A Business Leader's Guide to Navigating SD-WAN, SSE, and SASE
Hi. I'm Max Clark. What the heck is SD WAN, SSE, and Sassy, and why do you care? K. Let's talk about a little bit of the dark ages of networking.
Speaker 1:And when I say dark ages of networking, I'm really only talking like 15, 20 years ago. So let's call it early to mid, even late 2000 and what we had available to us and what the problems were.
Speaker 2:So in terms of like Internet connectivity, so whether you're purchasing a
Speaker 1:DIA product, what we call dedicated dedicated Internet access, if you're in a data center, purchasing an IP transit product, basically a high speed, fast connection out of a data center location, you're purchasing single circuits and your equipment that you're plugging these certain single circuits and most likely has no ability to do 2 things for you. The first thing is it can decide which way to send traffic, send traffic to provider A or some traffic to provider B. And this would be dependent on a routing protocol. So if you're a really big network or in a data center, you're running BGP because you're connected to 2 different networks at the same time. And that's how the Internet works.
Speaker 1:It runs BGP in order to talk to 2 places. BGP has a path selection algorithm built into it just like any other routing protocol. And that path selection algorithm makes a routing decision based on priorities of how it decides things. So for instance, you can override using a local pref. So as you learn routes from your neighbor that goes into the router and you can manipulate those routes coming into the routers route selection process or our decision engine and say, I want to prioritize this route or I want to deprioritize this route.
Speaker 1:Now it works. It's a relatively I mean, it's just a brute force thing. You're just hitting it with a stick. What BGP ultimately what it's looking at is it's looking at the length of AS's are the autonomous systems. So how many networks between you and the place that you want the traffic to go?
Speaker 1:And it's making a decision looking at just those links. So if you have one network connection, it sees a path of 4 ASs and you have another network connection and you see a path of 3 connections unless you're doing something else to manipulate that traffic. It's going to take the shorter route. Now, the shorter route in AS is isn't necessarily the shortest route based on real performance. So you could have examples of either, you know, one carrier having saturated links or having a lot of network equipment between point A and point B or, you know, slower bandwidth, you know, slower, slower interfaces and you want to go the other direction.
Speaker 1:So BGP natively does not give you this information. And that's, by the way, it's very unusual for people to be running BGP because it really signifies that you're in a data center and you're connected to multi and you're multi home. If you're an enterprise and you're talking about Internet circuits at your office, very unusual to run BGP with the amount of overhead and both from like an engineering standpoint as well as a equipment cost standpoint. Okay. So if so then we get into things where, like, you can do rudimentary.
Speaker 1:So, okay, let's let's say if you're not running BGP, what do you do? If you're not running BGP, what do you do? You could do. And if you don't have a routing protocol, you would do very simplistic things like on a Cisco router. You could do interface tracking.
Speaker 1:You could do IPSLA, which again, not super typical for people to be configuring IPSLA, but IPSLA would give you the ability, for instance, to ping something else and then use a termination from that ping timing to then set a route or not. But at a very basic level, if you do, the router will withdraw the route based on the interface being up or down. And depending on the version of iOS that you're running, not just not iPhone iOS, but like Cisco iOS. Being on the version of iOS that you're running, you know, you can make it really elegant because you'd actually create a route statement. So like if you're doing a default route, you do like IP route and it's 0.0.0.0.
Speaker 1:Right. So that mask and then you would tag an interface to it. And you could say, you know, Ethernet Ethernet is a fast e gigi, 10 gigi, whatever the interface identifier is. And then the interface numbers like 0 slash 0 and then the destination gateways, the IP address on the other side of the link. And then if you wanted to set a metric to it, you could.
Speaker 1:And these are all things you're doing to manipulate. And so what was good about this Cisco routing at that point, the router is if the interface went offline, went down, it was near instantaneous to take that half out of route. I'm gonna try to draw this here, and I'll explain something here. So if we have a router that looks better. You have 2 network connections, and you have this kind of thing here.
