SD-WAN solution and its significance in the effective use of WAN connection

Software-defined wide area network (SD-WAN / software-defined WAN) is a transformation technology that simplifies application-oriented infrastructure control. It features a simplified connection to branch offices, increased reliability, optimized application performance, and increased network flexibility. SD-WAN reduces transmission costs, by providing a cost-effective and automated WAN architecture that is needed to implement business growth initiatives.

SD-WAN allows coordination of a variety of network types, such as broadban, DIA and LTE. They can be added to an existing MPLS infrastructure to create a hybrid network (combined) or they can also replace MPLS by using purely wireless or wired internet connections.

Question
Nowadays, a challenge of WAN performance optimization concerns that when applications are running, they are no longer set up at a fixed location such as a data center or headquarters. The company, which has a "hub-and-spoke" or Star Topology protocol, makes it easy to access. As a result, applications tend to be based on cloud computing technology, moving to provide web-based services. This has led to conflicts with traditional security principles, where every user's connection is monitored through a central security gateway before connecting to the application on the web.

Obviously this is not the optimal way to use bandwidth. Companies have to pay a sizable monthly fee for the company's dedicated MPLS connection line with high requirements for speed, stability, quality of service ... but only for simple Internet connection. A more realistic option is to ensure connecting to the Internet or services on the web at the branch with the bandwidth required by the user, supporting many WAN connection options in reality, while maintaining the security policy. is the solution to consider. Hybrid solution (WAN Hybrid), compatible with many physical WAN connection options combining software to optimize WAN logic connection (SD WAN: Software-Defined WAN) for businesses / companies to be developed. for this purpose.

Optimize WAN with SD-WAN solution
A hybrid, software-defined WAN (SD-WAN) uses a 7-layer approach that thoroughly solves issues: connectivity, data compression, data buffers, protocol / darkening. Optimizing, shaping multithreaded traffic, security, optimizing application path, and application mobility provide a solution that balances WAN connection performance while ensuring access. of the web service to provide.

Connect

First, the solution needs to allow maximum flexibility in connection with support for many types of physical WAN connections. Users can easily add any type of connection to access the WAN, from traditional MPLS (multi-protocol label switch) connection method, dedicated internet connection (Dedicated), tape connection. Broadband, or even wireless connections such as 3G / 4G / LTE and wireless satellite connections.

Today, with the technology trend, many users tend to abandon traditional technologies such as MPLS, switch to new technologies such as virtual private networks, via the Internet platform.

However, with specific areas such as finance, law and health care, the privacy of personal information is important, and is governed by sanctions, maintaining a network for Particularly is a mandatory requirement, while ensuring easy and convenient connection at the national and global level, but still subject to the general security policy of the enterprise. Besides, it is necessary to take into account the ability to change according to market trends and needs, to expand connection points, as well as to require bandwidth changes, at that time, SD-WAN solution is the optimal choice. .

Optimize application paths

Optimizing the application path is critical in ensuring the performance of the WAN. A modern, hybrid WAN is defined with a variety of connections. Users must take this into account in selecting an appropriate solution. Application flows should be optimized on the right paths to meet business requirements. The parameters range from application connection request, availability, continuity of connection to real-time WAN data such as latency, packgage loss (packet loss), jitter. (the concept of changing the time it takes a packet to be sent over the network), and bandwidth, which will be the data used for specific software algorithms to solve problems and to optimize the selected path for each application.

This software is the core value of the WAN optimization device, which is also the reason why the name SD-WAN appears, although it still uses WAN-connected devices to connect multiple physical WAN lines. And the result is always transparent and not aware of changes to the end users, ensuring that the application session state is maintained continuously, ensuring the requirements set out, from latency, availability, Secure ... for all types of applications, even if the physical connection has changed. Of course, with high-priority applications, according to the level of user requirements for settings such as finance, healthcare ..., will also be given priority in the short-list to ensure connection conditions. This is especially important for real-time traffic like audio and video over the IP protocol.

Ignoring complex technical factors, users are concerned with specific requirements, including the ability to maintain application connectivity in full working sessions, factors with failover, and transition. The connection needs to be seamless and transparent, and does not affect business operations that are an important requirement that cannot be ignored.

For Information Technology department, technical issues must be specific, details and algorithms must be clear and clear, in order to ensure important factors: session database must maintain links. connection and VoIP calls ensure quality, infrastructure factors such as power supply, backup, LAN infrastructure, WAN, device performance as well as connection safety, security, connection encryption, Optimize connectivity between data centers, headquarters, branches, mobile users, as well as cloud-based web applications. Depending on the priority of the application, there is an optimal connection plan: ensuring technical requirements and security according to the priority.

