Legacy networks with monolithic and inflexible architectures are failing to meet the current and future needs of enterprise organizations. The adoption of cloud services, business application-focused requirements and evolving security policies require IT organizations to continuously deploy configuration changes. The common approach of either manually performing necessary changes or simply replacing the complete device configuration, rebooting and hoping it will function creates unacceptable risks and potential network interruptions.
Manual processes are simply too expensive and time consuming. IT governance suffers and the organization struggles to maintain consistent service levels across all lines of business. Therefore, enterprises are looking for better ways to automate the management of their networks by using existing capabilities to optimize performance and by reducing operational risk through standardization and best-practice architectures.
What organizations need is network-configuration management via software to make the network more agile and adaptable, and that is what software-defined networking (SDN) promises to do. With SDN, all network configurations are stored and managed centrally, and devices can be reprogrammed as needed on the fly, simplifying hardware infrastructure and administrative overhead. This approach allows enterprises to free up network expertise from mundane tasks and to refocus on business-critical optimization tasks, and it enables smaller organizations without deep network-engineering expertise to implement much more sophisticated network architectures.
SDN first proved its mettle in the data center, demonstrating the advantages of developing software to automate network management. In addition, network functions virtualization replaces many physical network devices with virtual counterparts running on commodity hardware. Doing so increases the capabilities to custom program, scale and chain network services to anticipated needs, especially for complex services such as load balancing, firewalling, intrusion detection and WAN acceleration.
As enterprise networks have become more complex, just managing them is difficult enough; WAN connectivity adds another layer of complexity. Network services are bought from service providers who use their own architectures and technologies, which may vary by location. Many businesses have also started to roll out VPN solutions over broadband Internet as cost-effective replacements for private MPLS lines in almost all business applications, save those that are the most sensitive and business critical.
A transparent, logical enterprise IP network is now possible via SD-WAN across service providers’ technologies, architectures and service offerings. Network architects can now add advanced network features such as application-based traffic routing and custom security provisions meeting strict compliance requirements and optimizing use of existing network capabilities while maintaining SLAs. By logically untangling the existing mesh of legacy WANs, companies can realize cost savings by using broadband Internet and cellular data as cost-effective alternatives to private circuits on a global scale, all through one simplified overall architecture. But managing such a network on top of various underlying network architectures—at scale—remains difficult, and SD-WAN overlay networks per se cannot address physical WAN connections that are poorly performing. Hence, ensuring a well-managed underlying network architecture at the same time is critical.
SD-WAN Three Ways
Three main types of SD-WAN vendors are in the market. In general, they can be classified as follows:
- Controller-based solutions that can auto-discover and configure network devices
- Appliance-based overlay solutions that create a virtual IP network between the vendor’s appliances across any network, combined with vendor-specific management tools
- Advanced automation and change-control solutions that can enable and manage SD-WAN and the underlying infrastructure using existing hardware
Overlay solutions are attractive for many because they can be deployed quickly, but they may lack sufficient customizations or may add complexity when troubleshooting. Controller-based solutions work effectively when environments are highly standardized. Network automation and change-control solutions can address high customization requirements but may need additional time for implementation.
Changing over from the current state to the fully automated and integrated SD-WAN of the future is challenging. Existing change-control mechanisms are often ill equipped to handle the complexity during transition. Especially when manual processes are involved, configuration mistakes are unavoidable, and even the most elaborate testing may fail to discover rare conditions that only reveal themselves when the network is under load at the most critical times.
A major difficulty is the formal or independent verification and validation for networks. Although computer code can be validated through notational or operational semantic methods to ensure correctness for all possible conditions, such analytical approaches are impractical for business use, given the frequently changing customization requirements. Therefore, enterprises are looking for network automation that will provide not only the capabilities to implement and maintain a logical IP network but also the capabilities to manage the underlying infrastructure, implicitly verifying and validating implemented architectures, detecting hidden dependencies and understanding the full impact of any change.
Orchestration Must Be Aware
A characteristic of SD-WAN solutions is that they create logical IP networks and make their management easier. But to ensure that the network will perform optimally, they must also provide the next level of operational capabilities such as network-aware orchestration, with functions that can do the following:
- Deliver built-in, best-practice architectures for initial provisioning
- Control direct manual access through a verifiable audited interface
- Recognize the network impact of any change (“network-aware”)
- Apply changes “in concert,” understanding architectural dependencies
- Resolve any hidden dependencies automatically when possible
- Avoid unnecessary reboots and so on by applying changes with minimal impact
- Monitor the configuration state of all devices in the network
- Verify that changes have been successfully applied, or revert when needed
These automation and management capabilities enable additional verification and validation of the network, providing a solution that demonstrates that the network is in fact correctly configured and that, for example, any unauthorized manual changes are actively detected and swiftly remediated.
Moving Toward DevOps
Moving from traditional networking to SDN is certainly a technical challenge, but it’s a cultural and organizational challenge as well. Nearly everything will change: initial network provisioning; configuration and change management; troubleshooting procedures; performance monitoring; and security, compliance and audit validation and verification.
There is another consideration as well: increasing requirements for specific customization when needed, because SD-WAN will simplify and bring more standardization across the network. Software developers need to align closely with network-operations staff to understand in detail the requirements to be implemented, addressing specific operational needs. This approach, generally referred to as “DevOps,” has already demonstrated faster time to market, better customization, fewer failures and more-rapid recovery from negative events and misaligned changes.
A More Agile Network
As enterprise WANs become more commonplace, network complexity will increase. The ability to implement an SD-WAN solution that provides not only the technical ability to create a logical IP network but also related network automation and change-management capabilities on the underlying network are vitally important to ensure that the network will perform under critical loads.
Making this transition requires more than technical understanding. Switching to SD-WAN necessitates significant cultural changes as well. New tools are needed to manage the service-provider network technologies on the WAN; various solutions exist, yet most are missing a layer to orchestrate new features and policies in a standardized, automated and replicable manner while providing sufficient customization to meet enterprise-level requirements. The ability to orchestrate and automate existing and future physical and virtual devices or nodes will prove critically important for transitions between the current and future state of the network.
About the Author
Dr. Stefan Dietrich brings to Glue Networks more than 20 years of experience defining innovative strategies and delivering complex technology solutions. Before joining Glue Networks, Stefan was Managing Director of Technology Strategy at AXA Technology Services, introducing advanced new technologies to AXA globally, and he held senior IT-management positions at Reuters and Deutsche Bank. Stefan received a Ph.D. in Aerospace Engineering and Computer Science from the University of Stuttgart and served as a postdoctoral fellow and faculty member at Cornell University.