Blog

Pervasive Network Visibility for SD-WAN Deployment

Yigal Amram By: Yigal Amram January 28, 2019

In contrast to the other components of enterprise networks, the wide-area network (WAN) stands out as the most demanding to administer because it often includes a variety of services and devices with most of those devices at unsupported sites. Management and upgrading is difficult; often remote access to WAN devices is only possible via the WAN itself, so resolving any major errors made during an upgrade may demand physical access to the device itself.

At the same time, the need to evolve and transform the enterprise WAN has never been greater. Application usage and targets are shifting as more applications are relocated from enterprise datacenters and enterprise administered networks; bandwidth requirements are increasing rapidly as enterprises leverage high-speed broadband for retail stores or branch offices; regulatory and security requirements have been evolving; and new technologies have emerged that enterprises want to incorporate into WANs, including disruptively inexpensive broadband internet connectivity and cellular wireless data links.

Enterprise adoption of software-defined wide area networking (SD-WAN) provides a unique opportunity for Service Providers (SPs) to address enterprise WAN challenges. A key outcome of this trend is the use of network function virtualization (NFV)-based SD-WAN virtual customer premises equipment (vCPE). The business value of vCPE is driving significant market growth, with analyst firm IDC projecting the worldwide vCPE infrastructure market to grow to over $3 billion by 2021, a major driver of which is the projected growth in SD-WAN implementations.

What is Software-Defined Wide Area Networking (SD-WAN)?

The outcome of SD-WAN deployment in an enterprise network is the network architecture shown below in Figure 1. Now, instead of dedicated hardware at each location, there is a connection to a provider’s SD-WAN appliance. The SD-WAN appliances use open vCPE hardware to run NFV-based applications such as traditional VPN, router and firewall functions.

SD-WAN deployment

Commodity hardware running virtualized network functions (VNFs) now replaces all of the network’s purpose-built WAN devices. The fact that different carriers may be providing physical connectivity in a specific location is transparent to the users and administrators of the SD-WAN. A management console provides administrators with “a single pane of glass” for managing and monitoring the functioning of the SD-WAN across the entire network.

SD-WAN Benefits

Using an SD-WAN, the current enterprise WAN network may continue to be used for data transport as new, NFV-based devices are added at the enterprise network edge. The network is improved in terms of management agility by the centralized and automated management of the new edge WAN networking layer.

There are a range of potential benefits of an SD-WAN architecture.

  • Capability to combine logical WAN links: Data replication techniques such as forward error correction can be used when link packet loss requires them and traffic can be spread across multiple paths for higher throughput.

  • Optimization of physical resources: Adding intelligence at the edge and utilizing a central controller improves optimization of resource usage well beyond what is possible with existing networking capabilities.

  • Automation of standard tasks: An SDN system can bypass many of WAN administration steps by incorporating standard designs and best practices within the automation.

  • Handles regulatory requirements within the network: With an SD-WAN, the issues of regulatory compliance and when and what encryption must be used to protect the transmission of sensitive data can be largely managed within the network.

How Network Visibility Meets SD-WAN Deployment Challenges Visibility

According to a report by Gartner, a network outage lasting only a single hour can cost a business more than $300,000, depending on business size. Every enterprise evaluating SD-WAN has to evaluate their plans in light of a key question: How may network reliability be impacted by migrating to an SD-WAN?

A key imperative is for the SD-WAN deployment to be rigorously assessed in order to ensure the five-nines reliability required by business-critical applications. Guaranteeing availability and maintaining security of the SD-WAN enabled network is vital due to the cost of enterprise network downtime. In addition, the success of SD-WAN deployment depends on validation of the network design and ongoing operations. The validation testing needs to span the full gamut from data transmission to application protocols layers.

Effective network visibility plays an essential role during SD-WAN pre-deployment as well as for monitoring network performance and availability during the post-deployment phase.

  • Prior to SD-WAN deployment, full visibility into the current environment including devices, users, and key applications with performance metrics is critical. The goal is to have a baseline in order to quantify the value-added provided by SD-WAN deployment.

  • During SD-WAN deployment, network visibility is required to verify that actual operation performs as anticipated as rapidly as feasible after the switch-over. Typically, deployment phase validation includes confirmation that planned policies are being adhered to by the SD-WAN controller and that key applications meet performance expectations.

  • During ongoing SD-WAN operations, complete network visibility also plays a critical role in nonstop monitoring of the network environment, including discovering SD-WAN controller policy exclusion outcomes, reducing application performance issues quickly, and continuous optimization of network performance.

Niagara Networks for Pervasive SD-WAN Network Visibility

Without full network visibility during SD-WAN deployment planning, validation, and operational phases, network administrators have limited insight into SD-WAN effectiveness including if application performance and network availability goals are being met as planned.

The enduring architecture of an SD-WAN network requires network administrators being able to to “see” clearly at all times what’s happening across the enterprise network -- and then take appropriate action. Such full visibility, usually referred to as Pervasive Network Visibility, is based on having the right set of tools and devices distributed across the network topology, continuously monitoring and inspecting the WAN data traffic, collecting and analyzing data, and sending relevant notifications – as needed.

Niagara Networks offers a broad range of industry-leading network visibility solutions and tools including network taps, network packet brokers (NPBs), and bypass switches. These are complemented with virtual taps that can be deployed on virtual machines of the SD-WAN. Traffic from the virtual taps can be aggregated to form an integrated visibility view. Please contact Niagara Networks technical specialists on how to deploy a visibility layer in key network access points to empower network IT with the appropriate tools and features to handle SD-WAN-based performance and availability challenges.

How to monitor your network traffic with no impact - get the white paper