Shulou(Shulou.com)06/01 Report--

For SD-WAN, which appeared only in 2015, it has been in the awkward situation of "one noun, their own interpretation". However, because it is too popular in the current network circle, it has reached the stage of "kicking VPN and punching routers". Various manufacturers have changed their flag one after another, no matter whether they have or not, they all say that their belongings are SD-WAN, so that they do not know who is right and who is wrong, so they can only stand idly by and watch lively.

While Abloomy released its self-developed SD-WAN products on the market, I sorted out the conceptual discussions that SD-WAN saw in media articles, trying to give a valuable summary.

Throughout the introduction of SD-WAN, whether intentionally or unintentionally, manufacturers tend to describe the benefits of using SD-WAN to explain what SD-WAN is, which seems to imply that "no matter black cat or white cat, catching a mouse is a good cat."

The above definition of Wiki is as follows: SD-WAN is an acronym for software-defined networking in a wide area network (WAN). SD-WAN simplifies the management and operation of a WAN by decoupling (separating) the networking hardware from its control mechanism. This concept is similar to how software-defined networking implements virtualization technology to improve data center management and operation .

The definition of domestic trade association is similar: software-defined wide area network is a kind of service formed by applying SDN technology to wide area network scenario.

For most people outside the industry, it is still impossible to understand what SD-WAN is through this definition. What should a product with SD-WAN function look like? But at least know that SD-WAN should come from SDN, that is, it should have some implementation ideas and technical features of SDN.

What is SDN after?

In the traditional sense, SDN is a LAN-wide technology, which emerged from the campus network and was first applied to the data center field, mainly for the deployment of cloud business services for the data center. With the popularity of SDN in IDC and cloud center, this key idea of SDN is further consistent with the concept of cloud computing:

-- hardware simplification and generalization: SDN advocates building IDC network infrastructure with simple and standardized network hardware, which is actually the key to reducing the cost of the solution, which is also consistent with the idea of building cloud computing infrastructure.

-- Network Virtualization: it can be said that SDN promotes the popularity of network virtualization in automated business deployment. The original network virtualization technology is more like a network isolation technology, which can be regarded as an evolutionary version of VLAN technology. Combined with SDN's centralized control system and host-based service virtualization, it has quickly become the key means for SDN connection control plane virtualization, network resource virtualization, virtualization plane and physical network connection. At the same time, the concept of network virtualization has further evolved into a network function virtualization method (NFV).

-- Control centralization: SDN strictly distinguishes the behavior at the control level from the behavior at the forwarding level, which has something to do with the relative singleness of the physical network of SDN. The centralized control of SDN is limited by the control ability of a single controller and the overall network performance of the control area. Through centralized control, SDN ensures the efficiency and simplification of management in the region, as well as the virtual deployment of the controller.

-- data transparency: corresponding to control centralization, SDN achieves the transparency of forwarding data relative to the controller and the control layer. After all, the SDN controller needs to forward and control the data flowing through the switch through the issued policies and rules. The depth and type of data that the SDN controller can see determines the carrying capacity of the entire SDN network to the SLA of customer services.

What does SD-WAN inherit from SDN?

First of all, SD-WAN is an extension of SDN in the field of wide area network. In addition to the different network objects studied (local local area network for SDN and wide area network for SD-WAN), the basic idea of "separation of transfer and control" is completely inherited. Moreover, there are similar views on hardware generalization, network virtualization, control centralization and data transparency.

However, because the application environment and business environment of SD-WAN and SDN are different, their implementation forms and approaches are very different:

-- the control requirements at the forwarding level are different: SDN emphasizes that forwarding is completely implemented by three layers of hardware, that is, under the premise of port forwarding line speed, the application forwarding control depth can be as detailed as possible. SD-WAN requires the abstract encapsulation of the transport layer (Underlay) in the forwarding layer, that is to say, the end-to-end logical link (physical or virtual) and network (overlay) established through SD-WAN should be able to be called in the way of abstract transport resources, and the transmission work of overlay should not involve the complex transport protocol processing in underlay. This simplifies the management and configuration of communications.

-- the forwarding control objectives are different at the control level: the control goal of SDN is to ensure that the forwarding performance (bandwidth) of business traffic in the global domain (within the LAN) is up to standard. The control goal of SD-WAN is to ensure the reliability (QoS) and performance (bandwidth) of business traffic in the global area (within the scope of the wide area network WAN). Therefore, SD-WAN needs to be able to control a variety of transmission networks (MPLS/SDH, Ethernet, wireless, 4G/LTE, satellite communications, etc.), and dispatch these networks to forward services for business traffic in the global area.

