For SD-WAN 2015 years to appear, has been in an awkward, "a noun, respective interpretations" of. But because of its current network in the circle too hot sake, he has come to the point of "kicking ×××, punches router", and the brightest manufacturers have changing of the guard, and some did not matter, all their belongings that adhere SD -WAN, so Tell me what you do not know who is, can only stand by and see a bustling.
Taking advantage of Abloomy released from the research of SD-WAN products on the market on the occasion, my discussion of the SD-WAN article appeared in the media concepts were consolidated, we tried to give valuable summary.
Throughout the manufacturers to introduce SD-WAN, whether intentionally or unintentionally, by all tend to describe the benefits of using SD-WAN brought explain what SD-WAN is, which seems to imply, "Whether black or white , it catches mice is a good cat. "
Wiki上面的定义是这样的:SD-WAN is an acronym for software-defined networking in a wide area network (WAN). SD-WAN simplifies the management and operation of a WAN by decoupling (separating) the networking hardware from its control mechanism. This concept is similar to how software-defined networking implements virtualization technology to improve data center management and operation。
The definition of domestic industry associations are also similar: WAN software-defined network, SDN technology is applied to a service wide area network scene is formed.
For most non-insiders, by this definition still can not figure out what SD-WAN that? With SD-WAN capabilities of the product is what? But at least know, SD-WAN should be derived from the SDN, that is, it should have some realization of ideas and technical characteristics of SDN.
SDN is the pursuit of what?
SDN in the traditional sense is within a range of local area network technology, it appears from the campus network, the first to be applied to the data center, mainly for data center deployment of cloud business services. With the SDN at IDC, the popular center of the cloud, the key idea of this concept is further SDN and cloud computing fit:
- Hardware simplification, generalization: SDN promote IDC build a simple function and standardized network hardware network infrastructure, which in fact is the key to lowering the cost of the program, which is also associated with cloud computing infrastructure to build ideas coincide.
- Network virtualization: SDN can be said to promote the popularization of network virtualization deployment in the automation business. The original network virtualization technology is more of a network isolation technology, it can be considered an evolutionary version of the VLAN technology. In the centralized control system with the SDN, after a host of services based on a combination of virtualization, it quickly became a key means SDN control plane connection virtualization, network resource virtualization, virtualization, network convergence and the physical plane. Meanwhile, the network concept of virtualization to take this further evolution into a network function approach to virtualization (NFV).
- Control Center of: SDN strict distinction between behavior and the behavior of forwarding plane control plane, which is relative to a single physical network SDN not unrelated. SDN centralized control and limited by the ability to control the overall network performance control region of a single controller. SDN through centralized control means to ensure the efficiency and simplify management in the region, but also to achieve virtualization deployments controller.
- Transparency Data: corresponding to the control center of, SDN realized and forwarding data relative transparency control layer controller, after all, required by the issued SDN controller policy rule data stream and forwarding control switch, SDN the controller can see the depth and variety of data determines the carrying capacity of the entire network SDN customer service SLA's.
SD-WAN inherited what from SDN?
First, SD-WAN extension SDN is thinking in the field of wide area network. In addition to different studies of network objects (SDN for the local LAN, SD-WAN for Wide Area Network), the "turn controlled separation" The basic idea is fully inherited. And, in general hardware, network virtualization, both aspects of the control center and data transparency have similar argument.
However, due to SD-WAN and SDN application environment and business environment are different, both in form and consider implementing the realization of very different ways:
- in the forwarding plane of different control requirements: SDN emphasis on hardware forwarding entirely by three, that is the premise of wire-speed port forwarding, you can control the depth to try to refine the application forward. SD-WAN is required for the transmission of the forwarding plane layer (Underlay) abstraction package requests, that is, SD-WAN established by the end of the logical links (physical or virtual) and a network (overlay) should be able to abstract way transmission resource is called, transmission overlay work should not involve underlay the complex transmission protocol processing. This simplifies the communication management and configuration.
- forwarding control target at different levels of control: SDN control objective is to ensure that the forwarding performance (within the range of LAN) within the global traffic (bandwidth) standards. SD-WAN control objective is to ensure (within the scope of the WAN) the global reliability of the traffic (QoS) and performance (bandwidth) standard, for SD-WAN transport network needs to be able to manage multiple (MPLS / SDH, Ethernet network, wireless, 4G / LTE, satellite communications, etc.), and dispatch these networks within range of global traffic forwarding service.
