Virtual Interfaces and SD-WAN

When we talk about SD-WAN virtual connections or interfaces, we simply mean combining multiple internet connections into a single logical and management entity – the virtual interface. This is done by using a software abstraction layer overlaid on top of the physical assets (typically Ethernet or fiber ports connected to the internet via cable, fiber, satellite, DSL, MPLS, wireless, etc.) By abstracting the physical connections and creating virtual interfaces, it is now possible to provide much better performance with much higher efficiency and reliability than can be achieved using a single internet connection.

Software control of underlying WAN physical assets (i.e., virtualization) is a natural extension of the explosion of virtualized environments we’ve seen over the last few decades. As computing power, available RAM, and increased storage have all seen exponential growth, this has lead to fundamental paradigm shifts regarding virtualization – we no longer deal with individual servers, we communicate with virtualized server environments, where many servers present to the higher layers as a single server instance, or similarly, where a single highly-capable server can be presented as multiple server instances. Likewise, individual storage assets routinely leverage RAID (Redundant Array of Inexpensive/Independent Disks)  which virtualizes real hard drives and presents a single logical storage interface to the application layer.

SD-WAN virtual interfaces are incredibly powerful constructs, as the multiple, underlying transports are now combined into a single entity. The manner in which the constituent WAN links are combined is important, and we refer to either “Broadband Bonding” or “Broadband Aggregation” depending on the details. While these terms are sometimes used interchangeably, we differentiate between them by considering the bonding case to be where the bandwidth of the underlying WAN links are combined in some manner – resulting in the virtual interface presenting a much higher bandwidth (the sum of the individual bandwidths) to the application layers. We refer to broadband aggregation when the WAN links are intelligently orchestrated by the SD-WAN device (such as this Truffle device), but the bandwidths are not necessarily combined into a larger pool. In particular, when the underlying WAN transports have similar characteristics in terms of bandwidth, latency, jitter, packet loss then the bandwidths may be pooled, but for dissimilar transports (think cable and wireless, or satellite and DSL) blindly pooling bandwidth doesn’t make sense, and the lines are intelligently orchestrated and aggregated instead of blind aggregation.

Both techniques allow for sophisticated management of the interface, particularly regarding traffic control and application optimization. And when connected with another SD-WAN virtual interface using either another SD-WAN edge device or peered to a cloud relay, the highest performing IP tunnel available is realized.

SD-WAN Virtual Interfaces as Tunnel Endpoints

Having a highly capable virtual interface implemented in your office network edge device significantly improves reliability, efficiency, and overall performance of traffic flowing in and out of your local network. But when two such virtual interfaces are connected or peered together, the resulting overlay tunnel becomes the optimal IP connection between the endpoints.

If this overlay tunnel is being orchestrated by the most advanced SD-WAN technologies, advanced algorithms implemented in the tunnel and at the endpoints essentially result in the network connection being set on “autopilot” because network problems are solved before you can even notice them. The tunnel essentially “thinks for itself” while it measures, stores, and remembers vital statistics from each individual link comprising the tunnel. Metrics such as bandwidth, latency, jitter, and packet loss are constantly being monitored, so the most efficient path through the tunnel is always maintained. In some cases, this is done on a packet-by-packet basis and other cases this is done on a per-flow basis, depending on what makes the most sense for the application traffic as well as the underlying physical WAN connections. You are guaranteed that your VoIP and other real-time traffic will travel the path of minimal latency and your business-critical traffic will remain uninterrupted – even if the underlying WAN link goes down.

Overlay Tunnels Provide Flexibility and Security

With an overlay tunnel established using the virtualized endpoints, the resulting connection should provide greater security as well as tremendous flexibility in shaping the traffic that flows through it. By using a cloud relay as one tunnel endpoint (or midpoint, as the cloud relay may be connected to both virtual endpoints) it is possible to assign an elastic, static IP address to each endpoint of the tunnel. This allows the tunnel endpoints to have a single IP address assigned by the cloud relay. Remember that the virtualized interface is comprised of multiple, disparate WAN connections, often using different providers, and each independent WAN link has its own IP address. By allowing a single static (it remains fixed within the cloud computing environment) and elastic (the IP address can be thought of as being pulled from the cloud to the local device) IP address, the interface has a more defensible security posture, as all traffic will come through the single IP address, so a uniform and consistent security strategy can easily be applied to the entire interface, without customizing the security profiles for each underlying WAN link.

Also, the tunnel should be able to encrypt any (or all) traffic passing through it, as well as seamlessly pass  already-encrypted traffic. This further enhances the security of the tunnel, and provides a “VPN-like” connection between endpoints, safeguarding business-critical information.

Flexibility within the tunnel refers to the tunnel’s ability to monitor underlying WAN links’ health, and dynamically adjust algorithms to steer traffic along the optimal path at any given time. Often, this is achieved by using network function virtualization (NFV) to customize how the virtualized interface manages specific types of traffic, or specific network conditions. Some devices have many of these VNFs (virtualized network functions) already built-in, so, for example, your VoIP traffic will always use the lowest latency path in order to optimize the MOS score, less important traffic can be assigned to lower bandwidth paths, and business critical traffic may be replicated and striped across multiple links to ensure no packet loss. Basically, NFV simply refers to a chain of packet-processing nodes that you want your router to implement for a specific type of flow. Being able to easily create and customize these VNFs on your SD-WAN router allows tremendous flexibility in how your network behaves under virtually all traffic and network conditions.

SD-WAN Virtualization – Part of a Complete SD-WAN Solution

Virtualizing your SD-WAN interfaces, through either broadband bonding or aggregation, allows the interface to leverage the diversity of the underlying, multiple ISPs. This creates “high 9s” availability across the multiple ISPs that is not possible with a single service provider. Building an IP virtualized connection out of disparate WAN links clearly has reliability, performance, and even cost benefits compared with any single IP connection with equivalent specs.

As part of your complete SD-WAN solution, make sure your SD-WAN broadband bonding device also has advanced features, such as broadband bonding, advanced layer-7 routing, cloud-based monitoring capabilities, dynamic quality of service (QoS), deep packet inspection (DPI) and application performance optimization for various flow types including live video, VoIP, web surfing, cloud apps, backups, and others. Then your SD-WAN virtualized interfaces will be part of the most robust, reliable, highest performing, and cost-effective internet connectivity available.

Rob Stone, Mushroom Networks, Inc. 

Mushroom Networks is the provider of Broadband Bonding appliances that put your networks on auto-pilot. Application flows are intelligently routed around network problems such as latency, jitter and packet loss. Network problems are solved even before you can notice.

https://www.mushroomnetworks.com