By: Ralph Santitoro | October 25, 2018
SD-WAN plays an important role in the enterprise digital transformation. When enterprise applications ran exclusively on site or in private data centers, traditional WAN services interconnecting enterprise sites and data centers were sufficient. However, as enterprise applications migrated to the public cloud as SaaS or workloads running in Virtual Private Clouds (VPCs), traditional WAN services proved inadequate to address these new application requirements. This led to the rise of SD-WAN services.
An SD-WAN service is an overlay network service that operate over-the-top of traditional WAN connectivity (underlay) services. Unlike traditional WAN services, SD-WAN services also cognizant of subscriber applications and thus can apply policies, e.g., QoS, Security, WAN cost policies, etc., to unique application flows rather than indiscriminately on packets for all application. SD-WAN services also leverage local and remote Internet access connections to dynamically select the path with optimal performance to connect to SaaS applications.
A major industry challenge today is the lack of a formal definition of an SD-WAN service. In other words, what are the minimum set of capabilities required for one to be able to claim that a service as an SD-WAN service? Without an industry standard definition, buyers need to be very meticulous when comparing services branded as ‘SD-WAN’. Sellers also must expend an excessive amount of time explaining their SD-WAN service capabilities as part of the pre-sales process. If an industry definition existed, one could simply refer to that definition thus saving time and effort for buyers and sellers as they evaluate, sell and compare SD-WAN service offerings.
MEF is creating an SD-WAN service definition to do just that – describe the core, baseline capabilities of such a service to help buyers and sellers of SD-WAN services. In the spirit of agile development methodologies, MEF plans to define the requirements for a ‘minimum viable service’ – the fundamental capabilities for an offering to be considered an SD-WAN service. This work will be augmented frequently through MEF’s new agile standards development process. The MEF standardization of an SD-WAN service will accelerate industry growth as MEF has exemplified with its work standardizing Carrier Ethernet services.
As part of this SD-WAN work, MEF is defining the core capabilities and components that encompass an SD-WAN service as they have done for Carrier Ethernet, IP and Optical Transport service definitions. Below is a preview of the MEF’s SD-WAN Service definition work in progress that will be discussed at the MEF18 event in Los Angeles on October 29th.
Core SD-WAN Service Capabilities
- Secure, IP-based Virtual Overlay Network
- Operates over any Underlay Network (MPLS, CE, Broadband, LTE, etc.)
- Real-Time QoS Performance Monitoring of Underlay Networks
- Application-aware Networking
- Underlay Network Bonding to utilize all Underlay Network Bandwidth
- Higher Availability via Multiple Underlay Networks from Multiple Service Providers
- Policy-based Packet Forwarding (or blocking) by Application versus indiscriminately on all IP packets
- Local and Remote Internet Breakouts for optimal SaaS and Public Cloud Performance
SD-WAN Service Components
- SD-WAN UNI
- SD-WAN Virtual Connection
- Underlay Connectivity Services
- Tunnel Virtual Connections (TVC)
- Local Internet Breakout
- SD-WAN Edge
SD-WAN UNI
As with all MEF service definitions, the UNI provides the demarcation of responsibility between Service Provider and Subscriber. However unlike other MEF connectivity services, an SD-WAN Service UNI will often be delivered inside a Subscriber’s virtual private cloud via a virtual interface delivered via a VLAN or IP address rather than a physical interface.
SD-WAN Virtual Connection
As with all MEF service definitions, the Virtual Connection (VC) describes the interconnection between all UNIs participating in the SD-WAN Service. Unlike other MEF connectivity service VCs, the SD-WAN VCs, operating strictly as an over-the-top service and can extend to the subscriber’s workload running in their virtual private cloud (VPC).
Underlay Connectivity Services
SD-WAN Services operate over existing underlay WANs. MEF refers to these WANs delivered by a service provider as Underlay Connectivity Services. These underlays often consist of different technologies, e.g., MPLS and DSL Broadband Internet, and an SD-WAN Service typically operates over at least two underlays.
