Download Failsafe Software Defined WANs

WHITE PAPER
Failsafe Software Defined WANs
www.talari.com
WHITE PAPER: Failsafe Software Defined WANs
Table of Contents
Executive Summary...........................................................................................................................3
Introduction.......................................................................................................................................... 4
The Traditional Solution No Longer Cuts It...........................................................................5
MPLS...................................................................................................................................................5
WAN Optimization.......................................................................................................................6
SD-WAN Technology Offers Tremendous Opportunity and Promise ...................6
But Vendor SD-WAN Implementations Differ Widely ....................................................8
Why Failsafe SD-WANs ..................................................................................................................8
Talari’s Failsafe SD-WAN Technology....................................................................................10
The Big Picture.............................................................................................................................10
Continuous Unidirectional Measurement ...................................................................... 12
Per-Packet Forwarding Decisions, and Sub-Second Response ........................ 12
End-to-end QoS and Inbound Congestion Avoidance........................................... 13
Use All Bandwidth Across Multiple Links, Even for a Single Flow..................... 13
Packet Replication for “Platinum Quality” Real-time Support............................. 13
Centralized Management, Unprecedented WAN Visibility .................................. 14
High QoE Cloud Access.......................................................................................................... 14
Scaling the SD-WAN................................................................................................................. 15
Complementary to WAN Optimization........................................................................... 15
Benefits of a Failsafe SD-WAN.................................................................................................. 16
For the Network ......................................................................................................................... 16
“Beyond the Network” Benefits.......................................................................................... 17
Conclusion............................................................................................................................................ 19
www.talari.com
2
WHITE PAPER: Failsafe Software Defined WANs
Executive Summary
The cloud – the union of cloud computing, the Internet and Software-as-a-Service (SaaS)
– is rapidly changing enterprise IT. The traditional enterprise WAN solution of the last
decade – MPLS, often augmented by WAN Optimization technology – no longer cuts it.
A new technology, Software Defined WANs (SD-WANs), offers enterprises tremendous
opportunity for cost savings, flexibility, bandwidth, manageability and superior cloud
access. But SD-WAN implementations, while sharing a few common traits and tending to
sound alike, vary significantly.
Failsafe WANs means both
high network availability
and reliable, predictable
application QoE. The
tantalizing benefits the
cloud and SD-WANs might
promise notwithstanding,
enterprise IT disdains “two
steps forward, one step
back” solutions for good
reason. Even the most
aggressive, leading-edge
enterprises want failsafe
WANs...
MPLS is still a $15B+ worldwide market – despite the enormous price/bit gap versus
Internet connectivity – because MPLS offers failsafe WANs. “Failsafe” here means the
union of high availability and reliable, predictable network performance and application
Quality of Experience (QoE). Only a few companies have developed failsafe SD-WAN
technology. Talari does “failsafe” better than anyone.
MPLS doesn’t offer connectivity to public cloud computing and SaaS. MPLS locks IT
into a single service provider, and is incredibly expensive, as it costs literally 50x – 150x
more per Mbps for smaller sites, and can be 10x – 50x more per Mbps at data centers.
Meanwhile, traditional WAN Optimization technology offers relatively little benefit over
high bandwidth but unpredictable Internet WAN links.
Most SD-WAN implementations do share some things in common: a flexible virtual
WAN overlay fabric supporting multiple WAN links, including lower-cost Internet links;
centralized controllers with centralized management, reporting and policy control; a
choice of physical or virtual appliances.
But vendor SD-WAN implementations differ widely. Some focus on the needs of telecom
service providers. Some focus primarily on “router replacement” (the cost of owning/
maintaining the routers), rather than the issues surrounding the unpredictability of
Internet connectivity, cloud access and the costs of WAN service. Some focus on offering
a fully managed service over the public Internet. While this last approach can work for
some smaller enterprises who have never had MPLS, nor likely any centralized security
architecture, they can be of limited value for larger enterprises with greater control and
security concerns, or who do not wish to make an abrupt wholesale cut over of their WAN
infrastructure. Few SD-WAN implementations have focused on failsafe WANs. None do
failsafe WANs as well as Talari.
Why failsafe SD-WANs? Failsafe WANs means both high network availability and reliable,
predictable application QoE. The tantalizing benefits the cloud and SD-WANs might
promise notwithstanding, enterprise IT disdains “two steps forward, one step back”
solutions for good reason. Even the most aggressive, leading-edge enterprises want
failsafe WANs, given the high cost of downtime, limited IT resources available at most
remote locations, and limited visibility into the WAN.
Talari’s patented SD-WAN technology has some unique capabilities that enable it to
deliver failsafe WANs, including: continuous unidirectional measurement of packet loss,
latency, jitter and bandwidth utilization, enabling unprecedented WAN visibility and subsecond response to adapt to network issues; end-to-end QoS and inbound congestion
avoidance, providing 90% - 97% sustained utilization on shared links without negatively
impacting QoE; the ability to use all bandwidth across multiple links, even for a single
high-bandwidth flow when doing link aggregation; optional packet replication for realtime traffic, delivering platinum quality real-time support; centralized management
via Talari Aware; high QoE cloud access, especially in combination with carrier neutral
colocation facilities close to the core of the Internet; the ability to scale to large WANs
(not trivial to deliver when offering true sub-second response).
www.talari.com
3
WHITE PAPER: Failsafe Software Defined WANs
What can enterprises expect from a failsafe SD-WAN? Benefits include, but are not limited
to:
■■
50x - 150x bandwidth per dollar versus MPLS
■■
Monthly WAN costs reduced by 40% - 80%
■■
Greater network reliability and application QoE than any single MPLS network
■■
Radically reduced WAN troubleshooting costs, via a smart, self-correcting, highly
fault-tolerant WAN that not only detects problems but fixes them, sub-second
■■
Agile, non-disruptive deployment with existing MPLS and WAN Optimization
solutions
■■
Superior support for real-time apps like UCaaS and video conferencing
■■
Excellent support for centralized Internet access and network security architectures
■■
Reliable, high QoE access to SaaS and public/hybrid cloud computing
■■
A long term way to cost-effectively scale the WAN while supporting the migration
to cloud-based applications at whatever pace the computing side of the house
decides to go
SD-WANs offer enormous potential and benefits – if delivered in a failsafe manner. Talari
Networks – unmatched failsafe SD-WANs.
