SECURE DIGITAL WORKSPACE
Selecting the optimal SD-WAN solution for your enterprise is not easy. With vendors and industry analysts all talking about the same topics using the same buzzwords, it’s hard to decide what features and benefits are most important, and how to differentiate between products. This paper lays out some important factors to consider when selecting an SD-WAN solution.
SD-WAN (Software Defined Wide Area Network) products have a very successful track record improving application performance, lowering WAN costs, and strengthening business continuity. But as you consider deploying SD-WAN, it’s important to understand the differences between solutions. Identifying which features matter to your enterprise is essential in selecting the best SD-WAN solution for your business needs.
This paper describes key criteria for evaluating SD-WAN solutions. It discusses the most important issues, and outlines levels of capability that separate “just okay” products from really good ones. The paper does not compare specific products, but it does include examples of features from Citrix NetScaler SD-WAN, one of the leading solutions in this field.
The Benefits of SD-WAN Solutions
Wide Area Networks are a critical component of today’s enterprise computing infrastructure. But WANs suffer from many problems, including congestion, jitter, packet loss, and outages. Erratic performance frustrates users, especially for low-latency applications like VoIP calling, video conferencing, video streaming, and virtualized applications and desktops. WAN capacity can be expensive and difficult to expand. Complex WANs are difficult to manage and troubleshoot.
SD-WAN products address these problems. Typically they are appliances or virtual appliances placed in small remote and branch offices, larger offices, corporate data centers, and increasingly on cloud platforms. Some of the key benefits of SD-WAN solutions include:
Although most SD-WAN products address the same problems, they provide very different levels of capability. Enterprise evaluating SD-WAN solutions should understand the different benefits and levels of functionality available to solve different problems, determine what level they require, and look for products that offer those capabilities.
The failure of a network link can put users “out of business.” Losing access to mission-critical applications can reduce productivity and affect customer service. Manually rerouting traffic to back-up links forces high-priority applications to contend with all other traffic for limited bandwidth, creating even more user dissatisfaction. SD-WAN products are essential tools for improving resiliency and providing fast failover.
SD-WAN solutions make packet delivery and application performance more reliable by routing network traffic along the optimal paths between two points, based on factors like the requirements and priority of the application and the capacity and quality of the available paths.
A few SD-WAN offerings rely on administrators to pre-define paths for all applications, and to make manual adjustments when contention and low quality are detected on a path. Most SD-WAN products, however, automatically assign paths based on factors such as latency (i.e., the time required for a ping to make a round trip between the locations). The highest-priority applications are reassigned to the lowest-latency paths.
Problems can still arise, however, when the selection criteria are too narrow, when thresholds are set too high or too low, or when it takes the product more than a few seconds to detect that the path has deteriorated or failed.
More sophisticated SD-WAN solutions select paths using algorithms based on multiple factors such as packet loss, jitter, and congestion as well as latency. These solutions use a dynamic analysis of multiple criteria, rather than fixed thresholds, to determine when paths need to be changed. The highest-priority applications are re-assigned to the lowest-latency paths. These capabilities do a better job of matching high-priority applications with the highest quality paths, and of making adjustments faster when path quality deteriorates.
When a network link goes down, lost connectivity can interfere with critical business processes and anger users. Even a short interruption can cause users to hang up on a VoIP call or teleconference and to restart applications. It can also disrupt virtual desktop sessions, backups, large file transfers, and other key software activities. SD-WAN solutions can detect outages of network links and reroute traffic to alternate paths. The best products can identify outages and take corrective actions in a second or less, making the outages imperceptible to users (see the Sub-second Detection of Path Outages callout box).
Example: Sub-section Detection of Path Outages
NetScaler SD-WAN appliances tag every packet they send with a sequence number and information about the packets to follow. This allows the appliance at the destination to detect path outages after just two or three missing packets, so traffic can be rerouted before users notice any disruption
When a path outage is detected, some SD-WAN products redirect traffic to a pre-defined backup link. More sophisticated solutions intelligently reroute traffic from high-priority applications to the remaining paths with the best performance and the lowest packet loss and jitter, and traffic from lower priority applications to the next-best path with available capacity. This ensures that high-priority applications not only continue to function, but in most cases suffer no performance degradation.
Quality of Service
Not all applications need the same levels of service from the network. Some applications require high performance, high reliability, and high quality in order to deliver the expected user experience. For example, many users will get very angry if quality is erratic for voice over IP (VoIP calling), audio and video streaming, or if performance deteriorates for virtualized applications and desktops. In these situations, poor quality can cause users to stop and restart the phone call, the download, or the virtualized application, making network performance even worse. But what features in SD-WAN solutions can guaranty excellent QoS for key applications?
Most SD-WAN products allow administrators to assign applications to a series of categories that range from “high priority” to “low priority,” or from “real-time” to “bulk.” More sophisticated solutions allow administrators to prioritize applications at an even more granular level by creating rules based on parameters such as the application, the user, the protocol, and source and destination IP addresses.
Some SD-WAN products include features for traffic shaping and dynamic bandwidth reservation. For example, a minimum bandwidth can be specified for a certain class of application on a given path. This feature ensures that no matter how congested a path becomes, no important application class will ever be forced below a minimum bandwidth allocation. A refinement on this approach is to also specify a “share” for each class of application, so that when capacity is limited bandwidth will be allocated between them based on their relative shares. Another traffic shaping technique is detecting “backpressure” from a destination. If the SD-WAN appliance at the destination indicates that there is no spare capacity, the appliance at the source will hold back traffic to that location, and use the resulting free bandwidth to send packets somewhere else. This promotes efficient use of overall bandwidth while preventing the destination from being even more overloaded.
