Journey From Traditional Routed Network to SD-WAN

My organization was one of the early adopters of SD-WAN (Software-Defined Wide Area Network). We had around 100+ retail locations with about 2000 users. Our business model was such that it requires downloading rich media content on our user machines to look at the products and review various offerings. To suffice the ever-increasing demand for high bandwidth and improve the reliability, we were looking for the available options. Our network traffic was using a traditional network technology with almost all the traffic was getting back-hauled, and we had many low-speed T1 connections. Although the MPLS (Multi-Protocol label switching) connections were reliable, they were costly factoring the bandwidth they were providing. If we just went ahead with circuit upgrades, it would have caused a steep increase in our operational cost. Still, also, there might be a challenge in upgrading the cabling infrastructure for the providers to accommodate the bandwidth increase.

Apart from the challenges listed above, we also discovered that we need to look for a solution for below technical issues:

  • Purely routing based path selection – Not able to use active/active load balancing while maintaining symmetry
  • Operationally complex. No central configuration and policy management – Complex CLI based configuration for QOS, tunnels, routing, and firewall.
  • Lack of visibility into network and application performance while addressing user complaints.
  • Reliance on MPLS transport to meet the required SLAs ? Not enough bandwidth.

In addition to these technical challenges, the real issue was encountering poor user experiences on a few occasions while they are navigating various network resources with a lot of rich media content. We looked at the few available options, and SD-WAN was offering a solution for many of our issues. Few key points that were looking promising were:

SD-WAN can address all the challenges while increasing available bandwidth for end users by combining the capacities of all transports and using all paths in active/active fashion

  • Centralized management with zero-touch provisioning
  • Increase overall bandwidth capacity by >100% by using active/active paths
  • Reduce cost by replacing router and MPLS circuits with commodity Internet with 100x more bandwidth
  • Built-in Zone-Based Firewall.

The only challenge was how to build confidence in the new emerging technology and solve the puzzle of how we should adapt to it. The open-ended questions were:

  • Do I need to make any design changes in my existing core network?
  • How can I test and validate that it is working without making any significant changes in my production network?

To overcome these challenges, you will need a technology partner who not only has in-depth knowledge of his area but also willing to invest in understanding your network architecture and help you in making intelligent decisions to perform a successful Proof of concept (POC). We decided to install the appliance in learning mode and get some visibility before we make the device active. On a high level, we went ahead with the below-listed steps.

  • Started with Analytics mode to understand the performance of critical corporate applications
  • Enable Active/Active Load balancing with the router in place for the least changes in the existing environment with immediate benefits of SD-WAN.
  • Gradually removed the traditional MPLS router upon license.

The biggest challenge was the non-availability of diverse media circuits at all the locations. To overcome this, we had to quickly adapt the combination of a direct internet (DIA) and a private network connection.

The pleasant surprise was it was straightforward to make the changes on a central portal and push it to the sites as all the appliances are centrally managed.

We were able to complete the project as planned and were able to achieve some added benefits that were not even scoped during the time of engagement. I want to list some of the main benefits that we noticed.

  • The overall migration went very smoothly with little downtime that was planned during off-hours.
  • Moved away from MPLS to dual direct internet circuits keeping around the same operational cost.
  • The average internet bandwidth increased at all of our sites was significant.
  • A dynamic and seamless path selection based on performance and full visibility into application performance has helped improve user experience
  • Ability to manage and monitor the network and applications centrally via GUI has helped the IT support staff to save time and focus on business-critical functions than configuration/troubleshooting network problems
  • Controlling policy granularly on a per-application basis has helped selectively break out trusted business-critical applications on the internet path.
  • It is straightforward to manage the zone-based firewall and monitor network traffic.

I believe all these advantages and seamless migration makes SD-WAN selection a no-brainer for our enterprise. The future of SD-WAN looks even more promising with the available integrations of various SASE (Secure Access Service Edge) providers. This partnership will not only provide excellent network performance but will add unmatched security benefits.

Read Palo Alto Networks Completes Acquisition of CloudGenix.