Tunnel Virtual Connection (TVC)
TVCs are the tunnels created over the Underlay Connectivity Services between each physical site and VPC interconnected by the SD-WAN Service. An SD-WAN Service can bond TVCs across each underlay creating a higher capacity connection whose bandwidth is the sum of each bonded underlay. A TVC inherits the properties of the Underlay Connectivity Service over which the TVC operates. This simplifies Service setup by abstracting the Underlay Connectivity Service as a set of properties to which policies can be applied, e.g., flat-rate vs. usage-based bandwidth costs, public vs. private WAN, etc.
Local Internet Breakout
As more enterprise are being consumed as SaaS running in a public cloud, rather than private data centers, local Internet breakout becomes more critical. Backhauling all traffic to a central Internet connection at the data center or headquarters will result in diminished application performance. Local Internet breakout at each site enables the SD-WAN service to select the best performing path to the SaaS application
SD-WAN Edge
The SD-WAN Edge delivers the SD-WAN UNI and provides set of network functions between the SD-WAN UNI and the Underlay Connectivity Services. Such functions include:
- Application flow classification
- Real-time QoS performance measurements over each Underlay Connectivity Service for making packet forwarding decisions based on individual application flows
- Encrypting packets before sending over a particular WAN
- Determining whether application flows should be sent over a TVC or over a local Internet breakout connection based on bandwidth cost, security, QoS, SaaS application in public cloud, etc.
- Enforcing Policies on different application flows before forwarding over a TVC.
SD-WAN Services are typically deployed over existing Underlay Connectivity Services at the subscriber site. The SD-WAN Edge is placed between the Subscriber’s network and the WAN demarcation devices provided by the WAN Service Provider. Such devices include Ethernet NIDs, DSL/Cable/LTE Modems, MPLS CE routers and IP routers which provide the service termination for Carrier Ethernet (CE), Internet and LTE services.
The SD-WAN Edge functionality may be placed in a VPC operating in a public cloud provider’s infrastructure, e.g., AWS, Azure or GCP. The SD-WAN Edge virtual network function (VNF) running in the VPC enables the enterprise subscriber to use an SD-WAN service to securely interconnect their physical sites with workloads in their VPC dynamically and seamlessly over multiple operator networks. This is what makes an SD-WAN service unique when compare to traditional WAN connectivity services.
Looking Ahead
As enterprises increasingly move their workloads to VPCs, they need their physical office locations to connect to their VPC securely and reliably. Unlike a physical SD-WAN Edge operating a subscriber location, the SD-WAN Edge VNF operating in the enterprise subscriber’s VPC needs more sophisticated onboarding and lifecycle management by the service provider delivering the SD-WAN service. This requires ETSI MANO functionality used in conjunction with the SD-WAN service orchestration and control provided by MEF’s LSO. Additionally, MEF has several active LSO projects from business operations, e.g., service quotations, through service activation, e.g., network resource provisioning that are readily extensible to SD-WAN services. MEF’s holistic approach to services, from service ordering through service delivery and lifecycle management, will accelerate enterprise digital transformation through SD-WAN service growth and market adoption. To learn more about MEF’s SD-WAN work attend the upcoming MEF18 event (Oct. 29-Nov. 1) or visit mef.net/services/sd-wan.
About the Author
Ralph Santitoro has expertise that spans the assessment, definition, design, integration, operations, marketing, and sales of multi-vendor solutions and managed services using Edge Cloud, SD-WAN, SASE, Zero Trust, Cybersecurity, Private 5G, and Work-from-Home technologies that facilitate the enterprise digital transformation. Ralph is a founding member of MEF Forum where he developed the industry’s first SD-WAN standard and is leading a new standard developing a comprehensive Zero Trust Framework to continuously protect users, devices and applications from threats both known and unknown.
In 2014, Ralph was awarded the Distinguished Fellow title at MEF Forum for his outstanding, long time leadership and contributions to shape the telecom industry. In 2016, he was awarded the MEF Excellence Award for Best Consulting Practice. In 2018, Ralph was named one of the top 25 movers & shakers in the telecom industry by Fierce Telecom Magazine and in 2020, he was awarded the MEF Outstanding Contributor award for SD-WAN leadership and the driving force behind SD-WAN standardization. Ralph also co-authored 4 books and regularly lectures on leading-edge technology topics at industry events.