An advanced SD-WAN solution can ensure high application performance and zero packet loss by sending duplicate packets from the source location to the destination via two independent paths. The first packet to reach the destination is used and the second is discarded. This approach uses some extra bandwidth, but it is a powerful tool for ensuring very high reliability and quality for applications like VoIP calling, video conferencing, and virtualized desktops.Multiple Paths Per Session.
Some advanced SD-WAN products allow traffic from a single session to be divided over two or more paths that are dynamically linked. This has two important benefits:
Applications like VoIP calling, video conferencing and chat often require connections between two remote points (say branch offices) that have to go through a corporate data center, or a cloud platform, or make multiple hops. When one of these applications starts a session, an advanced SD-WAN solution can create an on-demand connection that utilizes the shortest possible path and dynamically combines multiple links into a single virtual path. It can also apply features like dynamic path selection and traffic shaping end-to-end.
All SD-WAN products provide basic compression (removing unneeded and repetitive characters) and basic caching (storing copies of frequently used files at the destination node so they don’t have to be retrieved multiple times across the WAN). These capabilities improve application performance, which makes users happy, and decrease congestion on networks, which reduces networking costs.
Some SD-WAN solutions provide advanced techniques for application optimization on top of basic compression and caching. Advanced deduplication includes the ability to cache and reuse individual blocks and bytes, in addition to entire file objects. A related feature is storing in memory small, frequently used data streams so they can be accessed extremely fast. With protocol acceleration, details of specific protocols can be used to eliminate unnecessary actions that take up network capacity. Examples include proxying client-server handshakes, reducing protocol chattiness, and optimizing payloads (see the Accelerating CIFS callout box).
Example: Accelerating CIFS
CIFS is a protocol designed for Windows file sharing on LANs. A client requesting a large file using CIFS over a WAN might have a read limit as small as 4KB, forcing the user to wait several minutes to retrieve the entire file. NetScaler SD-WAN “understands” the CIFS protocol, so it can retrieve a file over the WAN in much larger chunks, dramatically reducing the user’s wait time.
“Application fluency” refers to a technology that can parse application traffic and leverage knowledge about features in specific applications, rather than treating all application traffic as an undifferentiated stream. (See the Microsoft Apps and Virtualized Apps callout box.) Video delivery can be optimized by identifying, classifying and caching video files based on video format, as well as by object-level compression of video files. This can result in major bandwidth savings and performance improvements when multiple people at the one location view the same video.
Example: Microsoft Apps and Virtualized Apps
NetScaler SD-WAN accelerates Microsoft applications and protocols like Microsoft 365, Microsoft Exchange, Microsoft SharePoint, and the CIFS and NFS protocols, as well as applications and desktops that have been virtualized by Citrix XenApp and XenDesktop. It accomplishes this with techniques that significantly reduce the WAN traffic required to update screens, move a mouse, drag and drop objects, copy files and folders, print files, and perform other common actions.
Most SD-WAN solutions use IP-SEC encryption to protect data in motion. Some include additional security features such as rotating keys, and splitting designated application traffic across multiple links so it can’t be understood even if a hacker can eavesdrop on one network segment. A few SD-WAN products can also inspect SSL/TLS encrypted tunnels. This allows them to apply traffic shaping to traffic from Facebook, YouTube, Twitter, Google Apps, Box, Salesforce.com, GitHub, and the many other web applications that use SSL/TLS encryption.
Deployment Options and Scaling
Most SD-WAN solutions are available as pre-configured appliances. However, some vendors offer a choice of deployment options that includes pre-configured appliances (easy to deploy), virtual appliances that run on the enterprise’s existing hardware (low cost and easy to upgrade), and virtual appliances on cloud platforms (see the Cloud Deployment callout box). SD-WAN solutions can also help enterprises scale their WANs very cost-effectively, by adding capacity with broadband and 4GE connections, rather than by investing in expensive additional MPLS circuits.
Example: Cloud Deployment
NetScaler SD-WAN can be deployed as a virtual appliance on the cloud in environments such as Amazon Web Services (AWS). That allows NetScaler SD-WAN to provide latency-aware path selection, QoS, traffic shaping and other advanced features to traffic flowing to and from cloud-based applications.
Administration and Troubleshooting
Some SD-WAN products need more effort to configure and manage. Administrators should be concerned about solutions that use command-line type commands for some activities, depend on manual selection of paths, or require configuration tasks on each individual appliance.
More advanced solutions provide an easy-to-use GUI interface, use algorithms to select paths automatically, and include tools to push out configuration changes quickly to multiple appliances. A few also implement a true “software defined networking” approach that allows all appliances and virtual appliances to be configured centrally based on application needs rather than underlying hardware.
Administrators should also evaluate the analysis and troubleshooting tools that work with the SD-WAN solution. Desirable features include:
NetScaler Insight Center collects data from NetScaler SD-WAN appliances and provides visibility into the behavior of over 200 enterprise applications. It can use industry-standard AppFlow® data reporting formats to feed data to third party analytics tools from organizations like Splunk and Solarwinds. The HDX Insight™ module within Insight Center can provide extremely detailed reporting and analysis of XenApp and XenDesktop activity, including application launches, bandwidth usage, response times and errors by application, by user group, and by individual user.
Vendor Track Record and Support
SD-WAN technology is improving rapidly, and the vendor landscape is changing. To maximize their return on investment now and in the future, enterprises should look for vendors who have longstanding track records for industry leadership and customer satisfaction, as well as world-class support, sales, and channel organizations.
SD-WAN products have been proven to increase application performance and reliability and to dramatically reduce the costs of expanding and managing wide area networks. But SD-WAN solutions are not the same. Evaluators should weigh alternatives based on the features and levels of capabilities outlined in this paper in the areas of:
View these resources to learn more: