8
Chapter 1: Introduction
Generally, enterprises use WAN connectivity to connect branch office to central
office, or to connect datacentres separated by distance. In the past, WAN connections
often use technology that require special proprietary hardware for each different type of
connections and providers. In this way we had a monolith CPE model, that contrasted
innovations, introducing HW and SW incompatibilities when new functions arrive, and
making also difficult the network management for companies with several branch offices.
This new technology, called SD-WAN that stands for Software Defined – Wide Area
Network, is come out to solve many problems that affect the traditional WAN.
Figure 1 - Traditional WAN and SD-WAN [1]
The SD-WAN technology is born from vendors, and nowadays is adopted by the major
of them. The goal is to reduce the CAPEX and OPEX for the network company through
the simplification of branch office setup, supporting centralized control and network
service delivery and leveraging multiple connection types on the same router to improve
application performance and reliability. SD-WAN is an architecture that leverages SDN
principles, and was aiming at simplify the management and operation of the networks
(with a particular focus on WAN scenarios) by decoupling the networking hardware from
its control programs and using software and open APIs to abstract the infrastructure and
manage the connectivity and the services.
At the time of research and work began of this thesis, there was no complete open source
SD-WAN solutions. The only open source solution present is the one proposed by
FlexiWAN [2]. With the work of this thesis we want to implement a new open source
SD-WAN called EveryWAN, exploiting the new concepts of Network Slicing and
9
Overlays. In EveryWAN the different types of service are segmented through virtual
independent Overlay networks that abstract the underlying network. In so doing we want
to facilitate the use of multiple WAN connections and the assignment of different QoS
and security for different services. We start form an SRv6 SDN solution that was extended
to an SD-WAN which implements multiple Overlays to create End-to-End Slices among
multiple sites. The work has focused on design the high-level open source SD-WAN
architecture, design and implement the vCPE called EveryEdge able to support ZTP,
design and implement the SD-WAN Controller/Orchestrator called EveryWAN that is
able to control and program the EveryEdges and deploy services. The services are based
on L3 tunnels that interconnects multiple customer sites transporting traffic of a specific
applications. The EveryController was developed based on SDN and NFV principles and
made it capable to automate and orchestrate e2e services giving to the users to control
their sites. EveryWAN is based completely on Linux platform and in the implementation
we assume that there is an IaaS that provides the computing workloads. The final part of
the work consists in implement an emulated geographical network in which deploy and
test the EveryWAN and related network service.
1.1 Thesis structure
In Chapter 2 is described the SD-WAN state-of-the-art, taking information from SD-
WAN vendors (like Cisco, Juniper and Oracle) form MEF standardization body and from
technological portals like SDxCentral. In that chapter we are going to describe the general
aspects of this technology, the benefits it brings, the architecture, the main components,
and the deployment models. In Chapter 3 we are going to provide a brief view of the main
Open Source technologies used to build our Open Source SD-WAN Solution. Following,
in Chapter 4 a full description of EveryWAN Architecture is provided together with the
management mechanisms supported. In Chapter 5 and Chapter 6 we are going more in
deep in our Open Source SD-WAN to describe respectively the Southbound API and
Northbound API exposed and the implemented algorithms. In Chapter 7 we will talk
about the data persistence and how the collections ware organized in the Database to save
SD-WAN network configuration and status. Chapter 8 will provide a description of the
emulated environment and the network topology that was used to realize a demo of
EveryWAN. Finally, in Chapter 9 we will discuss the obtained results compared to the
state-of-the-art and the possible improvements and future works that can be done starting
from our SD-WAN.
10
Chapter 2: SD-WAN
The Software-Defined Wide Area Network (SD-WAN) is a specific application of
the Software-Defined Networking (SDN) technology applied to the WAN networks such
as MPLS, fixed line broadband XDSL/Fiber, mobile broadband 4G/5G and satellite link
[3].
The SD-WAN technology helps organizations connect branch office and central office
sites spread over vast geographic areas with remote data centers, and multiple cloud
environments. By decoupling the hardware from the software using cloud-based
technologies and specialized software to create an abstraction layer. In this way
organizations have greater flexibility and control over how data transfers take place. In
addition, SD-WANs help businesses boost agility, availability, and performance, while
potentially lowering costs by optimizing the use of resources in a multisite configuration.
This technology is becoming so interesting due to its ability to incorporate the best
networking technology available for a specific location thus transforming the access
networks in intelligent and dynamic platforms. SD-WAN also alleviates some of the
challenges related to traditional WANs and Multiprotocol Label Switching (MPLS) lines,
like: [4]
scalability
bandwidth demand increase
vendor lock-in
support applications running outside the enterprise environment
flexibility in the architecture
2.1 General SD-WAN Architecture and Components
In this section a generic SD-WAN architecture will be described briefly, based on the
information provided by the MEF standardization body. The main components of SD-
WAN architecture are SD-WAN Edge, SD-WAN Controller, and Service Orchestrator.
The SD-WAN Edge component is the perimeter device that provide access for customers
to an already existing networks. SD-WAN Controller and Service Orchestrator together
provide centralized control and management to the SD-WAN. An additional component
is the Subscriber Web Portal, where authorized users can activate the scenario,
communicate with the Controller/Orchestrator to set up services, security policies, QoS
11
parameters and monitor the SD-WAN Edges and the traffic between them. All these
configuration tasks are done using a GUI and no longer a CLI. In the following
subsections are described the fundamental functionality of SD-WAN Edge, SD-WAN
Controller and Service Orchestrator.
