Why SD-WAN Alone is Not...

In order to recognize the full potential of SD-WAN,

businesses need a solution that fundamentally understands

application performance.

Why SD-WAN Alone is Not

Enough

W H I T E P A P E R

Macro Trends

The last ten years have been filled with massive shifts in the way applications and infrastructure

are built, deployed, and managed. Fueled by innovation in cloud infrastructure, new applica-

tion design technologies, and pervasive low-cost Internet connectivity, seemingly anyone can

deploy an entire infrastructure on a public cloud in minutes or take advantage of software-as-a-

service (SaaS) offerings for a variety of what were once very expensive application suites that

were historically deployed in a data center on expensive servers and storage. Business applica-

tions are becoming more involved, complex, and rich in content, driven by innovative experi-

ences created in global scale consumer applications.

Legacy wide-area network (WAN) designs have proven unable to keep pace with these changes.

Private multiprotocol label switched (MPLS) WAN links which provide secure VPN connectivity

from remote sites to data centers remain an expensive proposition especially given their generally

inferior bandwidth capacity compared to broadband. With richer applications in use in remote

offices, private WAN links have become a burden to productivity.

Because of these macro trends, businesses are faced with a series of issues:

SD-WAN Solves the Dilemma?

Software-defined WAN (SD-WAN) claims to provide a solution for these issues by allowing the

user to define policies for how application traffic is forwarded. With SD-WAN, policies can be

defined to specify which WAN links can be used for which applications, allowing the user to enjoy

transport-agnostic connectivity amongst sites, WAN high availability for the remote office, and the

cost benefits of deploying broadband Internet to reduce or eliminate private MPLS WAN links.

The dirty secret for most SD-WAN vendors is that their architecture is built using some form

of a packet routing or packet processing engine. While SD-WAN functionality on the surface

seems to be a natural evolution of packet routing and packet processing, packet-based systems

are ill-equipped to understand today’s applications given how both application complexity and

content richness have increased, and HTTPS has become the de facto transport, which is ren-

dered completely opaque by TLS. Packet-based systems are fundamentally unable to look at

application-level transactions across multiple connections using both discrete data points and

heuristics to accurately identify and understand the application in use and how it is performing.

C L O U D G E N I X | W H I T E P A P E R | W H Y S D - W A N A L O N E I S N O T E N O U G H | 2

HOW DO WE TAKE ADVANTAGE

of cloud computing and SaaS applications?

HOW DO WE REALIZE a better user experience for our remote office users?

HOW CAN WE PROVIDE high availability for our remote offices?

HOW CAN WE REDUCE cost for our remote offices?

HOW CAN I GET AWAY from complex configs and start specifying my business intent?

Packet-based systems rely on reachability, latency, loss, jitter, and bandwidth as metrics to

determine overall performance, but have little to no understanding of application goodput or

transaction response time because of their inability to truly understand the application. It is

for this reason that most packet-based systems are designed as router extensions or router

replacements—and while they may provide some value, they fall short in application detection,

require complex technical policies rather than business policies, and lack the ability to truly

understand the user’s experience of an application.

To make matters worse, packet-based systems rely on reachability of a peer as a means of deter-

mining availability. When they build a network amongst devices, they rely on paths to a peer in a

distant site (the overlay network) when making forwarding decisions. For traffic destined to sites

with no peer, they are generally rendered useless and cannot make forwarding decisions, leaving

the handling to the underlying network (also known as the underlay). When introducing cloud

applications, many such solutions demand that you deploy a virtual machine with their software in

the cloud, or, use points of presence (POPs) that they have deployed, comingling your traffic with

traffic from other companies—presenting performance, compliance, and availability concerns.

Introducing CloudGenix AppFabricTM

CloudGenix provides the industry’s most robust SD-WAN solution and is an evolution beyond

the traditional packet-based SD-WAN solutions that are available today. CloudGenix Instant-On

Network (ION) devices automatically build a secure application fabric—known as AppFabric—

which securely connects your sites and applications over any transport. CloudGenix allows you

to define policies that map to your business intent for your applications, sites, and WAN links,

specifying the performance, security, and compliance needs for each.


FIGURE 1: CLOUDGENIX APPFABRIC SECURELY CONNECTS YOUR SITES AND APPLICATIONS, AND INTELLIGENTLY HANDLES APPLICATION TRAFFIC USING THE MOST PERFORMANT, ALLOWABLE PATH.

