Monitoring SD-WAN and Other Overlay Networks

Why should we care about monitoring and visibility into Software Defined Wide Area Networks (SD-WAN) in the first place?  Well, for one thing, analysts’ consensus estimates that the SD-WAN market will grow from roughly $90M in 2017 to over $4B in 2020.  Digital economy demands agility in responding to user requirements and delivering superb user experience.  The former is achieved via agile development and various software defined technologies.  The latter has to be managed.  SD-WAN is the software defined networking solution for the edge and remote locations.  What that means is it is here, it introduces another variable in the service delivery chain, and both networking and application professionals must have a suitable visibility solution before deploying it.  Anything less makes operational support and user experience difficult to manage if not impossible.

Our enterprise customers tell us they see SD-WAN as a solution for leveraging broadband access to augment existing remote locations’ connectivity and availability, and to address out-of-region-coverage without the capex of owning the transport.  Another application of SD-WAN we are witnessing increasingly is to gain distributed secure access to the Cloud.  What that means is direct access from remote locations to user-adjacent cloud locations as opposed to tromboning remote user traffic through the core to go to public cloud.  SD-WAN’s dynamic, software controlled access agnostic, performance-optimized, secure, and policy-driven connectivity hits the mark on the above list of requirements. This goodness is of course not without its challenges.  SD-WAN is an overlay network made up of encrypted tunnels in a fractured vendor landscape.  Encryption and lack of a standard visibility solution represent the first two visibility challenges.

From our service provider customers we are also hearing that there is a push to simplify the branch office through replacing the clutter of customer premises equipment (CPE) (router, firewall, session border controller, WAN accelerator, etc.) with a single universal CPE (uCPE) made up of white box compute running a hypervisor with a vSwitch.  All existing CPE appliances can be replaced with a Virtual Network Function (VNF) running on the uCPE, which can be remotely provisioned and diagnosed.  This approach clearly represents not only increased agility but significant CapEx and OpEx reduction for the service providers.

The graphic below demonstrates how service providers will deploy uCPE VNFs.  These VNFs will form a service chain under the hypervisor.  What changes here is that now the network interaction between the edge firewall, load balancer, MPLS router, and SD-WAN will take place across the uCPE’s vSwitch.  This in turn creates the next monitoring and operational support challenge: lack of hop-by-hop visibility.

Now imagine for a moment that the same proven network monitoring tools and techniques that your operations staff depends on to manage the core and data center networks already is available in your SD-WAN and other overlay networks such as NSX and OpenStack Neutron.  This would significantly reduce operational risk associated with adoption of these new technologies.  It would also reduce management CapEx and OpEx and most notably alleviate the shortage of skilled staff to monitor and manage these new technologies.  In my previous blog, Service Assurance in Hybrid Cloud at an Affordable TCO (https://www.onug.net/blog/service-assurance-hybrid-cloud-affordable-tco/), I make this case for the hybrid cloud and how wire data solutions can be extended to empower and simplify application management across hybrid multi-cloud. 

In its Spring 2017 publication ONUG Monitoring & Analytics Working Group (M&A WG) recommends a three-pillar monitoring strategy:  application, infrastructure, and network.  We believe that wire data forms a core component of both network and application visibility.  (All legitimate user and criminal activity traverses the wire.)  And, what is needed is the extension of wire data instrumentation to new technologies such as a SD-WAN and cloud as opposed to upending your proven management strategy and foregoing this valuable source of data when dealing with emerging technologies.

A visibility VNF deployed on the uCPE provides an elegant solution to all three monitoring challenges of SD-WAN.  It could acquire wire data by tapping the hypervisor’s vSwitch traffic.  This traffic will include hop-by-hop interaction of service provider VNFs that are service chained.  User activity on the wire is observed after SD-WAN’s encrypted tunnel termination providing deep visibility into the performance of both the network and applications (Unified Communications, Oracle/SAP, Sharepoint, Office365, Salesforce, and etc.).  For the users of SaaS applications in remote locations whose traffic does not go back to the core this provides total visibility, which is otherwise non-existent.

Furthermore, since the uCPE represents remote user locations, the wire data gleaned provides a valuable user perspective, including Individual session analysis and packet decodes, which can be compared with those from the datacenter and public cloud locations to address hard to isolate performance problems quickly.  (Similar approaches extend wire data monitoring to other overlay networks such as NSX and OpenStack Neutron.)  Finally, this approach provides a vendor independent solution for visibility and service assurance in a fractured SD-WAN and public cloud market place.

 

Author's Bio

Babak Roushanaee

Director, Enterprise Technology Strategy at NetScout