What to look for when choosing an SD-WAN solution

Software-defined wide-area network, commonly referred to as SD-WAN, is an evolution of wide area networking concepts that have been in use in enterprise for the past two decades. It is important to consider not only core features provided by SD-WAN, but emerging features and legacy integrations when identifying the SD-WAN solution right for your organization.  

Organizations mainly used leased lines from service providers to interconnect traditional WAN locations to central data center hubs. Traffic flowed from a remote spoke to a central hub to reach applications, services and public internet available in the central locations. 

The hub-and-spoke design concept was a suitable model for years as organizations became more interconnected, thanks to the ability to centralize services in a few core locations. 

Over the past few years, applications started to become widely available outside of the centralized hubs due to proliferation of cloud-based applications provided as a service that could be consumed using standard Internet access. Traditional WAN architectures became a performance bottleneck for the new application models. 

SD-WAN technology was born to solve these new challenges. The first generation of SD-WAN solutions provided a new foundation of features for WAN architecture improvements. 

The foundational features of SD-WAN offerings include transport independence, application visibility, path intelligence and centralized management. 

The concept of transport independence is not new; network engineers have been encapsulating traffic for years. SD-WAN expanded on this concept by making the IPSec protocol a core component of the architecture. This provided the ability to create a virtual network, or overlay, on top of any service provider or connection and generate greater flexibility in introducing commodity connectivity, such as broadband access, into remote locations. 

Application visibility and path intelligence are also possible due to overlay technology, as well as the fact that load balancing across connections has become standard. Users of an SD-WAN solution have the ability to build policies based on an application type and performance requirements, and path monitoring allows for business-critical applications to be routed across any available connection that meets policy definition.

Finally, SD-WAN provides centralized management. Gone are the days of configuring hundreds of routers using a CLI interface. 

Central management allows for common templates to be developed based on site type reducing the variations of configurations that were deployed in the WAN. The central management tools also have Application Programming Interfaces (APIs) that allow for customizable automation that can be accessed using HTTP-based RESTful interactions.

More recent additions to the SD-WAN feature portfolio include integrated security and optimizations for integration with cloud connectivity. Furthermore, SD-WAN comparisons have expanded to include legacy integrations, ensuring a smooth transition without disruption to the operations of the organization.

Why WWT's labs

The WWT Advanced Technology Center (ATC) is an interactive showcase representing the best technology companies in the world. The ATC offers a multi-vendor environment where customers can validate and compare solutions real-time, with access to the latest technologies though demonstrations, trainings, on-demand labs and education offered by our team of engineering experts. 

Recently, the network solutions team has been laser focused on developing hands-on capabilities around three leading SD-WAN vendors— Cisco SD-WAN (Viptela), Silver Peak and VMware SD-WAN by VeloCloud— so we can help our customers choose the best solution for their unique environments.

Our on-demand lab environment gives you broad hands-on exposure to the leading SD-WAN vendors. Accompanying the labs are demo videos that are a great way to explore the lab and get a feel for the overall solution – or you can use them after you have completed the lab to validate your learning or answer any questions if you get stuck along the way.

Since there are multiple leading vendors in the SD-WAN space, the WWT engineering team built these self-service lab environments so WWT, customer and partner engineers can learn critical components of building, troubleshooting and operating a product based on requested test cases, but in a protected virtual environment. Our labs are up to date with the latest code and support the newest technology trends.

Example use case: WWT SD-WAN Foundations Labs

The WWT SD-WAN Foundations Labs are the perfect environment in which to start your journey to SD-WAN. However, it is also perfect for advanced users wanting to explore on their own or even replicate aspects of their production deployment for validating changes prior to rolling them out. For users new to SD-WAN, an accompanying lab guide and videos offer guidance on how to build core components of the fabric. At the end of each module is a challenge to help reinforce learning concepts. This is the perfect environment in which to train staff on different SD-WAN vendors before deploying one in your network.

SD-WAN users further along in their journey are free to build and test anything they would like to in this consequence-free environment. For example, users wanting to experience the software upgrade or downgrade process can download software to the provided jump host and go through upgrading the entire fabric. Additionally, users can explore various control, traffic, or application policies based on their own network and determine the cause and effect of any proposed changes before deploying it. Finally, for those exploring APIs, this environment is perfect to learn the REST calls to develop highly automated infrastructure.

