Understanding the Differences between SD-WAN and MPLS

In the realm of networking, SD-WAN and MPLS are two terms that frequently arise, each offering distinct advantages and functionalities. In this comprehensive guide, we delve into the nuances of these technologies, providing clarity on their disparities and assisting you in making informed decisions for your network infrastructure.

What is SD-WAN?

SD-WAN, or Software-Defined Wide Area Network, is a modern approach to networking that utilizes software-defined networking (SDN) concepts to intelligently manage and optimize Wide Area Network (WAN) connections. Unlike traditional WAN setups that rely heavily on hardware, SD-WAN leverages software to dynamically route traffic across the network based on predefined policies and conditions.

Key Features of SD-WAN:

1. Centralized Management: SD-WAN solutions offer centralized management interfaces that provide administrators with granular control over network configurations and traffic flow.
2. Dynamic Path Selection: With SD-WAN, traffic is intelligently routed across multiple network paths, including broadband, MPLS, and LTE, based on real-time conditions such as link quality and latency.
3. Application Awareness: SD-WAN platforms often incorporate deep packet inspection and application recognition capabilities, allowing for the prioritization of critical applications and traffic shaping based on application requirements.
4. Cost Efficiency: By leveraging lower-cost internet connections alongside more expensive MPLS links, SD-WAN can significantly reduce WAN expenses without compromising performance or reliability.

Understanding MPLS

MPLS, or Multiprotocol Label Switching, is a legacy networking technology commonly used for building private, high-performance WANs. MPLS operates by assigning labels to network packets, enabling routers to make forwarding decisions based on these labels rather than IP addresses.

Key Features of MPLS:

1. Traffic Engineering: MPLS networks support traffic engineering capabilities, allowing administrators to optimize network paths and allocate bandwidth efficiently.
2. Quality of Service (QoS): MPLS offers robust QoS mechanisms, ensuring that critical applications receive the necessary bandwidth and latency guarantees to maintain optimal performance.
3. Security: MPLS inherently provides a higher level of security compared to public internet connections, as traffic remains within the confines of the private MPLS network, reducing exposure to external threats.
4. Reliability: MPLS networks are known for their reliability and predictability, making them ideal for applications that require consistent performance and uptime.

Contrasting SD-WAN and MPLS

While both SD-WAN and MPLS serve the purpose of connecting geographically dispersed locations within an organization, they differ significantly in terms of architecture, cost, and flexibility.

Architecture:

• SD-WAN: SD-WAN architectures are decentralized and software-driven, offering flexibility and scalability to adapt to changing network requirements rapidly.
• MPLS: MPLS networks are centralized and hardware-dependent, typically requiring substantial upfront investments in infrastructure and equipment.

Cost:

• SD-WAN: SD-WAN solutions often provide cost savings compared to MPLS, particularly for organizations with diverse connectivity requirements or those seeking to augment MPLS with lower-cost internet links.
• MPLS: MPLS services can be costly, primarily due to the need for dedicated circuits and long-term contracts with service providers.

Flexibility:

• SD-WAN: SD-WAN architectures offer unparalleled flexibility, allowing organizations to seamlessly integrate various transport technologies and cloud services into their network environments.
• MPLS: MPLS networks are less flexible, with limited support for cloud connectivity and scalability compared to SD-WAN solutions.

Conclusion

In summary, both SD-WAN and MPLS have their merits and are suited to different network environments and business requirements. SD-WAN excels in providing agility, cost efficiency, and flexibility, making it an attractive option for organizations seeking to modernize their network infrastructure. On the other hand, MPLS offers reliability, security, and quality of service, making it well-suited for mission-critical applications and industries with stringent compliance requirements.

Ultimately, the choice between SD-WAN and MPLS depends on factors such as budget, performance needs, and organizational priorities. By understanding the nuances of each technology, organizations can make informed decisions that align with their strategic objectives and drive business success.

Continue reading

The Power of LTE 450 for Critical Infrastructure

In case of disasters, a reliable communication network is critical. The emergency centers need to be able to exchange information to coordinate their response in the field. Service providers need to keep their network live. Power utilities need to be able to keep the electric grid up and running.

In Europe, the communication networks used to control components of the power grid and all other critical infrastructure, are required to remain operational for at least 24 hours in the event of a power failure. This is well beyond what most commercial cellular networks can offer.

The solution identified by the energy industry is LTE 450. Public protection and disaster recovery (PPDR) regulations in Germany, Scandinavia, and parts of Africa allow critical industries to reserve the 450 MHz band in their areas to deploy private LTE networks, replacing legacy public safety voice networks with technology capable of data transmission.

This means LTE 450 can offer privileged access to the network, without public mass market services.

A key differentiator of the LTE450 MHz band is its long-range coverage. The high frequencies can deliver higher data rates to any number of smart devices, but they are affected by rapid signal attenuation and require dense base station coverage. On the other hand, the 450 MHz band sits on the other side of the spectrum.

With commercial LTE, a complete countrywide network might require tens of thousands of base stations to achieve full geographical coverage. LTE 450 only takes a few thousand base stations to achieve the same coverage and requires less power at the edge. This results in:

• A reduced number of base stations need to be kept up and running; it’s easier to manage the network.
• It’s easier to reach rural areas due to the extended coverage.
• Backup battery power can be used to continue to connect critical devices in the event of a power failure.

In addition, the reduced attenuation coming from the low frequency signals of LTE 450, allows increased penetration through walls and other solid materials, bringing obvious advantages for devices deployed indoors, underground and in other hard-to-reach locations.

Thus LTE 450 is a resilient cellular communication network tailored to the needs of mission and business critical use cases. Few examples:

• a private wireless network to connect thousands of SCADA systems used to control and monitor substations and other renewable energy assets;
• a public network to serve a broad range of power utilities, including water, gas, heat distribution networks and smart power grids.

Cisco solution for critical networks

Cisco has introduced an LTE 450Mhz plug in module for the popular Cisco Catalyst IR1101 Rugged Router. This platform provides the ability to connect to 450Mhz networks and additionally provides a second fallback module for private 4G, 5G or commercial cellular networks.

Figure 1: The Catalyst IR1101 Rugged Router

Critical traffic (such as SCADA or other critical control traffic) can be routed via 450Mhz and non-critical traffic routed via the cellular connections.