What does SD-WAN really want to achieve?

According to my own induction and understanding, what SD-WAN really wants to achieve is to make full use of the communication means that enterprises can use (MPLS/SDH, Ethernet, wireless, 4G/LTE, satellite communications, etc.), as well as private network and Internet, to achieve the goal of full-service traffic QoS, global routing control and business strategy arrangement.

Therefore, compared with the WAN transmission scheme realized by the traditional router network, SD-WAN puts forward a new implementation idea in the following points:

-- Separation of transfer and control: as mentioned in the previous introduction to SDN, SD-WAN is only different in the degree of separation. Because SD-WAN focuses more on forwarding control for overlay layer, underlay layer control is more implemented at the forwarding level.

Global routing control: SD-WAN largely replaces the dynamic routing protocol of traditional routers. We know that traditional dynamic routing protocols generally collect local link QoS and reachable information, exchange routing information and vote between routers in the domain, to maintain the local dynamic routing forwarding table for actual forwarding control. Even the BGP protocol can only centralize and distribute the routing information through Route Reflector, and the specific routing judgment, that is, forwarding control, is still done locally. However, SD-WAN can be simply thought of as maintaining a global routing table directly on its SDN Controller. CPE/Edge devices only need to upload local link information and receive the routing table issued by SDN Controller. Routing processing and forwarding control have been greatly simplified.

Unified QoS control: compared with the local QoS policy control of traditional gateways and routers, SD-WAN emphasizes centralized QoS analysis and unified QoS policy distribution. CPE/Edge devices report link-local information data in real time (including the current network characteristics of the link, including delay, jitter, packet loss and available bandwidth), which are analyzed uniformly by SDN Controller. The network administrator converts the SLA target input into QoS definitions of various specific business applications-bandwidth, delay, jitter, packet loss, etc., and the controller converts these requirements into "immediate" routing policies for the corresponding edge devices. To select the best path to send the traffic. From another point of view, unified QoS control is the decision strategy of global routing.

-- Business strategy orchestration: the "software definition" feature of SD-WAN mainly depends on "policy orchestration". The strategy explains the control mode of SD-WAN for services, applications, CPE/Edge devices, links, network characteristics, SLA/QoS guarantees, routing and so on. Orchestration is the mapping and association between policies and resources under SD-WAN (for example, available Overlay link pool, overlay network characteristics, available underlay link pool, underlay link characteristics). To put it simply, it is an automated way of how the business needs to use SD-WAN to achieve the corresponding SLA goals. Since it is automated, it means that SD-WAN 's SDN Controller can spontaneously adjust those strategies. The use of resources under its jurisdiction, the degree of automation and the fine degree of policy control granularity determine the business scheduling capability of SD-WAN, that is, the actual implementation level of SD-WAN.

How to identify genuine and fake SD-WAN products?

After a basic understanding of the real meaning and context of SD-WAN, we return to the original intention of this article: how to distinguish between genuine and fake SD-WAN products.

As mentioned at the beginning of the article, there is no unified definition of SD-WAN so far, which results in many manufacturers' SD-WAN solutions do not have a unified evaluation standard, and some manufacturers also take this opportunity to "catch up with fashion and heat", deliberately confusing the real technical concept and solution intention of SD-WAN, and objectively hindering the healthy development of the SD-WAN market. Recently, in the industry, there have been cases in which manufacturers have used traditional VPN with internal MPLS backbone to simply implement pseudo-SD-WAN solutions, and what is more, they even use L2TP+MPLS+SNMP solutions, claiming to customers that it is a joke of SD-WAN.

-- because SD-WAN 's products and solutions do not exclude integration with old technologies and products, this brings a lot of trouble to distinguish between true and false. So I think there are two ways to judge this problem:

-- distinguishing from the fundamental characteristics of SD-WAN

-- summing up and judging from the external function points of SD-WAN products

Distinguish from the basic characteristics of SD-WAN

This method is actually a testing method, which requires the reader to have the basic ability to analyze the SD-WAN system, that is, to be able to investigate each part of the SD-WAN system independently, so as to judge whether there is a doubt in a SD-WAN system.

