Everyone in the SD-WAN solutions business frequently faces buzzword confusion when interacting with customers and partners learning about these newer concepts and technologies. It’s helpful first to define the four terms, before proceeding to a discussion of how they are related to one another, and what they all mean to your network.
SDN and SD-WAN
A Software-Defined Network (SDN)—defined by the Open Networking Foundation (ONF)—is an architecture physically separating the network control plane (decisions about traffic) from the forwarding plane (the actual traffic). SDN moves network control into software, where it becomes directly programmable and able to respond quickly to changes—in configuration and in policy. The SDN concept also abstracts applications and services away from the underlying infrastructure.
The SDN architecture applies to all types of networks: internal to an enterprise; internal to a service provider or cloud provider; to span multiple service providers; to link enterprises to the cloud; and, particularly pertinent here, to tie together several enterprise business locations—in short, for wide area networking (WAN).
A Software Defined Wide-Area Networks (SD-WAN) applies the five basic SDN architectural principles to a WAN network, and then extends them in innovative ways to address the practical realities of WAN networks, such as minimizing delays over long distances between nodes and providing predictable service quality over often unpredictable links.
Principle #1—Directly programmable: SDN architecture decouples the control and forwarding network elements. In an SD-WAN implementation, where the physical distance between the control element and the forwarding element can be thousands of miles, local forwarding decisions are contextualized based on a combination of observed local conditions (for example, link quality) and the most recent communicated centralized policies. Local forwarding continues even if the distant control element is out of contact.
Principle #2—Agility: The SDN architecture abstracts functions into software so that changes in policy and new functionality improvements can be rapidly iterated independent of the network hardware and physical infrastructure. An SD-WAN implements software forwarding capability to take into consideration both centralized policy objectives as well as real-time network quality observations. The flow of data (its routing, priority, security) supporting an application thus becomes independent of the underlying network transport (wired Ethernet, Multiprotocol Label Switching (MPLS), wireless, cellular, or a public Internet link).
Principle #3—Centrally managed: The SDN architecture contains a central controller to provide a consistent network view of policy and configuration. SD-WAN orchestration allows simple centralized policy and configuration control, as well as network-wide status and analytics. The implementation extends the “central controller” concept to allow continued operation of any network node even in the absence of (or in addition to) instructions from the controller to ensure maximum uptime, optimized data delivery, and to meet service level guarantees.
Principle #4—Programmatically configurable: The SDN architecture prescribes a controller-agent model. SD-WAN technology implements Rest APIs to allow the “controllers” in the network to interact with distributed network nodes and services.
Principle #5—Based on open standards: SDN architecture is based on OpenFlow. WAN software and services are less standardized than SDN, but work is continuing to allow increased vendor interoperability by using common off-the-shelf x86-based hardware and virtual machine (VM) hosted operating environments.
Legacy MPLS connections, while reliable and secure, have proved expensive and slow to provision or reconfigure. The transport-independent SD-WAN architecture allows you to implement a WAN using a variety of link technologies, including MPLS, but more-agile technologies such as Internet broadband, wireless and cellular (LTE, 5G)—much quicker to install and often at much lower cost.
SD-WAN technology additionally offers cost-effective increased bandwidth (adding more low-cost links) to branch offices, transport-independent security (securing application traffic flows over Internet or public links) and increased performance and reliability through a variety of optimization and on-demand remediation technologies.
An SD-WAN is a very practical, compelling, cost-effective technology to enterprises and service providers—based on standards-based SDN concepts—to replace or augment CE equipment at remote sites, integrate new network services, virtualize services, load-share over multiple links of any type, provide dramatically simplified configuration and policy management, and optimize real-time application performance.
NFV and VNF
The terms are frequently used—inaccurately—as interchangeable. The concepts are distinct, yet related: Network Functions Virtualization (NFV) is an ETSI-inspired architecture specifying how to run SDN functions independent of any specific hardware platform. A Virtualized Network Function (VNF) is the implementation of a specific network function (think routing, firewalling, intrusion prevention) as a virtual service.
The “virtualization” part of both NFV and VNF denotes that network functions are written in a generalized manner independent of the underlying hardware or firmware of the physical network devices. VNFs can run in any VM environment (a server or host platform, or IaaS) in the branch office, cloud, or data center. This architecture allows network services to be inserted in an optimal location to provide appropriate security (for example, a firewall in an Internet-connected branch office, rather than requiring an MPLS link and backhauling traffic to the data center to be firewalled), and optimized application performance (traffic can follow the most direct route between the user and the cloud-based application using a VNF for security or traffic prioritization).
In a VM environment, several VNFs may run simultaneously—isolated from each other, standards-based, and can be independently changed or upgraded.
An SD-WAN Ties Together SDN, NFV and VNF
The agility of an SD-WAN derives from both the SDN and NFV architectures. SDN-based separation of the control and data planes allows simple, consistent policy control and network-wide status, while actual data flows are handled distributed and in the context of local conditions. The concept of NFV delivers agility in that network services can run independent of location or hardware platform. They can therefore be inserted quickly into the exact location where they are needed without replacing or purchasing hardware, without IT visits to remote sites, and without wasting bandwidth and impairing performance by hair-pinning traffic through distant sites because that is the only network location that has a specific service, such as a firewall, available.
A core advantage of an SD-WAN over traditional WAN technology is to quickly roll out new services and locations. From the central orchestrator, VNFs can be downloaded and inserted into any network location, and new branch office equipment can be installed, configured and brought online at the remote site “zero-touch” without any IT staff being present.
The combination of SD-WAN and NFV technologies offers a powerful way to build flexible, agile, cost-effective, WAN services to your branch offices and remote sites, specifically:
• An SD-WAN provides agile connectivity and policy-based service chaining, while NFV dynamically creates the services.
• SD-WAN architecture simplifies branch deployment, while NFV simplifies the insertion of services into those branches.
• An SD-WAN optimizes end-user access to cloud services, while NFV allows you leverage cloud services or moving VNF services and applications into the cloud.
Four Technologies, One Service
The plethora of acronyms in the networking arena can be overwhelming. In summary:
• SDN, Software-Defined Network is a standards-based architecture separating a network’s control plane from its forwarding plane, thereby allowing cohesive, centralized, software-based control over distributed forwarding decisions.
• SD-WAN, Software-Defined Wide Area Network is a specific and extended implementation of an SDN to craft a wide-area network to connect branch offices to data centers and cloud services, offering many advantages over traditional WAN technologies.
• NFV, Network Functions Virtualization is the architectural specification of how to design network services such that they can be hosted in a virtual machine environment.
• VNF, Virtual Network Function is the implementation of an actual network service (such as firewalling or malware inspection) within the NFV architecture.
Michael Wood is vice president of marketing for VeloCloud Networks, responsible for worldwide marketing, revenue generation, channel and sales enablement and communications.