Use cases for interacting with the SD-WAN Foundations Labs are endless. From learning the solution for the first time to testing core functionality and exploring advanced scenarios, the WWT SD-WAN Foundations Lab can handle pretty much anything!

SD-WAN lab set-up

The SD-WAN on-demand labs are available by navigating to the Explore >> Networking >> Software Defined WAN (SD-WAN) topic page at https://www.wwt.com. The topic page provides access to our latest content including our on-demand labs, videos, articles and more.

A screenshot of a cell phone

Description automatically generated

Figure 1: SD-WAN labs available at wwt.com

Once you complete a short registration process, you will have access to the on-demand lab capabilities. The Cisco SD-WAN (Viptela) Foundations Lab is shown below. The lab can be accessed by clicking the 'Launch Lab' icon. 

A screenshot of a cell phone

Description automatically generated

Figure 2: Cisco SD-WAN (Viptela) Foundations Lab Launch Site

Once the lab is launched, you can access the environment using the links for the lab guide and the RDP connection to the management workstation. This workstation provides access to the SD-WAN management dashboard as well as connections to workstations that are located at each branch site. Please refer to the lab guide for details about the specific environment.

The purpose of the SD-WAN Foundations Labs are to help you develop proficiency in deploying, managing and monitoring the various SD-WAN solutions. These capabilities are a standalone virtual environment that provides full administrative access to all devices. The labs can be used for exploration or self-study for a variety of topics.

The SD-WAN Foundation Labs are built using a network topology that consist of a single data center with dual routers and three branch sites. Branch 1 has dual routers, while branches 2 and 3 have a single router with dual WAN connections. There is simulated WAN connectivity for both MPLS and Internet connections that even provides access to the public Internet. A traffic impairment tool allows for the user to test policy by interjecting delay, latency and/or loss on a particular connection.

Cisco SD-WAN (Viptela) Foundations Lab

Solution highlights

Cisco completed the acquisition of Viptela in August 2017. After acquiring Viptela, Cisco has retained all the hallmark features that made Viptela a powerhouse in the market and has since added numerous new capabilities that take the solution to the next level. The acquisition, merger of technology stacks and development of critical new features resulted in the Cisco SD-WAN solution.  

The Cisco SD-WAN solution is a disaggregation of the traditional network stack in the form of discrete management, control, orchestration and data planes. This comes in the form of vManage, vSmart, vBond, and cEdge or vEdge, respectively. By splitting up these components, Cisco can deliver a solution that is both highly available and capable of scaling to meet the largest of deployments all managed from a single pane of glass.

With disaggregation and a centralized control model, the Cisco SD-WAN solution gives users complete control over their WAN. The vSmart controller receives policy created in vManage and translates it into commands that it pushes to the edge devices in the fabric. This allows for granular control of data as it flows through your network and to various destinations such as on-premises data centers, public cloud (Azure, AWS, GPC), private cloud or SaaS (O365, Salesforce, etc.).  

While SD-WAN plays a pivotal role in unifying the network edge, security has become more top of mind when looking at these solutions. Cisco, recognizing this growing trend, has added to their Unified Threat Defense (UTD) solution. This capability is deployed locally on an edge device and delivers an Enterprise Firewall, Intrusion Prevention, URL Filtering, Advanced Malware Protection, and Umbrella DNS security integrations. This means malicious traffic is prevented from going past the edge and into the rest of your critical infrastructure.  

As a solution, Cisco SD-WAN delivers scalability, flexibility and a full security stack that is designed to meet any use case a business may have.  

Lab overview and module breakdown

Lab modules have been developed to help you get started:

  • Bringing up a new site
  • Create configuration templates
  • Implementing service-side VPN
  • Working with control policies
  • Understanding routing policies
  • Zone base firewall configuration
  • Software upgrade
  • Troubleshooting

Check out the video series to help guide you through the labs.

Points of differentiation

The Cisco SD-WAN on-demand lab supports the latest stable software available from Cisco that includes zone-based firewall support. The most recent software updates from Cisco includes advanced security features and IOS XE based integrations. These features will be released soon in a new lab that is currently in development.

Lab topology

The Cisco SD-WAN (Viptela) Foundations Lab consists of seven distinct network locations. Most of these locations are based on a typical enterprise WAN, such as the data center, branches and ISPs that interconnect them. In this lab, you also find a Cisco SD-WAN Cloud which is the hosting service Cisco provides for the management, control and orchestration components of their solution.  