Figure 2- Generic SD-WAN architecture [5]
2.1.1 SD-WAN Edge
The SD-WAN Edges are the components deployed in the enterprise sites that you want
to interconnect with the SD-WAN technology. SD-WAN Edge functionality can be
provided by both physical CPE device and virtual-CPE (vCPE). SD-WAN brings the new
concept of vCPE or uCPE, in this case the Edge functionality are implemented as a
software-based VNF. vCPE can be run on general compute platform, therefore can be
deployed both at the customer premises and in cloud environments. SD-WAN Edge
creates and terminates secured tunnels over different wired or wireless underlay networks.
SD-WAN Edge perform application routing over one or more WAN links, performance
measurements, and WAN optimization functions such as compression, packet reordering,
packet deduplication and forward error correction. SD-WAN Edge also performs security
policy enforcement and application-based QoS [6].
12
2.1.2 SD-WAN Controller
SD-WAN Controller manages physical or virtual SD-WAN Edge devices that are
associated with him. It is responsible for authentication and activation, IP address
management, tunnels and policies settings onto SD-WAN Edge. SD-WAN Controller is
always connected with SD-WAN Edge to monitor their status and that of the tunnels. The
information about the QoS performance metrics of each tunnel are collected to be used
by the Service Orchestrator. SD-WAN Controller use the northbound APIs to
communicate with the Service Orchestrator, and the southbound APIs to control and
configure the SD-WAN Edges [6].
2.1.3 Service Orchestrator
The Service Orchestrator manages the SD-WAN service lifecycle. It’s responsible for
service fulfilment, control the entire SD-WAN environment, collect data and do analysis,
guarantee performance and security. For example, the Service Orchestrator configure the
end-to-end SD-WAN services between SD-WAN Edges over multiple WAN links, based
on application-aware security and QoS. Service Orchestrator use the northbound APIs to
communicate with the applications and the southbound to communicate with the SD-
WAN Controller [6]. In some SD-WAN implementations SD-WAN Controller and
Service Orchestrator are combined together in the same entity, that can be instantiated
on-premises of the enterprise or in the cloud (SaaS Orchestration).
2.2 Benefits of using SD-WAN
In this section will be shown and discussed all the advantages that can be obtained by the
remote locations of an enterprise in using the SD-WAN technology. All the advantages
listed below are general, and a specific solution of a vendor or open source can also
implement only a part of them.
2.2.1 Overlay Networks
As described in the MEF standard, SD-WAN operate over Underlay Connectivity
Services (UCS). Underlay Connectivity Services are network services offered by network
providers in order to create connectivity between the subscriber sites. The access to the
UCS can be through different networking technology, such as LTE, WiFi, Ethernet, and
also the transport can be based on different technology like MPLS, IP Routing, and
Ethernet switching.
13
SD-WAN can be deployed over multiple and different UCS that can have different
performance and cost characteristics that will be used to provide benefits in term of cost
and resilience [5].
The UCS is provided through Underlay Networks that is the physical network and it is
responsible to deliver the packets across networks. The Underlay Network consist of
physical devices (Router and Switches) and physical connections, it has some limitation
due to static topology, limited scalability and long time to deploy services and functions.
Through the use of encapsulation such as GRE, IPsec, DMVPN, VXLAN, or a proprietary
tunnelling technology. SD-WAN is able to create Overlay Networks on top of
heterogeneous Underlay Network, also from different providers, keeping the addressing
plane.
Figure 3 – Overlay networks
The Overlay Network created by SD-WAN allow to have a dynamic topology (full-
mash/hub-and-spoke) constituted by logical links and virtual devices. In this way is
possible to have a more scalable network with the ability to deploy functions faster than
in the Underlay Network. Although additional overhead is introduced due to packet
encapsulation, Overlay Network will enable the new paradigms application-aware,
policy-driven and orchestrated connectivity between SD-WAN users [5].
14
2.2.2 Hybrid WAN
Compared to other technologies an SD-WAN solution is able to support multiple WAN
connection concurrently. The various WANs can have different performance and costs,
as it is for example in the cases of Internet, MPLS, 4G/5G etc. The ability to use multiple
WANs leads to the concept of transport independence [7], which overcome many
constraints introduced in the use of classic WANs and bring flexibility at the application
level.
Figure 4 - Hybrid WAN [8]
Such a system is Fault Tolerant: in the case a WAN link breaks, the SD-WAN Edge
device is able to redirect the traffic to the other WANs dynamically without the user or
application noticing. A specific link, for example a mobile broadband connection, can be
dedicated as a backup link if there is a possibility that all WAN links break, thus
guaranteeing continuous availability.
2.2.3 Dynamic Path Selection and Increased Bandwidth
An SD-WAN solution is able to move traffic form one path to another on the fly in order
to guarantee a given QoS. This is possible thanks to the ability to measure the
performance of each available link. In this way, latency sensitive application traffic can
be routed to the lowest latency link available, while the traffic that is latency tolerant and
require more bandwidth can leverage the higher bandwidth pipe.
In so doing, the traffic traversing on SD-WAN network can be aggregated on all available
links, thus having an available bandwidth that is the sum of the bandwidth of all the lines
[9]. This translates into the ability to facilitate the band increase respect other
technologies.
Ricevi informazioni sui nostri servizi, sulle offerte e non perdere news e consigli su università e lavoro.