Software Defined VPN: Driving Enterprise Networks at Top Speeds

by October 15, 2015 0 comments

– Anuj Goel, Consultant, IP Division, Alcatel-Lucent, India

Traditional service provider Virtual Private Network (VPN) services are based on rigid functionality that can be deployed across the widest customer base with little room for per-enterprise customization. This forces enterprises into the complex world of customized branch networking to achieve the desired network capabilities to match their specific business needs. This enforced customized networking can be achieved with assistance from a network integrator or via the internal network operations team. However, doing so results in additional expenditure and ongoing complexity that can hinder the network‘s ability to respond to the ever-changing business environment.
Software‐Defined Networking (SDN) promises the solution to many of these problems with a software‐based solution on commercial off‐the‐shelf (COTS) hardware platforms. The sophisticated software platform enables a transition from the proprietary hardware devices to software‐defined networks that are programmable, agile and decoupled to keep pace with the innovations in enterprise IT. Software-Defined Data Center (SDDC) has delivered significant benefits to datacenter networks, making it possible to unleash the true power of the cloud. Now in the next phase, SDN framework for Virtualization and automation of networks can be extended to the WAN network.

Untitled-1“SD-VPNs are based on an overlay model that uses any IP network to provide underlay connectivity between sites. This gives you maximum flexibility for your locations and the support of multiple access/last-mile technologies including copper, fiber or mobile broadband.”
Software‐Defined VPN (SD‐VPN) is the extension of SDN that is transforming the enterprise branch office. With SD‐VPN, no longer are the advantages of SDN limited to the data center. SD‐VPN abstracts network hardware into a control plane and multiple data planes that can be used with cloud‐based management and automation to simplify the delivery of services to the branch office. This work is all done with the manageability, performance and reliability assurances that enterprises expect. SD‐VPN is in the spotlight and is gaining popularity in the IT world.


Understanding the need for SD-VPN – The Businesses and their IT teams face following major challenges with traditional VPN service offerings:
•    Manual Provisioning & Complex Management.
•    Inability to adapt to the dynamic business environment and respond quickly to simple move, add and change requests.
•    Limited service functionality and inflexibility of standard VPN offerings.
•    Geographic reach limitations of a single-carrier VPN service.
•    Proprietary CPE hardware, vertically integrated solution.
•    High Complexity in branch deployments.
Traditional VPN services are tightly connected to dedicated network infrastructure from a service provider. SD-VPNs are based on an overlay model that uses any IP network to provide underlay connectivity between sites. This gives you maximum flexibility for your locations and the support of multiple access/last-mile technologies including copper, fiber or mobile broadband.
With SD-VPNs, you have the flexibility to mix and match available networks from multiple providers and to use any available access technologies. This gives you the freedom to use whatever technologies are most available in any particular location, so you can get a service where and when you need it. For instance, if you need a temporary location set up and that site does not have immediate access to fiber or copper circuits, you can use a 4G mobile connection or even Wi-Fi in the interim until fixed connectivity can be sourced. SD-VPN only requires an IP connectivity service to operate, so you have complete freedom to choose from multiple network infrastructure options.
Depending on the bandwidth you need into the site, you select the best match IP underlay service. For example, if the most cost-effective network to get the required bandwidth into the site is Internet you can select from the tiered service offerings of all Internet Service Providers within the region. You decide which offering is best for your needs — from basic Internet to a higher grade business class Internet service. With SD-VPN the sites that are connected over public IP networks, such as the Internet, can be centrally configured to encrypt all traffic in and out of the location.

The key components to SD-VPN are:
1.    Policy and Analytics Engine: Centralized policy engine which enables the abstraction of configuration into business‐level policy definitions that span multiple data plane components.
2.    SDN Controller: Centralized control plane functions in a SDN controller. Controller sets up virtual networks that are technology agnostic. The controller directs the network elements to implement functionality such as QoS, optimization and security.
3.    Service Endpoint: The service endpoint provides service demarcation and network functionality at the branch based on x86 COTS hardware

The key Business benefits of SD-VPN – SD-VPN has the potential to significantly change the costs associated with delivering business services through:
•    Uncoupling of the business service from the underlying network. Faster deployment, on‐demand bandwidth elasticity and faster disaster recovery with virtualization of the transport links into a unified pool of resources enables IT to mix‐and‐match transport links of different types from different ISPs.
•    Flexibility and automation from decoupling of the hardware‐centric data plane functionality from the software‐centric control plane.
•    On‐demand network services instantiation, such as security services like VPN, or a firewall based on business defined policies, with a virtual service delivery platform from the secure cloud gateways.
•    Customer-driven management using self-service portal. Moves, adds and changes are under your complete control and are centrally driven on a per-site or whole-of-network basis.
•    Service manageability improves and the complexity around auditing and compliance for industry bodies and regulators decreases.
•    Reliance on x86-based customer premises equipment. Performance based Routing, Intelligent traffic steering on to multiple WAN links based on a combination of policy and network conditions.
For enterprises, increased flexibility in deploying a service feature set that is tailored to their business needs will provide a better service experience. This will, in turn, translate into a higher level of experience for your network users and IT/Network team.
The emergence of SD-VPN as an alternative to traditional VPN services has been driven by the adoption of the cloud for business networking. Static networking models don’t provide the flexibility required by today’s businesses. The move to fully automated virtual networking with SDN has already been accepted as the right move to meet the demands of the cloud in the datacenter. It makes sense to adopt the same basic framework to unshackle the network between the datacenters and enterprise end-users, regardless of their locations.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.