Speaker 1:All the route decisions are happening at the actual router. You can manipulate. And again, with BGP, you can influence how traffic comes inbound to you to a certain degree. And you do that with AS Path prepending to make the network length look longer if you're running BGP. But whatever network is on the other side, they can always set a local pref or do other things override the s path length and the pre pending.
Speaker 1:So you can only quasi influence inbound. The big issue with that, especially with smaller links, and I'll just use quasi modern numbers. If you've got a 100 megabit connection here and you try to shove 1,000 megabits or 1 gigabits down the pipe to you, this interface here is gonna saturate on this circuit before it even gets to you, before it even gets to your device. So try to set an inbound QS policy on the inside of the link. This link is already toast before it even gets to you.
Speaker 1:There's an easy way of doing this. So right here, that link is saturated before it even gets to your router to even attempt to do anything private networking. So that's the first issue. So we'll talk about route selection. We'll talk about QS and we're gonna talk about let's talk about private networks over public Internet especially by the way a 100 megabit in 2,008 is really unusual capacity bandwidth for most enterprises at an office.
Speaker 1:So what happens then is you can go out and you could buy an MPLS circuit and an MPLS circuit. And And by the way, there's lots of different terminology for this stuff. I'm just gonna use MPLS because it's the most common in your provider. The provider gives you this little cloud and then you have circuits that connect into the provider and and then you get a private network between your locations. If you look at this architecturally, it looks going to look very similar to the Internet.
Speaker 1:And that's because basically it is, except in this case, whatever provider you're using usually was a phone company. Right. Could be AT and T, could be Verizon, could be what we call, you know, what's now Lumen would flow through this. And then you could do other things. You could build point to point MPLS.
Speaker 1:You could get, you know, you could do that one queue tagging and just inside of MPLS and do, you know, private, you know, routing manipulation. And basically what you would, you know, use that for us to kind of create like pseudo private networks between or private links between 2 or more of your routers. And this is really scalable. This gives you prioritization inside of your network providers network or providers network, your ISP is in the network. And this is, of course, for a different cost for an additional fee.
Speaker 1:And the provider would give you the ability to do class of service or quality of service on these links. So between here now what was great about MPLS and if you were subscribing into a class of service or QoS profile inside of this device is your ISP could then not only create a bandwidth profile for the amount of bandwidth that you had on your network link. So if this was only 10 megabit, for instance, it would know is only 10 megabit and you could configure its devices to only try to show up 10 megabit at you. But more importantly, you could then go through and define different queues based on the type of traffic. So you could create priorities for video traffic or voice traffic or application specific application traffic and dedicated bandwidth to that specific type of application.
Speaker 1:So I said video. Right? So, you know, not a lot of video conferencing going on back in 2005, but that's an example. What was common then? Right?
Speaker 1:Maybe you have an ERP that you really care about. Maybe your bank and the actual terminals connecting your branches, your tellers to your infrastructure was really important. Maybe it was a POS terminal for a store and processing credit cards is more important. Maybe it was, you were doing telemedicine or you were doing medical imaging or remote surgery kind of applications. Those are very critical.
Speaker 1:So then MPLS would give you the ability to assign class of service and then do things along those lines. Now, then you need redundancy. So what do you end up doing? Well, maybe you go to a second provider and you get a second MPLS network and you run over it. Negatives with this is is horrendously expensive.
Speaker 1:Really expensive. Now I'm gonna come over here. Okay. So major issues. Old networking.
Speaker 1:Right? No effective QoS interface tracking. MPLS is really expensive. VPN configuration. If you want to do something over the top of an Internet circuit and build a VPN, it's basically the dark arts of network configuration.
Speaker 1:If you've ever configured a Cisco VPN, you know what I'm talking about. Basically, you get it working. You don't know why it's working. You don't know why it doesn't work. You don't know how to reset it and resolve it.
Speaker 1:The configuration is just completely bonkers and saying, you know, so that wasn't ideal. And also inside of your VPN, then you're also trying to do and figure out how to do circuit selection. There was a company that built an appliance. So Edgewater Edgemarks. And this became they were the first one that I was aware of that did this.
