How to Avoid SD-WAN Deployment Pitfalls: 5 Key Questions Around Verification and Optimization (Part 2)

In my Part 1 post, I reviewed some of the most common questions (and answers) that arise during the Day 0, or baseline planning phase of SD-WAN deployment. This included looking at how to inventory internal applications, catalogue SaaS/IaaS application, and identify priority traffic. In Part 2, I’m going to dive into Day 1 (verification) and Day 2 (operations) questions and challenges.

If you recall, when it comes to SD-WAN planning, LiveAction breaks the process into three phases: baseline planning (Day 0), deployment verification (Day 1), and ongoing operational insight (Day 2). Again, I’ll point you to one of our recent blog posts on the topic if you’d like more detail. However, in quick review, Day 1, allows NetOps to fully visualize the SD-WAN policies they’ve created for applications, VPNs, DSCP, and service provider tunnels, and verify and monitor the end-to-end service performance behaviors. During this process, you can also use bandwidth consumption, QoS marking, and policy verification to isolate problems, identify their root cause and reach a resolution quickly. Day 2 folds in the ongoing operationalizing features needed to properly manage your SD-WAN deployment on a day-to-day basis. This includes rich visual analytics, custom dashboards, alerts, reports and rapid troubleshooting.

What are some of the challenges customer’s face, or questions they have, when verifying and operationalizing an SD-WAN? Here are five common Day 1 and 2 questions/challenges we’re often asked about SD-WAN:

1. How can I avoid breaking the network during a migration to SD-WAN?

Both MPLS and internet have been a part of enterprise WANs since the mid 1990s. That means a patchwork of legacy policies and technology. For example, QoS markings, statically built tunnels, a metro private line daisy chained off another site, routers and firewalls with command lines that current network engineer didn’t write and can’t easily explain. All of these undocumented changes expose an enterprise to risk during an SD-WAN migration. Perhaps a router has an undocumented tunnel connecting to a partner. Perhaps a port has been opened in a firewall for a managed service provider. Is all of this documented? For many enterprises, the answer is no. More importantly, if you do miss something in the planning stages, do you have the tools to identify and repair these quickly during migration?

LiveNX’s ability to monitor and diagnose a multi-vendor, multi-domain, multi-cloud environment allows customers to establish a pre-migration baseline and compare it with a post-migration environment with a consistent, end-to-end network visibility platform. Users can establish the traffic patterns in the current environment, get analytics that helps establish the best possible pilot sites, and define policies for the Day 1 migration.


The site-level reports provide complete visibility into pre- and post-migration traffic patterns per site, application, DSCP markings, and service provider transport.

2. Our SD-WAN migration is complete, but my application performance is terrible, why?

Verification is a critical stage in SD-WAN deployment. Often you find issues that can only be identified once you actually put the technology through its paces (or policies that may have fallen through the cracks). For example, imagine if employees rely heavily on file sharing applications, but after migrating to an SD-WAN the ability to quickly connect and transmit falls off a cliff. The verification phase is designed to help isolate that issue quickly. In this example, filesharing was previously given a Fastlane over MPLS by the firewall, but when relegated to an internet circuit it came to a grinding halt. These types of performance issues can also be attributed to QoS policies not being optimized, or even poor peering from local ISPs at remote sites.

Traditionally, organizations define traffic policies for the SD-WAN network based on traffic and site analytics in the legacy network. But, SD-WAN networks can (and often do) behave differently, highlighting the need for an NPMD platform that helps consistently visualize the past and current environment(s).


LiveNX’s SD-WAN topology view delivers a complete end-to-end view of your SD-WAN overlay and reconciles it with the transport underlays. The user can entirely and quickly visualize and troubleshoot application performance in an intuitive three-click workflow.

Report templates customized to the SD-WAN help further monitor SD-WAN performance as the new wide-area network environment is rolled out.

3. How can I verify path selection is working properly?

Path selection is fundamental to SD-WAN. But how do you know if the policy is performing as designed? You could have an MPLS circuit that constantly bumps traffic to the internet back-up.

The site-to-site traffic analysis in LiveNX allows customers to precisely establish the chosen path of any application over time, as well as visualize why a different transport was chosen, while viewing the traffic policies that rule the network behavior. Customers gain complete visibility with LiveNX, allowing them to address and report application performance, as well as compliance issues.


4. How do I handle the dramatic increase in service providers as I role out SD-WAN?

When migrating from legacy MPLS to SD-WAN one of the biggest operational challenges can be the increased number of service providers. In an MPLS model, there is traditionally a single provider. But when you move to SD-WAN, every remote site could have a unique ISP (with a unique SLA). Complicating matters, the virtual overlay could look great, but the reality is some providers still have roadside fiber that can be exposed, or copper running into a distribution center that’s 30 years old and short circuits when it rains. These are real-world performance problems that network and application teams need to deal with. Just because they’re hidden from view doesn’t mean the physical underlay won’t cause problem (and this extends beyond just the SD-WAN). Having visibility into how these ISPs are performing allows you to quickly recognize problems and drill down to isolate issues.

Even at the highest network-wide abstraction level with the SD-WAN top-level dashboard, LiveNX provides immediate visibility into the 3 relevant dimensions of any SD-WAN deployment, per application, per site and per service provider. Service provider tunnels that are not performing are immediately identified based on packet loss, latency and jitter metrics. LiveNX provides simultaneous visibility into overlay and underlay network behavior, dramatically accelerating MTTR in intent-based networking architectures.


5. What do I need to think about in regard to security policies?

Employees access places they shouldn’t. Sites are meshed into different business units. A company divests a unit and wants to guarantee 100 percent routing separation. These are real issues that arise in business every day. SD-WAN allows you to encrypt traffic as it moves from one site to another and to segment the network for layered protection.

LiveInsight is a module within the LiveNX platform that leverages machine learning capabilities to detect and highlight unusual trends in any network domain. It may be traffic sources and destinations that behave unusually; it may simply be unusual traffic spikes and probes. Machine learning can be trained to cover any use-case ranging from security to capacity planning. LiveNX is augmented by LiveInsight capabilities to address unusual traffic patterns.


There’s no debating the value SD-WANs can deliver to an organization when properly deployed and managed. But, understanding some of the key challenges and having the proper tools in place to monitor, manage and troubleshoot these networks is vital to success. LiveNX gives you the visibility needed to navigate the critical stages (baselining, verifying and optimizing) of SD-WAN adoption.

Want to learn more about how to future-proof your SD-WAN? Read this recent post from LiveAction’s CEO, Brooks Borcherding.

Or, access this on-demand webinar “Best Practices for SD-WAN: Know Before You Go.

Brian Gray and David Izumo

Sept. 29, 2018