How to assess an SD-WAN product and determine which you need
Two main differentiators have emerged in SD-WAN products. Learn how they work and how an IT manager can use them to assess network performance and diagnose problems.
The software-defined WAN industry might only be a few years old, but it's already reaching a point of maturity. SD-WAN, once such a novelty, has become almost a commodity. Today, more than 50 companies offer some kind of SD-WAN product or service.
Differentiation between one SD-WAN product and another is increasingly happening in two ways. First, many vendors are already packaging SD-WAN capabilities with other functions, namely security. Second, the networking capabilities are being exposed through management consoles. See sample screenshots from various vendors below.
Editor's note: Inclusion or exclusion of a vendor or a vendor's screenshot does not indicate approval or disapproval of that vendor's capabilities.
Usability makes a big difference
The management console of an SD-WAN product is the cockpit of your WAN. Its usability will determine how quickly you can get up to speed in the new environment and get things done. Some environments take minutes to learn, while others might take days.
That brings us to the next point: the command-line interface (CLI). Many Cisco-hands will prefer an IOS-like CLI, which is a fair point. At the very least, if a vendor does offer a CLI, validate that all of the capabilities in the CLI are available in the GUI.
Ultimately, SD-WAN is about the WAN -- unsurprisingly -- and it's critical to understand what happens on the network. While in the past you might have needed to probe the network or run scripts to gather information from local routers, SD-WAN services provide a consolidated view into site metrics.
Most management applications from major vendors allow you to understand what's happening on the network in terms of network characteristics -- like loss, latency, throughput and, in many cases, jitter.
Some metrics are only shown in near real time, which can be helpful in planning and understanding historical network performance, but less helpful in diagnosing problems. When looking at real-time metrics, management screens should provide aggregate visibility for each location and upstream-downstream performance.
Over the years, a divide has grown between application people and networking people. Application people tend to speak in terms of transactions and server response time, while networking people look more at loss and latency. Even the way we talk about throughput -- megabytes per second for application people and megabits per seconds for networkers -- differs.
SD-WAN started to cross this divide by enabling IT teams to optimize routing per application. Increasingly, SD-WAN is expanding on those capabilities to deliver application-layer metrics. To do that, you first need to identify applications. All SD-WAN products can identify applications using information from the 5-tuple source/destination IP address, port number and protocol. Many applications, though, cannot be identified by the protocol alone. They might share protocols, namely HTTP, or employ multiple unknown protocols. The SD-WAN product vendor needs to use deep packet inspection to distinguish the application.
The second step is to display the metric relevant to that application. Many SD-WAN products now offer a mean opinion score for paths that carry voice traffic, as MOS is the standard metric for measuring voice quality. Others are more granular, looking at MOS for each voice call.
Other products now offer metrics more common to application performance monitoring, tracking server response time and transaction times, for example. Application-layer visibility might not be a must-have, but it certainly makes troubleshooting application performance issues easier. The network will always be blamed first for any problem. Providing application-level metrics that demonstrate the network is functioning when problems arise with the application can save significant time resolving a problem with your SaaS provider or application team.
Security capabilities in an SD-WAN product
As organizations replaced MPLS lines at their branch offices with dedicated internet, the need for local security has become more apparent. SD-WANs alone lack the firewalls, intrusion protection and detection systems, antimalware and antidata exfiltration capabilities to protect branch offices. Initially, SD-WAN vendors partnered with third-party suppliers. But, more recently, a number of vendors have included security capabilities in their base platforms. Those security capabilities should be available in the same SD-WAN management platform.
The window into your WAN
Some call the SD-WAN management console a view into the WAN, but it's more like a cockpit, allowing you to see and control what's happening on your network. As a whole, the network analytics tools we've seen from SD-WAN vendors might not provide the full seven-layer decode of a packet sniffer, though a few do. They are quite robust, however, and should enhance any IT manager's ability to diagnose network problems.