Speaker 1:But in that diagram of having an Internet connection and then your device here. I'm just gonna draw a router and traffic flowing in this in this way. Again, the issue was that it's possible to saturate, you know, the link before it even leaves the ISP coming to you. What Edgewater do with the Edgemark is is you could define and say I have 10 megabits here and I want to prioritize voice at 8 megabits per se. You build a configuration out for VoIP, build a configuration out and it would keep track of that inside of the appliance and it would throttle, you know, non prioritized traffic.
Speaker 1:Let's just say that now the way that it did it was actually very inventive, which is TCP resets. So as traffic was coming through, if the queues were getting saturated, it would actually simulate a failed network condition for lack of a better word and respond. So, you know, traffic would normally flow from the Internet through this box and then over here to like whatever box was in the inside, you know, with with a smiley user here, we'll put a user here and flow this direction. And so what this box would do is as traffic hit the outside interface of it, it would look and see where it was in its queue and within its traffic profile. And if it was under the traffic profile, it would just pass it through.
Speaker 1:And if it was above traffic profile, it would it would go. Nope. And it would actually, you know, respond with a TCP reset to the sending to the other side. And then that sending side would get this reset and it would, you know, have to retransmit. And then and TCP IP and TCP when when you send a retransmit, it starts very slow and then builds up.
Speaker 1:You've seen this on a download, right? You start downloading something. You've got a fast connection and it starts really slow. And then it over time, it gets faster and faster and faster. So by issuing a TCP reset selectively, it could restart that process and, you know, make the traffic really small again and kind of scale.
Speaker 1:Wasn't great, but worked pretty well. Worked well enough that it solved the main issue and especially for voice service providers of trying to manage bandwidth that they didn't control the circuits in between the 2 of them. So then we have SD WAN. What is SD WAN? So SD WAN software defined WAN.
Speaker 1:Okay, great. What does that mean? The answer is it means whatever you want it to be almost at this point. And in terms of tech marketing SD WAN for me, the easiest way to explain it is it fits into 3 buckets of what type of problem you're solving. So we have an SD WAN bucket that solves circuit selection and performance circuit fail over circuit selection based on circuit performance.
Speaker 1:So if you have more than 1 ISP coming into your location and to your office and you want to be able to fail over from circuit 1 to circuit 2 automatically, or you want to look and see if circuit one's having problems or capacity or saturated, you want to fail over automatically or if you want to be able to effectively use and saturate both circuits completely. So if you have a 2 gig circuits and you want to be able to circuits and you want to
Speaker 2:be able to send 2
Speaker 1:gig worth of traffic, that's something that you would do with that style of SD WAN. It forks and there becomes 2 additional like like, okay, we want Internet optimization and then we have like a fork and you can do an optimization with just an appliance. All of this still applies if you're just an appliance at your location or you could do it with an SD WAN vendor that gives you a edge to gateway, edge to pop architecture and go into that in a little bit. The second type of MPL are SD WAN and probably the most common deployed out there is an is a MPLS replacement and the MPLS replacement SD WAN and some people replace their MPLS networks completely with SD
Speaker 2:WAN and some people take and replace the secondary or the redundant MPLS network
Speaker 1:with SD WAN. Secondary or the redundant MPLS network with SD WAN. So without getting rid of all of your MPLS, you can get a usually a massive performance and cost optimization out of overlaying an SD WAN on top of your infrastructure, on top of your network because you can eradicate a large cost and just ride on top of your public Internet connections and also build a private network out. And then depending on the MPL the SD WAN vendor that you're using, that SD WAN vendor can be aware of both private MPLS circuits plugging into it as well as it building a over the top over public Internet private network for you. And just to be clear and demystify this a little bit, it's just VPN.
Speaker 1:When we're talking about SD WAN or public Internet for private networking, it's just SD WAN. And what it's doing for you, though, is it's building that SD WAN for you automatically and it's managing it for you without you having to, you know, become a PhD in, you know, IPsec. 3rd type of SD WAN is really about application performance and started and was focused around wide area networking or think about it in terms of like, you know, cross oceanic or cross continent applications. So if you are a U. S.
