The SD-WAN vendor scrum grows; an increasing number of companies are contending for a place in your WAN traffic patterns.
The big idea for SD-WAN is that multiple physical WAN links of any sort can be used to carry traffic without the network engineer having to do much engineering. Rather, the SD-WAN solution runs an overlay (tunneling) on top of the physical infrastructure, abstracting the actual links away.
SD-WAN forwarders (somewhat analogous to routers) monitor the performance of each physical link, and forward individual flows to remote SD-WAN forwarders across the link best able to handle that flow’s SLA requirements. Where did it get the SLA requirements? A network operator defined them in a central controller, which distributed that policy to all of the SD-WAN forwarders.
The practical upshot of all this? A company can reduce spending on private WAN links by adding cheaper broadband links to the WAN mix.
Quality for sensitive traffic is delivered over the cheap Internet circuits because (a) you bought several connections in the hope they won’t all be awful at the same time and (b) the SD-WAN forwarders monitor quality in real-time and shift application flows accordingly.
At the risk of overgeneralizing, here’s a list of the companies (some of whom are Packet Pushers sponsors) I’ve heard present about their SD-WAN products, sorted alphabetically.
Intelligent WAN (IWAN) runs on Cisco routers with the appropriate licensing. IWAN is a collection of Cisco technologies that work together to make dynamic forwarding decisions. For example, IWAN uses DMVPN as the overlay and PfRv3 to monitor path quality, managed by a hierarchical arrangement of policy distribution routers. Network operators will manage the system via the soon-to-be-GA APIC-EM controller.
CloudGenix offers a full SD-WAN solution complete with forwarders, a policy controller, and a traffic analytics engine. It’s conceivable to replace traditional WAN routers with CloudGenix forwarders, which CloudGenix calls ION Elements, over time. CloudGenix prides itself on application and sub-application identification, an important capability when mapping application flows to specific WAN links for transport.
Glue recently launched its GluWare 2.0 orchestration system. GluWare’s initial use-case was orchestration of Cisco’s IWAN, but the system has grown to be a toolset for broader networking engineering configuration needs. I’m planning a POC of GluWare 2.0 to get up to speed, and expect that we’ll discuss the product in a future Packet Pushers episode.
I was recently briefed on Mushroom Networks by Cahit “call him Jay” Lad, CEO. Like Talari, mentioned below, Mushroom has been around for a while. It got its start making broadband bonding appliances, maximizing traffic throughput by making multiple physical links, of whatever type, behave as one single link. Some of you might think of MLPPP; Mushroom offered a more comprehensive solution than that.
With that heritage, Mushroom has moved into the SD-WAN space. Mushroom can still tie all links together, and push a single flow across all links, something that no other SD-WAN solution does at this time (that I know of). For those of you who shuddered at this notion, thinking of “per packet load balancing” in ECMP scenarios, consider that Mushroom deals with re-ordering of packets when needed, etc. for you — and it’s old hat to them.
Mushroom can also manage sensitive traffic such as VoIP or video with its Armor products that specialize in these sorts of traffic flows.
Nuage Networks’s SDN solution has found traction as network virtualization platform and in cloud operations. Nuage Networks abstracts the physical network away, and automates virtual network services. The functionality is rich enough that Nuage Networks has a play in the SD-WAN space as well, although that has not been its hallmark. If you’ve not heard of Nuage Networks, you should put them in the same mental bucket as Cisco ACI and VMware NSX.
Long the WAN acceleration king, Riverbed is adding SD-WAN capabilities to its strengths in traffic analysis and knowledge of WAN environments. Riverbed could be criticized for being a little slow to the SD-WAN party, but customers who are already using the venerable Steelhead products for WAN acceleration should be poking their reps about SD-WAN capabilities.
This is especially true for those enterprises consuming applications in the cloud, as Riverbed partners with cloud providers to position what I think of as “Steelheads in the sky.” The right license key gives you access to this functionality.
Historically a WAN optimization player like Riverbed, Silver Peak has released an SD-WAN product called Unity, including the Unity Edge appliance that can terminate WAN circuits. Silver Peak has always been good at application identification; it brings that capability, along with its policy controller, into a full SD-WAN solution. Silver Peak also offers a step-up called Unity Boost that adds WAN optimization capability to the SD-WAN platform.
Sonus manages application flows across a WAN infrastructure with its NaaS IQ product, conceptually similar to some of the other solutions mentioned. Where Sonus is unique is in how it directs traffic. Sonus manages WAN edge switches using OpenFlow, although it de-emphasizes OpenFlow specifically, pointing out that how it directs flows is less important than the fact that it does direct flows.
Talari is another SD-WAN firm with appliances as well as a controller. Its value proposition is for you to mix and match your WAN links while guaranteeing a particular user experience you define. Talari is notable in that the company has been around for a while, offering an SD-WAN solution before SD-WAN was a trendy buzzword. Even if you’ve never heard of Talari before, it isn’t a startup. Packet Pushers recently recorded a show with Talari customers that will be released in the coming weeks.
VeloCloud’s SD-WAN focuses on optimizing user experience as they consume cloud applications. VeloCloud has appliances located globally, and makes certain that your LAN-to-cloud traffic traverses the optimal Internet path. VeloCloud also offers a brandable solution for managed service providers, and will be growing into the enterprise WAN space as well. At a couple of events, I’ve seen a fascinating demonstration where VeloCloud simulates a troubled link and pushes a video stream through it, both with and without VeloCloud impacting the flow.
Similar to CloudGenix, Silver Peak, and Talari, Viptela works with a central policy controller and SD-WAN forwarders. Viptela’s early differentiators have been high scalability and easy integration with traditional routing systems. Viptela has sponsored two Packet Pushers podcasts.
There are several other companies I’ve heard mentioned in the SD-WAN space that either I’m just not familiar with, or who are trying to cash in on the SD-WAN buzzword bandwagon with a surfeit of marketing hutzpah. I’ll leave out the bloviators, but mention a few others I’ve heard about that do indeed have an SD-WAN product. I only know these vendors from their websites, meaning I haven’t had a chance to interview any of the teams responsible for these products.
CloudBridge appears to be an SD-WAN solution focused on optimizing traffic flows between a local office and cloud-hosted applications. The presentations that would offer technical detail were hidden behind registration walls, rendering them inaccessible.
Ecessa offers the WANworX appliance that checks many of the SD-WAN boxes for me. The data sheet speaks of support for hybrid WAN and flow steering. Multiple WANworX devices can be managed via Ecessa Cloud.
On its website, FatPipe claims to have been in business for 12 years, and has “the largest installed base of customers in software defined network WANs.” Its MPVPN product description seems most to align with what I’d expect from an SD-WAN forwarding appliance. Coupled with its Symphony orchestration platform, I believe we might see what I think of as a typical SD-WAN architecture.
Ocedo makes a hardware gateway that comprises common elements of an SD-WAN solution. There’s a VPN overlay to connect remote sites, centralized policy management, link management of multiple providers, application identification, and traffic prioritization. The solution is also centrally managed. Ocedo also mentions that the solution can be wholly hosted by the customer, as opposed to some elements being hosted in the cloud.
All of these plus a few more vendors I personally haven’t yet talked to in the SD-WAN space can be found in the Packet Pushers Virtual Toolbox, along with several other helpful collections of vendors and tools.
We hope you give the Virtual Toolbox a look and offer us input as to what else you’d like to see.