Software-defined WAN (SD-WAN) offers enterprise users a way to implement virtual private networks (VPNs) at a much lower cost than today’s operator-managed Multiprotocol Label Switching (MPLS) VPNs. However, today’s SD-WAN solutions put the enterprise in charge of all aspects of the network, including local access and backbone transport. That may be too much of a management burden to take on for already-overloaded IT departments.
SD-WAN also presents a threat to service providers who generate revenue from the managed VPNs that SD-WAN could limit or displace. Some operators have started to deploy appliance-based SD-WAN solutions as a stopgap, locking them into a closed vendor-specific solution. Such closed solutions do not meet the operators’ long-term goal of open, virtualized and automated service implementation, nor do they enable operators to offer new value-added services on top of these proprietary solutions.
There is an apparent gap between the benefits and promise of SD-WAN and its drawbacks. How can we close that gap so that we can realize the advantages of SD-WAN and avoid its pitfalls? We’ve developed a solution that works for both enterprise users and telco operators. We call it Ensemble SmartWAN.
Ensemble SmartWAN is an open virtualized networking platform for deploying and managing virtual SD-WAN and other NFV services at scale. The Ensemble SmartWAN platform enables service providers to deploy SD-WAN in an automated and virtualized fashion, consistent with their forward-looking architectures. With this approach, service providers can deliver new and more flexible VPN services to their customers at a lower cost and with more features than today’s service offerings. What’s more, Ensemble SmartWAN comes with a rich feature set for connecting off-net customers through the internet or wireless networks.
Ensemble SmartWAN is implemented as new or updated software products in the Ensemble portfolio. Here are the specific aspects of Ensemble SmartWAN that enable its benefits.
Ensemble SmartWAN transforms SD-WAN from today’s monolithic application to part of a disaggregated service offering that enables other VNFs to also access SD-WAN features such as hybrid WAN. Ensemble SmartWAN supports the logical separation of carrier networking from the application-aware functions contained in SD-WAN. It does this by harnessing Ensemble Connector to provide a high-performance virtualized network layer featuring best-in-class, secure and performance-assured connectivity over Carrier Ethernet, MPLS and broadband networks in hybrid on-net, as well as off-net, scenarios.
With the Ensemble SmartWAN platform, operators can now offer SD-WAN functionality as a feature in advanced services, rather than as a standalone application. For example, Ensemble SmartWAN might be used in an initial deployment to provide secure connectivity. Later, an incremental unified threat management (UTM) solution could be added dynamically when needed, taking advantage of the open nature of the Ensemble SmartWAN platform. This best-of-breed UTM solution can access the network using a policy-controller hybrid WAN function that is part of the Ensemble SmartWAN solution. Other VNFs can be added as needed, providing a means to securely deploy dynamic services.
Another aspect the Ensemble SmartWAN platform is NFV management and orchestration (MANO). SD-WAN is delivered today as a standalone system, including management. While suitable for self-managed enterprise applications, this approach is not suitable for service providers who need integrated and automated systems. In contrast, Ensemble SmartWAN is built on the principles of NFV, including MANO functionality. This approach enables SD-WAN to be a part of an orchestrated, dynamic and virtualized service portfolio.
Ensemble SmartWAN provides the virtual infrastructure for hosting virtual SD-WAN deployments and any other best-of-breed virtual network functions (VNFs). Unlike today’s monolithic SD-WAN solutions, Ensemble SmartWAN enables service providers to combine SD-WAN with advanced best-of-breed VNFs from any supplier. Operators are no longer locked into a closed solution.
In addition, Ensemble SmartWAN is built with a modular control plane that includes Ensemble Connector, Ensemble Controller, Ensemble Orchestrator and Ensemble Director. These components have open APIs and can be mixed and matched with solutions from other suppliers, as well as with open source solutions.
The vendor-neutral nature of Ensemble SmartWAN means that it can support simple construction and rapid deployment of advanced virtualized services that include SD-WAN as a key functional component.
Virtualized implementations of SD-WAN face a problem in bringing up a new site for hosting the needed VNFs. How do you access a site to install the needed VNFs for networking, when those same VNFs are required to establish the initial network connectivity? It’s a “chicken and egg” kind of issue. Ensemble SmartWAN solves the problem by providing a sophisticated method for securely commissioning and bringing up new sites – without requiring modifications to today’s SD-WAN VNFs while being managed over a single VLAN.
The Ensemble SmartWAN zero-touch process begins with the operator centrally defining policies and configuration for the servers at the access locations. The servers and secure access codes are then sent separately to the access locations – ideally to the user themselves for self-service installation. The user connects the device power and internet access, then enters the access code. The Ensemble Connector component of Ensemble SmartWAN contacts its central controller complex (including Ensemble Controller, Ensemble Director and Ensemble Orchestrator) to get its network and VNF configuration information and the service is then turned up automatically.
Ensemble SmartWAN leverages Embedded Cloud, which places the OpenStack controller on each compute node to realize the benefits of OpenStack, eliminating the issues related to scale, security and upgrades.
Standard OpenStack has a number of limitations that impair its deployability in service provider networks. Embedded Cloud places both the OpenStack controller and agent in a single server, creating a micro cloud.
Native VPNs Without Requiring a CE Router
Today’s SD-WAN solutions implement pure overlay networks built on legacy connectivity services and secure tunneling through the internet. This is okay for many deployments, but the real power of virtual networking is realized when both overlay and underlay models are supported. That’s what Ensemble SmartWAN does: it interfaces directly with today’s MPLS VPNs, without requiring a customer edge (CE) router. Integration of SD-WAN connectivity with MPLS networking is an essential step towards assured, secured, and automatically provisioned end-to-end connectivity across hybrid networks.
Only communication service providers are able to utilize an underlay networking option in addition to traditional SD-WAN overlays. While SD-WAN is currently utilized mostly by enterprises, CSPs can leverage the operational benefit of tight MPLS network integration. This advantage will shift the balance towards provider-hosted SD-WAN solutions in future. Ensemble SmartWAN is a key enabler towards this next level of network automation.
In an overlay model, the end nodes construct tunnels that ride over the existing network connections. Some of these connections may go over existing VPNs via co-located CE routers, as shown below.
With Ensemble SmartWAN, the SD-WAN implementation can also provide the MPLS peering and tunnels associated with the CE router functionality. Doing so simplifies deployment by removing the external CE router, as shown below. In addition, VNFs can now interact directly with the underlying MPLS VPN if desired.
Ensemble SmartWAN: A Better Way to Deliver the Benefits of SD-WAN
SD-WAN provides real value and is a good first step toward creating more dynamic and cost-effective private networks. However, today’s implementation comes with serious limitations that complicate its deployment in carrier-class networks.
Ensemble SmartWAN builds on the experience gained with current NFV, SDN and SD-WAN solutions to provide a more complete and flexible private networking solution, bringing together today’s MPLS backbones with leading-edge NFV functionality, all to give the end user more freedom of choice.