The promise of Software Defined Networks (SDNs) is to enable networking to be hardware, transport, service provider, AND vendor agnostic.
Part of this open architecture was separating the data, control, and management planes and becoming a pure software solution which could be deployed anywhere and everywhere. As the networking industry moves towards this objective, we are lacking in one key area, which is the creation of a common SD-WAN overlay protocol.
The challenge of today’s SD-WAN environment is an enterprise or service provider must select a specific vendor or two and suffer all the risks and costs associated with SD-WAN vendor lock-in. Every SD-WAN vendor uses a proprietary label as a header to add to every native IP packet. This label is typically composed of IPsec plus other headers including VxLAN for segmentation, and other proprietary headers to improve network security and performance.
None of today’s SD-WAN headers are compatible. This forces enterprises and service providers to backhaul traffic to a communications hub to internetwork with their non SD-WAN networks, and in the process lose all the enhanced security and performance features that SD-WANs provide above standard IP/BGP networking. Today’s SD-WAN solutions act as a point-to-point solution versus end-to-end across network boundaries.
To date, many have tried, but all have failed to create an SD-WAN overlay protocol standard. A few noteworthy attempts to standardize SD-WAN include:
- ONUG – gave up at the protocol level, trying at the orchestration – OSE
- Open Networking Linux – Goal is open source networking, not SD-WAN
- IETF – Yang VPN standardized SD-WAN descriptions and overall SDN standards
- MEF – Certification, Coordination of SDN, NFV, VNF and open source networking. First draft of certification blueprint for MEF 3.0 SD-WAN services targeted in 1H 2019. MEF has come the closest to date with their blueprint of all the services an SD-WAN should provide
flexiwan believes a minimally viable SD-WAN overlay protocol should be adopted which SD-WAN vendors could map their proprietary solutions into. This would enable the majority of the security and performance network enhancements are maintained when going between proprietary SD-WAN solutions. This minimally viable solution should be in open source. Tom Nolle mentions this in a recent blog post. This overlay protocol could be a combination of existing standard protocols such as IPsec plus VxLAN or GRE, plus Network Service Header (NSH).
Today the market uses stateless overlays, but in the future the market could pivot to a more efficient stateful model which is a topic we will explore in the future. Today’s stateless overlays consume a lot of extra bandwidth and router processing power with one example of an SD-WAN packet with IPsec & GRE overlay headers shown below.
One common example where the SD-WAN overhead is really inefficient is with a VoIP, G.729 call that sends a 20byte data packet of the voice sample every 20 milli-seconds. Without SD-WAN, it would be a 60byte packet with the original IP header of 20 bytes, and 20 bytes in UDP/RTP. The GRE overhead is 24 bytes and the IPsec overhead is 50 bytes. So a 60 byte voice packet grows to 134 bytes, 136% overhead!
Creating an open and common SD-WAN overlay protocol is a win for everyone. Enterprises and service providers avoid vendor network lock-in and do not have to settle for a single SD-WAN solution for all of their sites. Instead they can choose different platforms based on different use cases that vary by costs, site size, security requirements, and/or specific application performance. For SD-WAN vendors, a common protocol leads to faster industry adoption and usage with the ability to add differentiating features higher up the stack while reusing common components at the lower part of the stack. This is part of the promise of a software digital world where everything is interconnected.