agsandrew - Fotolia
All companies need fixed, dedicated and mobile access options for their wide area networks (WAN) and pay subscription and usage fees to a wide range of service providers (mostly telcos).
Much of the time, the individual access channels are not in use. This allows telcos to oversubscribe their access circuits, and simultaneously set a higher price for guaranteed quality of service (QoS) offerings, such as multi-protocol label switching (MPLS) services.
Software-defined wide area network (SD-WAN) technology changes this state of affairs by shifting hardware-defined access channels to software, in parallel with developments in virtualisation and cloud services.
All WAN access channels (MPLS, broadband, 4G/LTE, VSAT, and so on) as well as network functions such as firewall, load balancing, security, switching, routing and optimisation, hitherto locked in purpose-specific boxes, are programmed into a bare-metal SD-WAN router at the WAN edge.
The SD-WAN router combines intelligent path control with over-the-top (OTT) connection to internet cloud services. It effectively removes the telcos’ lock-in by separating the control and data planes and adding an orchestration plane.
This shifts control back to the user, who can combine all WAN access channels into a single virtual channel that can handle a wide range of communication tasks, from low-bandwidth internet of things (IoT) traffic to latency-sensitive voice and high-bandwidth data traffic.
For the user, it delivers network connection flexibility – increasing bandwidth, lowering costs – and simplified central management.
These trends hit a wide range of network suppliers: telcos, network optimisation suppliers, application delivery controllers, load balancers, firewalls and the traditional router markets, notably core switch/routers (Ericsson, Huawei, Cisco, Brocade, and so on); commercial routers (Cisco, Juniper, HP, and so on); and consumer/small business CPE (customer premise equipment).
In addition to traditional hardware suppliers, the SD-WAN sector has catalysed the emergence of a number of cloud-centric, software-only technologies for telco and other network service providers.
SD-WAN suppliers catering to telcos
The market leader in SD-WAN for telcos is VeloCloud, founded in 2012. It bills itself as the only SD-WAN company to support data plane services in the cloud. Telco customers include Deutsche Telekom, AT&T, TelePacific, Sprint, Windstream, Vonage, MetTel, EarthLink, Telstra, MegaPath, CHT Global, Global Capacity and NetOne. The company claims to have more than 1,000 customers and has just been acquired by VMware.
VMware is looking to expand its portfolio of networking products with this acquisition as it appears to be taking direct aim at Cisco, which was an early investor in VeloCloud. Interestingly, Cisco is now building a cloud-based service business on top of its core networking business.
Since 1986, Cisco has been a global tier-1 WAN hardware provider, competing with Ericsson, Nokia and recently also Huawei. Cisco was an early entrant into the telco SD-WAN market with its intelligent WAN (iWAN) technology. However, although fully featured, it is complex and difficult to manage, often requiring third-party products such as Glue Networks to provide orchestration around iWAN to reduce complexity and make it more agile.
Cisco expanded its SD-WAN presence with its acquisition of Viptela. SD-WAN has momentum and customers love it. Most importantly, Viptela is a pure software play, so Cisco can now offer this to its customer base on top of its existing hardware products.
Nokia acquired Nuage Networks when it merged with Alcatel-Lucent. Its virtualised network services (VNS) complements customers’ existing IP and Carrier Ethernet VPN services. Nuage Networks VNS was developed to serve enterprises adopting a cloud-based IT consumption model.
Read nore about SD-WANs
Traditional branch networks haven't adapted well to new technologies. But a mature SD-WAN market can bring distributed networks up to speed with simplicity and automation.
Companies want SD-WAN to become a piece of a multifunction network appliance for the branch. Therefore, SD-WAN vendors are adding WAN optimization, firewalls and IP services.
Versa Networks has been deployed by carriers such as Colt and Verizon. It provides a multi-tenant system that can seriously scale, enabling telcos to support large customers and retail service providers on a single platform that can host any number of internal units or separate customers, and manage it all from a single user interface. Without multi-tenancy, telcos must build a controller and a director infrastructure per customer, which almost turns into a professional services type of sale. Verizon Ventures is a main investor in this company.
Viptela has been deployed by major carriers including Verizon and Singtel to deliver managed SD-WAN services. The Viptela Fabric is purpose-built from the ground up to provide secure, scalable, resilient WAN applications performance. It is built based on the zero-trust model. All the components mutually authenticate each other and all the edge devices are authorised before they are allowed into the network. Using Viptela, telcos can build large-scale IPsec networks across tens of thousands of branches.
Telco SD-WAN transformations
The first wave of SD-WAN routers from 2012-2015 combined all available WAN access channels, provided optimal path controls and centralised management. It gave customers a much better utilisation of their available bandwidth. They were great for mid-size companies with many branches, and remote offices that needed connectivity but lacked local IT management capacity.
But for more complex corporate network issues, such as SIP gateways in MPLS, managing multiple orchestration platforms and compliance with the EU’s General Data Protection Regulation (GDPR) security requirements, more effort is needed. So the second-wave SD-WANs have emerged as managed services that are implemented and integrated inside software-defined network (SDN) orchestration platforms within a carrier’s infrastructure. The second wave brought SD-WAN technology back into the telco fold. In the EU, more than 70% of enterprises outsource WAN delivery and management to a network service provider, usually a telco. Telcos have all jumped on the SD-WAN bandwagon, but are at very different stages.
