30
WAN. Re-invented. Technical Deep Dive SD-WAN for Service Providers Parag Thakore, Director Product Management Kangwarn Chinthammit , Director of Solutions Marketing
WAN. Re-invented.Technical Deep Dive
SD-WAN for Service Providers
Parag Thakore, Director Product Management
Kangwarn Chinthammit , Director of Solutions Marketing
Agenda
SD-WAN for SPs Enterprise Trends, Challenges, and Deployment Considerations
Top SD-WAN Considerations
SD-WAN Building Blocks & Deep Dive1. Unified Elastic Transport
2. Cloud On-Ramp
3. Flexible Deployments
4. Automation and Orchestration
Summary
3/21/2016 2
Businesses Blocked by WAN Challenges
3/21/2016 3
Application rollouts
inhibited by expensive
bandwidth
Branch deployments delayed
by IT complexity
Cloud migration not supported
by static architectures
X
X
X
Top SD-WAN Deployment Considerations
3/21/2016 4
Key Capabilities of SD-WAN (Source: Gartner)
1. Lightweight WAN CPE replacement that is transport agnostics
2. Allow for dynamic load sharing across multiple WAN
3. Dramatically simplify the complexity associated with management, configuration, and orchestration of the WAN
4. Provide secure VPN and ability to integrate additional network services and offload Internet traffic closer to the edge of the network
3/21/2016 5
Source: http://blogs.gartner.com/andrew-lerner/2015/07/07/sdwan/
SP’s SD-WAN Consideration Process
3/21/2016 6
What services can I offer?
• New services vs better existing services & ROI
How do I offer these services?
• Customer Experience, Reduce Truck-Rolls, Simplify Operations
How do I integrate into my network and operation?
• Flexible Deployment and Business Models, Fit SP topology, leverage SP network, integrate with OSS
VeloCloud SD-WAN Whole Offer - Building Blocks
3/21/2016 VeloCloud.com Company confidential. 7
Cloud
On-Ramp
Unified Elastic
TransportInternet
MPLS
Wireless
What to deliver ? How to deliver ?
Flexible
DeploymentsVNF
VNF
VNF
Automation &
Orchestration
Cloud-Delivered SD-WAN For NSP/CSP
83/21/2016
Dynamic Multi-path
Optimization
CE
Router
SaaS
SP
Cloud
Service
PRIVATE/MPLS
Cloud
DC
SP Orchestrator
INTERNET
PE
PE
Branch Site
Enterprise
DC
PE
SP Cloud
Gateways
SD-WAN CPE
Or Virtual Edge
1
3
2
• Public and private linksSecure Bonded Overlay
OnNet/Offnet support
• Gateway/VCO in SP cloud or
VeloCloud HostedDeliver Rich Services & Maintain Visibility
• WAN ExpansionNo RIP and Replace
• Scalable, Multi-tenant Architecture
• Thin branch, auto provisioned
• Direct path to Ent and cloud apps
3
Unified Elastic Transport
Dynamic Multi-Path Optimization
Assured Application performance over MPLS, Internet broadband and LTE circuits
Continuous Monitoring
Automatic capacity testing
Continuous link & path quality monitoring
MPLS Class-of-Service aware
Dynamic App Steering
App aware per Packet Steering
Virtualized: apps not tied to links
Aggregated bandwidth for single flows
Policies abstracted by link groups
Backup link policy
On Demand RemediationError & jitter correction
Automatic steering for brownouts/blackout
Case Study: 2500 Site Retail Hybrid WAN
•MPLS packet loss and outage
•Performance issues on CABLE
VeloCloud Delivers Excellent VOIP Quality
•Sub-sec steering of VOIP without call drops
•On-demand mitigation of packet loss & jitter
VeloCloud Networks | Proprietary & Confidential | © Copyright 2016
Customer base expansion with Offnet Deployments
17%of the time
single Internet link fails to
deliver expected application
performance
8.89
VQS >99%of the time
SD-WAN with dual Internet to
delivers predictable
application performance
VQS
9.96
Internet Cloud-delivered SD-WAN
Source: VeloCloud Internet Quality Report
Offnet Sites On-net Sites
TCP Flow Optimization
3/8/2016 12
TCP flow
optimization with
packet loss
occurring
Up to 20X better performance with SDWAN
Layer 7 Aware Stateful Application Firewall
• Granular application
policies for visibility and
control
• Firewall can also be
disabled in favor of
existing hardware
• ICSA certified by H216
3/8/2016 13
Cloud On-Ramp
Retail Case Study with UCaaS Provider
3/21/2016 15
• OTT service with hosted VOIP
• Cable simultaneously had critical performance issues
• Cloud-Delivered SD-WAN delivers app perf
• Policy based redirect (UC traffic only)
• OnDemand mitigation on Single Link
Voice/Video Optimization @ Retail Site
MOS: 2.1 @
2% Packet loss
MOS: 4.1 @ 2%
Packet loss
MOS: 3.3 @
33ms JitterMOS: 4.2 @ 33ms
Jitter
Legacy Vendor With SDWAN