The IR1101 rugged router also provides secure encrypted tunnels for critical traffic from the remote site to a secure headend (e.g., Utility control center).

For management of remotely deployed IR1101 routers, the Cisco Catalyst SD-WAN platform supports secure zero touch onboarding, provisioning, and visibility to allow IR1101 routers to be deployed easily in the field.

Source: cisco.com

Continue reading

Forecasting Capacity in Cisco Catalyst SD-WAN

Organizations are increasingly adopting software-defined wide area networks (SD-WAN) to enhance network performance, reduce costs, and improve overall connectivity.

Using artificial intelligence (AI) and machine learning (ML) for IT operations (AIOps), Cisco SD-WAN enhances and simplifies network management by using predictive analytics based on AI and ML techniques. The result is a proactive tool to address potential network issues before they degrade network and application performance.

Features desired by networks operators for such proactive actions include:

• Predictive Path Recommendations (PPR), which suggests preferred paths for various application groups at each site within an overlay based on long-term modeling of path quality.
• Bandwidth forecast for capacity planning, giving operators insights into possible future network usage based on extensive past usage patterns.
• Anomaly detection for network KPIs (tunnel loss, latency, jitter), application usage patterns with individual sites, and user application usage profile.
• Application modeling to help network operators better understand the impact of rolling out new applications in the overlay so they can implement the correct policies for best performance and minimal impact.

We discussed PPR and demonstrated how it gives operators the best performance for applications on their fabric. In today’s post we will delve into Bandwidth Forecast. To fully leverage the benefits of SD-WAN, effective capacity planning is crucial to help ensure optimal network performance, less downtime, improved cost control, more seamless operations, and a superior user experience.

The Bandwidth Forecast feature takes a comprehensive approach to provide accurate predictions of circuit usage, providing visibility into which circuits are likely to breach the capacity threshold based on the predicted usage. This helps network operators monitor usage trends on the circuits and provides capacity planning for the overlay.

The forecasting is primarily based on the RX/TX bandwidth information of circuits in the WAN fabric. To ensure insights use underlying long-term trends, the circuit usage data is aggregated as daily data points while tracking daily Min/Max ranges. Aggregated data over extended periods is used to generate a forecast for up to three months in the future.

Various other features within this data set can be further leveraged to enhance forecast accuracy. These include:

• Type of circuit (e.g., MPLS, private internet, LTE)
• Type of applications using the circuit (i.e., top 10 applications and their respective volume)
• Number of users at the site served by the circuit
• Regional holiday list and bandwidth information features

To achieve the best forecast possible, a combination of common predictors and those based on deep learning techniques are used to generate more reliable and robust forecasts.

Pre-processing of interface statistics for training and inference pipeline (Click image to enlarge)

Forecast quality is continuously monitored for accuracy. If any data or model drift or deviation from expected results is observed, retraining of the model is triggered based on updated data sets to improve model accuracy. Furthermore, forecasts are assessed for long-term overestimation or underestimation, ensuring that it faithfully predicts the bandwidth to assist network operators in capacity planning and decision-making process.

The Bandwidth Forecast feature in Cisco SD-WAN Analytics helps give network operators a better understanding of the following:

• Growth Trends: By analyzing historical data presented side by side with the forecast, organizations can identify patterns and anticipate future bandwidth demands. This empowers them to plan for anticipated growth without disruptions.
• Seasonality: Long-term visibility into seasonality of usage over the historical period over which the training data set is derived from. The daily, weekly, and monthly seasonality is also factored in while making the forecast and the pattern continues into the forecasted data points.
• Surge: Although visibility is provided into historical surge usage in the overlay so network operators can correlate it to global events (e.g., Black Friday) or internal events (e.g., company all-hands video stream), the model is effective in minimizing the impact of such data points while making long-term forecasts.
• Min/Max Band: The daily data points for forecast has three components, Min, Mean, and Max. The forecast is presented with emphasis on the daily mean value while still showing a Min/Max Band so that the network operators can get insights into usage spikes within the day.
• Model/Forecast Performance: Historical usage data is presented along with the past forecast data points for a quick visual comparison of how the forecast performed against actual recorded values in the past.

User interface

The Bandwidth Forecast feature can be activated for a specific overlay in the Catalyst SD-WAN Analytics Dashboard. This appears under the “Predictive Network” tab. Users can choose the circuits in the overlay for the forecast generation.

A table of circuits with all related metrics such as site or provider info, RX/TX bandwidth, and total usage is displayed, helping users select the circuits for which they want to visualize Bandwidth Forecast details. The minimum data set requirement for forecasts to be generated is 12 weeks of historical daily data points for each circuit.

The workflow is subject to the following:

• The table shows only circuits configured on physical interfaces and this will exclude any circuits configured on logical interfaces (e.g., sub-interfaces, loopback, dialer-group).
• Default sorting is based on descending order of RX/TX bandwidth, which helps bubble most heavily used circuits to the top of the table. The chart display is used to show the forecast for the Top Circuit.
• Users can select any other circuit by clicking on the checkbox.
• Users can search and sort as they wish to isolate specific circuits of interest.

Table of circuits and their metrics [Click image to enlarge]

Bandwidth Forecast for selected circuit showing actual and predicted (dotted) values [Click image to enlarge]

Metrics

Accurate bandwidth forecasting is critical in capacity planning. One key metric is the accuracy of the forecasted bandwidth requirements. A successful forecast should closely align with the actual capacity goals for your business. The current solution computes mean absolute percentage error (MAPE) and mean absolute scaled error (MASE) scores in addition to tracking percentiles. Any of these can be used as the optimization target for the predictors used. The choice of target metrics for the predictors can be specified as per the needs for a specific overlay or use case.

By accurately predicting bandwidth requirements, organizations can optimize traffic routing, provision appropriate link capacities, manage QoS effectively, plan for scalability, and ensure adherence to SLAs. This proactive approach enables businesses to leverage the full potential of SD-WAN, delivering enhanced network performance, improved user experiences, and the ability to adapt to changing business needs. As organizations embrace the digital transformation journey, incorporating bandwidth forecast in SD-WAN capacity planning becomes a key strategy for success.

