network transformation strategy — part 1 how to migrate ... · the uture of sd-wan. today....
Post on 22-May-2020
1 Views
Preview:
TRANSCRIPT
+/- ÷AC
8 ×
5 -
2 +1
. =
%
9
6
3
7
4
0
$1,999,999.900
MPLS
Data Traffic
The Future of SD-WAN. Today.
Network Transformation Strategy — Part 1
How to Migrate Sites to SD-WAN
2Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
OverviewBy now, you’re probably all too familiar with the networking challenges facing the enterprise. Rapid site
deployment, Internet and cloud traffic explosion, protection from an endless supply of advanced threats —
today’s networking requirements simply didn’t exist when MPLS became the defacto standard for connecting
locations. Internet-based SD-WAN promises a way forward, but how do you move from a dedicated, carefully
managed MPLS service to an SD-WAN running over the free-for-all that’s the Internet?
This migration plan should help. It identifies the issues and options you’ll need to consider when evolving your
network. Gathered are insights from SD-WAN adopters, industry best practices, and our own experiences
helping hundreds of enterprises transform their networks.
While replacing MPLS is certainly the first step in most network transformations, it’s not the full story.
Enterprises face networking-related challenges beyond MPLS, such as:
yy Reducing the time to detect and remediate threats without increasing costs
yy Bringing IT security and compliance controls to cloud resources
yy Improving and simplifying the remote access experience
yy Finding ways to provide visibility into all enterprise traffic
To those ends, we’ve created a two-phased migration plan for
transforming your WAN. In part 1, this eBook, we walk through the
issues and challenges of the most common first step towards
WAN transformation — MPLS migration. In part 2, we’ll look at
the security, management, and connectivity issues associated
with branch offices, the cloud, and mobile users.
A final note before we jump into the details. This guide is meant
to lay out the issues and principles of any SD-WAN migration. It’s
not meant to serve as a guide for moving to Cato Cloud. If that’s of
interest, check out this step-by-step Cato adoption plan.
3Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
MPLS
MPLS
MPLS MPLS
Location Migration Summary Reducing MPLS bandwidth costs and improving agility are often the initial objectives of network
transformation initiatives. To ease that transition, follow these five steps:
1
2
3
4
5
Categorize Your Locations Group locations by their requirements for availability, packet loss, and costs.
Select the Right Last Mile Internet access services have different
characteristics. Use those difference to meet your
networking and business requirements.
Decide on Your Middle Mile Like Internet access, there are different middle-
mile options. Here’s how to select the one right for
your needs.
Engineer End-to-End Network Architecture Combine middle and last miles to deliver MPLS-
like quality with Internet-like price and agility.
Procure Your Last-Mile Services Decide whether to manage the last-mile procurement
and ISP evaluation in house or outsource.
4Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
1 Categorize Your LocationsDocument Site Requirements and Group LocationsStart your MPLS migration by documenting site requirements.
SD-WAN’s ability to simultaneously leverage multiple types of
access — MPLS, dedicated Internet access (DIA), broadband,
and wireless — allows for a graceful, incremental transition
away from MPLS, and gives you incredible flexibility in meeting
business and networking requirements. The same flexibility,
though, risks complicating operations, leading to a network of
“snowflake” implementations where a site has a slightly different
network configuration.
Avoid that problem by grouping locations according to their
networking requirements. If you’ve already gone through this
exercise, the site’s current connectivity can serve as a guide
(see below for details). Evaluate last mile requirements across
three dimensions — uptime, performance and anticipated cost.
Key sites, such as datacenters or the headquarters, will require
greater uptime, better performance, and greater investment than
small offices. Rank groups on a simple scale from low to high.
Keep it Simple Try to keep your categorizations actionable. Make them simple enough to be usable but not so simple
as to be inaccurate. A basic categorization map is provided below. Performance, in particular, may
need to be broken out further as application requirements can differ in terms of capacity and packet
loss. Latency is less of an issue given the last mile’s comparatively short distance. Depending on your
industry, regulatory requirements may also need to be considered.
Tier Description Uptime Performance Cost
T1 Large site High High High
T2 Medium site Medium High Medium
T3 Small site with failover Medium Medium Low
T4 Small site Low Low Low
Site Categorization Map
Grouping locations by requirements simplifies network operations at scale.
Networking requirements
Group 3
Group 2
Group 1
5Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
2 Select the Right Last MileWith sites categorized, map their requirements onto last-mile and middle-mile service characteristics.
Matching the service quality of MPLS circuits is possible, but requires understanding where problems
occur on the Internet and how to address them using the magic of multipathing and SD-WAN features.