Introduction
The cloud – the union of cloud computing, the Internet and Software-as-a-Service (SaaS)
– is rapidly changing enterprise IT, including the network and the associated IT “plumbing”.
Cloud computing, while offering exciting agility and flexibility in application deployment, is
particularly challenging for the network team tasked with making it all work with the same
reliability and manageability of the purely private networks enterprises have learned to
manage over the years. Storage, LANs, application delivery, etc. are all deeply affected by
the location of applications and services in “the cloud”. But perhaps the greatest cause
for IT concern, and certainly for WAN managers, is the tremendous pressure this change
puts on the Enterprise WAN.
In fact, enterprise WANs have changed very little in the last 15 years. While price/bit for
the Enterprise WAN has improved somewhat over the past decade, it hasn’t increased
with Moore’s Law as have computing, storage, Internet access, LAN switching, etc. –
pretty much everything else associated with IT. But while Internet connections have
followed along with Moore’s Law delivering quantum improvements in price/bit, the
unaided public Internet is still not reliable enough to deliver business-class quality of
service (QoS) and application Quality of Experience (QoE). This is the primary reason why
the overwhelming majority of enterprise WANs are based not on IPsec VPNs over the
Internet, but instead on private MPLS services from telecom service providers like AT&T,
Verizon and BT.
That said, IT and WAN budgets are not growing as fast as the demand for additional WAN
bandwidth – if those budgets are growing at all. Yet next-generation, bandwidth-hungry
applications and real-time applications are placing additional burdens on the WAN. As
more and more application traffic goes to SaaS and public cloud-based services, even
the best performing, WAN Optimization-enhanced MPLS networks simply aren’t agile
enough for the age of the cloud. Left unaddressed, the WAN is likely to be the number
one inhibitor to the demands CIOs and CEOs are making on IT to take advantage of the
benefits cloud computing promises.
www.talari.com
4
WHITE PAPER: Failsafe Software Defined WANs
The Traditional Solution No Longer Cuts It
The state of the Enterprise WAN until very recently: expensive but reliable MPLS
connections with relatively little bandwidth at remote sites, frequently with WAN
Optimization to help squeeze more capacity and performance from those MPLS links,
coupled with cheap and getting cheaper but “unreliable” Internet connections at data
centers and larger sites (and sometimes branches) for IPsec VPN backup connections,
generic Internet access and remote user connectivity. While a reliable solution for the past
decade, this approach is on its last legs.
MPLS
MPLS, of course, is the dominant enterprise private WAN service worldwide. Besides
generally locking IT into a single service provider, MPLS bandwidth is very expensive
compared to Internet bandwidth. And MPLS offers no practical solution for cloud access.
So while MPLS is reliable and can support centralized security, the expense, the limited
resulting bandwidth, and the frequent difficulty in expanding bandwidth at many smaller
locations all are limiting factors going forward.
Because MPLS is so expensive, users at most smaller locations have more bandwidth at
home than they do in the office – frequently a lot more. Some even have more network
bandwidth on their LTE smartphone or tablet devices than they do on the office WAN!
While most anyone interested in SD-WANs is generally aware that MPLS bandwidth is
expensive compared to Internet connectivity, few people realize exactly how enormous
the difference is.
While MPLS prices have come down about 15%- 20% each year for the last several years,
this doesn’t come close to the roughly 40% annual reductions in the price of Internet
bandwidth. So the price/bit gap between Internet and MPLS connections has been
widening, not shrinking. Let’s look at the numbers.
A few years ago MPLS typically cost $300 - $600 per Mbps per month for the copper
connectivity (i.e. n x T1/E1) typically deployed at all but the largest enterprise locations,
while today in most of North America and much of Europe a more typical range is $100
- $300 per Mbps per month. Over this same period, the monthly price of broadband
connectivity like FIOS, cable or xDSL has dropped from the $5 - $15 per Mbps per month
range to $1 - $2 per Mbps per month.
For example, high bandwidth cable modem-based Internet connections are available from
Comcast Business Internet for $1.67 - $4 per Mbps per month, while business pricing for
Verizon FiOS is $0.73 - $2 per Mbps per month. Even using the lower-end estimate of
$100 per Mbps per month for MPLS compared to Verizon’s best bandwidth pricing is a
factor of 137x. Compared to the higher-end $300 figure, this is a factor of over 400x!
Most enterprises will see a range of ~50x – 150x as the price/bit advantage for Internet
connectivity compared to MPLS. There are very few areas in technology where IT sees
order-of-magnitude gains, yet with a proper SD-WAN solution, enterprises can get two
order-of-magnitude benefits by leveraging Internet connections.
The newer area of price/bit benefits from SD-WANs and Internet connectivity is at the
data center. This refers primarily to leveraging data centers located at carrier-neutral
colocation (colo) facilities run by companies like Equinix, Interxion, and Telehouse.
Pricing for fiber-based connectivity at customer premises, for both MPLS and Internet
connections varies widely depending on location and fiber access to the building, and
the local competitive structure of service providers, and is fairly opaque. At customer
premise-based data centers, traditional Internet connectivity might only offer a 2x – 4x
www.talari.com
5
WHITE PAPER: Failsafe Software Defined WANs
price/bit benefit over MPLS, with prices for many connections being in the ~$10 - ~$60
per Mbps per month range.
At colo facilities, while MPLS pricing tends to be similar to what enterprises can obtain
at their private data centers, Internet monthly pricing is usually below $1 per Mbps for
high bandwidth connections, delivering a price/bit benefit in the 10x – 50x range. This
order-of-magnitude advantage is substantial, and can be important when aggregating
connectivity from a large number of branch sites that may now have much more
bandwidth than they did when they only used thin MPLS connections.
While relatively few enterprises have moved data centers to such colocation facilities
to-date, they offer substantial benefits to those enterprises planning to retain centralized
network security and/or migrate to more SaaS and hybrid/public cloud computing. For
cloud-based applications and other Internet access, colocation facilities together with the
right SD-WAN solution can deliver improved end user QoE in addition to their advantages
in bandwidth availability, diversity and cost/bit.
