNFs configured on the vEdge routers. 

Click Here for other useful articles on SDN Technology(SDN/NFV/VNF/SD-WAN/Hypervisor/API/u-CPE)