Last Mile vs. Middle Mile: What’s the Difference? SD-WAN, and more specifically the Internet, consists of three segments — two last miles reaching from
the customer premises to their ISPs’ premises and the middle mile connecting the two last miles —
stitched together using the BGP routing protocol. Availability and performance issues associated with
the Internet manifest differently depending on the segment. (See this eBook for an extensive analysis of
last- and middle-mile challenges and how to overcome them.)
Contention for bandwidth and the lack of redundancy can leave the Internet last mile prone to downtime
and packet loss. SD-WAN addresses availability challenges with multipathing. Balancing traffic across
multiple last-mile circuits not only increases the capacity available to SD-WAN solutions but also allows
them to steer traffic around blackouts or brownouts. In fact, coupling last-mile services from different
providers can provide availability on par or even better than MPLS (see “How SD-WAN Provides High
Uptime Without SLAs”).
6Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
Types of Last Mile ServicesThere are two primary types of Internet last-mile services:
Dedicated Internet Access (DIA) is best suited for medium and large sites. DIA services are symmetrical services with committed bandwidth,
and guarantees for availability and repair. Packet loss rates are low but not guaranteed. Deployment times will
depend on the presence of existing fibers without which delivery will be comparable to MPLS. DIA connections
will cost less than MPLS but more than broadband connections.
Broadband Servicessuch as cable and DSL, can serve as primary connections for small sites or secondary connections for all sites.
As broadband services share capacity with other customers, actual capacity will vary based on the contention
ratio — the number of customers accessing the service. A contention ratio of 20:1, for example, indicates that
20 customers share 1 Mbits/s of bandwidth. Consumer broadband will have higher contention ratios; business
broadband will have lower contention ratios. With consumer broadband, repairs will generally be done on a
best-effort basis; there are no SLAs. Business broadband services will have a limited availability SLA. While
broadband services do not come with guaranteed packet loss, research from the FCC indicates that the
average loss for US broadband services runs about .8%. As for price, broadband is the least expensive Internet
service.
Wireless Access Servicesnamely 4G/LTE, provide a valuable function as secondary connections. Improving SD-WAN last-mile
availability is predicated on redundant physical infrastructure. But “diverse routing,” where access lines use
completely redundant infrastructure, is challenging as providers will share wiring ducts and other physical
components even for terrestrial services of different technologies. Mixing wireless and wireline services
addresses this challenge.
Type Availability Packet Loss
Contention Ratios
SLAs Time Price Delivery
MPLS (Leased Line)
99.9% .1% 1:1 Latency, Loss, and Availability
4-hours $$$$$ 30 -180 Days
Dedicated Internet Access (Fiber)
99.9% ~.5% 1:1 Loss and Availability
Next business day
$$$$ 30 -180 Days
Broadband 99% ~1% 1:20 None Best Effort $ < 7 Days
7Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
New York
Shanghai
Match Last Mile to Business Requirements By coupling the right last-mile service with specific SD-WAN features, you can address a diverse range of
network and business requirements. Minimize packet loss, for example, with DIA as the primary and, ideally,
secondary connection. Loss can be further reduced with packet loss correction technologies.
Mix and match Internet technologies to reduce site-deployment windows. Rather than mandating 90-day notice
for new sites, SD-WAN allows you to open offices in a matter of days (with broadband) or even immediately (with
4G). Connections can be upgraded to DIA when available.
It’s often assumed that the Internet cannot match MPLS performance, but that’s not exactly true. Through a
combination of SD-WAN features, multipathing, and the right Internet service you can meet application service
requirements while reducing costs and improving agility.
3 Decide on Your Middle MileWhereas the last mile faces challenges of availability and packet loss, the sheer length of the middle mile
makes latency and predictability the major issues. For those who want to avoid carrier lockin, there are two
middle mile choices — the public Internet and global managed backbones.
The Public Internetis well suited for low-cost, best effort services.
The already high latency of the middle mile is
only exacerbated by the routing policies of the
public Internet, which are optimized for business
concerns, not application performance. Packet
loss particularly becomes a problem in the Internet
core when providers exchange traffic at congested,
public peering points.
Global Managed Backbonesare low-cost alternatives to MPLS. Locations
establish encrypted tunnels across Internet last-
mile services to one of points of presence (PoPs)
constituting the backbone. Traffic is sent across the
backbone, exits through through the PoP closest to
the destination, and continues through the last mile
terminating at the final location.
New York New York
8Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
What to Look for in a Middle Mile By avoiding the public Internet, managed backbones eliminate the latency introduced by Internet routing, and the congestion
of public peering points. Global managed backbones should also optimize traffic and use application-aware routing to select
the optimum path for each packet, even if that path is not the most direct one.