Cisco SD-WAN Cloud

This location contains Cisco vManage, vSmart(s) and vBond. As a hosted service, this block is designed as cloud that has Internet access just like you would have in a real-world deployment of Cisco SD-WAN.  

Data Center 1

The data center contains two traditional routers, a server and two vEdges. This gives users the ability to explore more complex routing scenarios and demonstrate the differences between backhaul and breakout for Internet access at branch locations.

Branch 1

Cisco SD-WAN offers a unique high availability model referred to as Transport Location Extension (TLOC-EXT). This is a route-based solution that extends transports to a pair of vEdges through a dedicated TLOC-EXT connection. The main use is to ensure all bandwidth is available for use while providing device level redundancy at the branch. This site has a pair of vEdges as well as a client. 

Branch 2

The second branch in the environment is a single vEdge, but with multiple clients. This offers the ability to explore path isolation and zone-based firewall use cases by dividing up the clients into different categories, such as Corporate or Guest.  

Branch 3

The final branch in the topology is a critical component of the learning module that teaches you how to bring up a branch. It is not configured, but once you activate this site you will have three branches in which to explore full-mesh, hub-and-spoke or custom topologies based on your interests.

https://www.wwt.com/api/attachments/5d80d49d52f4ab008472f617/thumbnail?width=1200

Figure 3: Cisco SD-WAN (Viptela) Foundations Lab topology diagram

Silver Peak SD-WAN Foundations Lab

Solution highlights

Silver Peak was founded in 2004 as a WAN optimization company. They remained focused in this space until 2015 when SD-WAN was starting to become popular. Silver Peak recognized that the way they had been doing WAN optimization was actually a form of SD-WAN. Since that time, they have been adding additional features and functionality based on the SD-WAN use case while maintaining all of the WAN optimization functionality.

Silver Peak has remained focused on a single product unlike some of their major competition.  This has allowed them to put all resources towards this solution. In addition, they have understood that since they are a single product line company. They need to connect to other solutions such local hardware firewalls and SaaS firewalls. Silver Peak has reached out to the major players in these other areas to make sure they have an easy way to integrate with these other vendors.

The only components used in this solution is an orchestrator and edge devices. The Orchestrator pushes the policy and configurations to the edge devices and gather stats on the network and edge device health. The edges once configured will continue to operate independently and make decisions on its own based on the policies that have been applied to it, but still allows operators to have a single pane of glass to see the status of the network as a whole, or drill down into any location or application.

The Unity Edge connect devices make per packet decisions on traffic flows. This allows an application to use the full amount of bandwidth available to a location and make seamless transitions when a circuit become degraded.

Lab overview and module breakdown

Lab modules have been developed to help you get started:

  • Create Deployment Profiles and use Zero-Touch Provisioning (ZTP)
  • Upgrade software
  • Configure OSPF and general routing
  • Configure High Availability for a site
  • Configure Policies and Business Intent Overlays
  • Demonstrate how Silver Peak handles impairment on circuits
  • Demonstrate Silver Peak's Boost (WAN-OP)
  • Using the Included monitoring tools and use of Automation

Check out the video series to help guide you through the labs.

Points of differentiation

One of the major differences with WWT's Silver Peak Foundations Lab is that each lab starts out with no configuration on the Silver Peak devices. One of the first steps in the lab is to build it using automation. The lab user will be able to click on a single link and then watch while the lab is built using API calls.

Another feature that the Silver Peak lab has is the ability to show live status of both the overlay as well as the underlay. During the lab, the user will inject latency, loss or jitter and using the Unity Orchestrator, the user will see exactly what the Edge device sees and how traffic is handled by it without the need of a separate product.

Lab topology

The Silver Peak Foundations Lab consists of the same seven distinct network locations used in our Foundations Labs which include:  

Silver Peak Cloud

The Unity Orchestrator can be hosted as a SaaS or can be loaded onto customer hardware within a data center, co-location facility or a cloud provider. In this lab we simulate a generic cloud installation.

Data Center 1

The data center contains a single traditional routers, two server on different networks and two Unity Edges. This gives users the ability to explore different security policies by limiting certain subnets to specific locations or sub-groups.