WAN Optimization
The data center consolidation trend of the last decade began because of the benefits on
the computing and OpEx side of the house, rather than the network. In fact, this trend
put even more pressure on the enterprise WAN. The deployment of WAN Optimization
appliances proved to be an excellent answer for a one-time bandwidth upgrade (thanks
to data deduplication technology) and to improve performance for certain applications,
most notably Microsoft CIFS file service – the one application that performs particularly
poorly over the wide area network, especially in the face of any noticeable packet loss.
But traditional WAN Optimization technology offers relatively little benefit over high
bandwidth but unpredictable Internet WAN connections, especially as less and less traffic
is Microsoft file service. Traditional WAN Optimization technology often runs poorly over
Internet links. It doesn’t address longer term bandwidth scaling, offers limited-to-no
benefit for cloud access, and does not address critical reliability and QoE concerns for
cloud access. So while in the era of predominantly thin MPLS pipes at the branch, the
approximately 2x effective price/bit benefits combined with the substantial acceleration
benefits for CIFS that WAN Optimization solutions offer was a pretty big deal, WAN
Optimization technology is simply not the answer moving forward.
SD-WAN Technology Offers Tremendous Opportunity and Promise
A new technology, Software Defined WANs (SD-WANs), offers enterprises tremendous
opportunity for cost savings, flexibility, bandwidth, manageability and superior cloud
access. It has the potential to deliver a revolution in price/performance and agility to costeffectively support the next wave of applications and the transition to cloud computing.
SD-WAN technology can be seen as an extension of software defined networking (SDN).
Similar to SDN, SD-WAN decouples the network configuration from individual wide
area networks, links and hardware components, and instead utilizes software and virtual
network overlays to take advantage of available WAN connections while centralizing
control of and visibility into the entire WAN fabric. SD-WANs enable greater WAN
capacity, lower WAN costs and more flexible management capabilities.
www.talari.com
6
WHITE PAPER: Failsafe Software Defined WANs
Figure 1: SD-WAN Hybrid WAN
deployment scenario
MPLS
Internet
SD-WAN implementations from Talari as well as almost all other SD-WAN vendors usually
share several things in common:
■■
■■
■■
www.talari.com
A Secure Virtual WAN Overlay Network Fabric
This flexible, virtual abstraction of the WAN overlay not tied to any single telecom
service providers’ WAN is sometimes also referred to as a hybrid WAN (especially
if used with a mix of Internet and MPLS connections), and sometimes as WAN
Virtualization. The network traffic across the overlay is encrypted using secure
virtual private network connections to ensure data security even over public
networks.
Leverage of Internet Links
All SD-WAN implementations support using Internet links, and therefore benefit
from Internet economics, bandwidth scalability and fast deployment. No
organization’s WAN budget is growing as fast as the data growth on their networks,
and much future application traffic growth will be in SaaS and public cloud-based
services, so leveraging Internet links simply makes sense.
Support for Multiple WAN Links
All SD-WAN implementations support using multiple links. Many support a
combination of Internet links and private MPLS links (a.k.a. hybrid WANs), while
some, especially those provided as fully managed, so-called “cloud-based” services,
can only effectively use Internet links. Some implementations support only 2 active
links per location, while others can support 4, 6 or 8 per location. While many
people might think that two links per location is sufficient, there are reasons why
a well-architected SD-WAN design might want more. At data centers, to maximize
high network availability, IT will want the ability to support 3 or even 4 (if one of
them is MPLS) high bandwidth connections. At small locations, while two links may
well be sufficient if two different high bandwidth, low cost options like FiOS and
cable are available, where they are not, the ability to aggregate multiple inexpensive
but only moderate bandwidth connections like ADSL can be very valuable.
7
WHITE PAPER: Failsafe Software Defined WANs
■■
■■
Centralized Controller Plus Centralized Management, Visibility,
Reporting and Policy Control
SD-WAN implementations replace traditional device-based, command-line interface
configuration with a centralized controller. The controller offers automated, networkwide control and orchestration for ease of management. Centralized management
provides central device configuration, software upgrades and policy control for
WAN traffic flow classification, prioritization and QoS. It is a central place for WAN
reporting, monitoring, visibility and analytics, as well as the way to tie into overall
network and system management platforms. The centralized controller may run on
one of the forwarding devices, on standard x86 hardware, or even in the cloud.
Choice of Physical or Virtual Appliances
Just as SD-WANs eliminate ties to any single service provider, most SD-WAN
implementations can use either vendor-supplied appliances or standard x86
hardware.
In addition, many SD-WAN implementations help enable branch simplification, combining
multiple functions like firewall, NAT, DHCP, routing and VPN on a single device – whether
on a vendor-supplied physical appliance or as Network Function Virtualization (NFV) on
x86 hardware.
But Vendor SD-WAN Implementations Differ Widely
SD-WAN implementations, while sharing a few common traits and tending to sound alike
on their surface descriptions, vary widely.
Some vendor SD-WAN implementations focus on the needs of telecom service providers.
These service providers have their own wide area network assets, and usually offer high
priced, high margin MPLS services to enterprise customers. The needs of these service
providers are quite different from those of enterprise customers looking to leverage and
tame inexpensive public Internet connections.
Some vendor implementations focus primarily on “router replacement”; in other words,
the cost of owning and maintaining their WAN (usually Cisco) routers, rather than the
issues surrounding the unpredictability of Internet connectivity, cloud access and the
costs of WAN service. While having some overlap with other SD-WAN solutions targeted
at enterprise customers, these solutions have a quite different focus (unseating the Cisco
WAN edge router) and so design point and associated customer benefits.
Some SD-WAN vendors focus on providing a fully managed (sometimes called “clouddelivered”) service over the public Internet. Some of these offerings can be appropriate
for a segment of the enterprise market, especially smaller enterprises and those who have
never had MPLS, nor likely any kind of centralized security architecture. However, this
approach to SD-WANs can be of limited value for larger enterprises, those enterprises
with greater control and security concerns, or those who do not wish to make an abrupt
wholesale cutover of their WAN infrastructure.