According to the previous introduction, I think the four fundamental features that SD-WAN must have are: switching and control separation, global routing, unified QoS control and business strategy scheduling. To do this, readers can look for the following features in a SD-WAN system:

-- to judge whether Controller has "switching and control separation" by investigating it.

* * on the Controller claimed by the SD-WAN system, check whether it is completely separate from the local traffic forwarding function. Because the Controller of the SD-WAN system, as the central control facility in the system, can be a dedicated device, a virtualized server deployed in IDC, or a virtualized application in the central location of the enterprise network. Therefore, we need to make sure that this Controller has a communication connection with all other SD-WAN devices (CPE/Edge devices) that have local traffic forwarding capabilities.

* * check that this Controller has the ability to publish forwarding policies. Because the forwarding strategy of SD-WAN system basically depends on three or more layers of routing rules, we need to make sure that this Controller can generate such routing rules and cover all SD-WAN devices (CPE/Edge devices) under our jurisdiction.

* * so far, we can basically confirm that this Controller basically has the ability of "transfer and control separation", but this does not include distinguishing it from the BGP system, which requires the following steps.

-- further confirmation of "switching and control separation" through the inspection of CPE/Edge equipment

* * examine the routing forwarding table of CPE/Edge devices in the SD-WAN system. Since the Controller in the SD-WAN system is responsible for updating the forwarding tables of all forwarding devices in the domain, it is necessary to determine whether the online CPE/Edge devices completely rely on Controller for routing forwarding tables for updates.

-- to determine whether Controller and CPE/Edge devices have the ability of "global routing" by investigating them.

* * determine whether a CPE/Edge device will report link information to Controller by selecting the local link of a Controller device for disconnection.

* * check whether the Controller updates its global policy table and updates the forwarding tables of related CPE/Edge devices.

* * during this process, the business connection (such as video playback) on the two end-to-end CPE/Edge devices should not be interrupted.

-- to determine whether Controller and CPE/Edge devices have "unified QoS control" by examining them.

* * at least two persistent traffic (for example, two videos) need to be introduced into this SD-WAN system to represent the effects of different levels of QoS policies.

* * introduce a new transmission link (preferably a new link type) to the SD-WAN system, set a new QoS policy, and associate it with the QoS policy of one of the previous traffic flows.

* * if the original transmission link is disconnected, you should be able to see the changes in the transmission effect of QoS policy on different business traffic. The specific strategy depends on the specific experimental methods.

-- to judge whether Controller has the ability of business strategy orchestration by investigating it.

* * examine the scope of this Controller resource list.

* * examine the types covered by the policy type of this Controller.

* * check whether this Controller resource choreographer (different manufacturers have different names) covers the above two aspects.

* * based on this, we basically determine whether the Controller has a business policy orchestration feature, and the specific capabilities need to be judged separately.

When this system has passed the above inspection and testing, we can safely think that the system is a SD-WAN system.

Summarize and judge from the external function points of SD-WAN products.

Since people do not always have access to a certain SD-WAN system, they usually only have access to the promotional materials and part of the function list of the SD-WAN system. Can we draw a conclusion by judging these text messages? Here I try to give a list of basic SD-WAN system functions (Abloomy) to assist readers in their judgment:

1. Remote sites / branches can actively access business applications through public or private WAN.

two。 Support multiple backup and aggregation methods for WAN links of branch site devices

3. The controller of SD-WAN supports single / dual cluster and virtualized deployment.

4. Support dynamic adjustment of traffic across private and public WAN paths according to a unified application policy, and control (improve or decrease) the performance of WAN services at the transport and application layers.

5. It supports centralized visualization to manage the traffic status of critical business and real-time applications, and to prioritize them.

6. Support zero-touch deployment (ZTP) of branch site devices, with almost no configuration changes on directly connected infrastructure, ensuring configuration and deployment agility.

7. Support centralized policy configuration to ensure the real-time performance of bandwidth allocation, automatic priority sorting and link selection.

8. Support predefined templates based on the performance requirements of business applications (bandwidth, latency, jitter, packet loss).

9. Support for WAN optimization.

10. Support AAA (authentication, authorization and billing), support RADIUS, LDAP or AD, etc.

11. Link security attributes with the same level of IPsec and SSL VPN are supported.

twelve。 Branch site devices support local or cloud-based NFV-based service orchestration, packet capture and decoding capability (DPI) and firewall functions.

13. Support for role-based / multi-tenant (same-tier / tiered) access control

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.