Source: cisco.com

Continue reading

Securing the Modern Hyper-Distributed Network: Perspectives from the 2023 Gartner Magic Quadrant for SD-WAN

A typical day’s tasks for today’s modern worker are frequently distributed across multiple devices, applications, and locations. They could be working from home, analyzing CRM dashboards, and later, they might be at a coffee shop reviewing slides for an upcoming customer meeting. Perhaps they then head into the office for team meetings, followed by catching up with emails and messages on the commute home.

For a networking and security leader, a typical day looks very different. Those individuals need to ensure that the WAN is delivering a superior app performance connecting users to applications wherever they are. They also need to know if an untrusted device is being used to access confidential CRM dashboards. How is network traffic being secured outside the office? How are apps and services being accessed and secured?

Multiply these security concerns by the number of employees at numerous office locations, and then factor in technology-led business transformation initiatives, and we start to understand the complexity facing IT to secure and connect hyper-distributed users and resources everywhere.

Choose the right security

We hear you loud and clear—security and high performance are top priorities. In the face of constant change and increasing complexity—especially over the WAN—organizations must implement security technologies that converge with their SD-WAN, enforcing them as close as possible to users and workloads. For the most effective implementation, this will require security hosted on-premises and in the cloud that ensures the best possible app performance.

The importance of security with SD-WAN was acknowledge by Gartner in its recently published 2023 Magic Quadrant for SD-WAN report, which provides an annual evaluation of the SD-WAN market for IT leaders. We feel this year’s report includes the most thorough assessment of security capabilities—hosted on-premises and in the cloud—since Gartner Magic Quadrant for SD-WAN began.

In 2023, Cisco was named a Leader for the fourth consecutive year.

At Cisco, we work closely with our customers and partners to better understand their challenges so we can build products and solutions that support their long-term goals. These continued partnerships provide us with the insight to deeply ingrain advanced security technologies into Cisco SD-WAN.

• The right security: Stateful firewall, intrusion detection systems (IDS), intrusion prevention systems (IPS), advanced malware protection (AMP), URL filtering, HTTPS inspection, data loss prevention (DLP), cloud access security broker (CASB), and more—are all natively informed by the world’s largest commercial threat intelligence team, Talos.
• Hosted in the right place: On-premises or in the cloud (native or third party) hosting ensures that security policies are enforced closely to workloads and users.
• SASE your way: WAN appliances provide the building blocks to effortlessly chart your own journey.

Seek real-world validation

With a highly dense market of network security technologies and products to choose from, understanding which solutions will perform best for your environment and be the right long-term strategic fit can be confusing. While there is no substitute for testing solutions in a production environment, independent testing that mirrors real-world conditions can help identify top performers and refine a shortlist.

Miercom, a leading independent product test center, conducted a thorough evaluation of Cisco’s security and SD-WAN technologies delivered through Cisco Catalyst and Meraki WAN appliances. These tests were meticulously designed to match real-world conditions as closely as possible, instead of a theoretical laboratory environment.

Figure 1. According to leading independent product test center Miercom, Cisco’s malware efficacy is 25% better than the industry average. Across 11 malware exploit categories, Cisco averaged 98% malware efficacy.

Maximize your WAN

The WAN is central to an organization’s success. In addition to an uncompromising commitment to security, we continue to push Cisco SD-WAN beyond traditional expectations to help IT leaders maximize the potential of the WAN for their business through:

• Delivering high performance, irrespective of where users and workloads live, to provide a superior experience wherever users and workloads are.
• Simplifying cloud migration with integration and streamlined workflows for AWS Cloud WAN and Microsoft Azure Virtual WAN.
• Enabling secure, long-term remote work strategies with Meraki Z4 and Catalyst CG113 secure teleworker gateways.
• Providing continuous visibility across all the hyper-distributed internal and external domains with instant activation of Cisco ThousandEyes, which leverages predictive patch recommendations (PPR) to deliver proactive feedback, enhancing the user experience for critical application performance across the SD-WAN fabric.
• Enabling agile business models using 5G fixed wireless access through indoor and outdoor Meraki MG51 and Catalyst CG522 cellular gateways.

Build a long-term strategy for simplicity

At Cisco, we’re committed to helping organizations simplify IT. Our vision is to create a simpler network management platform experience to help customers easily access and manage Cisco networking products from one place—the Cisco Networking Cloud.

The distribution of users and resources will continue to evolve along with the IT landscape, creating new complexities along the way. Simplifying the IT experience enables IT to better automate, analyze, and diagnose issues—supporting a framework that is well-positioned to evolve alongside the modern hyper-distributed network and helping to secure and connect hyper-distributed users and resources, no matter where they are located.

Source: cisco.com

Continue reading

End-to-End Visibility and Actionable Insights Underpin Great Connected Experiences

Three networking megatrends have upended how businesses approach networking to support the distributed workforce.

First, cloud has become the new data center, with workloads moving from on-premises to hybrid cloud and multicloud architectures. Secondly, the internet is now the new network, with reliance on business connectivity traversing diverse networking domains. And lastly, with so many remote and hybrid workers, the office is now essentially anywhere.

This evolution has made delivering a high-quality, reliable experience—connecting everyone to everything everywhere—significantly more complex. After the need to provide secure access to applications across multiple clouds, the second biggest challenge cited by 37% of respondents in our 2023 Global Networking Trends Report was gaining end-to-end visibility into network performance and security as more traffic originates or terminates beyond the boundaries of the corporate network.

Which begs the question: How do you identify, diagnose, and remediate problems that occur throughout the digital supply chain—the domains within and outside your infrastructure and all hops between a user’s device and an application or service in the cloud? Read on to find out how.

Tackling assurance complexity across multiple network domains

Great connected experiences are table stakes for businesses today. The digital economy relies on always-on applications and services to support employees and consumers. Failure is not an option.

Prior to the hyperconnectivity of today’s digital economy, business applications and services within corporate domains were well served by network monitoring solutions and processes that were localized and handled specific domains like wireless. But to remediate issues in enterprise WANs, admins had to contact their counterparts within cloud and internet provider organizations to jointly diagnose and remediate service and security problems. Often, this resulted in a lot of finger pointing. Businesses acted reactively instead of proactively. Issues could take a long time to get resolved.

Providing network assurance for a high-quality connected experience today requires end-to-end visibility and insights across diverse clouds, network providers, the internet, devices, and geographies—each with their own operational domains (see Figure 1). Without end-to-end visibility into network performance, application responsiveness, and security, it is extremely challenging for IT teams to deliver consistent digital experiences to end users.