Only a few SD-WAN vendors have focused on developing failsafe SD-WAN technology.
Talari has had this at the core of our philosophy – and our patented technology – from
the start. Recently, we are seeing the beginnings of failsafe SD-WAN technology
development from Silver Peak Systems and VeloCloud Networks. No one delivers failsafe
WANs as well as Talari, but these recent vendor entries recognize and reinforce that
success with most enterprises will require failsafe SD-WANs.
Why Failsafe SD-WANs
Why failsafe SD-WANs? Failsafe WANs means both high network availability and reliable,
predictable application QoE. The tantalizing benefits the cloud and SD-WANs offer
www.talari.com
8
WHITE PAPER: Failsafe Software Defined WANs
notwithstanding, enterprise IT folks disdain “two steps forward, one step back” solutions
for good reason. Even the most aggressive, leading-edge enterprises want failsafe WANs
if they are going to augment or replace their time-tested MPLS-based solution, given the
high cost of downtime, limited IT resources available at most remote locations, and limited
enterprise visibility into the WAN.
While there is no doubt that centralized SD-WAN technology makes it a lot easier to
configure and maintain a multi-network WAN using encrypted connections over the
public Internet, it is foolhardy to believe that, given the enormous gap in bandwidth
availability and cost/bit between MPLS and Internet connections, this easier configuration
of public Internet VPN tunnels is the only, or even primary, reason that MPLS has been and
remains to this day the mainstay of the enterprise WAN and a worldwide market of more
than $15B annually. In fact, the key reason behind the ongoing success of MPLS is that it
provides enterprise customers a failsafe WAN.
A little history is in order here. IPsec VPNs, introduced in the mid-1990s, made site-site
connections over the Internet secure. But despite the price advantages of Internet links,
and despite the fact that the Internet in the last 15 years has revolutionized just about
everything else that touches IT, very few large enterprises today use the public Internet for
their primary site-site intranet connectivity. Of course, almost all enterprises do use it for
individual user home and mobile access, and many use it for backup connectivity when
the primary MPLS link fails. For most large enterprises, individual user access and mobile
security, etc. over the Internet is centrally managed, and has been for years.
But on the Internet, there is no single service provider guaranteeing end-end performance
– end-end SLAs over the public Internet are simply not offered. The business model of
peering points – the places where the network-of networks that is the Internet connect
different Internet Service Providers (ISPs) to each other – precludes the ability to deliver
any such SLA. Enterprises simply can’t get meaningful QoS over a single Internet
connection, both because of the peering point issue and the difficulty of doing the
accounting or billing even if there were service providers who wanted to try.
These issues all exist even when the last mile is a dedicated TDM connection such as T1/
E1 or T3/E3. With inexpensive broadband links, there are the additional problems of lack
of sufficient upstream bandwidth on ADSL, and the lower MTBF and much higher MTTR
associated with broadband connections.
The resulting “two nines” (99%) reliability plus associated performance predictability
for the unaided public Internet doesn’t stack up to the “four nines” (~99.95% - 99.99%)
reliability MPLS delivers in practice, and that IT and users have come to expect.
So while standard Internet VPNs – and SD-WAN implementations lacking failsafe
capabilities – are an excellent choice as backup connectivity, and may be sufficient for
some smaller enterprise locations, such “works pretty well most of the time” solutions over
unaided public Internet connections simply don’t deliver the enterprise-grade reliability
and predictable application QoE that MPLS does.
Absent proper failsafe SD-WAN technology, enterprise WAN managers have done
exactly the right thing being conservative with their WANs for all these years, despite the
Internet’s vastly superior economics.
So why is it that some vendors seem to think that even though the public Internet hasn’t
been good enough all along for the enterprise WAN, it will somehow be reliable enough
for enterprise use, just because they say the magic phrase “SD-WAN” and perhaps add
easy-to-use, pretty centralized configuration? The answer, of course, is that it won’t.
On the other hand, putting an MPLS connection at every service location accessing a
public cloud service is utterly impractical, as it would not only be very expensive, but also
www.talari.com
9
WHITE PAPER: Failsafe Software Defined WANs
incredibly difficult to manage. Yet as user WAN bandwidth demands continue to grow
every year, sticking with MPLS alone “forever” clearly isn’t the answer, either.
The bottom line: MPLS is still a $15B+ worldwide market – despite the enormous price/
bit gap versus Internet connectivity – because MPLS offers failsafe WANs. Only a few
vendors have actually developed failsafe SD-WAN technology.
Talari does failsafe WANs better than anyone. With Talari, enterprises need not sacrifice
failsafe to gain the benefits that SD-WAN technology promises.
Figure 1: Talari failsafe SD-WAN
connectivity
MPLS
Data Center
Branch
MPLS
Internet
ISP A
ISP C
Internet
ISP B
DSL
ISP D
Talari’s Failsafe SD-WAN Technology
So how exactly does Talari’s Adaptive Private Networking (APN) technology make failsafe
SD-WANs a reality?
The two most critical capabilities of Talari’s failsafe SD-WAN technology are:
■■
Continuous unidirectional measurement of packet loss, latency, jitter and bandwidth
utilization for all paths between any pair of locations
■■
Per-packet forwarding decisions, enabling sub-second response to adapt to network
issues on any path
This ability to react in real-time, sub-second, made possible by this precise, real-time
measurement, is the key element in delivering a failsafe SD-WAN.
In addition to the two noted above, other key capabilities of Talari’s failsafe SD-WAN
technology include:
■■
■■
■■
■■
■■
■■
End-to-end QoS and inbound congestion avoidance, delivering highly efficient
(90% - 97% sustained) bandwidth utilization on shared inbound and outbound
links without negatively impacting QoE
The ability to use all bandwidth across multiple links, even for a single highbandwidth flow when doing link aggregation
Optional packet replication for real-time traffic, providing platinum quality real-time
application support
Centralized management with Talari Aware, offering unprecedented WAN visibility
High QoE cloud access, especially in combination with carrier neutral colocation
facilities close to the core of the Internet
The ability to scale to hundreds of locations and thousands of WAN links
Now let’s look at the “big picture” idea behind Talari APN’s architecture, go over the two
most critical capabilities in some detail, and also cover the other key capabilities of Talari’s
failsafe SD-WAN technology.