The doubter: Orange
Orange has yet to deploy a full SD-WAN service, arguing that in using a standard OTT implementation of SD-WAN, customers lose a lot of existing services, notably cloud connectivity to more than 20 popular cloud providers.
Orange does not want to make that trade-off and instead offers virtual access to its network-as-a-service (NaaS) platform via an on-site uCPE that integrates the Fortinet firewall as an initial virtual network function. Orange Business Services and Riverbed SteelConnect are working together to create the virtual network functions (VNF) software and integrate it into the existing Orange SDN and network functions virtualisation (NFV) infrastructure, to be managed by the Ciena Blue Planet orchestration.
First-wave SD-WAN telco: Colt
The Colt SD-WAN provides basic global SD-WAN functionality. The telco uses Versa Networks SD-WAN technology with pre-configured firewall, routing, application performance monitoring and security on an Advantech CPE on customer sites. Multiple regional gateways across the EU, Asia and the US provide coverage and connectivity between MPLS and the internet cloud.
Second-level SD-WAN telco: BT
BT adopted Cisco’s iWAN technology for its first venture into SD-WAN in early 2016, offering businesses cheaper secure interconnections to remote sites using MPLS, VPNs, private and public internet and mobile technologies. Later that year, the telco expanded its SD-WAN service by incorporating Nokia Nuage Networks’ VNS to help enterprises create self-service VPNs, on-demand bandwidth and additional virtual services.
Next up is “try before you buy” capabilities that can be consumed on a utility basis.
Verizon’s VNS is also built on Cisco’s iWAN technology. It provides VNFs to simplify customers’ ability to migrate to an intelligent hybrid network that integrates broadband or other network services into the corporate WAN. The on-site universal CPE (uCPR) unit handles multiple network services, such as routing, security and WAN optimisation in plug-and-play fashion. Automated orchestration and service chaining link all the different services, so they appear as a unified service.
The futurist: AT&T
The AT&T SD-WAN is a VNF that sits on the AT&T FlexWare CPE device and connects into the AT&T Integrated Cloud zones. Customers can buy a first-generation, premises-based service aimed at companies with uniform needs at their user locations. AT&T’s second-generation option is aimed at multinational companies with sites that have a wide variety of reliability, performance and bandwidth requirements.
Beyond that comes an application-aware concept called Indigo, which builds on a software-centric core and creates a network that is not only software-centric, but also data-driven. This service concept blends SDN, AT&T’s ECOMP orchestration platform, big data analytics, artificial intelligence, machine learning, cyber security and 5G elements to create a new data-sharing network.
Key user advantages of SD-WAN communications
SD-WAN routers distribute traffic between multiple WAN connections by following application-based rules. By using multiple affordable internet connections simultaneously, they can achieve link reliability exceeding that of traditional WAN routers at 10-20% of the cost. This leads organisations to expand their networks to additional locations.
Increase in bandwidth
SD-WAN routers can support bonding technology, which combines multiple WAN connections to increase bandwidth. This ensures speedy transfer of data between datacentres and branch offices, such as file transfer, video streaming and data backup. It allows organisations to increase bandwidth in remote, mobile or temporary locations, such as near-shore cruises, mobile clinics and retail pop-up stores, which is difficult using traditional WAN routers.
Network connection flexibility
SD-WAN routers enable WAN connections to be added or removed easily to accommodate changes in bandwidth demand. Also, WAN connections can be added for backup. Branch offices typically add cellular as a backup to fixed lines to ensure a continuous connection if fixed line connections are disrupted. Retail operations find this useful for adding a layer of protection to their critical point-of-sale and IP phone systems. This application is important for keeping unmanned deployments online, such as digital signage and ATMs.
Simplified central management
Unlike traditional WAN edge devices, which are managed individually, all SD-WAN devices in an organisation can be managed centrally by an SD-WAN controller that enables network administrators to view and manage the network and perform maintenance of hundreds of devices remotely.
Will telcos inherit the SD-WAN market?
It certainly looks like what was originally a WAN routing technology to free customers from constraining telco embraces has now reverted back to the same telcos as network demands increase in both volume and complexity. Merely providing an SD-WAN CPE on-site connecting to a cloud control centre does not cut it as security and application requirements become more stringent. SD-WAN, no matter how it is delivered, provides much better WAN bandwidth utilisation, much shorter lead times, greater flexibility and better ad-hoc WAN access.
For many SME customers with branch office connectivity issues and companies in specific verticals such as transport and retail, acquiring a first wave SD-WAN setup from a specialist SD-WAN router provider makes sense. There are lots of use case examples and references available for SMEs that are planning to go down the SD-WAN route.
Larger companies operating across different national jurisdictions and storing personal identifiable data will need more handholding and more complex integration of SD-WAN into their existing corporate network. Generally, the telco experience with SD-WANs is still relatively new, so also bringing in a trusted system integrator with deep insight into the business-critical applications involved is highly recommended.