Figure 1. Complex digital supply chain with interdependencies, increased failure surface, and unpredictability (click to enlarge)

A person working from home, for example, might run into a problem with Slack. The wireless network in their home office would be connected to an access network that would be connected to an edge router traversing a cloud network to the Slack application. Domain-specific tools can only see a small segment of this traffic. Admins without end-to-end visibility can’t see the big picture.

End-to-end visibility is foundational for SASE

A majority (51%) of organizations in our 2023 Global Networking Trends Report said that with their adoption of more software-as-a-service (SaaS) and multicloud solutions, they see investment in a solution that provides end-to-end visibility as a top priority. This may be in response to recent research by the Uptime Institute that found third-party operators—including cloud, hosting, colocation, and telecom providers—accounted for 70% of all publicly reported outages.

End-to-end visibility, analytics, and operational workflows allow admins to take decisive action to proactively remediate connectivity issues. In a secure access service edge (SASE) architecture, for example, end-to-end visibility feeds the actionable intelligence used to optimize path selection to provide the best digital experience anywhere at any time. Reliable connectivity is foundational to securely connecting people and things in a SASE architecture. If connectivity is poor, the secure access experience will be degraded.

Even before an SD-WAN or a converged SASE architecture with security service edge (SSE) is rolled out, organizations can use end-to-end visibility to evaluate, compare, and optimize the network experience before and after adoption of these architectures. The performance of individual providers in different locations that each form part of a digital supply chain can be proactively tested and benchmarked, with the results used to make more informed vendor selections to ensure the delivery of always-on digital experiences.

Gaining visibility into every connection

A European airline transitioned its network infrastructure from MPLS to SD-WAN, moving many applications and services to the cloud. The company needed to make sure that services met agreed-upon service level agreements (SLAs). To do so, the IT department deployed end-to-end visibility, specifically to monitor and enhance the digital experiences of customers and employees. With this solution in place, the airline can now measure connection latency and other factors—with a specific focus on connections between its data center and the cloud provider, Amazon Web Services. They can continually monitor and prioritize network experiences by accelerating incident response times, introduce more proactive maintenance, and enjoy greater cost efficiency through streamlined troubleshooting.

RichRelevance, a customer experience personalization provider for 250 global retailers, reduced its outages by 88% and shrunk outage windows from an average of four hours to 30 minutes, all thanks to end-to-end visibility. IT service management software company ServiceNow identified network issues 95% faster for their customers with visibility across all network layers that focused on the application experience.

Enabling quality digital experiences through a networking platform approach

Cisco is pioneering end-to-end network visibility and driving exceptional experiences through operational simplicity. It’s a cornerstone of our Cisco Networking Cloud long-term vision, a unified management experience platform for on-premises and cloud operating models to reduce IT complexity.

End-to-end visibility relies on compute power to capture and analyze billions of daily measurements in the digital supply chains that comprise today’s enterprise networks (see Figure 2). It is a powerful and indispensable feature that helps organizations maintain top-quality digital experiences and move from reactive to preventative and automated operations.

Figure 2. Organizations need to leverage a platform-driven approach that drives end-to-end visibility throughout the digital supply chain (click to enlarge)

Continue reading

How SD-WAN Solves Multicloud Complexity

Cloud is the undisputed center of gravity when supporting distributed workforces. But managing secure connectivity in a growing multicloud environment continues to be more complex, expensive, and time consuming.

Enter the software-defined WAN (SD-WAN), a powerful, abstracted software layer that serves as a centralized control plane to enable organizations to automate, simplify, and optimize their network transport for any application to any cloud.   

Are you ready to steer traffic on demand, based on centralized policy, network insights, and predictive AI, and further enhanced by end-to-end visibility? Do you want to be more proactive instead of reactive in how you manage this traffic and run your network? If so, read on! 

Abstracting the complexity of multicloud 

Enterprises accelerated their transition to cloud and software-as-a-service (SaaS) during the pandemic to support their distributed workforces at home and on the go. This has seen multicloud environments become the norm. Our 2023 Global Networking Trends Report found that 92% of respondents used more than one public cloud in their infrastructure and 69% used over five SaaS applications.  

Connecting to different providers and network layers in multicloud environments has led to a patchwork of infrastructure and management controllers. This results in more complexity and cost for organizations looking to ensure a secure, consistent user experience.  

Networking complexity, from first to last mile 

Let’s look at these networking layers and why IT simplification is crucial in connecting today’s highly mobile workforce to business-critical applications.  

In the first mile, users access services from offices and campuses near data centers or remotely, from uncontrolled facilities using various devices (Figure 1). Workers connect through Multiprotocol Label Switching (MPLS), broadband, Wi-Fi, and cellular. Remote workers use their internet service provider (ISP) to connect them to concentrators at regional peering points of presence (PoPs).

Figure 1. New architecture for the distributed workplace  

The middle mile is the long-haul transport layer that has grown in complexity with the migration to the cloud. It serves as the connective tissue between first and last mile, interconnecting different types of cloud services, cloud applications (e.g., SaaS, IaaS), and data centers. Specialized middle-mile providers like Equinix and Megaport provide cross-connects between business networks, the internet, and cloud providers globally. Adding to the array of choices in the middle mile, public cloud providers like AWS, Google Cloud, and Microsoft Azure offer customers the ability to access their apps with site-to-cloud, site-to-site, region-to-region, cloud-to-cloud, and other connection options with different quality of experience metrics.  

The last mile is the connection between the data center or service provider and the end user’s device and application.    

Managing multicloud complexity with SD-WAN integrations  

Using applications distributed across multiple clouds and SaaS, workers have widely different experiences depending on their location. Adverse and unpredictable amounts of downtime, latency, and speed, for example, can threaten business continuity. So, establishing reliable, consistent, high-quality experiences is very much on the minds of enterprise IT managers today. 

More than half (53%) of respondents to the 2023 Global Networking Trends Report said they are prioritizing integration with cloud providers to improve connectivity to cloud-based apps from distributed locations. Additionally, 49% said they are using SD-WAN integrations across providers and multiple clouds to provide a simpler, consistent, optimized, and secure IT and application experience. 

SD-WAN unifies the entire WAN backbone and brings secure, private, cloud-aware connectivity that is agnostic to all kinds of link types, providers, and geographies (Figure 2).  