The Big Picture
As described above, Talari’s APN technology for SD-WANs creates a secure virtual WAN
overlay network fabric utilizing diverse WAN connections, and is focused on providing
the critical network reliability and performance predictability to make failsafe WANs
www.talari.com
10
WHITE PAPER: Failsafe Software Defined WANs
leveraging public Internet connections a reality. It wraps a layer of software intelligence
around multiple public and/or private WAN connections in much the same way RAID
wrapped intelligence around cheap PC hard disk technology and revolutionized storage
over twenty-five years ago.
The basic idea behind Talari failsafe SD-WAN technology is to combine two or more
disparate sources of IP bandwidth at each network location and use them in a way that
delivers reliability that meets or exceeds that offered by any single vendor MPLS network.
These bandwidth sources can be high-speed T3/E3, OC-3, Fast Ethernet or Gigabit
Ethernet links at larger sites, as well as any Internet connectivity such as DSL, cable, FiOS,
T1/E1, Metro Ethernet, etc. at remote locations. Existing private WAN connections such as
MPLS can also be leveraged.
Figure 2.
If each path is only 98% [99%] reliable…
ISPAA
ISP
ISPBB
ISP
Internet
Internet
ISPCC
ISP
ISPDD
ISP
The system (properly designed) is 99.96% [99.99%] reliable
With connectivity between locations possible over at least two paths from different
network sources, there is redundancy because of the diversity at the physical and the
IP network levels. The probability of timely packet delivery from one location to another
across at least one of these networks is very high. Even if each network has a reliability
of only 98%, then the reliability of the two networks when combined properly using Talari
SD-WAN technology will be 1-((1-0.98) * (1-0.98)) = 99.96%.
Similarly, two diverse Internet connections that are each 99% reliable – which is the
approximate general expectation for domestic Internet connections – can be made 1-((1.99) * (1-.99) = 99.99% reliable. Because Talari’s offering usually uses multiple paths over
each available Internet link, rather than just one, it can actually achieve still more reliability
when we have multiple diverse public connections at each end.
While there have been WAN link aggregation technologies for a long time now – MLPPP,
for example, has been around forever – all of them before Talari APN technology had
fundamental limitations on their usefulness. They were either like MLPPP and required
WAN links that were uniform in type and bandwidth and had extremely low loss and jitter
characteristics, or they would not deliver reliability in the face of network problems. Most
other than MLPPP (and for that matter, most other SD-WAN implementations on the
market today) require that each TCP flow use only a single WAN connection. If not, they
would actually make application performance worse when there are congestion issues on
any of the network connections or links. None have had the ability to move flows off of
a bad network path in the face of packet loss or excessive latency/jitter without breaking
the connection.
A Talari SD-WAN addresses all of those limitations of prior aggregation technologies, and
then some.
www.talari.com
11
WHITE PAPER: Failsafe Software Defined WANs
Continuous Unidirectional Measurement
Figure 3.
Loss
Jitter
MPLS
Latency
MPLS
Internet
ISP A
ISP B
Internet
ISP C
DSL
ISP D
Loss
Jitter
Latency
The linchpin technology that enables the delivery of failsafe SD-WANs is the continuous
unidirectional measurement of packet loss, latency, jitter and bandwidth utilization for all
network paths between any pair of locations.
APN performs continuous measurement of each packet on the WAN, as opposed
to measurement via occasional round-trip test packets. The measurements are
unidirectional, not simply round-trip, since just as on roads and highways, traffic jams are
usually in one direction but not the other, and since unidirectional information is essential
for real-time traffic. The measurements are done across all paths, since given m Internet
links at one location and n at the other, there are m x n possible network paths that can
be used across the network-of-networks that is the Internet, substantially increasing
reliability and QoE. In the figure above, given two Internet links at each site, plus a private
MPLS connection, there are 2 x 2 + 1 = 5 different possible network paths between the two
locations shown. APN supports up to 8 WAN links per location.
The measurements are done on each and every packet sent between the two locations,
not simply using sporadic test packets – though multiple test packets per second are sent
when there is no actual network traffic for any given path, to ensure constantly up-to-date
measurement data.
Per-Packet Forwarding Decisions, and Sub-Second Response
This precise, real-time measurement enables unprecedented WAN visibility and subsecond response to adapt to network issues, both hard link/device failures as well as “soft
outages” from network congestion-based packet loss and jitter. It is this sub-second
response that is the critical component to delivering a truly failsafe SD-WAN.
End-to-end algorithms match the state of the network with the needs of different traffic
types and adapt using real-time, per-packet traffic engineering. Even though packets can
follow any number of paths to the destination, the connection between two locations
appears as a single highly reliable link. This delivers predictable IP session performance
throughout, regardless of transient congestion or network outages. To TCP/IP-based
applications, the resulting WAN connectivity looks like a zero-loss network with occasional
bouts of high jitter.
www.talari.com
12
WHITE PAPER: Failsafe Software Defined WANs
The sub-second response delivered by Talari APN technology is more than fast enough
to handle any application that can run on an MPLS WAN. Consequently, it delivers as
good—and usually better — reliability and predictable application QoE as an enterprise
can achieve with a single-vendor MPLS WAN.
End-to-end QoS and Inbound Congestion Avoidance
Like all good intermediate networking devices, APN appliances implement QoS and use
the class of service information and any other configured policy rules associated with
each flow as part of the path selection criteria. Unlike other offerings that implement QoS
and can only prioritize which traffic goes out on the local link first, APN technology uses
this QoS information to choose the path that gets the packet to the destination at the
other end of the WAN in the shortest possible time – which is ultimately what matters
most for delivering application QoE. This end-to-end QoS is only possible because of the
detailed unidirectional measurement information.
Network administrators don’t have to associate certain flows with certain network
connections, just because those flows are higher priority or that network connection
usually has better jitter and loss characteristics. Network paths that are currently working
well get traffic, and traffic is diverted, sub-second, away from network paths experiencing
problems. An organization’s most important traffic gets to the other end of the WAN as
quickly as possible, and all of the traffic gets to the other end of the WAN quickly and
reliably.