SD-WAN really what you want to achieve?
According to my own induction and understanding, SD-WAN really want to achieve is: make full use of means of communication (MPLS / SDH, Ethernet, wireless, 4G / LTE, satellite communications and other companies can use, as well as private and Internet), in order to "turn controlled separation", to achieve full targeted traffic QoS, routing control and global business strategy choreography.
Thus, relative to traditional WAN router network transmission scheme implemented, SD-WAN put forward a new realization of ideas on the following points:
- transfer control Separation: The already mentioned in the previous presentation SDN, SD-WAN differ only in the degree of separation, since the SD-WAN more concerned for forwarding control overlay layer, the control layer underlay more will be placed forwards level to achieve.
- Full-Domain Routing Control: SD-WAN largely as an alternative to the traditional dynamic routing protocol router. We know that the traditional dynamic routing protocol generally, and routing information exchange between routers in the area vote by gathering local and reachability information link QoS, dynamic routing to maintain local forwarding the actual forwarding control. Even the BGP protocol, but also by Route Reflector will focus on these routes up for distribution, specific routing decision, that is forwarded control is still done locally. The SD-WAN can simply considered a direct reunification maintain "a" global routing table, CPE / Edge devices only need to upload the local link information on its SDN Controller, and receives SDN Controller for its release on the routing table it, routing and forwarding control process is greatly simplified.
- unified QoS control: their own way compared to traditional local QoS policy control gateway and router device, SD-WAN QoS emphasis on analysis and implement unified centralized QoS policy distribution. CPE / Edge device local time reporting of data link information (which contains the characteristics of the link of the current network, including delay, Jitter, packet loss, and available bandwidth), SDN Controller unified analysis, the network administrator inputs into the respective target SLA species-specific business applications QoS definition - bandwidth, delay, Jitter, packet loss, the controller converts these requests routing policy corresponding to the edge device "instant" to select the optimal path to transmit the traffic. From another perspective, a unified QoS control is global routing judgments right strategy.
- Business Strategy choreography: "software-defined" feature SD-WAN rely mainly on "Strategies choreography" to reflect. Strategy, indicating that the SD-WAN for business applications, CPE / Edge equipment, link, network characteristics, SLA / QoS guarantee routing of control. Choreography, is under the jurisdiction of strategy and SD-WAN resources (eg, available Overlay link pool, overlay network characteristics, available underlay link pool, underlay link characteristics) mapping and association mode, simply put, is how to use business needs SD-WAN automated way to achieve the appropriate SLA targets. Since it is automated way, it means that SD-WAN of SDN Controller can spontaneously adjust those policies, use of resources under the jurisdiction of the fine degree of automation and the level of granularity of policy control, determines the SD-WAN service orchestration capabilities, but also SD-WAN is the actual implementation level.
How to identify genuine and fake SD-WAN product?
- Basic understanding of SD-WAN true meaning and context, we return to the original intention of this article: How to Tell SD-WAN products.
- just start talking about the article, SD-WAN has been no uniform definition, which caused many manufacturers of SD-WAN solution does not exist uniform evaluation standard, some manufacturers also take "fashion, rub heat", deliberately confusing SD-WAN technology concepts and programs in real intent, objectively hindered the healthy development of SD-WAN market. Had recently appeared in the industry, some manufacturers have been using the traditional MPLS backbone ××× fit inside the case of a simple implementation of pseudo-SD-WAN solution, what is more, even using L2TP + MPLS + SNMP solutions to clients that are SD -WAN joke.
- Because SD-WAN products and solutions are not exclusive and old technologies and products for integration, which brought a lot of trouble to distinguish between true and false. So I think, can be judged on this issue two ways:
- proceed from the fundamental features of SD-WAN discern
- summarizing judge from the external function point SD-WAN product of
the fundamental characteristics of the SD-WAN starting discern
this method is actually a test method, the reader needs to have a basic ability to analyze their own SD-WAN system, which is able to independently to each portion of SD-WAN system to inspect, to determine an SD-WAN system if there is doubt.