Figure 2. SD-WAN integrations with IaaS, SaaS, and middle-mile providers are vital for a better IT and user experience 

With SD-WAN providing connectivity between cloud, SaaS, and middle-mile providers, real-time traffic steering based on centralized policy and end-to-end analytics is possible. Network admins can be proactive instead of reactive, changing traffic parameters on demand, according to application, congestion, location, user, device, and other factors. 

SD-WAN multicloud integrations in action 

Tamimi Markets, a major Saudi Arabian supermarket chain, was having trouble providing a consistent experience to users at markets, warehouses, branch offices, and remote locations. Dependent on three ISPs for end-to-end connectivity in a hub-and-spoke architecture, they moved to a cloud architecture to eliminate the need to backhaul network traffic through the headquarters and in the process quadrupled bandwidth speeds. An integrated SD-WAN enables them to steer their traffic over a variety of link options based on network demand, cost, and quality of experience metrics.  

Asian food manufacturer Universal Robina Corporation shifted to a multicloud architecture to support remote workers after the pandemic. It uses SD-WAN to connect users and apps to its multicloud architecture securely, wherever they are located. The multicloud integrations enable secure connectivity from branches to the Microsoft Azure cloud and with Microsoft 365 for a superior application experience with informed network routing (INR) that enables the exchange of telemetry between Cisco and Microsoft while providing full visibility to Universal Robina’s IT team. 

Foundational for a SASE architecture 

Another benefit of SD-WAN is that it is one half of a converged secure access service edge (SASE) architecture. SASE radically simplifies security and networking through unified and centralized management to connect users to applications in complex and highly distributed environments. By combining SD-WAN networking infrastructure and routing traffic through a cloud-centric security service edge (SSE) solution, companies can maintain the same level of security for cloud users as data center users (Figure 3).

Figure 3. SD-WAN is foundational to a SASE architecture 

It’s a multicloud world and SD-WAN―with tight integrations to leading cloud, SaaS, and middle-mile providers―is the connective tissue from first mile to last, managing complexity and driving agility throughout sprawling multicloud environments.

What’s more, SD-WAN multicloud integrations bring together each organization’s many different types of transport connections and policies under one management system for secure, consistent service.

The cost savings from automation and the ability to steer traffic on demand with optimized routing are further compelling reasons why SD-WAN continues to grow in popularity. Once established, these features enable IT departments to build an optimized global network in a simplified, fully automated way, within hours. 

Source: cisco.com

Continue reading

Make Your WAN Connectivity an Extraordinary Experience

Alan Dapré, author of more than 60 children’s books said, “Why be ordinary when you can be extraordinary?” You may be thinking that “extraordinary” is not a term commonly associated with network connectivity. Shouldn’t it just be like water coming out of the faucet? A utility that is … well … ordinary?

Extraordinary is an enhanced experience. And the Cisco Networking Cloud vision enables you to create an enhanced experience that your users refer to as extraordinary. With our latest SD-WAN product enhancements, we’ve made it easier for you to deliver that exceptional experience to them.

SD-WAN: New name and additional deployment option

At Cisco Live in Las Vegas, we announced the rebranding of the Viptela technology solution from Cisco SD-WAN to Cisco Catalyst SD-WAN. The Catalyst brand has always stood for the industry’s most powerful switching, wireless, and routing platforms. This name change not only provides consistent alignment with the Catalyst brand of our routing hardware, but also with our access, data center, and cloud solutions—and drives brand simplification. Cisco’s SD-WAN portfolio includes both Catalyst SD-WAN and Meraki SD-WAN fabrics to provide the most versatile solutions regardless of your use case.

Deployment options for SD-WAN connectivity

Until now, Cisco has offered two ways for you to consume Cisco Catalyst SD-WAN. First, an on-premises deployment would reside in your own data center or a managed service provider’s data center. The second option was to deploy in a Cisco hosted environment with either an AWS or Microsoft Azure cloud infrastructure.

A third deployment option is now available. Cisco Catalyst SD-WAN can be cloud-delivered to align to your infrastructure strategy. Why cloud-delivered? We recognize that operating models are changing. Organizations demand simplicity, agility, flexibility, and scalability. Cloud-delivered Catalyst SD-WAN provides a cloud-first experience with automated, rapid on-boarding and single sign-on.

Cisco provides zero-touch life cycle deployment and management of the infrastructure via Cisco’s Cloud Operations team. Customers will experience end-to-end service delivery, providing automated provisioning of the SD-WAN fabric. Cisco provides the management, monitoring, upgrades, and backup and restore. We’ve included access to end-to-end actionable insights that measure, predict, understand, and remediate potential issues, so there’s no need to implement it later. You can now consume SD-WAN with a flexible subscription model that scales to your needs and enables more precise OpEx planning and lower TCO.

Elevating the application experience

Nary a business has been unaffected by the need to support hybrid work requirements. The importance of delivering an exceptional experience to your users has risen with this trend, and the accelerated adoption of digital services has transformed enterprise IT. Unless every one of your users work from the office and all applications they access are on premises, you no longer fully control the end-to-end infrastructure, yet you are still accountable for delivering optimal digital experiences. These new capabilities and solutions help you elevate the application experience.

ThousandEyes Service Assurance helps your organization ensure top-notch digital experiences through end-to-end network visibility and proactive insights that empower you to pinpoint, troubleshoot, resolve, and optimize performance across every network domain that matters to them—whether on premises, the internet, or cloud.

Cisco is announcing expanded support with ThousandEyes, providing visibility into public cloud networks, internet routing, and enterprise sites with new vantage points from Meraki MX (and Webex RoomOS) devices. You’ll enhance operations with automated event detection and problem isolation, and unmatched insights of your cloud connectivity.

As organizations adapt to hybrid work, IT is expected to support workers at the branch, campus, and remotely. The Meraki Z4 gateways allow IT teams to securely provide connectivity to remote workers and simultaneously manage SD-branch infrastructure across global locations on a unique cloud platform that consolidates security, SD-WAN, access, and IoT.

Simplifying IT

Technology should never get in the way of conducting business and has two essential requirements: work as expected and be simple to use.

