More and more organizations are looking to apply software defined networking (SDN) concepts across their enterprise WAN, beyond the cloud and data center, to improve network and application performance while reducing the management overhead across remote sites and branches. While having a software-defined WAN (SD-WAN) can provide a myriad of benefits to both service providers (on-demand VPN offerings, e.g.) as well as enterprise customers (for their own branch network management), there is one primary use case or business driver that leads organizations to deploy SD-WAN: optimizing multiple WAN connections for cost and performance in real-time.
Optimizing MPLS and Internet broadband WAN links is sometimes called “Hybrid WAN”. Because that’s the sole capability provided by some vendor products, that term is sometimes used interchangeably with “SD-WAN” (but fans of Nuage Networks know that SD-WAN can be so much more J). Within the Nuage Networks Virtualized Network Services (VNS) platform, we refer to this capability as “Application Aware Routing”, or AAR. In the context of SD-WAN, AAR is the intelligent forwarding of application traffic across the enterprise WAN ensuring that pre-defined, per-application performance metrics, or service level agreements (SLA), are persistently met at the lowest achievable costs. And as with SDN, the real-time optimization and performance guarantees are adjusted automatically, based on centrally managed policies in the SDN (or in this case SD-WAN) controller. In other words, AAR delivers policy-based automation of performance management and WAN link optimization.
The Nuage Networks VNS implementation of AAR is based on the combination of three main functions:
- Application Discovery: identification and classification of network traffic coming into the access ports of a NSG on a per-application basis using: – Signature-based L7 classification (e.g. Skype, Facebook, Google, etc.) using a library of 1400+ signatures – Custom classification based on source/destination IP address, source/destination L4 ports, L4 Protocol (TCP/UDP)
- Network Performance Measurement (NPM): measuring and reporting health metrics (i.e., packet loss, jitter and latency) of uplink network connections using performance monitors, with a specified network profile (service class, payload size, traffic rate), to measure path performance.
- Application Policy and Visualization (APV): enables application flows to be switched to another path, if the performance (Latency, Jitter, and Packet Loss) of an uplink degrades beyond the thresholds specified in the Application’s policy.
Many SD-WAN vendors apply a brute-force approach to monitoring all WAN paths continuously, with a number of resulting trade-offs. VNS, however, has designed performance monitoring to achieve greater scale, while balancing accuracy, traffic overhead and resource demands.
Depending on the WAN topology, VNS supports an open performance monitoring protocol, One-Way Active Measurement Protocol (OWAMP). This multi-vendor protocol for measuring network performance between any two compliant devices analyzes round trip time (RTT). Depending on the network requirements and deployment scenario, VNS supports full mesh analysis, hub-spoke connections, third-party probes and responders, or any available cloud-based responder (e.g., Google). (See Figure below, showing Nuage Networks Network Service Gateway (NSG) devices as prototypical connections).
Along with link performance, identifying application traffic is critical in AAR to make the right SLA and link utilization choices. There are a number of sub-scenarios for determining application types involved. For example, initially it may be important just to identify what applications are running at the site. For this, the NSG can be placed in “discovery” mode to identify applications from deep packet inspection, or custom definitions (perhaps for internal enterprise apps). Application analysis and recognition can be triggered by the first packet or on a scheduled basis (known time of application initiation). Other network traffic attributes may be available to identify application type as well.
Once applications have been identified, different policies can be applied, such as applying QoS metrics for known applications between known sites/systems. For example, videoconferencing between two sites may desire the cheapest WAN path available, accepting a little data loss or jitter. VoIP traffic, however, where only one system or node may be talking to a large number of unknown destinations, may desire higher quality connection, but assuming much lower bandwidth. Each of these policy scenarios can be easily represented in the SD-WAN controller and implemented throughout the WAN network.
The Nuage Network Services Gateway (NSG) is an ideal WAN gateway appliance for both very small branches and remote sites, as well as large data centers requiring multiple 10G connections. The NSG can be deployed on dedicated hardware depending on scalability requirements, or as a virtual appliance on commodity server hardware. Once packets arrive at the NSG, traffic classification identifies the application, if necessary, and compares it to the required performance policies and SLAs. The VNS Performance Monitoring agent monitors the various hybrid WAN links and compares them to expected performance for the incoming application types, routing the traffic to the right link to optimize costs. The decision is often between dedicated MPLS VPN links versus lower cost Internet provider links. All the policies are configured in the Nuage Networks Virtualized Services Directory (VSD), one of the main SDN/SD-WAN controller components, according to application groups, SLA, etc.
The end result is a highly scalable hybrid WAN link optimization solution with flexibility to define policies that align with business needs. Beyond Application Aware Routing, VNS also automates the provisioning and configuration of remote site equipment (customer premises equipment, or CPE) for rapid on-boarding, as well as reducing overall costs with a flexible CPE device model, whether it’s a dedicated appliance or virtual software running on commodity x86 hardware. Making it an ideal SD-WAN++ solution for both enterprises and service providers offering flexible on-demand VPN services to clients.