Check that the backbone has sufficient resilience and geographic coverage. To minimize blackouts and brownouts, the PoPs
constituting the backbone should be fully redundant, and sites should be able to automatically connect to alternate PoPs in
the event of an outage. As for coverage, PoPs should be located within 25 milliseconds of your locations. Global, managed
backbones will be more expensive than the public Internet but should be far less expensive than MPLS.
Middle-Mile Attributes:
Type Performance Availability Coverage Price
MPLS Very good; Excellent
performance with the
least latency and packet
loss when connecting
locations. However,
often adds latency when
accessing the cloud and
the Internet, and lacks
mobile support.
Very good; Core
availability is excellent,
but high costs often
make last-mile
redundancy impractical.
Still, support teams
address outages within
specified windows.
Very good; MPLS
network providers
partner with one another
to expand their footprint.
Support teams will still
manage the network
end-to-end. However,
costs often increase and
control might be more
limited.
Poor; As fully-
managed services,
MPLS come at
a high premium.
Even unmanaged
services will be more
expensive than
competing middle-mile
architectures.
Internet Average; Unpredictable
Internet routing and
congestion at peering
points may mean
latency/loss will be great
one day and terrible the
next.
Good; The Internet core
might be unpredictable
but rarely fails
completely. Last-mile
availability will depend
on implementation.
Excellent; The Internet
core is everywhere,
available from anywhere.
Excellent; The
Internet is the most
affordable service
with a range of pricing
options depending on
the configuration.
Global
backbone
Very good; As
managed networks,
global backbones
offer latency/loss very
close to MPLS and
far better than the
Internet. Will also use
optimum routing for
improving cloud delivery.
Mobility support will
be implementation
dependent.
Very good; Core and
last-mile should be fully
redundant. Should a PoP
fail, backbones should
automatically switch
locations to next nearest
PoP.
Good; Global
backbones will have
global coverage of some
sort but how much will
be implementation
dependent. PoPs need
not share the same
city as your locations
provided last mile
access is within 25
milliseconds.
Very good; Global
backbones will be
more expensive than
the Internet core but
far less expensive than
MPLS.
9Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
4 Engineer Your End-to-End Network ArchitectureMPLS to Internet ConversionIn dealing with hundreds of customers, Cato Networks has
found that MPLS connections can be effectively replaced by
a combination of DIA and broadband services in the last mile
and a private backbone in the middle mile.
A medium-sized branch office with a single MPLS connection
and no backup, for example, should migrate to symmetrical
fiber with 1x-1.5x the bandwidth of MPLS and a second,
broadband link with 2x-5x MPLS capacity.
The additional bandwidth reflects the shift in quality and need
for capacity. DIA provides approximately the same last-mile
quality attributes as MPLS for business-critical applications
with the slight increase in capacity reflecting the difference.
The broadband link delivers additional redundancy and a
capacity boost missing from MPLS. Using a global backbone
in the middle mile completes the picture, providing an end-to-
end connection with latency and packet loss close to MPLS,
but with far more capacity and a much lower price point.
And What About SLAs? Companies who’ve shifted from MPLS to an Internet-based SD-WAN often find that sound engineering
is a far better predictor of network performance than service levels written in ways to be difficult for
customers to enforce.
MPLS to Internet Migration
Tier Current Connection New Connection
Link 1 Capacity Link 2 Capacity
T1 MPLS +Internet DIA 1X-1.5X MPLS Keep Current
T2 Single MPLS DIA 1X-1.5X MPLS Broadband 2X-5X MPLS
T3 Dual Internet Keep current
T4 Single Internet Keep current
MPLS
DIA+BROADBAND
10Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
5 Procure Your Last-Mile ServicesWith last and middle mile services identified, you’re able to determine whether to keep procurement in-house
or outsource to a last-mile aggregator who will manage the full procurement process using specific partnering
providers or ISPs around the globe.
What is Procurement?To be clear, by procurement we mean the
process of evaluating and selecting ISPs,
and managing those relationships, which
includes the full lifecycle of the last-mile
service — contract negotiations, site
deployment, invoicing and payment, working
the provider to resolve any network problems
and more.
Inhouse or Outsource?At first, consolidating procurement with an
aggregator sounds like the smart choice. It gives IT
“one throat to choke” in the event of a last-mile problem and
simplifies acquisition. But outsourcing acquisition also comes with a
significant uptick in cost.
What’s more when kept in-house, organizations can:
yy Save on the provider’s margin
yy Leverage their existing providers
yy Switch to providers with better networks
yy Meet personal or organization supplier preferences
yy In general have more control over last-mile selection.
11Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
Logistical ConsiderationsBudget aside, there are several considerations to determine which procurement approach is right for
your organization:
Monitoring and TroubleshootingWhile it’s true that good engineering and smart ISP selection can prevent many last-mile headaches,
it’s also true that you need to plan for troubleshooting last-mile problems. Centralized monitoring of all
last miles should be part of any good SD-WAN solution. As for troubleshooting, many organizations find
that by documenting the right phone numbers to call and people to contact at the local ISPs in advance,
and, if necessary, hiring another IT resource closer to the local timezone, can meet their troubleshooting
requirement and still save on procurement costs.