The latest enhancements in SD-WAN management and analytics include new Circuit and SecOps dashboards—along with step-by-step configuration templates to expedite the implementation and management of security policies. They include enhanced visibility into circuits and traffic patterns with a visual interface. An enhanced topology view has been added, and real-time tracking of network and path conditions by application-aware routing provides faster brownout detection.

We are introducing closed-loop automation capabilities to Predictive Path Recommendations (PPR). As an integral component of Cisco predictive networks, PPR delivers a predictive network solution, enabling IT personnel to proactively improve application experience. Leveraging advanced algorithms and predictive models, PPR determines the performance and policy compliance of the paths carrying the site application traffic. When performance is below historical benchmarks or SLA, PPR can make recommendations to the IT personnel and automatically implement corrective actions—before impacting users.

Granular Role-Based Access Control (RBAC) enables service providers to offer a robust co-managed SD-WAN service. Both service providers and their tenants can share or split responsibilities while maintaining accountability via auditing functionality in managing an SD-WAN overlay.

Cisco Catalyst SD-WAN now supports Cisco Umbrella’s multi-org integration, allowing customers to easily manage multiple child organizations or regions from a single Umbrella dashboard. This enables the integration of multiple Umbrella organizations with a single-tenant Cisco Catalyst SD-WAN deployment by configuring the Umbrella API integration for DNS and SIG on a per-device basis. By creating customized security policies tailored to specific needs of different regions or organizational units, customers can simplify the security management process, improve network security, and reduce the risk of security breaches. A centralized view of multiple networks reduces the time and effort to manage multiple networks and improves the user experience.

Cloud and middle-mile connectivity

Cisco SD-WAN Cloud Hub with AWS Cloud WAN provides a dynamic WAN service that allows building of a global network in a simplified and fully automated manner, within minutes. The solution delivers a secure, on-demand, flexible, and highly available middle-mile, leveraging the global AWS backbone, intent-based network management, and advanced security through a central policy framework.

Our multicloud solutions start with our enhanced cloud router—the Catalyst 8000V—a virtual router that is optimized for scale and performance for compute instances across the cloud and backbone providers. You can consume this software from public cloud marketplaces with pay-as-you-go (PAYG) licenses or bring your own license (BYOL), purchased directly from Cisco.

During Cisco Live, we announced a network-as-a-service consumption model for middle-mile services with Megaport. This PAYG model allows customers to be billed by Cisco according to the usage of their Megaport services. We also announced the availability of Megaport Ports on Cisco’s Global Price List (GPL). Customers will be able to purchase ports globally for private connectivity to Megaport Virtual Edge and for provisioning global backbones through Cisco Catalyst SD-WAN. With PAYG and Megaport Ports, you gain private connectivity to virtual edges from your data centers or sites. PAYG is important for customers because you only pay if you use them. There is no upfront commitment and no overage.

Efficiency and cost savings for service providers

Cisco Multitenant Edge for Cisco Catalyst SD-WAN platforms enables providers to securely host multiple tenants on a single physical or virtual SD-WAN platform. It simplifies and accelerates SD-WAN design and deployment, while also providing CapEx and OpEx savings. This also helps you meet your sustainability goals by powering fewer WAN appliances.

Clearly, network connectivity is no longer just an ordinary, basic utility. As we continue to build on our vision for Cisco Networking Cloud, we are enabling elevated experiences that allow you to provide connectivity experiences for your users that are truly extraordinary.

Source: cisco.com

Continue reading

Understanding Application Aware Routing (AAR) in Cisco SD-WAN

One of the main features used in Cisco SD-WAN is Application Aware Routing (AAR). It is often advertised as an intelligent mechanism that automatically changes the routing path of applications, thanks to its active monitoring of WAN circuits to detect anomalies and brownout conditions.

Read More: 300-410: Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)

Customers and engineers alike love to wield the power to steer the application traffic away from unhealthy circuits and broken paths. However, many may overlook the complex processes that work in the background to provide such a flexible instrument.

In this blog, we will discuss the nuts and bolts that make the promises of AAR a reality and the conditions that must be met for it to work effectively.

Setting the stage

To understand what AAR can and cannot do, it’s important to understand how it works and the underlying mechanisms running in unison to deliver its promises.

To begin, let’s first define what AAR entails and its accomplices:

Application Aware Routing (AAR) allows the solution to recognize applications and/or traffic flows and set preferred paths throughout the network to serve them appropriately according to their application requirements. AAR relies on Bidirectional Forwarding Detection (BFD) probes to track data path characteristics and liveliness so that data plane tunnels between Cisco SD-WAN edge devices can be established, monitored, and their statistics logged. It uses the collected information to determine the optimal paths through which data plane traffic is sent inside IPsec tunnels. These characteristics encompass packet loss, latency, and jitter.

The information above describes the relationship between AAR and BFD, but it’s crucial to note that they are separate mechanisms. AAR relies on the BFD daemon by polling its results to determine the preferred path configured,  based on the results of the BFD probes sent through each data plane tunnel.

It is a logical next step to explain how BFD works in SD-WAN as described in the Cisco SD-WAN Design Guide:

On Cisco WAN Edge routers, BFD is automatically started between peers and cannot be disabled. It runs between all WAN Edge routers in the topology encapsulated in the IPsec tunnels and across all transports. BFD operates in echo mode, which means when BFD packets are sent by a WAN Edge router, the receiving WAN Edge router returns them without processing them. Its purpose is to detect path liveliness and it can also perform quality measurements for application aware routing, like loss, latency, and jitter. BFD is used to detect both black-out and brown-out scenarios.

Searching for ‘the why’

Understanding the mechanism behind AAR is essential to comprehend its creation and purpose. Why are these measurements taken, and what do we hope to achieve from them? As Uncle Ben once said to Spider-Man, “With great power comes great responsibility.”

Abstraction power and transport independence require significant control and management. Every tunnel built requires a reliable underlay, making your overlay only as good as the underlay it uses.

Service Level Agreements (SLAs) are crucial for ensuring your underlay stays healthy and peachy, and your contracted services (circuits) are performing as expected. While SLAs are a legal agreement, they may not always be effective in ensuring providers fulfill their part of the bargain. In the end, it boils down to what you can demonstrate to ensure that providers keep their i’s dotted and their t’s crossed.

In SD-WAN, you can configure SLAs within the AAR policies to match your application’s requirements or your providers’ agreements.

