SD-WAN, the full name is Software-Defined WAN, software-defined wide area network. WAN is Wide Area Network.
For people who are often in touch with the IT and communications fields, the prefix "SD (Software-Defined)" is no stranger. In this era when software is king, professional terms such as SDN, SDS, SDR...have flooded our work and life and become popular vocabulary.
SDN: Software Defined Network, Software Defined Network
SDC: Software Defined Network, Software Defined Storage
SDR: Software Defined Redio, Software Defined Radio
SD-WAN, an important branch of SDN, is the application of SDN technology in the WAN field.
To put it simply, SD-WAN is SDN+WAN
What is WAN (Wide Area Network)
Let's start with the most basic concept of WAN.
Many children who engage in networking should know that WAN is a wide area network, and the opposite of WAN is the familiar LAN (Local Area Network, local area network).
The Wi-Fi network in our home, the network in the Internet cafe, and the small-scale network in the office are LAN local area networks.
The WAN is a computer network in a larger area, which spans provinces, cities, and even countries.
For example, a group company is headquartered in Beijing, and branch offices are located in Shanghai, Chengdu, and Guangzhou. Then the branch office network is a local area network, and the head office network is a wide area network.
The reason why there is a wide area network, I think everyone should understand-in the era of digitization and networking, the operation of the company can no longer be based on computers and various information systems and platforms.
From basic e-mail, to office automation (attendance systems, financial systems, etc.), to systems such as PLM (product life cycle management) and ERP (enterprise resource planning), which are strongly related to the main business, there is an urgent need for a strong support The internet.
For most companies, it is not impossible to spend money to pull a proprietary network cable or optical fiber to connect the networks of the head office and branch offices. But it takes time and money.
Therefore, there are only two options left.
The first is to allow all employees to connect via the Internet.
DingTalk and WeChat, which are very popular nowadays, are actually this way.
Today, when mobile Internet and fiber-optic broadband are very developed, this method seems to be a good choice. But in this way, two fatal problems need to be faced: service quality and data security.
The 4G data services we use, as well as most of the optical broadband access, are basically civilian-level communications services. The stability and reliability of this kind of service is very poor, often stuck or even dropped.
This kind of service quality is barely acceptable for small and micro enterprises. But for large and medium-sized enterprises and even groups, it is not enough. For example, how can the system of the Beijing head office of Industrial and Commercial Bank of China and the system of the branch of Jiangsu Province be slow when it is said to be slow, or stop when it is broken?
In addition, exposing all the company's business systems to the Internet will bring great security hazards and risks. For example, if the railway company puts all its vehicle operation management systems on the public network, would you feel relieved?
Dingding and Enterprise WeChat are also supported by the powerful security protection capabilities and system capacity of large Internet companies.
Therefore, using the Internet as your company's WAN is only suitable for small and micro enterprise users. (By the way, small and micro businesses don’t need a WAN.)
The second method, which is also the mainstream choice of current users, is to connect with the dedicated line provided by the operator.
The most representative of this kind of dedicated line is MPLS.
What is MPLS?
MPLS dedicated line is a dedicated line based on MPLS technology wide area network service.
The MPLS leased line is a leased service, and its ownership belongs to the telecom operator. The telecom operator leases the leased line to you, and then promises the SLA (Service Level Agreement) of the line, including bandwidth, delay, and jitter. , Packet loss rate, etc.), what kind of requirements can be achieved. As for whether your software is fast or unstable in use, it doesn't matter at all.
Just like the broadband installed in your home, the operator will only show you the speed-is there 100Mbps? Yes, as for you to play game cards? Sorry, this is none of my business. This is the service based on SLA.
In any case, it is the root leased line anyway, and the network quality of MPLS is still good.
The problem is again, you rent, I rent, everyone rents, the operator's physical network is just such a sheet, so many company businesses are running on it, how to ensure separation and isolation?
Here is a term that everyone is familiar with---VPN
VPN (Virtual Private Network), in fact, virtualizes a dedicated channel on the basis of normal physical connection to ensure the isolation and security of communication.
According to the network based on it, VPN usually includes PPTP, L2TP, IPSec and MPLS VPN.
IPsec-VPN, Internet-based VPN. Everyone usually uses this a lot. When employees of large companies are on business trips, they will dial up the VPN, which is equivalent to becoming the company's intranet and can access the intranet's website.
MPLS-VPN, a VPN based on the carrier's MPLS private network. Through this connection, the entire branch office and the head office are logically equivalent to everyone in an intranet.
