With the move to cloud computing, enterprises must ensure that their private WAN architectures are flexible and dynamic, as static networks drastically limit the usability and attractiveness of the cloud. As discussed in the first post in this series on building WAN infrastructure for the cloud, most enterprises need to implement new techniques to achieve the benefits of the cloud.
One area where a new technique is needed is in managed services such as IP/MPLS VPNs. While they are appropriate for some enterprise WAN needs, such as providing multi-site connectivity between large sites and data centers, they are expensive, inflexible, and notoriously slow to provision for smaller remote sites where changes are frequent. Connecting new sites, bringing up new services, or making changes can take weeks or months. Once a request is made, the process is often opaque, making problem resolution difficult. For enterprises, the process of using IP/MPLS VPNs in their private WAN to connect hundreds of smaller sites can be equally complex and frustrating.
Increasingly, enterprises are using software-defined networking (SDN) to automatically allocate network resources and balance workloads in and across multiple data centers. SDN is a more dynamic, manageable, cost-effective, and adaptable network architecture that is better suited to today's cloud deployments. It makes networks programmable from a centralized SDN controller, simplifying control of the network, making it more agile and responsive and creating opportunities for policy-driven supervision with additional automation.
SDN has an important role to play in the WAN too. It can bring the advantages we realized in the data center and reduce the cost of remote site connectivity along with these benefits:
- Reduced complexity when connecting small remote sites
- Templates to define, deploy and enforce network policies
- Supports any mix of last-mile technologies and multiple connections
- Provides a more consistent quality of experience for users accessing cloud applications
Software-defined WAN is a rapidly emerging approach that gives enterprises more control of their WAN, particularly when providing connectivity to smaller sites. SD-WANs build a virtual network on top of a physical network or service, mapping the virtual to the physical network such that the physical aspects are hidden. For example, some sites could be connected via IP/MPLS VPN services and others connected securely over the Internet, both using any mix of last-mile technologies such as Carrier Ethernet, xPON, xDSL, Hybrid Fiber Coax (HFC) or mobile broadband instead of costly leased lines. Sites can have multiple physical connections for backup, to provide additional capacity and resiliency, or for different types of traffic.
Network edge functions such as firewall, encryption, DNS and DHCP are implemented in software. A central policy manager defines, deploys and enforces overall network functions and advanced services, and a central network controller downloads and controls the network topology, functions and features on customer premises equipment (CPE) at each enterprise site. The CPE is typically an appliance or server based on standard x86 COTS hardware.
With zero-touch installation, centralized policy-based configuration, management and control, SD-WAN ensures fast adds, moves and changes and eliminates the need for site visits; deployment is no more complicated than installing a residential broadband modem/router. Enterprises can connect small remote sites without incurring the costs and complexities of a traditional WAN network. SD-WAN provide more flexible connectivity to the cloud today for smaller sites within the same region, or where changes are more frequent and unpredictable
More of the enterprise WAN will become virtualized in the future, and will also need to be managed through a layer of abstraction. This means that enterprise WANs will not be managed as widely distributed physical network devices like they are today but instead, many higher level network functions will be virtualized to run on standard servers, in much the same way as applications, servers and storage are virtualized in the modern data center. These virtualized network functions will be managed as logical groupings of network resources using SDN.
Virtualization in the enterprise WAN will evolve over time. Its main benefit will be to hide much of the complexity of the cloud by managing the applications, data, servers, storage and underlying network resources that support them as single logical representations. Using an SD-WAN approach, enterprises will be able to manage IT and network resources wherever they are in the cloud to meet the needs of the business quickly, more efficiently, and at lower cost.