Remember the averaged calculations I mentioned before? They will be compared against configured thresholds (SLAs) in the AAR policy. Anything not satisfying those SLAs will be flagged, logged, and won’t be used for AAR path selections.

Measure, measure, measure!

Having covered the what, who, and the often-overlooked why, it’s time to turn our attention to the how! ?

As noted previously, BFD measures link liveliness and quality. In other words, collecting, registering, and logging the resulting data. Once logged, the next step is to normalize and compare the data by subsequently averaging the measurements.

Now, how does SD-WAN calculate these average values? By default, quality measurements are collected and represented in buckets. Those buckets are then averaged over time. The default values consist of 6 buckets, also called poll intervals, with  each bucket being 10 minutes long, and each hello sent at 1000 msec intervals.

Putting it all together (by default):

◉ 6 buckets

◉ Each bucket is 10 minutes long

◉ One hello per second, or 1000 msec intervals

◉ 600 hellos are sent per bucket

◉ The average calculation is based on all buckets

Finding the sweet spot

It’s important to remember that these calculations are meant to be compared against the configured SLAs. As the result is a moving average, voltage drops or outages may not be considered by AAR immediately (but they might already be flagged by BFD). It takes around 3 poll intervals to motivate the removal of a certain transport locator (TLOC) from the AAR calculation, when using default values.

Can these values be tweaked for faster AAR decision making? Yes, but it will be a trade-off between stability and responsiveness. Modifying the buckets, multipliers (numbers of BFD hello packets), and frequency may be too aggressive for some circuits to meet their SLAs.

Let’s recall that these calculations are meant to be compared against SLAs configured.

Phew, who would have thought that magic can be so mathematically pleasing? ?

Source: cisco.com

Continue reading

IT Leaders Contend with Secure Multicloud Access – The 2023 Global Networking Trends Report

What do you get when a massively distributed workforce tries to securely connect to a massively distributed set of applications? Massive complexity. In light of this, our latest annual Global Networking Trends Report is focused on how IT leaders and networking professionals are dealing with the challenges of connecting their increasingly dispersed workers to their increasingly distributed applications. And coming as a surprise to no one, when 2,500 IT leaders and professionals across 13 countries were surveyed, they verified that these challenges were their number one networking priority for 2023.

In addition to presenting the key trends from the survey results, the report includes six areas of essential guidance—guidance that focuses on one ultimate outcome: how best to provide distributed workforces with consistent, secure, anywhere connectivity to applications in a multicloud environment. We also asked Cisco experts to share their point of view on how organizations should implement this essential guidance. Here are a few points I found particularly interesting.

Use of Multiple Clouds is on the Rise

The report validates that organizations are, indeed, moving more of their apps and workloads to multiple cloud providers. But a bigger revelation was just how many different cloud providers organizations are using: 92% use more than two and an incredible 34% host workloads with more than four cloud providers (Figure 1). At the same time, one in four are using more than 20 SaaS applications. And when asked why, many respondents identified agility as the biggest motivation for moving to multiple cloud services, citing it as more important than either cost or resilience. 

Figure 1. The use of multiple cloud and SaaS providers has become the norm.  Source: 2023 Global Networking Trends Report.

Lack of Operational Consistency is an Obstacle

The report found that two in five respondents cite lack of consistency across networking, security, and cloud domains as a big obstacle to securely connecting users to cloud resources. At the root of this problem is the reality that many IT organizations still have network and security teams that plan and operate independently. This leaves many IT leaders challenged when trying to deliver better and more secure user experiences with their existing technology and divided operational boundaries.

Integrate Networking and Security from Device to Cloud  

Almost half of the respondents identified a fully integrated networking and security architecture in the form of Secure Access Service Edge (SASE) as their primary choice for connecting branches and remote users to multicloud applications within the next two years. They reported widespread plans to integrate cloud-based software-defined WAN (SD-WAN) connectivity and cloud security in order to deliver consistent secure access to both SaaS– and IaaS–based services.  

Simplify Connectivity to Multiple Clouds 

As the number of clouds increases, the ability to provide consistent and efficient connectivity management and security across them is becoming increasingly important. To improve connectivity to cloud-based applications from all locations, 53% of respondents said they are prioritizing SD-WAN integration with cloud services, SaaS, and middle-mile providers (Figure 2). Why? To apply policy consistently, automate connectivity, and better secure the application experience. 

Figure 2. SD-WAN Integrations with IaaS, SaaS, and Middle-mile Providers are Vital for a Better IT and User Experience.  Source: 2023 Global Networking Trends Report.

You Can’t Manage What You Can’t See 

Ultimately responsible for end-user experiences, IT is increasingly challenged to deliver desired levels of service. With the majority of transactions either originating or terminating outside of traditional enterprise boundaries, IT lacks visibility into the full network path. The digital supply chain is increasingly complex, composed of multiple providers and hops that are typically invisible to IT teams. With the Internet increasingly becoming the new core network, it’s no wonder that IT teams need help. In response to this need for greater visibility, 51% of IT professionals reported prioritizing the adoption of end-to-end network telemetry and visibility to achieve proactive detection and remediation of issues.  

Guiding, influencing, or implementing your own organization’s direction for networking is no easy feat. Explore this year’s report to learn more about how your peers are connecting and securing their increasingly distributed personnel to increasingly distributed apps and data.

Source: cisco.com

Continue reading

What is Cisco SD-WAN? Understanding the Basics of Software-Defined Wide Area Networking

Introduction

As the demand for secure, high-speed connectivity between geographically dispersed locations continues to grow, more and more businesses are turning to Software-Defined Wide Area Networking (SD-WAN) to simplify their networks and reduce costs. Among the leading providers of SD-WAN technology is Cisco, a multinational technology company that has been at the forefront of networking innovation for decades.

In this article, we'll take a closer look at what Cisco SD-WAN is, how it works, and what benefits it offers businesses of all sizes.

What is SD-WAN?

Before diving into the specifics of Cisco SD-WAN, it's important to have a basic understanding of what SD-WAN is in general. At its core, SD-WAN is a technology that simplifies the management and operation of a Wide Area Network (WAN) by separating the networking hardware from the software that controls it.

This means that instead of relying on physical appliances to route traffic between different locations, SD-WAN uses software to manage and direct traffic in the most efficient way possible. SD-WAN also allows businesses to connect to multiple types of networks, including MPLS, broadband, and cellular, making it a flexible and versatile solution for businesses of all sizes.

