SD-WAN: Centralized Orchestration

By Nathaniel Moore, Aerohive Networks.

Software-Defined Wide Area Networking (SD-WAN) is an innovative new approach to the deployment, management and operation of WANs. Explore the key benefits of this exciting new technology.

Part 1: Centralized Orchestration

Problems often arise when an organization experiences growth and expands its outreach to other locations. Unfortunately, positive business growth has a negative impact on performance, flexibility and operational expenditure (opex) if the network is not built with multi-site operation in mind. The problem is exasperated if the organization supports remote workers. In principle, each of these individual workers are similar in function to a branch site – they require network connectivity, access to corporate resources and everything must remain secure and compliant.

For this to occur, the inevitable outcome is multiple, geographically spread Local Area Networks (LANs) with a means to connect with HQ. This process creates a Wide Area Network (WAN). Managing a WAN presents its own challenges, one of those is managing multiple routers and WAN links. Each router ends up with its own:

  • Hostname
  • Static IP address
  • Dynamic Host Configuration Protocol (DHCP) pool, subnet mask, reservations, lease time, domain name and options
  • Domain Name System (DNS) settings
  • Network Time Protocol (NTP) settings
  • Network Address Translation (NAT) settings
  • Virtual Local Area Network (VLAN) configuration
  • Routing policy
  • Virtual Private Network (VPN) configuration
  • Firewall Access Control List (ACL)
  • Administrative settings
  • Port configuration
  • + More!

Traditionally, configuring these properties and managing routers at multiple locations is a time-consuming process. Administrators have to connect to each router individually, using either a Command Line Interface (CLI) or Graphical User Interface (GUI) on a device-by-device basis. Turn-around time can be reduced with scripts, but ultimately, it will over-complicate an already convoluted setup.

With every router and WAN link operating independently, troubleshooting a WAN-related issue is also nothing short of opening Pandora’s box. Diagnosing a WAN comprising of hundreds or thousands of routers and trying to find the ‘haystack needle’ is no small feat.

Another common misfortune is human error, with configuration inconstancies and oversights leading to network outages. Corporations attempt to remedy this issue with stringent change-control and disaster recovery processes. Although creating such policies is rarely a bad idea, their ability to effectively prevent human error with an ever-growing WAN is somewhat limited. In fact, overbearing change-control will only lead to a less responsive IT team, unable to maintain, update or optimize the unique time-sensitive requirements of the router or WAN link at a particular site. Also, why plan for a disaster if it can be prevented from happening in the first place?

How does SD-WAN help?

With SD-WAN, out-of-band software can be used to manage (orchestrate) thousands of routers. This leads to a singular, centralized platform (usually cloud-based) that is capable of updating the behavior of every WAN connection and router across the entire organization with a few clicks.

With this single-pane-of-glass, an administrator can view operational metrics, analytics and insights pertaining to every WAN uplink (broadband, MPLS, LTE and more), VPN connection, gateway and client, network user and much more.

Additionally, modern SD-WAN routers are programmed to self-optimize their operation, uplinks and traffic flow in real-time (more on this in a future post!).

In summary, SD-WAN Centralized Orchestration helps:

  • Simplify WAN management – no more CLI scripts or repetitive configuration.
  • Implement WAN changes quickly.
  • Maintain consistent, error-free configuration through a single network policy (regardless of how many sites there are).
  • React swiftly to issues with centralized monitoring, analytics and troubleshooting tools.
  • Manage and visualize the entire WAN (including remote branches and remote workers) via a single interface.