SD-WAN is now a standard for site to site and site to cloud or data center connectivity; what are the network performance challenges in a SD-WAN environment? What is the best way to set up your performance monitoring in your SD-WAN network?
A Software Defined Wide Area Network is a virtual WAN architecture which allows organizations to leverage a combination of transport services to connect users to applications.
These transport services, usually referred to as “underlays” can be a collection of network technologies like MPLS connections, broadband internet services and GSM data connections.
SD-WANs are centrally managed: network engineers use a central console to configure the logical network and the interconnections between sites, data centers and clouds. The SD-WAN solution automatically orchestrates how each router dynamically handles the network flows to optimize delay and costs. Decisions like choosing a certain underlay for a certain traffic becomes automated and transparent.
Why use it? The benefits of SD-WAN
Organizations move from traditional WAN solutions (MPLS, layer 2 circuits) to SD-WAN solutions for a variety of reasons:
- Reduce the cost of bandwidth,
- Benefit from more varied connectivity offerings which are available in all the regions they have to cover,
- Reduce delays and increase performance by avoiding to centralize traffic towards internet and cloud services,
- Gain high availability at a reasonable cost level, etc…
SD-WAN has become a dominant architecture for organizations relying massively on SaaS applications as well as for internationally spread organizations.
The main SD-WAN concepts
Software Defined WAN vendors mix multiple concepts in their solutions:
- Application-aware routing
These network devices are normally centrally managed and the way they process traffic (routing, path selection, prioritization, filtering) depends on the application profile. In that sense, their configuration ingests a set of information on all business apps to make sure they are processed in the best possible way throughout the entire SD-WAN deployment.
- Local internet breakout
Although the concept of Local Internet Breakout existed before SD-WAN, SD-WAN has made it popular and easy to implement. The massive adoption of cloud services and SaaS applications has reinforced that trend. Local Internet Breakout is a simple concept: instead of carrying back to a datacenter or secured gateway of some sort, the traffic towards the internet (which can include SaaS and cloud service traffic) goes through a local ISP connection.
- SD-WAN overlays and underlays
SD-WAN routers can convey traffic over multiple connections (MPLS, ISPs, 4G/5G); to do so, they establish tunnels (similar to a VPN tunnel) and then redirect traffic through them. These tunnels are usually referred to as “Overlays”, while the underlying infrastructure (the connections themselves) are designated as “Underlays”.
SD-WAN in an end to end user to app path
SD-WAN is an important part of the user to app path… but definitely not the whole path:
When we look at the end to end connectivity, the SD-WAN stack is only a portion of the end to end journey. From a user perspective, the WiFi/LAN, the cloud / on prem gateways, the cloud connectivity and the cloud environments themselves play a role in the overall connectivity.
Performance monitoring for SD-WAN networks
The purpose of monitoring is to ensure that the services are delivered to users with the right availability and response times. In an architecture based on SD-WAN, what is the best possible way to monitor connectivity.
SD-WAN monitoring and overlay metrics
Most SD-WAN solutions measure latency and loss from device to device at the overlay level. The latency and loss at the overlay level will be influenced by events like switching from one underlay connection to another, a change in the underlay path or a congestion / degradation on one of the underlays.
The overlay level metrics will reflect the impact on the latency, loss and jitter but will not provide an explanation on the reason why.
Liaise underlay and overlay performance
The SD-WAN configuration will only link multiple SD-WAN devices; the underlay’s infrastructure will not be explicitly visible.
To complement the SD-WAN monitoring it is critical to measure the quality of service:
- on multiple overlays set up on different underlay connections (say from the remote site to the datacenter using operator 1 or operator 2). This can help arbitrate which underlay connection delivers the best quality of service.
- on the underlays to validate what their status is (number of hops on the path, change in routing, appearance of signs of congestion on routers and security devices)
This means that to understand the overlay performance you need to:
- Understand which underlay is used
- How each underlay is performing (path chosen, signs of congestion, resulting latency, loss etc.)
Extend from SD-WAN monitoring to end to end connectivity monitoring
To cover the end to end user to application path it is mandatory to measure connectivity for the whole path:
- WiFi / LAN
- Overlay performance
- Performance on each of the underlays (# hops, latency, jitter, loss and detailed routes)
- Secured gateway (measure the impact of the security functions on the latency and loss of the overall path) either hosted in the cloud or on on premise datacenter
- Connectivity to the cloud
- Cloud networks
To find out more on this topic, check this!