According to previous reports, I consider four fundamental characteristic of SD-WAN must have is: turn control separation, global routing, QoS control and unified business strategy orchestration capabilities. To this end, the reader may find in a SD-WAN system, whether they have the following characteristics:
- By examining the Controller to determine whether they have "turn controlled separation"
In this system, SD-WAN declared Controller, examine whether local traffic forwarding function completely separate. Because Controller SD-WAN system as a system of centralized control facilities, can be a separate dedicated device can also be deployed in the IDC server virtualization, application virtualization or an enterprise network center location. Therefore, we need to make sure that the Controller and all other traffic with local forwarding of SD-WAN equipment (CPE / Edge device) has a communication connection.
This study Controller has the ability to publish forwarding policy. Because the forwarding policy SD-WAN systems rely on three basic and three or more routing rules, so we need to make sure that Controller capable of generating such routing rules, and under the jurisdiction covers all of SD-WAN equipment (CPE / Edge Equipment ).
** At this point, we can confirm this basic fundamental Controller has a "turn-controlled separation" capabilities, but does not include open systems distinguish BGP, which requires the following steps.
- By examining CPE / Edge device further confirmation "turn control separation"
Investigate SD-WAN routing system of CPE / Edge device forwarding. Because SD-WAN systems Controller is responsible for updating the forwarding table to forward all devices in the domain, therefore, to determine the online CPE / Edge Controller device is completely dependent routing forwarding table to be updated on it.
- By examining the Controller and CPE / Edge determine whether it includes a device "global routing" capabilities
by selecting a link local CPE / Edge device is off, it is determined whether the link information will be reported to the Controller.
Controller examine whether this update their global policy table, and update the forwarding table multiple CPE / Edge devices.
The end of this process two CPE service connection (such as video playback) on / Edge device should not be interrupted.
- to determine by examining Controller and CPE / Edge devices whether they have "unified QoS control"
necessary to introduce at least two continuous flow of business (for example, two video players) in the SD-WAN systems, in order to express different levels of QoS strategy brought results.
The introduction of new systems SD-WAN transmission link (preferably a new link type), setting a new QoS policy, wherein the front and associated with a traffic of the QoS policy.
Cut off the original transmission link, you should be able to see the effects of different QoS policies for the transmission of traffic changes. (Specific strategies depend on the specific experimental method).
- By examining the Controller to determine whether they have the ability to schedule business strategy
examine the scope of the Controller of the resource list covered.
Controller examine this kind of policy types covered.
This study Controller resource organizer (different manufacturers have different names) will cover the contents of these two aspects.
** Accordingly, we basically have to determine whether this Controller business strategy orchestration capabilities, specifically the ability to determine the size you need another.
When this system through the above investigation and testing, we can have a good chance of think that this system is a system of SD-WAN.
Judging from the external function to summarize the point SD-WAN products
because people do not have the opportunity to come into contact with a SD-WAN systems, typically only have access to the promotional materials of the SD-WAN systems and partial list of features, can by judgment of these text messages get conclusion? Here I try to give a basic SD-WAN list of system functions (Abloomy), assist the reader to judge:
- Remote sites / branch offices can take the initiative to access business applications via public or private WAN.
- Support branch site backup device and a plurality of WAN link aggregation
- SD-WAN controller supports single / double cluster, virtualization deployment.
- Support for dynamic adjustment of flow across private and public WAN path based unified application strategy, and controls on the transport and application layer (increase or decrease) the performance of WAN services.
- Traffic running state support centralized visualization and real-time management of business-critical applications, and can control the priority ordering them.
- Support branch site equipment zero-touch deployment (ZTP), on the basis of directly connected virtually without any configuration changes, ensure agility configured and deployed.
- Supports centralized policy configuration, guaranteed bandwidth allocation, real-time priority automatic sorting and selection of links.
- Support performance requirements (bandwidth, delay, jitter, packet loss) predefined template-based business applications.
- Support WAN optimization.
- Support AAA (authentication, authorization and accounting), to support RADIUS, LDAP, or the like AD.
- Support IPsec and SSL ××× have the same level of link security attributes.
- The device supports local branch site or in the cloud-based service orchestration NFV, and support packet capture and decoding capabilities (DPI) and firewall functions.
- Support role-based access control function / multi-tenant (the same layer / hierarchical)