Join Us at Our Upcoming Events Events
Skip to Main Content

How to Avoid SD-WAN Deployment Pitfalls-Part 1

How to Avoid SD-WAN Deployment Pitfalls: 3 Key Questions Around Planning (Part 1)

Cisco SD-WAN planning

Cisco recently wrote a terrific blog post about Cisco SD-WAN that explains the technology and outlines some key questions to consider in the early planning stages. For example, can your network support controllers in the cloud? What role will security play when bringing new sites or circuits online? And, will you be able to actively monitor your policies to ensure the quality of experience for end users? All great questions to consider as you decide if Cisco SD-WAN is right for your business. Adding to this narrative, let’s say you’ve answered the critical preliminary questions and are ready to jump in the trenches with some in-depth planning and rollout. What’s next, and what questions and challenges could you face?

In case you’re not familiar with LiveAction, we simplify the management of complex networks by providing real-time visualization and analytics for Cisco SD-WAN, voice, video, and Quality of Service monitoring through our LiveNX and LiveSP platforms. When it comes to Cisco SD-WAN planning, we break the process into three phases: baseline planning (Day 0), deployment verification (Day 1), and ongoing operational insight (Day 2). You can read one of our recent blog posts on the topic if you’d like more detail. With more than 200 customer deployments under our belt, we’ve encountered a variety of questions throughout the process. In this two-part blog series, I’d like to review some of the key questions we get from customers when deploying Cisco SD-WAN. In Part 1, we’ll look at Day 0, or baselining and benchmarking for Cisco SD-WAN.

If you’re going to change your network architecture, it’s obvious that you should understand the impact that change is going to have on the entire network (all sites, circuits, applications, etc.). Hence the need to benchmark end user, application, network, and multi-cloud service performance parameters, which are needed for policy design and service level agreements (SLAs). Here are three common Day 0 questions we’re often asked about Cisco SD-WAN:

1. How do I inventory and locate my internal applications, and why is that important?

Enterprises often have hundreds if not thousands of systems associated with a network (one of our customers has more than 100 ERP systems alone). When planning for Cisco SD-WAN, it becomes increasingly important to understand the path these internal applications take from site to site. These systems often operate on a long list of different port numbers (ranging from 0 to 65535). Looking up each port to track down where each application connects is a tedious, but necessary task when planning the path of network traffic in a hybrid environment. In most cases, it’s not humanly possible to do this manually. Furthermore, many utilization and performance reports often lump hundreds of unnamed ports into a single bucket leaving WAN administrators with an incomplete picture of their network.

LiveNX helps customers overcome these challenges by running application recognition protocols on edge routing devices, allowing the platform to detect application signatures as packets traverse the router. LiveNX then extracts application telemetry data, which is fed into the Cisco SD-WAN dashboard for topology maps, inventory reporting and more. Learn more about Cisco SD-WAN baselining in this video.

2. How do I catalog my SaaS and IaaS applications?

For years, shadow IT has challenged IT departments to properly catalog the SaaS applications on their network. Finance might deploy Concur for expenses. Sales might subscribe to Salesforce as its CRM. HR might use ADP for payroll. The protocol supporting all of these applications? HTTPS, or port 443. Most reporting tools will simply categorize this traffic as HTTPS and leave it at that. But is that enough?

HTTPS has become the most pervasive protocol on most WANs. The challenge for network administrators is that HTTPS can be many things. It’s used by business-critical SaaS providers like Salesforce and Office365, but it’s also used by bandwidth-hogging consumer sites like Facebook and YouTube. As you prepare for Cisco SD-WAN, understanding this breakdown is important so you can size your Cisco SD-WAN to support your SaaS applications. For example, most organizations choose to rate limit and deprioritize Facebook, YouTube, Hulu, and other bandwidth-hogging sites.

You have the inventory information, you can set QoS policies and assign priority to key applications like Skype for Business. You can also set path selections. SD-WAN bifurcates the network and determines what should go across MPLS versus the internet. There may be a need to offload some low-priority internal apps to the public internet. Finally, LiveNX helps users determine which size MPLS or internet circuit is needed at each site to support the policy. Baselining with LiveNX allows you to know the exact requirements.

3. How do I size my MPLS and internet pipes?

Every application on an enterprise WAN will fall into one of these categories:

  • Business critical, loss or latency sensitive
  • Business critical, loss or latency non-sensitive
  • Business critical SaaS
  • Non-business critical

When selecting size and speed for MPLS and internet in an SD-WAN, it is important to understand that only the first aforementioned category truly warrants an MPLS connection. Everything else, even some business-critical traffic, can leverage internet without impacting performance or productivity. However, this is where many companies go awry. They use MPLS to support internal apps and the internet to support SaaS and public internet apps. This leaves money on the table.

An excellent example of a business critical, loss and latency non-sensitive application is data replication. These apps can be absolute bandwidth hogs. Often only enabled on nights and weekends for this reason, many MPLS ports have been upgraded over the years to keep up with all this traffic. However, data replication is also something that can and should be routed to the internet in an SD-WAN environment. A good design will recognize this and size MPLS to only support the handful of applications where end-user productivity would be impacted by the variation of the public internet. No server will ever complain that its data replication took all night to complete. Conversely, no server will ever thank IT when replication took less than an hour. Take advantage of this fact and ensure you’re fine-tuning your SD-WAN to maximize savings. Public internet is a perfectly adequate medium for any application where latency, jitter, and loss do not impact end-user performance.

LiveNX helps customers understand their bandwidth with customizable capacity planning reports. For example, a “business hours” report that gives a percentage value reflected in a 5-day work week versus a 7-day workweek. Or, an 8- to 10-hour workday versus a 24-hour workday.

It’s highly likely that these three questions will come up as you prepare to launch a new SD-WAN deployment. With LiveNX, you’ll have the answers you need to simplify the process as you move forward. Next week, I’ll dive into more questions associated with Day 1 (verifying performance) and Day 2 (operationalizing) planning for SD-WAN. In the meantime, if you’re looking to learn more, check out this video from PacketPushers on “Future Proofing Your SD-WAN,” or listen to this great podcast on the topic with our CTO, John Smith.

Brian Gray

Sept. 19, 2018