Tale of SD-WAN

How the world got from punch cards and wires to software-defined networking, and now what to do about it.







Once people decided that it was time to start exchanging data between two computers. All sorts of punched cards started there, etc. But then they inserted network cards into the computers, connected them with wiring, and it became easier to live. We bought a third computer, shoved a network card into it, but where to stick? Hubs and switches were invented, and then they got a call from another city, they say, we also want to join your grid. It seems to be nonsense, but then a limitation on the range surfaced, and they had to invent routers and communication channels.



Maintaining your own communication channels was very expensive, especially if your affiliates want to communicate not only with you, but also with each other. Therefore, some enterprising citizens have invested, built their networks and began to sell channels and connectivity between cities and villages as a service.



And then strangers began to enter our networks without asking. We urgently needed to close ourselves off from them. It was problematic to cram new functionality into routers, because they were originally designed to solve a very specific problem, and their architecture did not fit new problems. People invented firewalls. Invented and installed next to routers. So that no one would guess, it was decided to consider this not a bug, but a feature. They say, calmly, this is not a stupid and blind evolution that brought us here, but it was intended. And selling two pieces of iron is more pleasant than one.



But then some villains came up with all sorts of attacks on the network. And next to the firewall they installed IDS / IPS. And then another crisis came and everyone became poor. Some enterprising citizens have come up with traffic optimizers for this topic. People bought them and put them next to the rest of the pile of pieces of iron. In order to somehow understand what is happening now, we bought a management and monitoring system and, so as not to get up twice, an antivirus.



The manufacturers of ASICs and other network processors were satisfied, but Intel's shareholders did not understand, they say, why not stuff all this into a regular server, which is several times cheaper? Why feed other capitalists? Intel first answered them, they say, Linux processes all packets from the network card in the kernel through interrupts, so we can, but Linux can't, go to ____ (editor's note - far away). But the chorus of those calling out did not stop. Intel spat and came up with a way to transfer packets directly to the application, bypassing the Linux kernel (DPDK, no one will remember anyway).



And they were all like that: “Oh! Now network functions can be crammed onto regular servers! Or even one server! Instead of separate hardware, you can make separate virtual machines on one iron server, ask someone to come up with a way to arrange these virtual machines in the right order (service chain), ???, PROFIT !!! " ...


Moreover, the bottleneck initially was the need to use the Linux kernel, and now it is tadam! - no! And inside the server between virtualoks, there was no problem to exchange information before. So what was the matter for?



: « , , , . ! ! ! «» frame-relay isdn! ! , !»




Meanwhile, the SDN theme has become fashionable. Under it, some enterprising citizens decided to try to pull SDN onto the WAN globe. Even the term SD-WAN appeared, such as also a software-defined distributed network. That is, they first came up with a term, and then began to think about implementation.



So, initially there was a system for managing and monitoring servers that implemented network functions, which was not very cool and revolutionary.



Therefore, on reflection, startups have spawned a new concept: SD-WAN is not just about configuring hardware via a web-face. We no longer configure hardware - this is not a lordly business. Robots must work, man is created for creativity. People are composers, they write music, and the conductor rules the orchestra. And it doesn't matter how exactly he configures these virtual hardware, he will do everything quickly and without errors, the human factor is practically excluded, 100% guarantee of following the notes. "


Down-to-earth citizens compared the new approach with the traditional in a more restrained manner: “These are just two versions of the gearbox: manual and automatic. Automatic is more comfortable: let the robots change gears, and our business is to steer. "

Meanwhile, Agile has not yet gone out of style. Everything is in the subject!



What happened next?



  1. A router, FW, IDS / IPS, an optimizer, an antivirus, a control system and other DPI can now live in one bottle, which can control not just packages, but applications. Well, or not all in chorus, but any combination of them.
  2. Instead of an engineer, you can send an installer on a business trip, or in general it is stupid to wake up the guard by phone and ask him to connect the wires and power.
  3. Why program an essentially trivial task in assembly language at all when visual programming languages ​​exist?


And learning to navigate in a visual environment is faster, easier and cheaper than teaching a conditional CCIE. In general, it is better to lose a day, but then fly in 5 minutes.



: « , . : , — ! ! , , , ».


But the main flexibility of SD-WAN is in the efficient use of channels. The pieces of iron are very smart, so they constantly monitor all sorts of characteristics of different channels (whether dedicated line, whether the Internet - even corporate, even home, even the conditional Yota, even free Wi-Fi from the nearby McDonald's). Because sometimes a VPN over the Internet can be more profitable for a lot of reasons than a VPN over a dedicated channel. And depending on the set corporate policies, it is able to direct traffic from different applications to the most suitable channel for it, and what is “most suitable” is determined not by the thickness or type of the channel, but, for example, by delays.



Well, or how the suppliers themselves will decide, because they are now the main ones. And very, very flexible! And here from the audience screams, they say, so it sounds tempting, but we need it? And really, who cares? Those who have distributed networks and branches. And the more distributed and filial, the more you need. Banks with a bunch of branches and a network of ATMs, retail chains, insurance companies, franchises (such as burgers and fried chicken manufacturers), pension funds, Russian post offices. Here are the shops that have branches over the hill - it's a pretty sweet thing to use SD-WAN! But there are very, very potential clients. Who has the largest and most distributed networks with a billion connections? Operators, of course.



So what was the matter for? It's not about the transition to SD-WAN, not about software and hardware, but about a new service. Companies install configuration-control-monitoring at their place and sell SD-WAN as a cloud service, leasing client devices, for example! Taking into account the fact that one configurator-manager can hold 2500 devices on itself, and distributed between clients in any way, and clients will not intersect in any way and will not know anything about each other, SD-WAN is the nicest thing for operators.



Or, say, one of the offices decides to move. Well, whether the rent has ceased to arrange, whether the mayor attacked on a bulldozer under cover of night - let him move! He takes SD-WAN and brings down wherever he wants, even to the same business center, where all sorts of corrupt officials are not allowed. And no matter which operator he connects to in a new place, the pioneer seller will get a pretty penny for his (OWN!) Services, because SD-WAN, like that holiday, is "always with you." I plugged it in, all sorts of VPNs and other firewalls immediately turned on - and work, Iris, don't be afraid of anything. And monthly analytics in the context of channels and applications will arrive regularly.



At the moment, Soviet operators are not yet very quick to offer SD-WAN as a service, but then they will check it out and start offering it to honest merchants. And if businessmen do not like to sit down, there is a way out, and it is a mirror. You don't use a cloud-based SD-WAN operator's head, but buy your own, bring up, so to speak, Baba Yaga in your team. And that's it! Full mobility, complete independence and control over channels and applications. And the reliability is higher, and the freedom is complete. I wanted to - to this operator connected, I wanted to - to another, I wanted - I moved altogether. But the essence remained! I plugged the SD-WAN into an outlet, it immediately received new settings, all sorts of VPNs and other firewalls immediately turned on - and work, cassatik, don't be afraid of anything. It's good to be a free person!




All Articles