SD-WAN Advice: Don’t Forget the Underlay Network
The software-defined WAN, or SD-WAN, has been a red-hot technology topic over the past few years, and deservedly so. The technology promises to modernize the WAN by lowering costs and delivering unparalleled levels of agility. However, as businesses build out this transformational overlay network, many forget the physical underlay.
I understand the fascination with the overlay: Multipath, local Internet breakouts, and broadband are fun and exciting. But the old and boring underlay is critical to SD-WAN success.
A good way to think about this is that you wouldn’t run the latest version of Windows with hardware designed for Windows 95. Nor would you refurbish a car’s engine but leave old, worn-out tires on it. You wouldn’t do those things because you understand that each component of a system needs to work together to create a great experience. The same thing holds true for SD-WAN.
Juniper Networks recently announced the 5.1 version of its Contrail Enterprise Multicloud platform, which enables businesses to modernize the underlay to ensure the overlay SD-WAN performs optimally. You might ask, “Since the enterprise WAN has been around for decades, why does it need to be updated?” The answer lies in the fact that traffic flows have changed and so the network must as well.
Enterprises built their legacy WANs on the premise that most traffic flowed between the data center and branch offices. They stored applications and data in the data center, and users lived primarily in branches -- and everything was easy peasy lemon squeezy.
This network scenario certainly isn’t the case any longer. Multicloud environments reign supreme today, and the WAN connects branches to the cloud, clouds to data centers, data centers to data centers, and everything to the Internet. Easy peasy just gave way to complicated.
Juniper’s Contrail 5.1, combined with other products, addresses each aspect of the underlay network’s transformation:
- WAN Backbone -- connects all the places in the network, including branches, data centers, campuses, and public clouds, ideally with a focus on cost and optimized site-to-site connectivity. To enable this, Juniper offers:
- Data Center Interconnect (DCI) -- ties together all private and co-located data centers. Here Juniper uses an Ethernet VPN (EVPN)-based DCI for layer two or three to manage the increasing volume of East-West traffic and optimize the network. New to Contrail Enterprise Multicloud is SDN orchestration of the DCI features, which removes the need for manual EVPN-Virtual Extensible LAN configuration. Contrail Enterprise Multicloud raises the level of abstraction for provisioning and managing DCI.
- Hybrid and Multicloud -- connects data centers to the public cloud over dedicated links using services like Amazon Web Services Direct Connect, Microsoft Azure Express Route, and Google Cloud Platform Interconnect. Dedicated links provide more predictable performance than over-the-top connections.
- Internet Peering -- provides open and secure routing for peering with cloud providers, network operators, partners, and Internet exchange points, as well as enterprise edge facilities. Juniper offers the Contrail Peerbot and NorthStar Egress Peering Engine to simplify peering. It also has a distributed denial-of-service solution for better security and network performance.
One challenge network professionals are likely to face is that knowing what to do doesn’t necessarily mean understanding how to do it. To help with this, Juniper recently posted a blog outlining five steps to migrate to transform the WAN, as shown in the graphic below and summarized here.
The first step involves basic changes to ensure the network can scale up instead of out. With that basic blocking and tackling in place, the task at hand moves to re-architecting the network for multicloud. Jumping into an SD-WAN without doing these first two steps could lead to problems down the road, as the underlay will still be branch-optimized versus cloud-optimized. From there, an enterprise can use the SD-WAN to improve operational efficiency by providing better visibility and analytics. Next the focus can shift to more advanced capabilities that are business-transforming versus network-transforming only. The final step would involve automation and orchestration to ensure continual performance optimization and alignment of network and security operations.
These five steps are extremely important to SD-WAN success. Leaping from a legacy network to an SD-WAN may seem daunting -- a little like embracing the concept of autonomous vehicles. Few people are comfortable with the thought of jumping into a car with no driver or controls. However, they’re fine with having the car parallel park, warn if someone is in the blind spot, or apply the brakes when a child jumps in the road in front of it. Over time, people will get more and more comfortable with automation to the point where self-driving becomes the norm. To understand the progression from today to full autonomy, the auto industry created the five levels of self-driving cars. What Juniper has put together can be thought of as the SD-WAN equivalent to this.
SD-WAN interest remains high; many organizations have SD-WAN in test mode or in limited deployments at a few branch offices. As these pilots and tests turn into large-scale production networks, enterprises must remember to first make sure the underlay is sound and then build advanced overlay capabilities on top of it. Both need to work together seamlessly to ensure SD-WAN success.
Attend Enterprise Connect 2019, March 18 to 21 in Orlando, Fla., to hear from enterprise IT executives who have overseen SD-WAN implementations at their organizations. And if you haven’t yet signed up for the event, register with use the code NJPOSTS to save $200 off the current rate.