Beyond SD-WAN: Network-Aware Orchestration

Featured article by Dr. Stefan Dietrich, Vice President of Product Strategy, Glue Networks Inc.

It is becoming increasingly harder to maintain network reliability and consistent service levels across the organization. The adoption of cloud services, business application-focused requirements and evolving security policies require IT organizations to continuously deploy configuration changes.

The common approach of either manually performing necessary changes or simply replacing the complete device configuration, rebooting and hoping it will function, creates unacceptable risks and potential network interruptions. Therefore, enterprises are looking for better ways to automate the management of their networks through leveraging existing capabilities to optimize performance and reducing operational risk through standardization and best-practice architectures.

The Convergence of SDN and WAN

To manage the complexity of today’s networks, software-defined networking (SDN) has become popular. Its goal is to provide network configuration management via software to make a network more agile and adaptable. With SDN, all network configurations are stored and managed centrally, and devices can be reprogrammed as needed on the fly, simplifying hardware infrastructure and administrative overhead. This allows enterprises to free up network expertise from mundane tasks and to refocus on business-critical optimization tasks and enables smaller organizations without deep networking engineering expertise to implement much more sophisticated network architectures.

SDN began in data centers and performed well at automating network management. In addition, network functions virtualization (NFV) replaces many physical network devices by their virtual counterparts running on commodity hardware. This increases the capabilities to custom program, scale and chain network services to anticipated needs, especially for complex services such as load balancing, firewalling, intrusion detection and WAN acceleration.

Data center complexity was already difficult to manage, and that’s with technology chosen by the enterprise; WAN connectivity provides an additional layer of complexity. Network services are bought from service providers who use their own architectures and technologies that may vary by location. Many businesses have also started to roll out VPN solutions over Broadband Internet as cost-effective replacements for private MPLS lines for almost all business applications, save for those that are the most sensitive and business-critical.

IT organizations can now use SD-WAN to create a transparent logical enterprise IP network across service providers’ technologies, architectures and service offerings. They can add advanced network features such as application-based traffic routing or custom security provisions meeting strict compliance requirements and optimizing use of existing network capabilities while maintaining SLA. By logically untangling the existing mesh of legacy WAN networks, cost savings can be realized from leveraging Broadband Internet and cellular data as cost-effective alternatives to private circuits on a global scale on one simplified overall architecture. However, managing such a network on top of various underlying network architectures—at scale—remains difficult, and SD-WAN overlay networks per se cannot address physical poor-performing WAN connections; hence, ensuring a well-managed underlying network architecture at the same time is key.

Applying SD-WAN

Vendors have taken various approaches to SD-WAN:

– Controller-based solutions that can auto-discover and configure network devices

– Appliance-based overlay solutions that create a virtual IP network between the vendor’s appliances across any network, combined with vendor-specific management tools

– Advanced automation and change control solutions that enable and manage SD-WAN and the underlying infrastructure by leveraging existing hardware

Each approach has its benefits and drawbacks. Overlay solutions are attractive for many because they can be deployed quickly, but they may lack sufficient customizations or create additional complexity for troubleshooting. Controller-based solutions work effectively when environments are highly standardized. Network automation and change control solutions can address high customization requirements but may need additional time for implementation.

Questions of Performance

Moving from a tradition network to a fully automated and integrated SD-WAN network is challenging. Existing change control mechanisms are often ill-equipped to handle the complexity during transition. Especially with manual processes involved, configuration mistakes are unavoidable, and even the most elaborate testing may not find rare conditions that only reveal themselves when the network is under load at the most critical times.

It’s been difficult historically to independently or formally validate and verify networks. While computer code can be validated through notational or operational semantic methods to ensure correctness for all possible conditions, such analytical approaches are unpractical for business use, given frequently changing customization requirements.

Therefore, enterprises are looking for network automation that will not only provide the capabilities to implement and maintain a logical IP network but also the capabilities to manage the underlying infrastructure, implicitly verifying and validating implemented architectures, detecting hidden dependencies and understanding the full impact of any change.

Bringing Awareness to Orchestration

It is true that all SD-WAN solutions create logical IP networks that make their management easier. However, to ensure that the network will perform optimally, they must also provide the next level of operational capabilities such as network-aware orchestration, with functionality that can:

– Monitor the configuration state of all devices in the network

– Provide built-in, proven, best-practice architectures for initial provisioning

– Understand the network impact of any change (“network-aware”)

– Apply changes with minimal impact (e.g. avoid unnecessary reboots)

– Apply changes “in concert,” understanding architectural dependencies

– Resolve any hidden dependencies automatically when possible

– Validate changes have been successfully applied or revert when needed

– Limit direct manual access through a verifiable audited interface

Verification and validation of the network can be performed when such advanced management and automation are in place. This provides a solution that the network is in fact correctly configured and that, for example, any non-authorized manual changes are proactively detected and remediated swiftly.

Shifting Gears

Though the focus may at first be on the technical challenges of moving from traditional networking to SDN, it is also a significant cultural and organizational challenge. Nearly everything will change: initial network provisioning; configuration and change management; troubleshooting procedures; performance monitoring; and security, compliance and audit validation and verification.

More standardization and simplification across the network will bring increased requirements for specific customization when needed. Software developers need to align closely with network operations staff to understand in detail the requirements to be implemented, addressing specific operational needs. This approach, generally referred to as “DevOps,” has already proven to deliver faster time to market, better customization, fewer failures and more rapid recovery from negative events or misaligned changes.

Delivering Agility and Change

Complexity will escalate with the growth of enterprise WANs. The ability to implement an SD-WAN solution that provides not only the technical ability to create a logical IP network but also related network automation and change management capabilities on the underlying network are critically important to ensure that the network will perform under critical loads.

SD-WAN brings tremendous benefits, but it also brings a seismic shift in culture. This will require not only new management tools but a new DevOps way of viewing network management as a whole. Orchestration must be network-aware to ensure optimal performance and the deployment of configuration changes with minimal impact.

About the Author

Dr. Stefan Dietrich brings to Glue Networks more than 20 years of experience defining innovative strategies and delivering complex technology solutions. Before joining Glue Networks, Stefan was Managing Director of Technology Strategy at AXA Technology Services, introducing advanced new technologies to AXA globally, and held senior IT management positions at Reuters and Deutsche Bank. Stefan received a Ph.D. in Aerospace Engineering and Computer Science from the University of Stuttgart and served as a Postdoctoral Fellow and faculty member at Cornell University.