Lead Image © ktsdesign, 123RF.com

Lead Image © ktsdesign, 123RF.com

Software-defined wide area networks

Versatile Connections

Article from ADMIN 40/2017
A natural consequence of software-defined storage and software-defined data centers is the software-defined wide area network, or the Internet connections between locations and cloud services.

The term "software-defined" usually refers to a technology that entered the IT market in the 2000s: virtualization. Although virtualization has been customary in a server environment for many years, the question arises as to how such basic structures as wide area network (WAN) routes can be virtualized and what their inherent benefits might be. A software-defined WAN (SD-WAN) comprises multiple components:

  • Virtualization: frees the network from the physical infrastructure.
  • Zero-touch provisioning: allows the timely addition of routes to the virtual infrastructure.
  • Centralized management, automation, and the technologies of dynamic path conditioning.
  • WAN optimization technologies: compression and deduplication, as well as high-speed TCP packet order correction and forward error correction.

Some manufacturers do without the last set of technologies listed; however, two definitive vendors, Silver Peak [1] and Riverbed [2], come from exactly this sector and continue to use their (partly) patented technologies for this new product line.

Network virtualization is the basis on which SD-WANs are built. At this level, the overlay network (logical connections) abstracts itself from the underlay network (physical connections). Examples of underlay networks include private multiprotocol label-switching (MPLS) networks leased from providers, directly leased point-to-point routes, and simple xDSL (i.e., ADSL, SDSL, etc.), cable, and LTE/UMTS Internet connections.

Separating the Network Layers

A well-known technology is used to separate the underlay networks from the logical (overlay) network: VPN connections that work with 256-bit IPsec encryption on all well-known SD-WAN products. These VPN connections form the underlay tunnel through which each site exchanges data. This abstraction alone still does not offer any advantages in terms of the dynamics of the WAN routes, but it does make Internet connections usable for site-to-site links.

Another abstraction layer is added to gain more flexibility. Above the underlay tunnel, more tunnels (i.e., the overlay tunnels) span the locations. These tunnels use encapsulation-only protocols; all manufacturers currently use generic routing encapsulation (GRE), which does not include any security features (e.g., encryption) and therefore only ensures logical separation of the data paths. These overlay tunnels are configured and optimized, depending on the application profile and purpose, and rely on one or more underlay tunnels to provide the connections. The total number of all overlay tunnels, along with their parameters, forms the virtualized overlay network, which is decoupled from the physical networks.

Transmission Capacity

At this point, it would be possible to replace individual site connections with other types of connections (e.g., expensive leased lines with less expensive Internet connections or MPLS with a faster LTE link). However, the different characteristics of the lines then play a role. An MPLS route typically has a service-level agreement (SLA) of 0.1 to 0.5 percent packet loss, compared with a connection on the public Internet of 0.5 to 1 percent. If you want to operate sensitive applications such as VoIP, video, or data acquisition systems on these modified routes, this amount of packet loss can quickly cause problems.

Latencies in the range of 50 to 200msec are also common for connections between continents via the Internet, often disrupting sensitive applications because of their susceptibility to interference. Also, manual connection management would be extremely complex given such a mass of tunnels and would completely rule out any advantages gained from its flexibility.

Automated Network Tunnels

Now the next two basic components of SD-WAN enter the scene: automation and dynamic path conditioning. Automation means that the process of creating underlay and overlay tunnels is completely automated for all fully functional SD-WAN solutions. The administrator specifies which sites to connect, and the IPsec configuration is done autonomously, with no need to define keys or exchange certificates; the systems handle this work.

The overlay tunnels are created as a function of the application profile. Silver Peak coined the term "Business Intent Overlay" for its SD-WAN product line. This defines exactly which applications have which requirements with respect to line bandwidth, packet loss, latency, and jitter. On the basis of these definitions, dynamic path conditioning then comes into its own.

One part of path conditioning is handled by means of load balancing across lines of different bandwidth, latency, and error rate. Previously it was only possible to distribute load in equal proportions across identical lines on the network. The algorithms used in dynamic path conditioning let you, for example, combine an MPLS and an LTE path for an application, which not only allows an increase in the bandwidth, but also provides resilience.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Software-defined networking in OpenStack with the Neutron module
    In classical network settings, software-defined networking (SDN) is a nice add-on, but in clouds, virtual networks are an essential part of the environment. OpenStack integrates SDN technology through the Neutron module.
  • Layer 3 SDN
    Calico chooses an unusual approach for software-defined networking, relying on open standards like BGP. We look at the distinctions and advantages of Calico.
  • Open source multipoint VPN with VyOS
    The VyOS Linux distribution puts network routing, firewall, and VPN functionality together and presents a fully working dynamic multipoint VPN router as an alternative or addition to a Cisco DMVPN mesh.
  • Mesh Service for OSI Layers 2 and 3
    In early April 2018, the Cloud Native Computing Foundation accepted a new sandboxing project: Network Service Mesh. In this article, we explain how it resembles a conventional service mesh and what makes it different.
  • IPv6 tunnel technologies
    Now that IPv6 is the official Internet protocol, all that remains is the simple task of migrating all the machines on the Internet. Until that happens, tunnel technologies provide an interim solution.
comments powered by Disqus