Wrapping up an SD-WAN workshop session with a client last week, I reflected on how rapidly the branch office WAN connectivity and management model is changing. Some great opportunities are emerging for enterprise IT teams that can materially impact how the network is designed, paid for and managed. Here are some thoughts:
1.公共云计算正在推动一个轻量级的边缘安全模型
大多数人认为,SD-WAN可以促进服务链,以及选择回程模型有趣的是,希望在更大的地区集中下一代防火墙服务的许多企业。但是随着分布式内容在公共云应用的快速增长(甚至从微软和Salesforce,谁长期抵制这一趋势,谷歌率先推出)这是越来越多地反作用于从最终用户浏览回程交通很长的距离。它降低了性能,并在网络上集线器增加显著负荷 - 不理想何时能代表80%以上的流量。
我们开始看到一个两层的做法出现了互联网界的流量。轻量的内容过滤和威胁保护解决方案(例如,Zscaler中或类似的)中的Web应用程序的边缘,和更传统的下一代防火墙在网络用于非web互联网流量在战略定位中心。
这使企业能够选择更合适的方式为不同类型的流量比他们以前必须与工作的极端位置以外的东西,和迎合。当然,SD-WAN的关键是这一点 - 需要每个业务类型的可选转发行为是在传统网络更具挑战性。
2. Dual Internet circuits are becoming the default, even at the smallest branches
I’ve been involved in many deployments over the years that categorized sites into the usual Platinum / Gold / Silver / Bronze hierarchy, with everything except for Bronze having some sort of backup. In a traditional WAN it was very difficult to justify resilient circuits at the smallest locations, especially if one would sit idle 99% of the time.
With most SD-WAN deployments, I’m starting to see this change. A couple of factors are driving this. First, adding a second circuit is much more appealing if it can be used. Most SD-WAN overlay solutions accommodate this without rigid policy-based routing approaches. Second, the price point of a realistic secondary circuit has fallen dramatically. In many cases a low-end broadband circuit or high-data-limit 4G service can be added for $100 / month or less, and will provide a large amount of usable bandwidth.
操作上,很难夸大,有一个第二电路提供的好处。电路比设备更容易发生故障,并且具有两个线路(理想情况下具有不同的物理交付或故障模式)提供了丰富的信息时,确实存在错误。如果一个电路出现故障,通常可以确认,这是一个电路故障(并适当地进展的话),而不是花费大量的时间确定它是否在现场的功率或设备的问题。再就是SD-WAN相关的性能优势 - 最先进的解决方案将使用第二电路哄抬网站的整体性能。对于一个非常小的投资,企业看到了更可靠的分支机构足迹。
3. Non-carrier service providers can play an important role
我们现在是远远不够下来SD-WAN的发展道路,它旗下多只考虑它的尝鲜。这是越来越明显,与未与底层基础架构对齐的服务供应商合作时,对所销售的载体企业将获得显著不同的角度SD-WAN作为附加服务。
Why does this matter, and does it apply to every deployment? It really depends on the geography involved, the services the enterprise requires and how the business case is being developed. For enterprises with a real need for hybrid connectivity, the carrier-based model offers a one-stop-shop approach to combining public and private connectivity. However, for enterprises with a highly distributed environment and a business case based on displacing MPLS connectivity, a non-carrier service provider will generally go much further to find innovative low-cost connectivity options. SD-WAN business cases built on single-sourced DIA connectivity from a Tier 1 ISP do not typically work; a more fragmented mix of in-country operators is typically needed.
4.运营商中立的共同位置可以形成新的支柱
An interesting model is emerging for interconnecting regional networks in an SD-WAN environment. For enterprises that need reliable connectivity between these regions, carrier-neutral co-locations and low-cost, elastic capacity between them offer a compelling alternative to MPLS or VPLS. Enterprises can utilize an Internet-based SD-WAN overlay in the region, and then use the capacity between the co-locations for the middle mile. These hubs can then act as delivery points for interconnections to IaaS environments such as AWS or Azure, as well as SIP services and other resources. The commercial approach proposed by several of the newer providers (e.g., Megaport) offering capacity between co-locations, along with the ability to flex capacity using APIs can allow an entirely new operating model to be created.
5. New monitoring tools keep everyone informed, but who is responsible?
Enterprises that have already adopted SD-WAN have realized that there are many more elements that can be monitored and reported on than in traditional WANs. Application and user-level statistics, overlay path quality measurements, and many more can be obtained through most SD-WAN APIs. A new set of monitoring tools can sit outside the SD-WAN overlay and provide deep insights into Internet path health, BGP peers, congestion and other Internet-related metrics.
It’s natural for the enterprise to expect that the data collected by these tools will form part of the branch office monitoring and management service, and it will be interesting to see how service providers build offerings to incorporate them. Few enterprises have staff available to look at new monitoring screens providing highly granular data, so the quality of the management overlay becomes critical.
还有是否许多由管理工具确定这些新的“问题”,甚至可以付诸行动的问题。像在SD-WAN环境中使用低成本的互联网服务商的商业利益,但很多都需要企业重新设置关于究竟什么是可能的小型分支机构,只有互联网连接的一些期望。这些工具或许可以说明问题的是什么,但可能没有任何人拥有该问题的解决。
结论
作为SD-WAN服务的成熟,它的证明是一个非常有趣的时间来建立分支机构网络。目前的挑战是,它是一个分散的环境。堆叠电路的每一层,SD-WAN服务,安全服务和监控工具,可以使用同类最佳的工具,但它们之间很少重叠高度优化。创新的服务提供商将使用这些工具来提供一个有凝聚力的服务给企业,换出的组件实质性更好的选择变得可用。精心优化的解决方案能够在成本,性能和操作方面带来真正的竞争优势对企业的见解,它看起来像,甚至有更多的惊喜。