As enterprises evolve to adopt SD-WAN, the first question they encounter is how to smoothly migrate to the new architecture. Therefore, an easier and simpler way to migrate to SD-WAN would appear quite attractive.
This is not difficult with SD-WAN. After all, SD-WAN provides a zero-touch deployment model. This means adding SD-WAN on top of the existing network is easier, quicker, and smoother.
However, look at it from another angle; while SD-WAN certainly solves connectivity issues easily and quickly – is that all you need? Why not go further? For example, if planned well it can also simplify the branch office considerably by solving the device-sprawl issue. But how?
To answer this question, let’s look at a typical branch office. The LAN is connected to a switch, which is then connected to a WAN optimization appliance, a router, and then a firewall. (While this is an over-simplistic way of showing the devices but it does show the typical devices used in a branch office/enterprise building).
Now this company intends to introduce SD-WAN. In such cases, the SD-WAN CPE is introduced in front of the firewall’s public interface. Zero-touch provisioning is triggered and voila! The branch is connected to SD-WAN in no time.
This is a smooth transition to SD-WAN without major changes to the internal network of the company. Though it raises a few points:
- Does this make the branch simpler? In a way, we are making it more complex by adding box/vendor which means not just additional CAPEX but also additional OPEX of maintaining it.
- Multiple points can fail here. For troubleshooting purposes, this is quite difficult and time-consuming. The multiple touchpoints mean the troubleshooting process is stretched.
- Last but not least, there is a functional redundancy. In other words, there is a duplication of packet processing. For example, each of the devices from WAN optimization until SD-WAN is doing similar operations. I.e. getting the packet, parsing it, doing route lookup and some sort of QoS or DPI processing. All this creates undesired latency.
However if planned well, the better way is to have a converged SD-WAN Device that can additionally do firewall, routing, and WAN optimization, all within the same device. Something like the following:
We have effectively solved all the above three issues with this single strategy.
It has multiple advantages
- Simpler network-less devices to maintain and troubleshoot reducing CAPEX/OPEX.
- Packet processing is done once as functions are embedded into a single device. No more latency because of service chaining multiple devices.
- Single management console with better visibility into the network.
However, here are the few concerns that this step can raise:
Isn’t this a Rip-and-Replace approach?
Yes, it is. However, do you know that an SD-WAN device can cost you much less compared to the costs of acquiring all these devices and maintaining them? Here you have cut down on device sprawl considerably. Yes, it will take more time to migrate to each office as you need to plan carefully but it is worth exploring, considering the overall cost savings.
Is such all-in-one SD-WAN CPE available?
Yes, it is.
SD-WAN CPE can do routing functions so you don’t need a separate router. Some vendors offer next-generation firewall/UTM as part of their SD-WAN CPE. Not every vendor will be able to do WAN optimization, though. So it is better to ask your SD-WAN vendor for the features it support.
I found one provided by Riverbed, SteelConnect EX that combines all of them into a single box, and considering they come from WAN optimization background, they do have WAN optimization and application acceleration as one of the features supported.
Will I miss my best of breed devices/vendors?
Some vendors have taken their time to invest in all these four functions so you would not miss your favorite 3rd party best of breed vendor. Secondly, some vendors come from security and WAN optimization backgrounds, therefore they surely bring enough experience in that area.
Plus you do not have to rip and replace everything if you like. For example, keep the firewall of your favorite vendor and just merge the routing, optimization, and SD-WAN into one box or you can choose the functions you like. Migrations can take an evolutionary approach here.
My SD-WAN vendor tells me, I do not need WAN optimization?
Check the vendor’s portfolio. Most likely this vendor does not have a WAN optimization offering. Simply because the vendor cannot offer it does not mean you do not need it. However, you most likely do need some WAN optimization.
While SD-WAN can give you more bandwidth, it will not solve latency issues especially if you are running a network that crosses geographical regions/continents.
No technology can solve physical latency but when physical latency is combined with other latency coming from back and forth communication owing to applications’ chattiness, things become worse. Add to it the fact that such latency can result in TCP re-transmissions, user experience is severely affected. WAN optimization solves all these issues for improved user experience.
Let the SD-WAN Make the Network Simpler and Less Complex
In conclusion, SD-WAN should not just solve the connectivity issue but also make the networks simpler. As you do technology refresh and intend to acquire SD-WAN, take your time to think about what you can get rid of the existing devices to make your office simpler and sleek. Look for an SD-WAN vendor that gives you the best and most integrated solution so you run a network easily with a single pane of glass and thus effectively reduce your CAPEX and OPEX.
- Scalability of Riverbed’s SD-WAN – Some Thoughts - June 5, 2020
- SD-WAN Should Simplify the Network, Not Make It Complex - May 18, 2020
- COVID-19 and Bandwidth Bottlenecks - May 11, 2020