Further, APN technology leverages the latency and bandwidth utilization information it
gathers to ensure that even inbound links are used efficiently and not congested. This
ability to both inform and then negotiate with far side edge devices about available
access to their last mile interface is sometimes referred to as bandwidth reservation, but
the technology is more sophisticated than prior bandwidth reservation technologies for
packet-based networks.
APN’s patented technology is able to provide highly efficient bandwidth utilization
– delivering 90% - 97% sustained utilization on shared outbound and inbound links
without negatively impacting QoE (i.e. minimizing latency increases on last mile links).
All reputable basic QoS solutions have been able to do this for outbound links for years;
doing this for inbound traffic is much more difficult; in fact, the rule of thumb for inbound
or core network links is that above 40% sustained utilization, more bandwidth is necessary
to avoid jitter/latency/loss issues that can materially impact QoE.
Use All Bandwidth Across Multiple Links, Even for a Single Flow
Because Talari APN technology can make per-packet, rather than simply per-flow,
forwarding decisions, it can deliver far better link aggregation capabilities than competing
approaches. It is able to use all available bandwidth at any location, across even widely
disparate links, even for a single large flow – something not possible to do in a reliable,
predictable fashion with other technologies when leveraging multiple WAN connections
with differing latencies and varying loss and jitter characteristics.
With a Talari SD-WAN, IT gets to use all of the bandwidth almost all of the time, and do so
in an automatic, failsafe manner.
Packet Replication for “Platinum Quality” Real-time Support
For real-time applications like VoIP and videoconferencing, Talari’s failsafe SD-WAN
technology can deliver ultra-reliable, cost-effective support, choosing network paths with
the least packet loss and lowest jitter for such high-priority traffic, and switching subsecond to a better path in the face of high loss or jitter.
www.talari.com
13
WHITE PAPER: Failsafe Software Defined WANs
Where sufficient bandwidth is available, it can provide still greater flow reliability by
optionally replicating real-time traffic flows along a second path, suppressing duplicates
at the receiving end, and so delivering “perfect” platinum-quality sound and voice quality
even in the face of failures or massive congestion on one of the connections.
Competing Forward Error Correction (FEC) technologies purport to provide similar
benefits, but while they provide benefit when used with links that have relatively uniform
loss (as, e.g. some wireless connections), given that by definition they send the traffic
over the very network path having issues, they are of little benefit when dealing with the
occasional bouts of high loss and high jitter that occur on shared networks like the public
Internet, and of essentially no benefit in these instances to real-time applications like VoIP
or videoconferencing.
Figure 4.
Centralized Management, Unprecedented WAN Visibility
Talari’s APN Aware is a centralized management system that gives IT staff the
ability to configure, monitor, and analyze a Talari SD-WAN. Aware reduces network
device configuration time, and provides access to detailed performance data and
events correlated across the WAN. This results in an easy to manage network with
unprecedented WAN and application performance visibility.
Talari Aware Highlights
■■
Intuitive, centralized management system for Talari appliances
■■
Single point configuration with comprehensive network-wide audits
■■
Simplifies monitoring and analyzing a Talari SD-WAN
■■
Fully customizable reports and graphs for easy network and application
performance management
High QoE Cloud Access
In addition to offering virtual appliances in the cloud, Talari’s powerful SD-WAN
technology in combination with carrier neutral colocation facilities offers Internet
economics for data centers, cost effective maintenance of existing centralized enterprise
security architectures, a smooth path to efficient hybrid cloud computing and reliable,
predictable QoE for SaaS and public cloud computing services.
www.talari.com
14
WHITE PAPER: Failsafe Software Defined WANs
With virtual appliances for AWS (Amazon Web Services) and Microsoft Azure, Talari
extends the reach of the corporate WAN into the Amazon or Microsoft clouds, making it
possible to control, manage and have visibility into the connection to the cloud. It uses
the same Talari SD-WAN technology that enterprise locations do, and so ensures that
applications and content are always available regardless of any single network failure.
In addition, Talari SD-WAN technology can be used to add one or more locations on
the customer’s WAN at colocation facilities. Deployment at a colo facility is similar to
deployment at a private data center, though some customers will prefer virtual appliance
deployments at a colo even when choosing physical appliances at private locations.
Using Talari’s failsafe SD-WAN technology, especially in conjunction with colocation,
allows IT to centralize the complexity in the network at locations where diverse bandwidth
is cheap and plentiful, and which provide excellent connectivity to “the core of the
Internet” and so to public cloud-based cloud computing services and SaaS. Backhauling
Internet traffic to a colo facility – where the enterprise’s centralized security technology
is deployed – rather than to private data centers now makes tremendous sense. Such
deployments are the key to enabling a smooth migration to cloud services.
Scaling the SD-WAN
Scaling failsafe SD-WAN technology to support hundreds of locations and thousands of
WAN links is no easy task, but Talari APN technology does exactly that.
Note that scaling SD-WAN technology is relatively straightforward if not doing fail-safe
WANs – and the continuous measurement and sub-second response that goes along with
it – but not at all trivial to deliver when performing real-time measurements on all network
paths and offering sub-second response to network issues.
Be wary of vendors who try to conflate scaling of network management and device
configuration with the much harder task of scaling the technology of continuous
measurement and failsafe forwarding decisions with sub-second response. Of course, it’s
true that SD-WAN vendors that don’t offer such failsafe SD-WAN technology don’t have
to deal with such challenging scaling issues.
Complementary to WAN Optimization
WAN Optimization, another two-ended technology from companies like Riverbed, Silver
Peak and Citrix, was built on the long-standing assumption that the existing enterprise
WAN is as reliable as needed, but bits are expensive – and the need, therefore, is to
squeeze as much out of those thin pipes as possible. The insight behind Talari’s SD-WAN
offering is that there are lots of cheap bits out there, thanks to the Internet – they just
need to be made reliable enough to be business quality.
Where WAN Optimization focuses on optimizing each application for the network, Talari
failsafe SD-WAN technology optimizes a more-affordable, higher-bandwidth network
fabric for all applications. Talari’s SD-WAN solution is highly complementary to WAN
Optimization; many of our customer deployments are in conjunction with existing WAN
Optimization appliances.