Let's briefly talk about the two concepts of Overlay and Underlay that you may often see. Literally Overlay is above Lay (layer), and Underlay is below Lay (layer), which can be as follows:
相對(duì)Internet來說���,MPLS專線的有點(diǎn),就是比較穩(wěn)定可靠�����,安全也有一定的保障����,但是隨著時(shí)代的發(fā)展�,它的缺點(diǎn)也越來越明顯�,備受用戶吐槽:
1. 使用成本高
一直以來�,不管是專業(yè)還是VPN服務(wù),運(yùn)營商給出的價(jià)格都是很貴的����。
舉個(gè)來說�,某省電信的跨國10M的MPLS-VPN的價(jià)格為80000元/月�。對(duì)于一個(gè)大型企業(yè)用戶來說�,分公司和辦事處比較多����,每年花在專線租用上的費(fèi)用�����,就高達(dá)上千萬甚至上億人民幣����。
這種級(jí)別的成本�����,使我們幾百塊錢就千兆包月的家庭用戶無法想象的���,隨著競(jìng)爭(zhēng)的加劇����,這么大的成本壓力足以讓企業(yè)喘不過氣來��。
2. 部署周期長(zhǎng)
申請(qǐng)安裝專線之后,運(yùn)營商內(nèi)部要走流程����,一般要一周到一個(gè)月時(shí)間�。
對(duì)于現(xiàn)在節(jié)奏越來越快的企業(yè)經(jīng)營來說�����,這個(gè)時(shí)間周期越是無法忍受的���。
3. 故障排查難
專線網(wǎng)絡(luò)屬于“黑盒子”網(wǎng)絡(luò),對(duì)于企業(yè)用戶來說���,當(dāng)專線出現(xiàn)問題�����,很難判斷是哪里出問題�����。企業(yè)只能排查企業(yè)內(nèi)部的防火墻����、交換機(jī)、路由器等設(shè)備���。
對(duì)于運(yùn)營商來說��,排查問題也很糾結(jié)�。往往排查到最后,發(fā)現(xiàn)自身沒問題����,問題還是出現(xiàn)在用戶側(cè)。這樣一來一回����,就耽誤了大量的時(shí)間���,影響公司業(yè)務(wù)的正常運(yùn)轉(zhuǎn)。
4. 維護(hù)人力緊
對(duì)于企業(yè)總部來說���,一般有專門的IT工程師進(jìn)行維護(hù)。但對(duì)于分公司和辦事處來說���,處于成本的考慮,一般不會(huì)配備專門的IT工程師���。這樣一來給MPLS專線維護(hù)帶來困難,變相的增加了成本�����。
什么是SD-WAN���?
SD-WAN源于SDN。SDN技術(shù)的精髓��,是將網(wǎng)絡(luò)的控制權(quán)集中管理起來���。
SD (Soft Defined) software definition, it does not allow software to replace the hardware, but to extract more capabilities of the hardware and hand it over to the unified software control management. To put it bluntly, it is to make the hardware universal and simple. And the software controller (Controller) becomes the core of mastering together.
What kind of architecture is SD-WAN based on SDN? As shown below
As you can see, the trunk of the entire network architecture is actually the Internet and MPLS dedicated lines, but an SD-WAN controller is added to the architecture. This controller is the core of SD-WAN management control.
At the branch node and the headquarters node, there are more things like uCPE and vCPE.
CPE (Customer Premise Equipment) said when introducing 5G before, it is called "Customer Premise Equipment" in the industry.
uCPE is Universal CPE, universal customer premise equipment.
vCPE is Virtual CPE, virtual customer premise equipment
The administrator can configure the SD-WAN controller through the application layer interface, and can also deliver the vFW (Virtual Firewall, Firewall) and vWOC (Virtual Network Optimization Controller, WAN Optimization Controller) functions to the CPE to realize the corresponding functions. No need to purchase hardware specifically.
We combine the network architecture and node equipment to analyze what changes will be brought about by adopting SD-WAN.
1. All interfaces, load balancing
From the perspective of branch companies, SD-WAN is no longer mandatory to allow only MPLS, but allows multiple connection types such as MPLS, xSDL, PON fiber broadband, 4G LTE, and even 5G. CPE can support bonding of multiple interfaces, thus becoming an interface resource pool.
With the help of software capabilities, the CPE on some devices can identify thousands of different application levels and arrange different quality services.
For example, video conferencing requires higher network quality, so the priority and Qos should be set higher. Set a lower level for text chat and let it use a network such as LTE.
In this way, enterprise users' reliance on MPLS leased lines is greatly reduced, and ordinary wide G-band and 4G can also be used. The user's bandwidth utilization has been improved, and the traffic cost has also been reduced.
2. Choose the best path independently
The key to WAN technology lies in path selection. For different branch companies, SD-WAN can independently select the best path according to the existing network conditions and configuration strategies.
SD-WAN also has the ability of load balancing to enhance the reliability of the network.
In fact, there are many POPs (point-of-presence, point-of-presence) in the operator's network to help solve the problem of link congestion and load between operators.
3. Simple deployment, completed in seconds
When evaluating the speed of SD-WAN deployment, people will repeatedly mention a term called ZTP, which is Zero Touch Provisioning, zero-touch deployment. Simply put, it's almost plug and play.
In addition to automatically obtaining the configuration after the CPE is powered on, you can also use scan code configuration or email configuration.
Take mail as an example. When it is not SD-WAN, the head of the IT engineer at the headquarters needs to prepare the configuration data in advance, and send the configuration data to any employee in the branch by email, and the employee can complete the configuration and deployment of the device through the connection.
4. Self-management and self-control, intelligent operation and maintenance
SD-WAN has SDN genes, so it has inherent advantages in network management. Any SD-WAN management platform can be visualized graphically. Administrators can clearly see the operation of SD-WAN through the network management page, and deal with problems in time. This greatly reduces the difficulty of maintenance and also reduces the troubleshooting time.
All in all, SD-WAN is easy to use and saves money.
