Don’t look into SD-WAN (until you’ve understood three things)By Steve Coakley,
I pulled in to a roadside café to talk to Adrian Comley (general manager for our Dynamic Network Services) about the future of corporate networks. Despite a nearby over-sugared child’s best attempts to distract us, we had a really good discussion. In fact, we covered so much ground that I have to break it into two parts. Here’s the first.
So when did you join and what do you do now?
I joined in 1999 as a financial controller and I’ve been in product management for 12 years now.
I’m responsible for our global investment programme we call Dynamic Network Services. This includes bringing new technologies including NFV (for virtualised network functions) and SDWAN (software defined wide area networks) into our global network services portfolio.
A big part of my role is about bringing IT leaders through our Dynamic Network Services roadmap and making it specific to what they need. The starting points vary: from exploratory commercial or network evolution conversations to a response to a specific RFP.
What do you hear most often when you meet IT leaders of global companies?
Most customers have started their hybrid network journey, improving their network with a mix of public and private connectivity. And they’ve made savings from that, so they’re then intrigued to find out more about SD-WAN.
Cutting through the hype is key. A lot of SD-WAN marketing is borne out of the US where organisations are still on private MPLS networks (in some cases with leased-line access). That means savings might be greater there. But the majority of our customers have taken the first step to their future network and are hybrid already.
Can you boil down for our readers how SD-WAN might benefit their business?
Its user-friendly portals give powerful control over network functions. It keeps your network flexible, allowing the business to react quickly to needs. It’s also a cost-cutter, helping you save by becoming more efficient and moving away from expensive MPLS networks – although that can impact service, security and performance.
Can you elaborate on the three areas impacted by SD-WAN?
Investing in SD-WAN can be a great choice for a business. But what’s important to remember is that there are pitfalls too. And you need to take these into account so that you can make the best decision to meet your unique business needs.
You need to understand three things before you get started with SD-WAN:
- Underlying network complexity
- The need for more bandwidth
- The security question
So on the first one: is it a case of ‘any sufficiently advanced technology is indistinguishable from magic’?
SD-WAN is an overlay transported onto a complex network underlay. It’s a bit like an automatic car. The SD-WAN is the car’s controls. You can accelerate, brake, steer, indicate and play music — all easily. The network underlay is the inner workings. The engine, the computer, the gearbox, the air conditioning system. If something goes wrong there, then there’s very little the average person can do about it.
How does an IT person identify if an application performance issue is down to the SD-WAN ‘overlay’ or the transport network ‘underlay’? If ten alarms appear at a site, how do they identify the root cause and avoid fixing ten events?
And the need for more bandwidth?
A common problem that people sometimes forget is the packet overhead. Because SD-WAN creates secure tunnels (based on IPSEC) across the network, these tunnels create an overhead. This overhead means that packets are, on average, 20 per cent larger. As a result, the user can need 20 per cent more bandwidth in order to run the SD-WAN.
To achieve this, companies consider moving from MPLS to the public internet in order to increase their bandwidth. But this, too, has its pitfalls. Just like a firehose may not be the easiest way to get a drink of water; when moving to public broadband, you suddenly need to consider contention ratios, internet exchange points, peering policies and the fact it will often adversely impact application performance.
Is it the increased public internet usage that prompts the security question?
For me, it relates to combining network layers. Cyber attackers thrive on gaps in a system, and a poor connection between overlay and underlay can create holes in an organisation’s defences, making you susceptible to attack. This changes the dynamic of my meetings with IT leaders as now I’m usually accompanied by one of my security colleagues.
Also, historically customers would have had two distinct RFPs: one for network and one for security. Now, moving to cloud needs more control than ever before, with a uniform security policy, across an ever-expanding network security perimeter. You need to have a ‘sum of the parts’ discussion.