Eliminiate NxN, High Performance Connection to VPC
VPC VPC VPC VPC
Connection to VPC requires either backhaul
to DC first or setting up IPSec tunnel from
every branch to VPC
Complicated and manual IPSec
configuration to VPC
Traditional WAN to VPC Connect to VPC with Cloud-delivered SD-WAN
High performance, secure connectivity to VPC
with Dynamic Multipath Optimization
Eliminate the mesh tunnels from branches to
VPC; only IPSec tunnels from the Cloud
Gateways are required
Automated IPSec configuration Cloud-
delivered SD-WAN
SD-WAN Automation and
Orchestration
SD-WAN Automation and Orchestration for ICOM
3/21/2016 19
*3 Tier Multi-Tenant * Role Based* RestFul APIs* Flexible Deployment Models*Velo/SP Hosted
Consolidated Dashboard for complete lifecycle management
3/8/2016 20
SLA Measurements Remote Diagnostics
Monitoring
Software Defined Automation
• Remote cloud provisioning
• Group business level policies
• Automatic link profiling
• One-click VPN to DC and cloud
• Eliminate NxN manual tunnels
• Dynamic branch-to-branch
• Cloud services insertion
• No complex per node routing
• Backhaul to on-premise services
Simplified Configurations Zero Touch Branches Easy Services Insertion
VeloCloud Networks | Proprietary & Confidential | © Copyright 2016
Flexible Service Insertion –Policy-based Application Steering and Redirection
3/21/2016 22
Internet/MPLS1
2
3
4
Dynamic branch to
branch tunnel Traffic to other on-net sites or SP
services
Critical traffic to the
Internet, e.g. SaaS
Non-critical Internet traffic,
e.g. Netflix
SP PoP
SP Hosted GW
VeloCloud GW
Policy-based Application Steering and Redirection - Examples
3/21/2016 23
Legacy WAN: ACL, IP address, subnets
SD-WAN: App-level policy
Legacy WAN: Need to put application in the right
queue
SD-WAN: App-awareness to choose the right
queue
Legacy WAN: Complex routing tuning & PBR to
do split tunnel
SD-WAN: App-aware split tunnel policy & single
click
Legacy WAN: Routing protocol tuning, probes,
PBR
SD-WAN: Dynamic path selection
Flexible Deployment Options
VNF for SP Universal CPE/vCPE
Edge VNF can be service chained on SP
owned Universal CPE
Flexible Deployment Options
Runs on x86 COTS
Multi-tenant GW software can interoperate
with existing Provider Edge Routers
3/21/2016 25
COTS
VeloCloud
Gateway Software
VeloCloud
Edge VNF
VNF
VNF
VNF
VeloCloud
Edge HW
MPLS
Orchestrator
Flexible Branch and VPN Handoff types
CE
Router
INTERNET
Dynamic Multi-path
Optimization
IPSecExisting VPN
Headend
VRF
26
PE
Service Provider
Cloud Gateways
PE
PRIVATE/MPLS
NETWORK
VeloCloud
Edge
Supported Onboarding
Options
Supported VPN
Handoff Options
Option 1:
Internet-only
Option 2:
Hybrid WANHandoff Option 1:
IPSec over Internet
to customer VPN
headend, firewall
Handoff Option 2:
VRF/VLAN handoff
to PE router to reach
destination on MPLS
PE
3/21/2016
Headend Deployment Options
3/21/2016 2727
INTERNET
PRIVATE/MPLS
NETWORKBranch Headend/Hub
Option 1:
Overlay tunnels from branch to hub.
Dynamic Branch to Branch
Need SD-WAN edges at all sites
INTERNET
PRIVATE/MPLS
NETWORKBranchSP PoP
IPSec
VRF
Option 2:
Overlay tunnels from branch to SP PoP.
Dynamic Branch to Branch
SDWAN and Non-SDWAN connectivity via
Core
VeloCloud Edge
VeloCloud Edge VeloCloud Gateway
Flexible Deployment Options
VM
• Appliance, Software or Multi-tenant Cloud
Datacenter OptionsBranch Options
• Appliance or Virtual Software
Form
Facto
rIn
sert
ion M
odes
VM
• Branch Insertion: Overlay Flow Control, On-Net + Offnet
• Headend and Orchestrator:
• Multi-Tenant and Single Tenant Options
• SDWAN and Non-SDWAN Sites
• Flexible Business Models
• VeloCloud Hosted for quick TTM
• SP Hosted and integrated with PE
• On Customer Prem
Flexible options simplify and enable incremental deployments
VeloCloud Networks | Proprietary & Confidential | © Copyright 2016
Cloud NetworkOn premise and cloud delivery
Cloud Delivered SD-WAN Architecture
29
CABLE
DSLLTE
MPLS
Branch
Velocloud
Edge
VeloCloud DC
Edge
Enterprise DC
Dynamic Multi-Path
Cloud VPN
Smart QoS
App Firewall & Web Security
Application Performance Monitoring
Services Catalog & Ecosystem
Virtual Services Delivery
SD-WAN Services OrchestrationBusiness Policy Automation
Overlay flow control and
services insertion
Visualization
Cloud DC
Multi-tenant, cloud scale
Distributed Redundant Infra
VeloCloud
Gateways
VeloCloud Networks | Proprietary & Confidential | © Copyright 2016
www.velocloud.com/sd-wan-dummies
Thank You!