Remote O�ce

Data Center

Remote O�ce

Remote O�ce

ION 7000

MPLS

Public Internet

ION 3000

ION 3000

ION 3000

Cloudand Saas

AppFabric is unique in that appli-

cation detection includes all of the

capabilities of traditional packet-

based systems—IP addresses, ports,

and layer 7 deep packet inspec-

tionZ—but goes above and beyond

by examining endpoints, transports,

and cross-connection and sub-

connection behaviors to accurately

identify applications. With an ac-

curate understanding of the appli-

cation in question, policies that are uniform can be configured that are globally consistent and

extend beyond just performance management.

Why AppFabric is a Must Have

AppFabric is a radically new approach to networking. With AppFabric, policies are defined by

business intent for performance, security, and compliance:

• Performance—specify the per-formance and resources required to support a positive user experi-ence, and handle flows according to actual performance metrics of the application itself rather than packet and link metrics

• Security—define the security perimeter for the remote offices and which applications are allowed to traverse the network boundary using detection of the actual ap-plication rather than IP addresses and ports

• Compliance—specify the WAN paths that the application flows are allowed to take and make forward-ing decisions accordingly

With AppFabric, one consistent application definition exists for all three policy types. With an

accurate detection of the application, policy enforcement is far more accurate, and more intel-

ligent decisions are made based on actual application metrics rather than low-level, inaccurate

packet details. AppFabric uses a superset of packet-based platforms (link statistics, latency,

bandwidth, reachability, packet loss, jitter) in addition to transaction response times, server

response time, and application goodput. Further, mean opinion scores (MOS) are calculated for

each link and media applications, which helps keep service providers honest when it comes to

service level agreements (SLAs) that you may have negotiated.

transaction time

failures/errors

fingerprintCODEC

directionality

MOS

#flowssize

Application Sessions

jitter

size

loss

pps

Packets

packet

OTHERS APPFABRIC

session

FIGURE 2: CLOUDGENIX APPFABRIC GOES BEYOND WAN MEASUREMENT AND ALSO INCLUDES METRICS FROM APPLICA-TION TRANSACTIONS TO MAKE HANDLING DECISIONS.


FIGURE 3: CLOUDGENIX APPFABRIC AUTOMATICALLY BUILDS THE NETWORK ACCORDING TO POLICY DEFINITIONS ENCOMPASSING PERFORMANCE, COMPLIANCE, AND SECURITY.

ABOUT CLOUDGENIXCloudGenix provides a software-defined WAN solution with AppFabric technology that enables you to build a global WAN based on

business policies for application performance, compliance, and security, across all sites and users. Unlike router-based solutions, CloudGe-

nix AppFabric allows you to define top-down global policies based on business intent rather than fragmented bottoms-up configu-

ration changes based on technical implementation. With CloudGenix, you can easily integrate heterogeneous WAN connections for

any site, take advantage of cloud and SaaS applications, improve visibility for app performance and SLAs, and dramatically simplify

network operations.

SEE FOR YOURSELF

SEE CLOUDGENIX IN ACTION FOR YOURSELF! VISIT WWW.CLOUDGENIX.COM/TRIAL TO REGISTER FOR A NO-RISK FREE TRIAL TODAY.

© 2017 Cloudgenix inc. All rights reserved.

The CloudGenix Difference

Only CloudGenix AppFabric pro-

vides a top-down, application-

centric policy built around business

intent that couples performance,

security, and compliance, thereby

shifting the configuration and man-

agement of SD-WAN from a series

of disjoint networking primitives to

one based on applications, sites,

and WAN links. With CloudGenix,

devices can integrate with your

existing infrastructure, providing un-

paralleled visibility into application

performance and WAN activity.

CloudGenix allows you to deploy at your own pace and decommission routers to reduce

remote office hardware and management complexity when you are ready. Fine-grained un-

derstanding of the application itself allows CloudGenix to make more intelligent decisions on

policy enforcement leading to better overall performance and user experience. You can confi-

dently adopt cloud and SaaS applications without worrying about your traffic being comingled

with traffic from other customers at another vendors POP—all functions operate even when a

peer does not exist in the remote network.


FIGURE 4: CLOUDGENIX SHOWS POWERFUL, ACTIONABLE INSIGHTS INTO HOW YOUR WAN LINKS AND APPLICATIONS ARE PERFORMING.

2665 North First St., #110 San Jose, CA 95134 | 1.844.800.CGNX | [email protected]

Why SD-WAN Alone is Not...

Documents

Transcript of Why SD-WAN Alone is Not...