Free Trial                 English Chinese

Blog


Why SDN concepts need to extend into the WAN

SDN has been primarily discussed as network architecture that finds its roots in the datacenter where Layer2 technologies dominate. However, the network, like the economy, is global and the enterprise wide area network (WAN) becomes an essential component of that global network. SDN programmability within the datacenter will only solve one aspect of the larger issue. That programmability needs to extend all the way across the WAN to realize true benefits of software defined networks. As they say, you are as good as your weakest link.

Let us first try and peel back the layers of SDN and how it impacts networking. Networking typically involves a collection of switches and routers that work in harmony to achieve end to end communication. The key functions of these network elements can be segmented into layers of management, data plane and control plane. The traditional way of making these nodes work with each other is by implementing protocols running at each of these nodes to exchange information. This creates a distributed architecture, where every node across the network needs to be at a similar state to get the desired end result. In addition, these protocols are very rigid in what they can and cannot do. The result is a very static network architecture that is not adaptive to change.

Traditional WAN set-up without SDN architecture

Now consider what would happen if we remove the protocols and instead open up a standard set of APIs. Then, build a centralized control plane that uses these APIs to program the network elements. This control plane will have a global view of the network and can make smart decisions. For example, how can one carve out a dedicated path between 2 servers? If we had switches opening up APIs indicating the flow to the output port mapping it is a matter of programming all the elements with that information. Imagine trying to do that with the spanning tree protocol instead! This is just a very high level concept, but the fundamental idea is that network elements need to be programmable and cannot be static within a fluid environment like the Cloud, where provisioning needs to happen on demand and elasticity is a key requirement.

WAN set-up with software defined network architecture included

Moving the same concept into enterprise networking, Firewalls, VPN, WAN optimization solutions and, QoS are some of the aspects of WAN technologies built on a foundation of L3 routing. L3 routing is destination based and is not flow aware. It does have significant benefits over L2 networks, like support for multi pathing, VPNs but is built on protocols running in a distributed manner and lacking programmability. A WAN network can be built using the same fundamentals of SDN as demonstrated above and also be programmed to be flow- aware to control actions based on latency, loss, jitter characteristics that typically affect WAN networks. More importantly, L3-L7 network functions are typically implemented in software, which makes them very viable candidates to run on commodity hardware (thanks to advent to multi-core processors) with well-defined APIs.

Protocols are only needed when crossing administrative boundaries and not within managed networks. If this can hold true for a LAN and within a datacenter, then why not for a WAN network managed by a single provider.

The time has come where programming from the LAN will extend into the WAN and back into the LAN with some kind of standardized protocol for LAN to WAN access across different administrative domains. For example, the edge of a global WAN network can be accessed using IPSEC VPN tunnels. An IPSEC VPN tunnel is nothing but a virtual port that connects over networks similar to racking up a server to connect to an access switch.

Aryaka has built a global network that has MPLS/LAN like capabilities. There are software elements running in this network which are completely virtualized with built-in flow acceleration, QoS, security to name just a few. Any customer location – a branch office, the HQ and even the datacenter can connect to this global network using any standardized IPSEC VPN device to the nearest POP globally distributed across the world. Aryaka can optionally provide a local device that sits within the customer’s network to enhance last mile connectivity, if needed. This device in completely owned, managed, provisioned and upgraded using Aryaka’s patented technology, requiring no intervention from the user except for plugging it in at the right place. Watch out for more information on how Aryaka defines SDN-like concepts into the WAN.

- Mouli

Mouli-v2

Leave a Reply

  • (will not be published)