How Does Cisco SD-WAN Work?

Cisco SD-WAN is a complete solution that includes both hardware and software components. At its core is the Cisco vEdge router, a compact and versatile device that connects to the internet or other networks and handles traffic routing and security functions.

The vEdge router is powered by Cisco's proprietary software, which includes a centralized controller known as the Cisco vSmart controller. This controller is responsible for managing traffic routing policies and distributing them to the vEdge routers in the network.

One of the key advantages of Cisco SD-WAN is its ability to optimize traffic routing in real-time, based on the conditions of the network. This is done through a process called path selection, which allows the network to choose the best path for traffic based on factors like network congestion, link quality, and application requirements.

Benefits of Cisco SD-WAN

Now that we understand how Cisco SD-WAN works, let's take a closer look at some of the benefits it offers businesses of all sizes:

1. Improved Performance and Reliability

By optimizing traffic routing in real-time, Cisco SD-WAN helps ensure that network performance remains high, even in the face of changing network conditions. This means that businesses can rely on their networks to deliver the performance and reliability they need to stay productive and competitive.

2. Enhanced Security

Cisco SD-WAN includes a number of advanced security features, including encryption, firewall protection, and intrusion prevention. This helps ensure that sensitive data remains secure, even when transmitted across public networks.

3. Simplified Network Management

By separating the networking hardware from the software that controls it, Cisco SD-WAN simplifies network management and reduces costs. This means that businesses can focus on growing their operations, rather than spending time and resources managing their networks.

4. Scalability and Flexibility

Cisco SD-WAN is a highly scalable solution that can grow with your business. It also allows businesses to connect to multiple types of networks, including MPLS, broadband, and cellular, making it a flexible and versatile solution for businesses of all sizes.

Conclusion

In conclusion, Cisco SD-WAN is a powerful and versatile solution for businesses of all sizes that want to simplify their networks, improve performance and reliability, enhance security, and reduce costs. By leveraging the power of software-defined networking, Cisco SD-WAN allows businesses to optimize their networks for the unique needs of their operations, and stay competitive in an increasingly connected world.

Continue reading

Enabling Predictive Networks with Cisco SD-WAN and ThousandEyes WAN Insights

With the increasing complexity of Enterprise networks, there is a need for self-correcting and self-healing mechanisms that learn, predict, and plan. Cisco is announcing our newest SD-WAN innovation with Predictive Path Recommendation (PPR) powered by Cisco ThousandEyes WAN Insights. This is a significant capability to simplify network operations by leveraging recommendations from Cisco’s Predictive Networks. Predictive Path Recommendations provide proactive guidance for maintaining network stability and improving the performance of critical Application Groups distributed across the SD-WAN fabric. IT defines applications that require a specific SLA into groups so that PPR can predict which paths will meet those criteria.

Cisco SD-WAN provides IT with scalable, secure, cloud-managed WAN fabrics with extensive capabilities for visibility and troubleshooting of day-to-day network operations. The simplicity of management and exceptional Application Quality of Experience (AQE) are the key driving factors for all innovations underpinning Cisco SD-WAN.

AQE is achieved by constantly monitoring application path metrics and making intelligent choices among all the available paths. Cisco SD-WAN leverages existing capabilities of Application-Aware Routing (AAR) to adapt to unexpected degradation or outages by switching to the most optimal path. This ability to react quickly and automatically to changes in network KPIs provides an optimal Application Experience.

PPR, in combination with AAR, is a powerful tool that helps organizations optimize the performance of their wide area networks. One of the key benefits of PPR is its ability to generate long-term recommendations for network optimization. Rather than simply reacting to network issues as they arise, PPR takes a proactive approach, continuously monitoring the network and issuing recommendations whenever a better path is available. This helps to ensure sustained improvement over a long period of time. Figure 1 illustrates the three phases of the Predictive Path Recommendation cycle.

Figure 1: Three phases of the Predictive Path Recommendation cycle.

SD-WAN continuously monitors application behavior in relation to characteristics of all available paths within the WAN fabric and then generates long-term recommendations for paths that will reduce the probability of experiencing an SLA violation.

As changes to the WAN occur, the predictive models evaluate historical path metrics and usage to provide an early-detection system by warning of potential SLA violations before they occur and providing recommendations for alternate network paths per Application Group.

Network Admins/Operators can leverage the visualizations that are available in Cisco ThousandEyes and SD-WAN to view, monitor, and validate the effectiveness of the predictive model recommendations.

Operators select which policy changes that are recommended by the predictive models to apply in the SD-WAN fabric.

Workflow-Review & Application of Recommendations

PPR generates recommendations on a per Application Group per Site basis and these are available to visualize, explore and review before applying policy changes to the Network. From Cisco SD-WAN vManage UI, administrators can launch the Predictive Networks tab to view and explore all available recommendations.

Figure 2: Cisco SD-WAN vManage Predictive Path Recommendations tab with site map.

Figure 3: Cisco SD-WAN vManage PPR tab with Card-View

SD-WAN administrators can find additional insights into the historical performance of the current path versus recommended path in terms of path quality and impacted users specific to an Application Group at a specific site. In addition, the aggregated metrics for the entire site are also available, which helps Admins identify circuits and paths which are problematic. This view is helpful in understanding the impact of policy change based on model recommendations.

Figure 4: Cisco SD-WAN vManage Predictive Path Recommendation view for a site

Path and Quality of Service (QoS) details for path endpoints help admins verify the path recommendations. The visualization helps compare and correlate the historical Network KPI information presented with path quality variations, number of users, and application experience over time.

Figure 5: Cisco SD-WAN vManage PPR Endpoint Pair Path & QoS details

The Future of Connectivity Relies on Self-Healing Networks

Integrating Cisco ThousandEyes Predictive Path Recommendation with Cisco SD-WAN vManage provides IT with a proactive solution with actionable recommendations to reduce disruptions in network fabric while simplifying network operations. The predictive solution helps to improve the application experience by avoiding network degradation before it happens. It enables operations personnel to work more efficiently and to focus on strategic activities rather than reactive triage. Moreover, Predictive Path Recommendation provides the foundation for intelligent closed-loop network automation.

Source: cisco.com

Continue reading