Just a few years ago, enterprise network management was much simpler. Configuration changes were rare — most equipment was configured and left as-is. If any change was needed, long and strict change management procedures were required. Then, changes were executed in manual or semi-automated network configuration updates, sufficient to maintain reliability and consistent service levels across the organization.
Guest article by Dr. Stefan Dietrich, Vice President of Product Strategy, Glue Networks
Fast-forward to today, and networks need to adapt to ensure user experience and maintain security of cloud-based applications. IT organizations must continuously deploy configuration changes to meet evolving business needs. The common approach of manually performing changes, or simply replacing the complete device configuration and hoping it works (also known as “load and pray”), creates unacceptable risks and potential network interruptions.
Standardization on best-practice architectures may also no longer be sufficient, as many parts of an organization require customized configuration. Therefore, enterprises are looking for better ways to automate the management of their networks through better network function modeling and clear network device and feature cross-dependencies analysis.
Software-Defined Networking and the WAN
Automating network management is what Software-defined Networking (SDN) does – it provides network configuration management via software to make a network more agile and adaptable. With SDN, all network configurations are stored and managed centrally, and devices can be reprogrammed as needed on the fly, dramatically simplifying hardware infrastructure and reducing administrative overhead. This allows enterprises to free up network expertise from mundane tasks and focus on business-critical optimization tasks. And, it enables smaller organizations without deep networking engineering expertise to implement much more sophisticated network architectures.
With origins in the data center, SDN demonstrates the benefits of developing software to automate network management. In addition, network function virtualization replaces many physical network devices with virtual counterparts running on commodity hardware. This increases the flexibility to custom program, scale, and chain network services to anticipated needs, especially for complex services such as load balancing, firewalling, intrusion detection, and Wide Area Network (WAN) acceleration.
WAN connectivity provides an additional layer of complexity to an already-complex environment. Network services are bought from service providers who use their own architectures and technologies that may vary by location. Many businesses have also started to roll out Virtual Private Network (VPN) solutions over Internet broadband as cost-effective replacements for private Multiprotocol Label Switching (MPLS) lines for almost all business applications, save for those that are the most sensitive and business-critical.
Organizations can now create, using a Software-Defined Wide Area Network (SD-WAN), a transparent logical enterprise IP network across service providers’ technologies, architectures, and service offerings. They can also add advanced network features such as application-based traffic routing, or custom security provisions meeting strict compliance requirements and optimizing use of existing network capabilities while maintaining the Service Level Agreement (SLA).
By logically untangling the existing mesh of legacy WAN networks, cost savings can be realized from leveraging Internet broadband and cellular data as cost-effective alternatives to private circuits on a global scale on one simplified overall architecture. However, managing such a network at scale, on top of various underlying network architectures, remains difficult. Further, SD-WAN overlay networks cannot address physical poor-performing WAN connections. Thus, ensuring a well-managed underlying network architecture is key.
Current SD-WAN Solutions
Today’s SD-WAN technology options can be classified as follows:
- Solutions on top of vendor-specific controllers leveraging specific functionality, e.g. for auto-discovery and configuration of network devices
- Appliance-based overlay solutions that create a virtual IP network between the vendor’s appliances across any network, combined with vendor-specific management tools
- Advanced automation and change control solutions that can enable and manage SD-WAN and the underlying infrastructure by leveraging existing hardware
Each category has pros and cons that determine its place in the SD-WAN market. Overlay solutions are attractive for many because they can be deployed quickly, but they may lack sufficient customizations or create additional complexity for troubleshooting. Controller-based solutions work effectively when environments are highly standardized. Network automation and change control solutions can address high customization requirements, but may need additional time for implementation.
Successfully transitioning to the fully automated and integrated SD-WAN network of the future is the challenge for enterprises. Existing change control mechanisms are often ill-equipped to handle the complexity during transition. Especially with manual processes involved, configuration mistakes are unavoidable, and even the most elaborate testing may not find rare conditions that only reveal themselves when the network is under load at the most critical times.
While computer code can be validated through notational or operational semantic methods to ensure correctness for all possible conditions, such analytical approaches are impractical for business use, given frequently changing customization requirements. This means that formal or independent verification and validation for networks is difficult. Therefore, enterprises look for network automation that will provide the capabilities to implement and maintain a logical IP network, and the capabilities to manage the underlying infrastructure, implicitly verifying and validating implemented architectures, detecting hidden dependencies, and understanding the full impact of any change.
Making the Network Aware
While all SD-WAN solutions do create logical IP networks and make their management easier, to ensure that the network will perform optimally, they must also provide the next level of operational capabilities such as network-aware orchestration, with functionality that can:
- Monitor the configuration state of all devices in the network
- Provide built-in, best-practice architectures for initial provisioning
- Limit direct manual access through a verifiable audited interface
- Comprehend the network impact of any change (“network-aware”)
- Apply changes with minimal impact (e.g. avoid unnecessary reboots)
- Apply changes “in concert,” understanding architectural dependencies
- Work out any hidden dependencies automatically when possible
- Verify that changes have been successfully applied or reverted when needed
Network managers can use these advanced operational capabilities to perform additional verification and validation of the network, providing a solution that the network is in fact correctly configured and that, for example, any non-authorized manual changes are proactively detected and remediated swiftly.
Transitioning to SDN (SD-WAN) from traditional networking is a cultural and organizational challenge, not just technical. Nearly everything will change: initial network provisioning; configuration and change management; troubleshooting procedures; performance monitoring; and security, compliance, and audit validation and verification.
There will also be increased requirements for specific customization from time to time, since SD-WAN will simplify and bring more standardization across the network. Software developers need to align closely with network operations staff to understand the requirements to be implemented, addressing specific operational needs. This approach, generally referred to as “DevOps,” has already proven faster time to market, better customization, fewer failures, and more rapid recovery from negative events or misaligned changes.
Toward Greater Agility
Networks will become more complex as enterprise WANs continue to grow. The ability to implement an SD-WAN solution that provides the technical ability to create a logical IP network, and related network automation and change management capabilities on the underlying network, is critically important to ensure that the network will perform under critical loads.
Orchestration will become network-aware, and organizations need to be aware that significant cultural change management must also take place. Standard operating procedures no longer apply. Software-Defined Networking provides network configuration management via software to make a network more agile and adaptable, and SD-WAN enables network-aware orchestration, delivering greater network agility so that enterprises can remain competitive.
Dr. Stefan Dietrich brings to Glue Networks more than 20 years of experience defining innovative strategies and delivering complex technology solutions. Before joining Glue Networks, Stefan was Managing Director of Technology Strategy at AXA Technology Services, introducing advanced new technologies to AXA globally, and held senior IT management positions at Reuters and Deutsche Bank. Stefan received a Ph.D. in Aerospace Engineering and Computer Science from the University of Stuttgart, and served as a Postdoctoral Fellow and faculty member at Cornell University.