Talari failsafe SD-WAN technology, thanks to its ability to aggregate bandwidth across
disparate links, deal with the effects of packet loss, and quickly react to jitter and latency
caused by network congestion, has capabilities that help real-time and highly interactive
applications in ways that WAN Optimization simply cannot. It offers better performance
for first-time data transfers, improved QoE and reliability for real-time apps like VoIP and
time-sensitive interactive applications like VDI, and offers more predictable performance
for all applications even in the face of network “brownouts” which stymie other network
reliability or application acceleration technologies.
www.talari.com
15
WHITE PAPER: Failsafe Software Defined WANs
Benefits of a Failsafe SD-WAN
What can enterprises expect from a failsafe SD-WAN? The benefits are substantial, both
short term tactically and longer term strategically, for both the network itself and “beyond
the network”.
For the Network
Far Greater WAN Bandwidth
As noted, Internet bits are simply far less expensive than those from the oligopoly
MPLS providers, offering 50x – 150x bandwidth per dollar compared to MPLS at branch
locations, and can be 10x – 50x for data center locations, especially at carrier-neutral
colocation facilities. Talari’s failsafe SD-WAN technology allows enterprises to use
inexpensive Internet bandwidth to augment or replace expensive MPLS links.
It also enables much more bandwidth per enterprise location, because of its ability to
aggregate multiple, disparate links and use the combination in a failsafe manner as if it
were a single connection. Talari’s bandwidth aggregation capabilities enable enterprises
to take advantage of the asymmetric bandwidth offered by some broadband connections.
The asymmetry reflects the way that most traffic flows (from data center to branch). But
while a single ADSL connection alone might not have sufficient upstream bandwidth to
satisfy some corporate uses, by aggregating multiple connections, sufficient upstream
bandwidth is available even for enterprises that choose to eliminate a T1/E1 MPLS link.
Lower WAN Costs
Since Internet bandwidth costs far less than MPLS, monthly WAN costs can be reduced
by 40% - 80% (even as IT adds bandwidth to the WAN) as Talari’s failsafe SD-WAN
technology enables that Internet bandwidth to be business quality. Consequently,
spending on MPLS can be capped and, if desired, eventually eliminated altogether for
maximum cost savings.
Talari’s SD-WAN solution makes it easy to take advantage of small amounts of expensive
private bandwidth combined with larger amounts of cheap Internet bandwidth for the
best of both worlds. If they wish, enterprises can continue to keep spending, say, 60% of
their WAN budget on the 10% of really expensive private (read: MPLS) bits while spending
the other 40% on the 90% of cheap Internet bits. Thanks to Talari’s failsafe SD-WAN
technology, enterprises will not only have more bandwidth and lower cost per bit, but
they also will have lower overall monthly WAN spend, and greater reliability, than they
would by putting all their eggs in the AT&T/Verizon/BT basket.
Greater Network Reliability and Application QoE than any Single MPLS
Network
The reliability technology at the core of Talari’s SD-WAN solution making it all possible
is, of course, a great benefit in its own right. With Talari failsafe SD-WAN technology,
the wide area network is now more fault tolerant even to errors users or IT might
inadvertently introduce (software upgrades, taking connections down for maintenance,
etc.), thanks to the multi-path reliability combined with the fact that most Talari SD-WAN
implementations are overlays – software-defined networks that sit on top of the routed
network infrastructure rather than replacing or actively modifying its construction. Talari
SD-WAN technology greatly enhances network reliability, and in particular application
QoE, by eliminating single points of failure from even temporarily taking out the network
and causing application sessions to be broken.
Radically Reduced Troubleshooting Costs
WAN managers also need to do far less troubleshooting of that portion of the network –
the external WAN – where they have historically had both the least visibility and the least
www.talari.com
16
WHITE PAPER: Failsafe Software Defined WANs
control. A Talari SD-WAN is not just a visibility tool to inform IT of network problems or
help track down the specific cause of a problem after it happened; it fixes the problems
in real time before users even notice them, virtually eliminating MTTR issues. Lower
troubleshooting costs translate into lower WAN OpEx.
Unprecedented WAN Visibility
Of course, the continuous unidirectional monitoring technology enables rich, detailed
visibility reporting into WAN performance, to help track down those problems which are
not simply transient at your leisure, without impacting users. It can enable IT to document
and get money back from SLAs missed by their service providers.
Agile, Non-disruptive Deployment – No “Forklift Upgrades”
Despite the revolutionary benefits it offers, Talari’s SD-WAN solution was designed to
be deployed in a non-disruptive fashion, augmenting existing MPLS networks and WAN
Optimization equipment. It enables incremental, IT-controlled evolution of the WAN,
rather than requiring periodic “forklift upgrades”. Older WAN connections need not be
ripped out. If desired, enterprises can augment and keep older, expensive private WAN
connections indefinitely, or let them eventually wither away when they are no longer costeffective, and sufficient total network reliability has been demonstrated.
Talari’s SD-WAN offering also allows for easy, cost-effective bandwidth scalability.
Bandwidth additions can now be incremental and done in days, rather than the weeks or
months it can sometimes take to get an additional MPLS circuit deployed, or the months
or years it can take to get fiber to some locations – and can be done without sacrificing
reliability or application QoE.
“Beyond the Network” Benefits
Superior Support for Next-generation Apps, and Real-time Apps Like UCaaS
and Videoconferencing
Applications run better, with greater QoE and more predictable performance, with Talari
failsafe SD-WAN technology. A Talari SD-WAN enables the cost-effective deployment of
applications that are otherwise difficult to deploy and support over a far-flung WAN.
Talari failsafe technology can improve latency-sensitive VDI (a.k.a. Desktop Virtualization)
flows in ways that WAN Optimization technology cannot, via sub-second path switching
in the face of network congestion and even replication of flows. For some interactive or
real-time applications that are very sensitive to latency or packet loss, a Talari failsafe SDWAN may be the difference between implementation success and failure, especially given
the realities of today’s IT budget constraints.