The modern SD – WAN network meets the requirements from both the IT department and the end user, and is user-friendly and easy to use.

Mobility of the application

In fact, SD (Software – Define) technology is not only applied on devices that support WAN connection, but also popular application across the network (Software Defined Network - SDN) is a new structure, using software, designed to allow networks to be more flexible and more cost effective). With the popularity of SDN technology and cloud computing options, users have a variety of flexible solutions that make it easy to deploy an application in their data center, deploying on a traditional basis. on-premise, or deploy on cloud technology (on Cloud Computing).

Also set up a site for application redundancy to prevent disaster or set up all the above options if necessary; establish a backup policy that connects to each solution automatically, on demand and priority, transparency with users, friendly for IT management. In addition, the solution supports API communication to ensure easy integration with the control network at the data center, ensuring future expansion.

Any SD-WAN solution needs to support good management and configuration management with centralized interface, can easily update the policy (Policy) for the entire system, including application part. software, patches, as well as hardware and firmware (Firmware) that is not geographically dependent, and can "personalize" the application according to specific policies for user groups, functional groups or physical connection node.

Service quality of application layer

With traditional WAN connections, the service quality of the application or packet depends on the destination of the packet (Next Hop), so if the packet is from the origin to the destination, the packet must go through many destinations. received, the risk of any point being blocked, will lead to packet loss.

In MPLS network, users can set up multiple service layers to ensure the priority of important services in the WAN. However, when the application packet leaves the QoS setup device, switches to Internet connection, the packet will have to follow the Best-Effort model (FIFO, First In - First Out mechanism: the packet comes first, forwarded) between the packet receiving points.

In addition, the traditional QoS feature does not support establishing on multiple connections at one location, so when the main connection fails, the QoS rules will not automatically forward to other connections. Priority will be interrupted and manual restoration is required.

Protect

The most common reason for not switching to a hybrid WAN architecture is security at the branch. With direct Internet connection at the branch, there is concern that the security factors at the branch will not be guaranteed. SD-WAN solution will solve this problem.

A true SD-WAN solution will have to be able to update policies automatically from centralized management points to branches set up by the system administrator, both in the WAN as well as over the Internet. SD-WAN devices located at the branch nodes are integrated with basic firewall features, which can receive policy updates from centralized administration, and also provide security and security. Control connection at branch in case of loss of connection with centralized administration.

To remain efficient in the network, the SD-WAN solution can establish connections with different levels of security. Traffic over secure paths such as MPLS or point-to-point links can skip data encryption. Traffic via a public Internet connection will be encrypted using a built-in cryptographic module that meets industry standard encryption in the device. Conventional cryptographic module has built-in 256-bit encryption, capable of multiplying sessions across multiple connection channels is optimal to ensure information security between connection points.

Optimizing application protocols

Even in the most modern WANs, there will be applications written to run on a specific regional network. At that time, no matter how many connections, with any bandwidth, the application may not work optimally, then the need to optimize the application's protocol.

At that time, SD-WAN solution will take advantage, with optimal algorithm, the balance between QoS policy and rules will automatically adjust the parameters on the links / paths, ensuring that applications The application is set to prioritize the least affected. Then, set aside bandwidth, connect to the next application in the list.

Caching and data compression

Although the SD-WAN solution provides a modern, hybrid WAN connection, it does not mean the bandwidth provided is endless, or it will send a monthly bill of "heaven". Therefore, traditional methods, such as data compression / or data caching, are always mentioned in any solution, no matter how modern. Excess network bandwidth, like most IT resources, will always tend to be used. Data compression and caching features should always be an "always on" policy for applications, at branches.

Conclude
With an intelligent design, meeting the technology trend, SD-WAN solution with support for a wide range of features, multiple connections, firewall, anti-virus, web filtering, and dark features VPN optimization, WAN connection, load balancing with a smart, friendly centralized management interface, suitable for the needs of business users / organizations of many organizations / branches with large scale.

The world great event

Operate and exploit advertising by iCOMM Vietnam Media and Technology Joint Stock Company.
Adress: 99 Nguyen Tat Thanh, To 2, Khu 6, Thi tran Tan Phu, Tan Phu, Dong Nai.
Email: [email protected] | Tel: (+84) 984654960
Editor in chief: Tran Nha Phuong
Company: Lucie Guillot (Nha Phuong Tran)

Contact

INFORMATION RESEARCH LIMITAD
Responsible agency: Union of Science and High-Tech Production and Telecommunications (HTI)y
Copyright © 2022 iCOMM Tech JSC