In the last few years, there has been a lot of mystics around SD-WAN jargon. I’m not sure who originally invented this hot term, but today SD-WAN topic is often on my table. I have been researching and looking into this specific topic from different perspectives: Telecom operator B2B director, CTO of independent MSP, and of-course customer. I want to share my experience and especially the Nordic view. My blog might be a bit too technical, but if you work for SD-WAN marketing, SD-WAN product management, you will undoubtedly be enjoying this ride. Of course, Enterprise WAN buyers considering SD-WAN should read this.
Major cost savings, not anymore
Saving is often the first sales argument at an SD-WAN (hardware) vendor. One of the typical marketing messages I see is: “With SD-WAN, you can replace expensive MPLS circuits using the Internet and lower your WAN costs.” In practice, SD-WAN box vendors mean that you can create a “tunnel” over the Internet between SD-WAN devices, just like the IPsec VPN box did years ago. The vendor assumes that your Internet access costs will be much lower than your current MPLS based private WAN. In my experience, this varies per country/area, and it’s not so simple and obvious.
In Finland, we replaced even domestic private WAN (Frame Relay and later MPLS) using Internet VPN in 1997-2003 because of enormous price benefits. With international connections, price benefits were even better, often ten times better. Today it’s hard to find cost savings even in the Nordics since competition and regulations have decreased private WAN price level. An international MPLS connection might be a different story, but in fact, you often have to rely on consumer asymmetric Internet connections to get lower costs. For customers, it’s essential to understand the difference between symmetric (MPLS or Business Internet with static IP address with SLA) versus a lower-cost consumer asymmetric (with a dynamic IP address, without SLA) Internet circuit. A higher-quality symmetric “business Internet” circuit is often more expensive than a private WAN (MPLS). Why? Because Business Internet is usually an MPLS network + CPE router + Internet traffic. You also have to negotiate and maintain contracts per site/country/internet operator, which is extra work for you. As you can see, SD-WAN hardware vendor marketing makes assumptions and leaves all cost-saving headaches and additional work to the customer organization.
WAN service quality and network latency – Who cares?
Even cost saving was huge and proven in Europe, some of the large enterprises went back from Internet VPN (or hybrid network) to pure MPLS service. It was because local SAP application implementation was a big trend and most important project for CIO’s. You might remember a universal message from Telecom consultants: “MPLS is the only solution for critical SAP and VoIP low latency requirements.” There was no reason to take any risks since SAP was at the heart of the business, so migration started. The MPLS caused growing pain for branch office employees because split tunneling (fast local Internet access) removed during MPLS migration. Today the cloud megatrend is pushing back again, and the name of the game is now SD-WAN instead Internet at VPN. The movement started again. Telecom (MPLS) providers still argue private WAN (MPLS) is the only solution for end to end QoS. I agree with the theory, but do we need it? The younger generation has used video meetings over Internet access for almost 15 years for international calls. Also, most enterprises rely on cloud application services over the Internet as a proven solution. QoS’s story does not sound believable anymore.
SD-WAN hardware vendors instead argue that you can configure multiple Internet connections and aggregate traffic. You can, however, it does not decrease the WAN costs, neither help with application performance but make network solutions much complicated and vendor-specific. Application performance is related to latency, TCP window size, and packet loss, not to the aggregated bandwidth.
SD-WAN cloud providers – new players, but do they survive?
SD-WAN cloud service providers have a different story to tell. They sit between traditional telecom (MPLS) operators and SD-WAN hardware vendors. They usually have multiple POP’s connected via a private global fiber network. One of the crucial sales argument is low latency on its global network vs. the public Internet.
A buyer needs to remember a few essential things.
- Global POP to POP traffic is only one part of the WAN network. Another essential element is the local WAN operator and traffic tunneling to the nearest POP. The solution requires both, and you need to find a good project manager and engineer to configure that. Co-operation and VPN interoperability should be carefully thinking.
- Your current cloud application provider POP might be much closer to you than the nearest SD-WAN provider POP. If not yet, I bet soon they will be. The cloud provider “edge computing” strategy is not bound or related to SD-WAN Cloud providers.
- Internet latency varies a lot depending on who is your Internet access provider (tier-1, tier-2, or tier-3) and what type of product you have (business vs. consumer). If you get business Internet access from Tier 1 or Tier 2 global carrier, you will get low transatlantic latency as well.
SD-WAN application optimization – True or fake?
A WAN Optimization (acceleration) feature is one part of SD-WAN box vendor and SD-WAN Cloud provider marketing. WAN optimization hype was a hot topic ten years ago with tens of WAN accelerator vendors in the market. Product datasheets promised to accelerate applications in the WAN network 20 – 50 times. Promises based on proprietary data compression and data deduplication. Unfortunately, products were already ten years late since most enterprise applications at that time were already encrypted and well compressed. The WAN accelerator implementation in redundant MPLS or VPN network was complicated. Appliances were not robust enough for critical WAN, and even to get minor benefits required sincere and daily co-operation with application server admins. We also offered a WAN acceleration managed service, and it was perhaps the biggest mistake I’ve done ever in the data networking business. Market pressure was extremely high at that time for this technology. A few years later, we “accelerated” enterprise networks (WAN) just by removing those expensive optimization appliances and just simplifying network architectures. Finally, vendors and resellers disappeared from the market until SD-WAN again started to make noise about WAN optimization. Just remember 50-80% of today’s enterprise data network traffic is encrypted and well compressed. I recommend network traffic analysis on-site before you start considering this at all.
WAN visibility and network management – real value?
One of the most significant benefits you will get when using SD-WAN & Internet connection is fast WAN implementation and network traffic visibility. MPLS service delivery is where the telecom (MPLS) industry badly failed. When looking MPLS WAN order fulfillment process, change management process, and QoS interoperability between operators, everybody agrees it is far away from perfect. If you have to wait months to get a WAN connection between Helsinki and London office, it’s just not acceptable. If you try to enable E2E QoS between a few different MPLS operators, it’s even harder.
SD-WAN (just like IPsec VPN 15 years ago) is running on top of the operator (MPLS or Internet) network. It fixes long delivery time issues well, at least if you have the same SD-WAN vendor boxes at both ends. Also, SD-WAN device traffic management capabilities and visibility are often better than traditional SNMP Graphs you get from MPLS operators. You only need to remember this is an additional layer on top of the local and global operator network, and it’s not free. It still might be worth every euro.
Who should be responsible for this additional SD-WAN layer?
Some of the MPLS operators have started to offer SD-WAN, but does the SD-WAN layer belong to the operator or the enterprise? What benefit telecom operator put to the table? Are they now telling that private WAN (MPLS) is not the best way to go? Or are they just hoping this awful disrupt WAN technology is temporary? Perhaps they have finally understood customers need agile service, and MPLS cannot provide that?
As you can see, there is no one right SD-WAN solution you can have. At least enterprise customers should understand well their TCPIP traffic profiles and cloud migration strategy before any significant WAN decisions.
Hannu Rokka, Senior Advisor
5Feet Networks Oy