Speaker 1:Based company and you've got manufacturing in Mexico and Brazil and you want to use your ERP in the United States and the performance is brutal. Well, part of that is because of the reality of the Internet connecting South America with North America and maybe how much bandwidth you can spend, you know, by and what the cost is and what's available to your locations. And so getting into an SD WAN that gives you WAN optimization and WAN acceleration is probably the right SD WAN choice for you. And there's lots of other things that these things do. I'm trying to keep this not until like a 3 hour diatribe, but ultimately, in order for those types of SD WAN services to work, you typically have a device that goes at your location and then it connects to their nearest pop or gateway.
Speaker 1:And then there's a private network connecting their gateways together. And then they can do all sorts of things about accelerating traffic between those two points within their network. And they can also do traffic deduplication, compression, you know, lots of good things to, you know, to improve that performance. And and this also, by the way, has applications for just really slow, horrible circuits. You know, you've got a retail convenience store in the middle of nowhere off a highway with all the only thing that's available to it is is nothing.
Speaker 1:And you have to provide, you know, sanity for your your point of sales and your ERP systems. You know, that type of SD WAN service actually works for it. Problem with the appliance based Internet optimization SD WAN is you still have an AQS issue. Right? You can't control inbound bandwidth.
Speaker 1:Great. You've got inbound IP address survivability is a problem. So this is a NAT traversal NAT boundary traversal issue. So if you're if you've got an application that does not like NAT boundary traversal changes net traversal net boundary changes, a k a voice application. When traffic shifts from circuit 1 to circuit 2, your IP address, the Internet sees you as changes and all of your voice calls drop and re establish.
Speaker 1:And then if you're using any sort
Speaker 2:of hosted IP platform, hosted
Speaker 1:VoIP platform, you can platform, you can as platform, CCAS platform with physical devices, then your experience is usually also to panel where the device is configured. The device can actually reset like so certain Polycom versions, the phone would actually reboot and make that, you know, fantastic noise and then reset. And, you know, if you've got an entire office doing that at the same time, it's very lovely to experience VeloCloud, which is probably one of the most popular widely deployed MPLS replacement SD WAN type service pushed into the internet optimization space as well and had a an issue with NAT traversal and had an issue with inbound IP addresses so again we're saying like you know if you're hosting something inside of your office and you want to have it stable so you've got an FTP site because you're doing really you know, you've you've got a process where people are uploading stuff to you via FTP, and that then gets inserted into your system in some sort of ETL. Or you've you've got a process that's in dumping data into an FTP site and then people have to retrieve from. Okay.
Speaker 1:So now you've got an issue where you've got a service at your office, but you have to provide stability for Velo end up solving this problem by creating their gateways and Velo hosts public gateways. And then service providers can host private gateways. And if you're a large enough enterprise, you can get your own private gateways. And, you know, for lack of a better word, if you've got think of it this way, we've got oh, that's weird. Oh, I jumped over to if you've got, you know, an Internet connection, and it's going like this.
Speaker 1:And you would have, you know, other devices here. And, by the way, there's really probably 2 Internet connections with 2 different ISPs if you're doing this well. What would happen here is the gateway and these are the IP addresses, and it has its own interconnection. Well, it's really the same Internet connection this way. Right?
Speaker 1:But I'm drawing it up here because it makes more sense. Your service shows up as the IP address in the outside of the gateway. So anything here can flow this way and it out. And so this becomes like your UCaaS connection. It solves the problem.
Speaker 1:It works great. Presents the most confusing contracting, like trying to figure out how to contract this. If you've never been through it before, it makes absolutely no sense because now you start talking about, like, you know, what is the, you know, bandwidth performance of your gateways? And at the same time, how much bandwidth is flowing or sorry of your devices and how much how much bandwidth do you need at the gateway? And, you know, have you ever done this before?
Speaker 1:Probably not. Does it make sense even if you haven't done it before? A lot of times not. Okay. So I'm gonna continue this in part 2, and then we're gonna talk about SSC, and we're gonna talk about SSC in part 2.
