Best Practices for SD-WAN Deployment

When deciding on deploying an SD-WAN solution for your business, there are only a few basic models for how the solution is delivered to the end user. The method you select needs to be based on a careful analysis of your needs. Does your business consist of a single location? Are there a few branch offices located in the same city? Or is your business truly global, with major assets situated on several continents? Obviously, these use cases have very different networking implications, and therefore would be expected to have differing deployment strategies.

The underlying capabilities of the SD-WAN solution itself should be of paramount importance. SD-WAN vendors and managed service providers may have proprietary or off-the-shelf standard hardware and the SD-WAN software running on the hardware that ultimately determines how the SD-WAN solution will benefit your company. Below are their eight categories to focus on when preparing to deploy SD-WAN:

• Installation — Rapid deployment is the hallmark of an SD-WAN. You’ll want your SD-WAN to support zero-touch deployment at a minimum.
• Resiliency — Look for redundancy and failover throughout the SD-WAN. SD-WAN nodes, for example, should be able to sit out-of-path and SD-WAN controllers should support redundant and HA (High Availability) configuration. Evaluate SD-WAN behavior in the event of a link failure, brownout, or blackout. With SD-WAN services, the network core should support fully redundant option with customers being automatically connected to the next closest Cloud Relay in the event of an outage.
• Network Load Balancing — Every SD-WAN supports multiple connections, how they use those connections will vary. Check support for load balancing schemes offered (active/active being the most notable), tunnel bonding, and failover times between connections. The tunneling technology is one of the core benefits of SD-WAN and vendors that have the most advanced and automated tunnels should be preferred.

• Security — All SD-WANs should offer encrypted tunnels and most offer basic, firewalling. Some SD-WAN vendors offer optional advanced security such as a next-generation firewall (NGFW) and anti-malware. These services are usually delivered via the cloud by a partnership with another NGFW vendor.
• Path Selection — SD-WANs should be able to monitor the characteristics of the various paths to between two locations, selecting the optimum path for a given application and being able to switch paths when needed at a packet granularity. How this is done relies on a number of features including the criteria monitored by the SD-WAN (latency, packet loss, and jitter are most common) and whether the SD-WAN can select from paths or physical connections.
• Traffic Management — Restricting access and shaping traffic to the WAN connection is important, particularly when bandwidth is limited. Ask about support for Quality of Service (QoS) between the customer premises and the provider edge, type of traffic shaping (interface, tunnel, VLAN etc.), and rate limiting.

• Advanced Services — Increasingly, SD-WANs are incorporating various advanced services. Security is the most notable, but there are other options. To add services into the SD-WAN, such NGFW, vendors need to support service insertion. Service chaining is necessary to add sequences of services.

• Management and Visibility — Steering traffic depends on being able to accurately classify traffic. SD-WAN providers should detail how they classify applications, the parameters that can be configured for application profiles, and the kinds of dashboards and reporting around application usage and performance.

The best-in-class, enterprise-grade SD-WAN solutions should perform well in all the above listed categories. Make sure your solution checks all the above boxes or the ones that matter to your use case most.

And the final few questions you need to answer before deploying your SD-WAN will determine the best deployment strategy for you:

• Are you primarily concerned with a single network edge? Such as a single office or office building?
• Are you concerned with connecting multiple locations/branch offices in a well-defined geographical region, such as a town or city?
• Are you more concerned with global connectivity issues? This is the case for many of the largest corporations that operate routinely on multiple continents.
• Are you concerned about replacing or augmenting existing MPLS network infrastructure?

SD-WAN Deployment Options

Now that we’ve established some ground rules about what you should look for in any SD-WAN solution, and have a general idea of your connectivity requirements, let’s discuss the three major SD-WAN deployment models:

• Direct from a Vendor or Vendor Partner
• Managed Service Provider
• Telco Managed Service Provider

Direct from a Vendor or Vendor Partner

In this deployment model, a company would purchase SD-WAN appliances (and possibly services) directly from a vendor, or vendor partner (value-added reseller). This is also known as “DIY – Do It Yourself” deployment and may be ideal for small-and-medium-sized enterprises, and some mega-corporations as well. The company must provide the underlying transport and these solutions would function as overlays over the existing connectivity.

One of the challenges in this model is sorting through the dozens of current SD-WAN vendors and choosing a quality vendor with state-of-the-art SD-WAN capabilities (see the eight categories above as a great start to assessing technical capabilities). Vendors who have just recently entered the SD-WAN market should be carefully vetted as they do not have a proven track record. Also, maintain a healthy skepticism about the term “SD-WAN” itself. This has become such a buzzword over the last several years and many vendors and products proudly say they are “SD-WAN” when all they do is WAN optimization or session-level load balancing of multiple WAN lines without providing advanced overlay tunnels. You must know the difference and educate yourself. While the technical capabilities of any SD-WAN solution are of primary concern, equally important is the technical support and customer satisfaction you receive from your vendor or vendor partner. You should ensure they have a proven track record of satisfied customers and have been around long enough to establish a great industry reputation.

