SD WAN is an integral part of overall network architectures as companies continue to expect new features and better, more reliable ways to interconnect sites together. We compare Cisco Meraki, Viptela, Silver Peak (HPE Aruba), Aryaka and Citrix. We've also written a comprehensive comparison of SD WAN providers & vendors for further perspective.
SD WAN vendors have various sets of features that all have diverse levels of stability and code maturity. We will examine controller architectures, VPN routing, link monitoring, site integration, and miscellaneous features across the Cisco Meraki, Viptela, HPE Aruba (Silver Peak), Aryaka and Citrix SD WAN solutions to see how they compare and help determine which platform may be right for your organisation.
1. Controller architecture.
2. VPN routing and tunnel capacity.
3. Link monitoring and failover.
4. Miscellaneous features.
One of the keys to nearly all SD WAN providers and indeed what makes them “software defined”, is a centralized controller of some form. The software defined aspect comes from the fact that all of the SD WAN edges, whether they are hardware appliances or even just software routers running on a hypervisor (otherwise known as network functions virtualisation or NFV), receive their configurations and traffic forwarding instructions from the centralized controller.
Controller architectures vary by platform. With some platforms, the vendor always maintains full responsibility over the controller itself, which is usually cloud-based, though you (or a trusted third-party) provide the configurations that are relevant to your SD WAN environment, such as IP subnets and the way you want your traffic to be routed across the VPN overlay. With other platforms, you host the controller software yourself, typically in one or more centralized datacentres where you can support high availability and redundancy. This approach gives you full control over every aspect of the SD WAN platform.
One of the fundamental tenets of SD WAN is transport agnosticism. This is achieved by each SD WAN edge communicating with the centralized controller which then orchestrates the establishment of VPN tunnels between locations, typically with some flavor of IPsec. This permits the SD WAN edge to use any kind of connection so long as the controller can be reached. Through tunnel orchestration, different routing architectures are possible including any-to-any, hub-and-spoke and hybrid designs where the edges connect to their nearest SD WAN gateway and the gateways then connect to each other in a full mesh.
The different VPN overlay routing architectures are important to consider because each have different implications on both latency and the tunnel capacity requirements of the SD WAN edge. For example, if your business has hundreds of sites that need to connect over the SD WAN service, having an any-to-any model where each site can establish direct VPN tunnels to each other could overwhelm the tunnel capacity of less expensive SD WAN edge hardware. Likewise, a strict hub-and-spoke model may introduce too much latency for some of your applications (such as VoIP) if your hub sites are very distant from your spoke sites. In this case, a hybrid approach of having regional SD WAN gateways may be your best option.
One of the largest and most immediate benefits of many SD WAN platforms is increased visibility into individual link performance metrics. While separate network management and monitoring platforms have existed for decades, SD WAN often brings new visibility baked directly into the platform with a graphical display of link performance history.
Another benefit of SD WAN is the ability to use multiple independent links simultaneously. Many platforms even support per-packet load distribution to better utilize all available transports. Having multiple links used actively enables extremely rapid failover when one of the links begins having performance issues. Some of the SD WAN platforms have more maturity in handling these kinds of issues.
Each of the vendor solutions discussed in this article have graphical dashboards displaying individual link status and history, including latency, jitter and packet loss. Some of the dashboards also provide Mean Opinion Score (MOS) and Quality of Experience (QoE) values which are beneficial for gaging general performance. Failover can be as simple as switching to another link if the upstream ping test fails, or more advanced such as using Bidirectional Forwarding Detection (BFD) to ensure rapid detection of failed uplinks. When considering deploying SD WAN, it most often comes in the form of existing router replacement or augmentation. You need to ensure your chosen SD WAN platform can integrate into your existing network by supporting the protocols you need. Not all platforms support all protocols and protocol support can have differing levels of code maturity. For example, nearly all SD WAN platforms support OSPF for an interior gateway routing protocol, but only Cisco IOS-XE devices support the EIGRP protocol. Likewise, BGP, multicast and IPv6 support might be a present or future consideration for your network.
Above: SD WAN supporting failover including MPLS primary connectivity.
Many SD WAN platforms offer edge devices containing additional features which may be important to your network environment. Though most SD WAN platforms have built-in management and monitoring capabilities, most companies have their own pre-existing monitoring platforms they would like to have integrated into the SD WAN environment. Most SD WAN vendors support these kinds of integrations through APIs and even traditional SNMP.
Another common feature is WAN acceleration. Some SD WAN vendors, such as HPE Aruba, were previously known for their WAN acceleration products before they entered the SD WAN market. WAN acceleration is the process of optimizing different application traffic for transport over lower-quality links, which is a perfect fit for integration into an SD WAN environment that uses broadband and wireless 3G/4G/5G links.
High Availability (HA) features may be important for larger campus and datacentre edges. When you have a lot of clients depending on constant connectivity, SD WAN platforms can support HA at the edge in various ways. For example, you can have hardware-level redundancy by having two edges synchronized with each other such that they appear as a single device. When a single edge in the HA cluster fails, the remaining edge takes over as if nothing happened.
Most SD WAN platforms include firewall capabilities and some offer the ability to perform local Internet breakout where whitelisted Internet-bound traffic uses the directly-connected Internet link instead of being backhauled through the VPN to a more centralized location.
Finally, most SD WAN vendors that have physical hardware appliances offer models that integrate multiple discreet components into one. SD WAN edges often function as router replacements, but some also have integrated WiFi and multi-port switches which enables so-called “branch in a box” capability. Instead of having a separate router, wireless access point and network switch, you can install a single hardware appliance at smaller branch offices which makes connectivity and troubleshooting much easier.
As we have seen, major SD WAN vendors have different capabilities and feature maturities in their SD WAN product lines. You need to be aware of the features that are important to your organisation’s network when evaluating SD WAN platforms.
These are all important questions to consider when deciding on a single SD WAN platform.