One of the clear outcomes associated with the commercialisation of network functions virtualisation (NFV) is that the adoption of advanced virtualised software techniques will usher in a new age of programmable service innovation. Since NFV and the cloud address all layers of the network, the impact will be profound, as illustrated by the many relevant use cases that have emerged over the past few years.
One such leading use case is software-defined wide-area network (SD-WAN) which has gained strong market momentum due to its ability to elegantly extend the software-defined model to many network layers. A key consideration of this momentum is that it provides enterprise customers with a programmable, evolvable and lower-cost alternative to Multiprotocol Label Switching (MPLS).
But SD-WAN is still an emerging technology and given its deployment will be a gradual integration with MPLS, here are some technical factors to consider:
SD-WAN introduces new security demands…
- SD-WAN require encryption to ensure secure access this includes integrating security policies into software while simultaneously maintaining the programmability and automation that SD-WAN delivers. In contrast, MPLS networks do not typically support encryption and is therefore assumed to be secure.
- Hybrid network requirements must be addressed associated with running both MPLS and SD-WAN networks. The challenge is not to compromise the performance of existing security infrastructure, such as security gateways that must be enhanced to support encrypted traffic.
- Moving from MPLS to SD-WAN, can mean moving from a centralised security model to a distributed model supporting connected branch endpoints that have direct Internet access. The challenge in dealing with these end-points is meeting the requirements of deploying an end-to-end solution that is fully integrated and automated, as opposed to simply adding an additional security gateway to manage IP- sec connections, which increase cost and diminish programmability.
- Analytics is now a key component since it provides the real- time insight to identify potential threats to provide a window to execute threat-mitigation policies. However, successful analytics deployments must also consider the enterprise architecture and be able to support both private WAN connections and Internet-based connections.
SD-WAN deployments must be fully “orchestratable” and integrated into existing operations support systems (OSSs)…
- SD-WAN drives adoption of new service and charging models however, since OSSs have developed over many years, they are in many respects not “cloud-enabled.” More specifically, SD-WAN and virtualisation mandate that new OSS capabilities be designed to facilitate the transition from a dedicated hardware “silo” platform model to a shared common NFV infra- structure (NFVI) model.
- The scope of NFVI is broad, so several configurations must be supported this includes support for a “white box” distributed model, on or near the customer premises. Of course, SD-WAN must also support this model, given its relationship to enterprise services such as virtual customer premises equipment (vCPE). This means that SD-WAN and service VNFs must be orchestrated in the centralised cloud and at the enterprise network edge.
- SD-WAN injects additional complexity into OSS given the shift away from a dedicated appliance model and the requirement to support the software invocation and orchestration at the edge. Required in an OSS context, is the ability to support a single management approach for both MPLS and SD-WAN networks, because the operation of hybrid networks will mandate that an OSS have end-to-end visibility to support security features and policy enforcement.
- SD-WAN separates the data plane from the control plane which introduces a requirement to manage data flows via policy- based analytics and also control-plane sessions. This is critical, since by splitting these two functions it’s possible to enhance software-driven automation into the data and control planes, thereby achieving a much better scalability and end-to-end integration model.
SD-WAN will continue to represent a strong value proposition, ensuring that future waves of service innovation and differentiation can be achieved holistically, on all network layers, irrespective of how these layers are redefined in the future. We partner with Juniper Networks to provide automated, scalable and secure network solutions that offer agility, performance and value.
‘Empower service differentiation with SD-WAN’ taken from Heavy Reading and Juniper Networks whitepaper ‘SD-WAN Implementation & Differentiation Layer Strategies’.