5 Key Questions Around SD-WAN Verification and Optimization
How to Avoid SD-WAN Deployment Pitfalls: 5 Key Questions Around Verification and Optimization (Part 2)
In my Part 1 post, I reviewed some of the most common questions (and answers) that arise during Day 0, or baseline planning phase of Software-defined Wide Area Network (SD-WAN) deployment. This included looking at how to inventory internal applications, catalog SaaS/IaaS applications, and identify priority traffic. In Part 2, I’m going to dive into Day 1 (verification) and Day 2 (operations) questions and challenges.
If you recall, when it comes to SD-WAN planning, LiveAction breaks the process into three phases: baseline planning (Day 0), deployment verification (Day 1), and ongoing operational insight (Day 2). Again, I’ll point you to one of our recent blog posts on the topic if you’d like more detail. However, in quick review, Day 1, allows NetOps to fully visualize the SD-WAN policies they’ve created for application performance, VPNs, DSCP, and service provider tunnels, and verify and monitor the end-to-end application performance behaviors. During this process, you can also use bandwidth consumption, QoS marking, and SD-WAN policy verification to isolate problems, identify their root cause and reach a resolution quickly. Day 2 folds in the ongoing operationalizing features needed to properly manage your SD-WAN deployment on a day-to-day basis. This includes rich visual analytics, custom dashboards, alerts, reports, and rapid troubleshooting.
What are some of the challenges customers face, or questions they have, when verifying and operationalizing a Software-defined WAN? Here are five common Day 1 and 2 questions/challenges we’re often asked about SD-WAN:
1. How can I avoid breaking the network during a migration?
Both MPLS and the internet have been a part of enterprise WANs since the mid-1990s. That means a patchwork of legacy policies and technology. For example, QoS markings, statically built tunnels, a metro private line daisy chained off another site, routers, and firewalls with command lines that the current network engineers didn’t write and can’t easily explain. All of these undocumented changes expose an enterprise to risk during a migration. Perhaps a router has an undocumented tunnel connecting to a partner. Perhaps a port has been opened in a firewall for a managed service provider. Is all of this documented? For many enterprises, the answer is no. More importantly, if you do miss something in the planning stages, do you have the tools to identify and repair these quickly during migration?
LiveNX’s ability to monitor and diagnose a multi-vendor, multi-domain, multi-cloud environment allows customers to establish a pre-migration baseline and compare it with a post-migration environment with a consistent, end-to-end network visibility platform. Users can establish the traffic patterns in the current environment, get analytics that helps establish the best possible pilot sites, and define policies for the Day 1 migration.
The site-level reports provide complete visibility into pre-and post-migration traffic patterns per site, application, DSCP markings, and service provider transport.
2. Our SD-WAN migration is complete, but my application performance is terrible, why?
Verification is a critical stage in SD-WAN deployment. Often you find issues that can only be identified once you actually put the technology through its paces (or policies that may have fallen through the cracks). For example, imagine if employees rely heavily on file-sharing applications, but after migrating to an SD-WAN the ability to quickly connect and transmit falls off a cliff. The verification phase is designed to help isolate that issue quickly. In this example, filesharing was previously given a Fastlane over MPLS by the firewall, but when relegated to an internet circuit it came to a grinding halt. These types of application performance issues can also be attributed to QoS policies not being optimized, or even poor peering from local ISPs at remote sites.
Traditionally, organizations define traffic policies for the SD-WAN network based on traffic and site analytics in the legacy network. But, Software-defined WAN networks can (and often do) behave differently, highlighting the need for an NPMD platform that helps consistently visualize the past and current environment(s).
LiveNX’s SD-WAN topology view delivers a complete end-to-end view of your SD-WAN overlay and reconciles it with the transport underlays. The user can entirely and quickly visualize and troubleshoot application performance in an intuitive three-click workflow.
Report templates customized to the SD-WAN help further monitor SD-WAN application performance as the new wide-area network environment is rolled out.
3. How can I verify path selection is working properly?
Path selection is fundamental to SD-WAN. But how do you know if the SD-WAN policy is performing as designed? You could have an MPLS circuit that constantly bumps traffic to the internet backup.
The site-to-site traffic analysis in LiveNX allows customers to precisely establish the chosen path of any application over time, as well as visualize why a different transport was chosen while viewing the traffic policies that rule the network behavior. Customers gain complete visibility with LiveNX, allowing them to address and report application performance, as well as compliance issues.
4. How do I handle the dramatic increase in service providers as I role out SD-WAN?
When migrating from legacy MPLS to SD-WAN one of the biggest operational challenges can be the increased number of service providers. In an MPLS model, there is traditionally a single provider. But when you move to SD-WAN, every remote site could have a unique ISP (with a unique SLA). Complicating matters, the virtual overlay could look great, but the reality is some providers still have roadside fiber that can be exposed, or copper running into a distribution center that’s 30 years old and short circuits when it rains. These are real-world performance problems that network and application teams need to deal with. Just because they’re hidden from view doesn’t mean the physical underlay won’t cause problems (and this extends beyond just the SD-WAN). Having visibility into how these ISPs are performing allows you to quickly recognize problems and drill down to isolate issues.
Even at the highest network-wide abstraction level with the SD-WAN top-level dashboard, LiveNX provides immediate visibility into the 3 relevant dimensions of any SD-WAN deployment, per application, per site, and per service provider. Service provider tunnels that are not performing are immediately identified based on packet loss, latency, and jitter metrics. LiveNX provides simultaneous visibility into overlay and underlay network behavior, dramatically accelerating MTTR in intent-based networking architectures.
5. What do I need to think about in regard to security policies?
Employees access places they shouldn’t. Sites have meshed into different business units. A company divests a unit and wants to guarantee 100 percent routing separation. These are real issues that arise in business every day. Software-defined Wide Area Network allows you to encrypt traffic as it moves from one site to another and to segment the network for layered protection.
There’s no debating the value SD-WANs can deliver to an organization when properly deployed and managed. But, understanding some of the key challenges and having the proper tools in place to monitor, manage and troubleshoot these networks is vital to success. LiveNX gives you the visibility needed to navigate the critical stages (baselining, verifying, and optimizing) of Software-defined Wide Area Network adoption.
Access this on-demand webinar “Best Practices for SD-WAN: Know Before You Go.”