For example, UC solutions hosted in the cloud to augment or replace purely internal
VoIP, videoconferencing or UC deployments will also be made much easier with a Talari
SD-WAN solution. In the case of videoconferencing, for many enterprises, Talari failsafe
SD-WAN technology enables the necessary additional bandwidth and QoE allowing
enterprise-wide deployments even to be possible, as running HD videoconferencing over
thin T1/E1 circuits along with existing application traffic can be a non-starter.
Excellent Support for Centralized Network Security and Internet Access
Despite the more distributed nature of the cloud when it comes to the location of
application and services, and despite the claims of some that using SaaS and cloud
computing effectively requires fully distributed Internet access, a Talari failsafe SD-WAN
solution facilitates the centralization of network and IT complexity, e.g. for Internet access/
Internet security and remote site backup. With proper WAN design, centralizing network
and IT complexity can save time and money while simultaneously improving application
QoE.
www.talari.com
17
WHITE PAPER: Failsafe Software Defined WANs
A Talari failsafe SD-WAN, especially in conjunction with colocation, allows IT to centralize
the complexity in the network. As we know already from server consolidation, there
are computing and security benefits to centralizing complexity in a small handful of
locations. For the network, a Talari SD-WAN enables the centralization of network
complexity and policy at a tiny number of data centers and colocation facilities, even
for a large worldwide WAN with hundreds or thousands of locations, without sacrificing
performance, security or application QoE, and doing so in a low cost way that will scale.
A Talari SD-WAN enables scalable, compromise-free Internet backhaul. In conjunction
with carrier-neutral colocation, Talari’s failsafe SD-WAN technology allows enterprises to
have all the security and simplicity benefits of network backhaul using a partial mesh huband-spokes design, with the higher performance and lower average latencies benefit of
distributed Internet connectivity, in a manner which is lower cost and more scalable than
either. Expensive, complex IPS and next-generation firewall technologies can be limited
to only a few carefully chosen colocation sites and data centers, maintaining security and
allowing easier upgrades to and lower management costs for security solutions, while
central site bandwidth is far lower cost and more scalable as well.
Reliable, High QoE Access to SaaS and Public/Hybrid Cloud Computing
Building on the above, and even more important from the perspective of using SaaS and
public cloud computing services for mission critical user access, access from the branch
into the Internet core is now as reliable as site-to-site internal WAN connectivity.
A Talari SD-WAN implementation leveraging colocation facilities improves network
reliability and application QoE for not only Internet access in general, but can enable
“on-net” reliability to cloud services located at the same colocation facility. It also offers IT
the next best thing - “3 ½ nines” – even for SaaS and cloud services not immediately near
the colo facility. The problems with Internet performance – at least within North America
and within Western Europe – are rarely in the Internet core, but rather on first mile/last
mile links, or the peering points connecting first mile/last mile to the Internet core; Talari’s
failsafe SD-WAN solution addresses all the key problem points.
This is critical to allowing enterprises to leverage cloud computing – public, private or
hybrid – in an incremental, secure and reliable way. Without reliability and predictable
application QoE, most Application IT teams simply will not be willing to move missioncritical applications to a private cloud, to say nothing of hybrid or public clouds. Having
a private cloud at a carrier-neutral colo facility connected by a predictable, reliable WAN
under enterprise control is the way that the vast bulk of enterprise applications can be
safely and securely migrated to take advantage of public cloud services, at a pace that
makes sense for each enterprise’s computing department, without blowing the budget or
causing users to complain about unusable applications.
With a Talari failsafe SD-WAN, enterprise WAN managers can prepare and enable their
WAN for the move to private or public cloud computing, at whatever pace the computing
side of the organizations wants to go, without sacrificing the network reliability, network
security and predictable application QoE they have today.
Leverage over telecom service providers
One of the most beautiful points about a Talari SD-WAN solution is that most or all of
the next generation network upgrade can pay for itself out of the WAN OpEx budget. It
also provides a long-term way to leverage Internet economics and Moore’s Law, giving
enterprises a failsafe way to cost-effectively scale their WANs and leverage new WAN
technologies, even consumer-oriented ones, as they appear. It gives enterprises leverage
for the first time with their telecom service providers.
www.talari.com
18
WHITE PAPER: Failsafe Software Defined WANs
Source of funds for other WAN and cloud projects
While not something that an AT&T or Verizon salesperson wants to hear, enterprises
now have a new source of funds for projects: the private WAN OpEx budget. In the
same way that PCs, LANs, WANs and client-server computing spending grew much
faster annually than IT budgets overall in the 1980s and 1990s by stealing from the
mainframe/minicomputer budget, a Talari failsafe SD-WAN enables enterprises to first
cap, and then tap, their expensive spending on MPLS, and over time use that budget as
a source of funds for not just adding bandwidth, but even other priorities like enabling
videoconferencing or migrating to cloud computing.
A Talari SD-WAN gives enterprise WAN managers a long term way to cost-effectively
scale the WAN while supporting the migration to cloud-based applications. Thanks to
Talari failsafe SD-WAN technology, Wide Area Network design, for the first time in a long
time, is strategic. A Talari SD-WAN helps lower overall IT CapEx and OpEx.
Conclusion
The cloud is changing everything, and the traditional solution of MPLS, even augmented
with WAN Optimization, simply won’t cut it. SD-WANs offer enterprises enormous
potential and benefits – if delivered in a failsafe manner. A failsafe SD-WAN solution
provides enterprise WAN managers a safe, evolutionary, cost-effective way to deliver
predictable QoE while meeting application demands in the age of the cloud. Few vendor
SD-WAN solutions actually deliver failsafe enterprise WANs. Make sure to source your
SD-WAN from a vendor that does.
About Talari Networks
Talari Networks, Inc.
1 Almaden Blvd, Suite 200
San Jose CA, 95113
Phone: +1.408.689.0400
[email protected] | www.talari.com
Talari Networks, the trusted SD-WAN technology and market leader, engineers the internet and
branch for maximum business impact, delivering superior application reliability and resiliency, while
unlocking the benefits of branch consolidation. Incorporating years of innovation into five generations
of product, Talari is deployed across thousands of sites in 40 countries.
©2016 Talari Networks, Inc. All rights reserved. Talari and any Talari product or service name or logo used herein are
trademarks of Talari Networks. All other trademarks used herein belong to their repective owners.
WP FAILSAFE 0916-001
19