Deploying your SD-WAN by purchasing directly from a vendor or vendor partner not only works great if you’re a small-to-medium-sized business and have some IT technical expertise in-house, but often is a great solution even with minimal IT expertise in-house. The best-in-class vendors and appliances should be largely “zero-touch/plug-and-play” installations and configuring and monitoring individual devices and the network as a whole should be simple, efficient, and user-friendly. SD-WANs solutions that provide advanced overlay tunnels also enables automated operations of the network and therefore minimized the human element.

By choosing the right vendor or vendor partner to work with, this deployment will be the most cost-effective and quickest to implement.

From a Managed Service Provider

This deployment model allows for a managed service provider to handle your SD-WAN implementation. Typically, a company would rent or purchase multiple SD-WAN appliances that would be installed and configured by the MSP’s personnel.

The MSP should be expected to work closely with you to define the needs of your company with respect to WAN connectivity. The SLAs should be reflective of this corroboration. The MSP may provide an SD-WAN overlay solution if your underlying connectivity is adequate. Alternatively, the MSP may also be responsible for sourcing local Internet connectivity and taking on the responsibility of managing dozens of ISPs located around the country or even around the world. This can be a great convenience for small-to-medium-sized businesses that may be expanding their geographic footprint.

This option allows for your IT staff to manage the SD-WAN service provider and frees up staff to focus on other business-critical IT areas. Many MSPs allow for varying degrees of “co-management” of the SD-WAN deployment. This allows the company to maintain a significant amount of direct control over the SD-WAN solution if desired. Other companies may opt to offload virtually all the day-to-day management of their network and focus IT staff in other areas.

The disadvantage of this option is that it will be generally mid-range in cost. Significantly more expensive than using a vendor directly, but quite a bit cheaper than the following option. The other challenge with an MSP provided SD-WAN solution may be the geographical coverage – it needs to 100% overlap with your locations both in terms of WAN connectivity that the MSP offers as well as their technical support coverage. Certain MSPs may also be limited in terms of the portfolio of WAN connectivity options that they can bring to the table compared to working directly with a vendor (or vendor’s reseller) which will have access to any WAN service available in your locations. Again, be wary of newcomers to this space. Make sure your MSP has rave customer reviews regarding the specifics of the SD-WAN solution, as well as general technical and customer support.

From a Telco-Managed Service Provider

For major, global organizations with significant resources separated by large distances or continents, another option would be to use a telco-managed service provider. This deployment is similar to the MSP option above, with the significant difference that the MSP, i.e. the telco now owns is therefore responsible for the underlying transport. These would include the public Internet, proprietary MPLS networks, and/or any other dedicated/private Internet access. Connectivity would typically be restricted to the providers infrastructure and backhaul, with possible third-party solutions to cover the last mile. Customers would lease or purchase appliances which would be installed, configured, and maintained by the telco.

This option largely removes the burden of network management and sourcing your own transport solutions. It also presents tremendous capability for companies that have a critical need for private, global connectivity needs. However, it also comes with its significant short comings as we will explain a bit later.

Many companies also have significant investments in their MPLS networks. These MPLS networks were required before broadband Internet became ubiquitous, and were a critical part of the company’s connectivity and communication strategies. In today’s environment, many companies are moving away from the expense and long lead times of MPLS networks and are actively replacing and/or augmenting their MPLS networks with more cost-effective, broadband Internet connectivity options, such as fiber, cable, DSL – even broadband cellular has its place in today’s connectivity landscape.

However, since the MPLS networks are designed and operate on the telco’s backhaul connectivity, the telco has an inherent motivation to keep these MPLS circuits alive and as its cash-cow. This remains one of the most expensive methods on which to base an enterprise’s connectivity. And since the telco is naturally bundling their SD-WAN solutions on top of their own transport, there is a natural disincentive to using other transports. This is problematic because one of the strengths of any good SD-WAN solution should be the ability to intelligently bond and manage disparate WAN links to create ISP diversity. If a storm takes out a major telco point-of-presence or causes catastrophic damage to its underlying transport, enterprise connectivity will be adversely affected and there is no secondary WAN provider to failover to. Another area of potential concern is having your SD-WAN performance monitored by the same entity that is providing the underlying transport, due to a lack of accountability. Finally and perhaps most importantly, telcos are notoriously bad at providing quality technical support (unless you are one of the S&P250 organization). The disconnect and lack of knowledge of the SD-WAN solution may generate inadequate technical support or significant delays until finally the vendor is circled back to provide the required technical support.

This deployment option is also expensive as the SD-WAN offering can be bundled and made look like a free add-on alongside inflated WAN fees. Once the SD-WAN is deployed by the owner of the WAN provider, namely the telco, a fairly significant switching cost is generated for the customer, as switching WAN provider now is effectively a full forklift modification of the whole network.

Time to Deploy

If you are considering an SD-WAN solution for your business, you will very likely use one of the three deployment options outlined in this blog. Hopefully, you now have a better idea of which critical, technical aspects of SD-WAN you should focus on, what SD-WAN deployment is, and some of the positives and negatives with each approach.

Rob Stone, Mushroom Networks, Inc. 

Mushroom Networks is the provider of Broadband Bonding appliances that put your networks on auto-pilot. Application flows are intelligently routed around network problems such as latency, jitter and packet loss. Network problems are solved even before you can notice.

https://www.mushroomnetworks.com