Branch 1

This branch shows Silver Peak's high availability solution. The lab allows you to see how simple it is to add a second Edge device to a location and setup HA with just a few clicks of a mouse.  You will identify the two Edge devices that will be a HA pair and what ports will be used to connect the two together. This link will both monitor the health as well as send traffic between the two devices.   

Branch 2

The second branch in the environment is a single Unity Edge. This site is completely configured using the automation script at the start of the lab. This allows the lab user to test out how traffic flows with and without traffic impairment without having to do other configuration steps.

Branch 3

The final branch in the topology demonstrates how Silver Peak's Zero Touch Provisioning works.  This part of the lab will show how you can quickly and easily deploy a new site. It is based on typical home office design.

https://www.wwt.com/api/attachments/5d812be43ccc100083bf905c/thumbnail?width=1200

Figure 4: Silver Peak SD-WAN Foundations Lab topology diagram

VMware SD-WAN by VeloCloud Foundations Lab

Solution highlights

VMware announced the purchase of Velocloud in November 2017, and it was rebranded to VMware SD-WAN by VeloCloud. It provides a broad SD-WAN feature set including deep application recognition, categorization and policy treatments for traffic prioritization, dynamic path selection and impairment remediation. 

Velocloud is offered in three different models. The first and most common model is a SaaS that manages Velocloud hardware at a location. In this model, Velocloud normally owns and maintains the Orchestrator and the VeloCloud Gateways (VCG) that will be discussed shortly. The other two models are Partner maintained and customer maintained. In the WWT Foundations Lab everything is within the lab and full access is given to the lab user so they can test out all three models.

Velocloud uses VCG's to allow scalability. In a hosted solution there are hundreds of locations around the globe that can be used. Policy and configuration changes are pushed from the Orchestrator to the VCGs and then the VCGs will push the changes to the edge devices.

Something unique to the VCG is that optional traffic can also flow to these VCGs for central connections to other partners or SaaS providers.

Lab overview and module breakdown

Lab modules have been developed to help you get started:

  • Accessing the solution as a hosted option as well as a privately owned deployment
  • Using the built in monitoring tools
  • Creating profiles
  • Deploying a new branch
  • Setting up and testing High Availability (HA)
  • Business policies configuration
  • Testing SD-WAN with network impairment

Check out the video series to help guide you through the labs.

Points of differentiation

This lab is multi-tenant capable. Using one login gives the user full control of all aspects of the lab. In addition, this lab is run on top of a ESXi server and vCenter, which the lab user also has access to. This allows the user to change the overall design if they wish.

If the lab user logs in using a different URL that is provided in the lab, then the user will be able to operate and see what aspects they would have if the management of the SD-WAN is hosted by a partner or VMware.

Lab topology

The VMware SD-WAN by Velocloud Foundations Lab consists of the same seven distinct network locations used in our Foundations Labs which include: 

VMware Cloud

As stated prior, this cloud is most commonly owned by VMware, but can be owned and maintained by the customer. In this lab, it is on a separate network that is not a part of any other branch used in the lab.

Data Center 1

The data center contains a single traditional router, two server on different networks, and two Velocloud Edges (VCE). This gives users the ability to explore different security policies by limiting certain subnets to specific locations or sub-groups. This site also uses the clustering HA ability of Velocloud which allows you to add on additional VCEs as the network grows.

Branch 1

This branch shows one of the other high availability solutions offered with Velocloud. The lab allows you to see how simple it is to add a second Edge device to a location by simply identifying one edge that is already up as a HA member and turning on the second, which has a link that connects the two together.

Branch 2

The second branch in the environment is a single VCE. This site is completely configured using the automation script at the start of the lab. This allows the lab user to test out how traffic flows with and without traffic impairment without having to do other configuration steps.

Branch 3

The final branch in the topology demonstrates the basics of how a VCE can be added to the network.

https://www.wwt.com/api/attachments/5d80fb003ccc100083bf88ba/thumbnail?width=1200

Figure 5: VMWare SD-WAN by VeloCloud Lab topology diagram

What's next?

SD-WAN is pivoting to becoming a critical element to provide next generation multicloud enabled fabrics that provide the connectivity from any user to any applications. Organizations that are not investing in SD-WAN today are going to be lacking the foundation to grow into a multicloud enabled future. 

WWT is here to help guide you on your journey to SD-WAN and beyond! Our team will release updated capabilities and content to keep you update to date on the latest technology trends.

Technologies