SD-WAN: The promise vs. the reality
There’s no denying that the SD-WAN market is having a moment. After sliding into the Trough of Disillusionment on the 2017 Gartner Hype Cycle, SD-WAN was firmly on the Slope of Enlightenment for 2018, and continues to build both momentum and advocacy as the decade comes to a close.
What’s attractive about SD-WAN is that it doesn’t force teams to solely seek direct Internet access (DIA) for all traffic, as IT may want to retain some MPLS connectivity as enterprises overhaul their network architectures to support cloud and SaaS deployments. This can be practical in directing VoIP flows, for instance, which are far more sensitive to fluctuations common on unmanaged networks by steering them over dedicated MPLS circuits instead of DIA tunnels.
But despite growing familiarity with SD-WAN products, there’s still a lot of air-clearing that needs to be done to define what these solutions claim to entail and what they actually deliver.
SD-WAN brings promises of lower costs, manageability, resiliency, and improved user experience. But this added innovation can leave network teams in the dark if monitoring strategies aren't evolved beyond typical device or traffic monitoring.
Many SD-WAN providers collect relatively basic app performance measurements that allow them to automatically redirect certain streams according to the controller’s policies. But there’s a wealth of granular data that the SD-WAN won’t pass on to IT.
Where SD-WAN falls short
As with firewall and wireless controller vendors, SD-WAN vendors may include some simple bandwidth usage reporting. But it’s dangerous for IT to assume this replaces a comprehensive monitoring and diagnostics platform.
For instance, these tools only monitor performance when a user is sending data over the network, which means that that when poor performance is detected a user has already been impacted. They also don’t inherently collect any hop-by-hop metrics across delivery paths, data about Internet routing tables, or communication between Autonomous Systems or any of the additional network infrastructure outside of the controller’s purview. When this detail is missing, IT can’t pinpoint which network organization outside of the local AS may be at the root of an issue, let alone isolate culprit routers or detailed error metrics.
A lack of “local” perspective
These solutions become especially insufficient when it comes to delivering a local perspective into app and network performance, giving centralized IT teams that are tasked with supporting remote offices only a partial view of the whole story.
As part of SD-WAN implementation, SD-WAN-enabled edge routers need to be placed at each branch location on the WAN that will dictate each office’s routing policies. A centralized SD-WAN controller pools these routing policies and sets a global standard for all traffic across the WAN that gives central IT a level of visibility across the enterprise footprint.
In most cases, visibility into app and network performance at each location ends at the edge router. Because teams need to implement dedicated firewalls and security settings at each remote location (in favor of the all-encompassing security delivered through a data center-centric network model where all traffic gets backhauled for security), SD-WAN control can’t generally make it “past the gate” into a remote LAN.
This could leave enterprise IT totally blind to issues that are impacting users where they reside, despite all signals from the SD-WAN controller indicating there was a smooth delivery -- at least to the edge router.
There simply is no guarantee at the end of the day that teams are truly getting an “end-to-end” picture when employing SD-WAN alone.
Integrated active monitoring outside of user traffic should be extended across the underlying links that support the SD-WAN deployment to deliver visibility beyond what is measurable at the endpoint. This gives IT the context needed to take remediation into their own hands rather than rely on the ISP to fix issues as they arise.
At the very least, IT needs a tool that can measure performance hop-by-hop across each network pathway in order to unpack that binary “good/bad” response they receive from their SD-WAN regarding delivery speed. But solutions also need to go beyond seeing just between the edge routers at each branch firewall and into the actual end-user perspective, looking both at the WAN and the LAN.