Accounting IssuesBilling, invoicing, currency conversion — the accounting issues of managing many ISPs may already be
addressed by your accounting team. If not, see what’s required to put them into place. Aggregators will
also supply those services.
Site Surveys On-site evaluations can be important for new installations, particularly when deploying LTE or
other wireless infrastructure whose performance is impacted by environmental factors. If you’re not
positioned to conduct local site surveys, be prepared to find a local partner or provider who can meet
that need.
SD-WAN solutions should provide centralized monitoring of and detailed insight into all last-mile connections.
12Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
The WAN Beyond the SD-WANAs we’ve seen, there are alternatives to high-priced MPLS services. You will need the right mix of redundancy,
last- and middle-mile services, and SD-WAN features. Migrating sites off of MPLS, though, is only the first
chapter in the WAN transformation story.
Often organizations find that reevaluating other dimensions of the network when
assessing their WAN helpful in improving overall IT agility and efficiency. This is
particularly true as WAN transformation, and more broadly changes in the way
we work, raise considerations that many MPLS network designs never needed to
accommodate.
Security is a case point. Many companies with MPLS implementations will find local
Internet breakout, recommended for branch offices in an SD-WAN, difficult, if not
impossible to implement with their centralized, security architectures.
The complexities associated with the new tenants of the modern WAN — cloud
resources and mobile users — are another set of examples to consider when
rethinking the WAN. Cloud resources are accessed by SD-WAN users, and SD-
WAN users frequently become mobile users outside of the office.
And finally, while we’ve spent a great deal of time discussing SD-WAN-related
deployment issues, we haven’t discussed how to administer and run the new
network. SD-WAN introduces a range of new management possibilities that will
allow you to operate leaner and be more responsive than was possible with carrier-
managed MPLS services. Which is right for you? We’ll explore those management
choices, as well as the branch security, cloud, and mobility issues in part 2 of our
network transformation strategy.
13Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
BRANCH APPLIANCE
ELIMINATION
SECURE CLOUD-BASED
SD-WAN
AFFORDABLE MPLS
ALTERNATIVE
SIMPLE NETWORK
AUTOMATION
MOBILE ACCESS OPTIMIZATION
Where do you want to start?
CLOUD DATACENTER INTEGRATION
Global Backbone. Cloud-Based SD-WAN. Firewall as a Service. All in OneGlobal Backbone. Cloud-Based SD-WAN. Firewall as a Service. All in One
The Cato ApproachCato Cloud is a self-service (or optionally, fully managed) SD-WAN service that not only connects but also
protects all the enterprise network elements, including branch locations, the mobile workforce, physical and
cloud datacenters, and cloud applications into a global, encrypted and optimized SD-WAN in the cloud. The
Cato Cloud network is a globally managed backbone that provides affordable, SLA-backed connectivity.
With all WAN and Internet traffic consolidated in the cloud, Cato can protect the complete enterprise with full
set of optional security services that include NGFW, SWG, IPS and more all backed Cato’s security team that
proactively hunts and identifies threats on customer networks.
To see how Cato can help your company visit:
www.CatoNetworks.com
@CatoNetworks
14Network Transformation Challenges and How to Address Them
The Future of SD-WAN. Today.
How SD-WAN Brings Five 9s Availability to Internet Last Mile
Appendix
As much as we might like guarantees, networking teams have long complained service level agreements
(SLAs). They’re difficult to enforce, written to favor the carriers, and any credits can never cover outage
impact. Some SD-WAN services might offer SLAs, but its primarily the redundant design enabled by Internet
affordability that enables SD-WAN to meet and exceed MPLS uptime.
To deliver uptime in your SD-WAN, start with the access services. They should share no physical components
— what’s called diverse routing. Since even competing terrestrial services often share fiber, ducting etc. many
organizations rely on LTE for a secondary or tertiary connection.
Configure SD-WAN appliances in high availability (HA) mode. Cato’s affordable HA provides appliance
redundancy without additional ongoing costs. In the event of an appliance failure, traffic is sent to the secondary
appliance.
The appliances will monitor and load balance the last-mile connections. They’ll use loss correction features,
such as packet duplication, to overcome line problems. Should there be a slow-down(brownout) elsewhere
in the network or a line failure (blackout), appliances automatically steer traffic around the outage, failing over
completely to the secondary connection, if necessary (and failing back based on defined policies). Taken
together with proper middle-mile redundancy, SD-WAN services can deliver better than MPLS uptime even
when using the Internet.
top related