Let’s Talk
Select Page

What is SD-WAN?

SD-WAN is a simplified and cost-effective way to use a WAN. SD-WAN (software-defined wide area network) is a wide area network that uses software to control network operations. Specific management software virtualizes networking hardware in the same way that hypervisors and other components virtualize data center operations.

SD-WAN offers an alternative to traditional WAN (wide area network) routers. It helps a WAN handle network traffic with specific protocols while providing a user-friendly interface. It also supports firewalls, gateways and virtual private networks for privacy with redundancy, backup and recovery, and troubleshooting.

By the end of 2019, 30% of enterprises will have deployed SD-WAN technology. This is up from less than 1% today. Why is this?

Because SD-WAN Provides:

  • The ability to reduce your MPLS cost while increasing your bandwidth.
  • A better user experience. It deploys applications in minutes on any platform.
  • Consistent user experience and predictable performance.
  • Faster, easier deployment and operation of your WAN with less bandwidth.
  • Advanced threat protection.
  • A secure, automatic connection to your applications.
  • A multilayer security that encrypts all data in transit to the Cloud.

Today’s computing environment requires more, and businesses are demanding more from their IT infrastructures.

There are more users today. The workforce is expanding in new and innovative ways. Enterprises are expanding their branch offices, the use of contractors, the IoT (Internet of Things) device use, etc.

There are more applications today. Applications dominate the business landscape, and the ability to support them and allow for an optimal experience is now paramount. It doesn’t matter where the applications are housed. Businesses want their employees to have secure 24/7 access to them wherever they are. SD-WAN is all about application accessibility and security.

There are more threats. We are seeing more advanced attacks, and with the expansion of the branch, diversity of application security now needs to be pervasive.

There are more demands. There are shifts in the speed of business, and as a result, their demands and expectations have skyrocketed.

Cisco’s SD-WAN is based on these four main pillars:

  1. Cloud Delivered Architecture
  2. Application Quality of Experience
  3. Comprehensive Security
  4. Agile Operation

These features help businesses do more faster with less interruption. Unless you use an SD-WAN that’s flexible and agile, then this becomes very difficult if not impossible.

Note: All of this can be delivered on-premises if your business doesn’t use the Cloud. However, Cisco’s SD-WAN was architected from a cloud perspective.

Unlike others, The Cisco SD-WAN is more enterprise-friendly and open, as it will take any VPN device, even those from third parties.

Cisco’s Software Designed Network (SDN) is a new approach to design, implementation, and network management. It’s based on the concept of separating the network Control Plane and Data Plane, where also reducing your IT costs through policy-enabled work-flow automation.

It also increases resource flexibility, utilization and reduces infrastructure costs and overhead. Cisco’s cloud architecture provides automated, on-demand application delivery and mobility at the scale you require.

SDN converges the management of network and application services into centralized platforms that can automate the provisioning and configuration of your entire infrastructure. It brings together disparate IT groups and workflows to deliver new applications and services in minutes, rather than the days or weeks required before.

The Data Plane is called a vEdge Router. It’s transport independent. So, it doesn’t matter if you’re using MPLS, Internet, cellular on a 4GE or any combination or multiples of these. Everything that goes in and out of the Data Plane is encrypted. It sits at the perimeter of a site (like a remote office or data center) and establishes a secure virtual overlay network over any number of WAN transports. It provides for the routing, forwarding, security, and encryption of data that businesses today require.

The Control Plane is in the Cloud (the vSmart Controller) where it sits separately from and directs changes on the data plane. The vSmart controller is the centralized brain of the Cisco solution, providing a means to control the flow of data traffic throughout the network. In addition, the vSmart controller works with the vBond* orchestrator to authenticate Cisco devices as they join the network, and to orchestrate connectivity among the vEdge* routers.

Virtual networks are ideal for enterprises with distributed organizations that have multiple remote locations, aging networks that require a hardware refresh, and where infrastructure leaders are looking to drastically simplify their IT operating model. As fewer and fewer apps reside within the walls of the corporate data center and move to the Cloud, the resulting shift in traffic patterns break traditional networking architectures and require an agile, virtualized model of networking.

The vManage or Management/Orchestration Plane overlays the Control Plane and Data Plane. It’s a centralized network management system that enables configuration and management and provides a dashboard into the network. It’s also in the Cloud so it can be accessed from anywhere. You log into the vManage and rather than going to and from different devices, you build out your intent from this one place. This allows you to create an abstracted virtual network on top of a physical network for fine-grained controls, plus the ability to dynamically insert and provision virtualized services and applications–including the ability to run a large number of multi-tenant virtual networks without changing the underlying physical network or infrastructure.

*The Orchestration Plane (vBond Orchestrator) automatically orchestrates connectivity between vEdge routers and vSmart controllers. If any of the vEdge routers or vSmart controllers is behind a NAT, the vBond orchestrator also serves as an initial NAT-traversal orchestrator. The vBond allows for low-touch or zero-touch provisioning. With Cisco’s zero-touch provisioning you can bring up branch sites within a few of minutes. You can see everything that’s going on and integrate it with other systems to solidify all your information into one plane.

vAnalytics™ This is an add-on module you can take advantage of. According to Cisco, “The vAnalytics engine collects anonymized data across multiple customers. As an added precaution, the engine does not collect any PII. Each customer’s data sets are stored in isolation. Currently, the engine ingests more than 1 million unique records per hour across 100 customers on a 200+ service provider infrastructure. The platform employs machine learning and deep learning techniques to create meaningful representations of the data for simplistic user consumption on a per-customer basis. Some of the data consumed consists of inventory data (device and interface related), flow information (Deep Packet Inspection – DPI and Cflowd), events and connectivity-related statistics (app-route statistics, interface statistics, etc.).

vAnalytics:

  • Provides real-time information for failure correlation, cross customer benchmarking, and app performance scores.
  • Enables future planning based on intelligent data (App/bandwidth forecasting, branch expansion analysis, policy changes what-if).
  • Provides a quality-of-experience score for applications running on your network. This helps identify how your application is doing based on recent changes made on your network.

Because of the separation of the Management Control and Data Plane you can scale this very high. Some clients have used over 5,000 WAN nodes using this solution. And you can scale them however you need to and how fast you need to. It supports redundant management (hardware and circuit which is a fairly unique capability to the Cisco solution).

Transport-Independent Fabric: The transport-independent nature of the Cisco SD-WAN solution allows the use of a variety of connectivity methods in the Active/Active/HighAvailability fashion by securely extending SD-WAN fabric into the public cloud environment across all underlying transport networks. These include Multiprotocol Label Switching (MPLS), broadband, 3G/4G LTE, satellite, and point-to-point links.

Application Delivery: You can extend ubiquitous connectivity, zero-trust security, end-to-end segmentation, and application-aware Quality-of-Service (QoS) policies of WAN into Infrastructure-as-a-Service (IaaS) public cloud environments.

Monitoring and Analytics: The Cisco SD-WAN solution provides real-time analytics with deep control and monitoring specifically for WANs.

For more information about Cisco’s SD-WAN Solution, contact the IT Experts at LA Networks. We’re a proud member of the Southern California Cisco Users Group.