what is sd-ag贵宾会link: sd-wan, the full name is software-defined wan, software-defined wide area network. wan is wide area network. for people who are often in touch with the it and communications fields, the prefix "sd (software-defined)" is no stranger. in this era when software is king, professional terms such as sdn, sds, sdr...have flooded our work and life and become popular vocabulary. sdn: software defined network, software defined network sdc: software defined network, software defined storage sdr: software defined redio, software defined radio sd-wan, an important branch of sdn, is the application of sdn technology in the wan field. to put it simply, sd-wan is sdn wan what is wan (wide area network) let's start with the most basic concept of wan. many children who engage in networking should know that wan is a wide area network, and the opposite of wan is the familiar lan (local area network, local area network). the wi-fi network in our home, the network in the internet cafe, and the small-scale network in the office are lan local area networks. the wan is a computer network in a larger area, which spans provinces, cities, and even countries. for example, a group company is headquartered in beijing, and branch offices are located in shanghai, chengdu, and guangzhou. then the branch office network is a local area network, and the head office network is a wide area network. the reason why there is a wide area network, i think everyone should understand-in the era of digitization and networking, the operation of the company can no longer be based on computers and various information systems and platforms. from basic e-mail, to office automation (attendance systems, financial systems, etc.), to systems such as plm (product life cycle management) and erp (enterprise resource planning), which are strongly related to the main business, there is an urgent need for a strong support the internet. for most companies, it is not impossible to spend money to pull a proprietary network cable or optical fiber to connect the networks of the head office and branch offices. but it takes time and money. therefore, there are only two options left. the first is to allow all employees to connect via the internet. dingtalk and wechat, which are very popular nowadays, are actually this way. today, when mobile internet and fiber-optic broadband are very developed, this method seems to be a good choice. but in this way, two fatal problems need to be faced: service quality and data security. the 4g data services we use, as well as most of the optical broadband access, are basically civilian-level communications services. the stability and reliability of this kind of service is very poor, often stuck or even dropped. this kind of service quality is barely acceptable for small and micro enterprises. but for large and medium-sized enterprises and even groups, it is not enough. for example, how can the system of the beijing head office of industrial and commercial bank of china and the system of the branch of jiangsu province be slow when it is said to be slow, or stop when it is broken? in addition, exposing all the company's business systems to the internet will bring great security hazards and risks. for example, if the railway company puts all its vehicle operation management systems on the public network, would you feel relieved? dingding and enterprise wechat are also supported by the powerful security protection capabilities and system capacity of large internet companies. therefore, using the internet as your company's wan is only suitable for small and micro enterprise users. (by the way, small and micro businesses don’t need a wan.) the second method, which is also the mainstream choice of current users, is to connect with the dedicated line provided by the operator. the most representative of this kind of dedicated line is mpls. what is mpls? mpls dedicated line is a dedicated line based on mpls technology wide area network service. the mpls leased line is a leased service, and its ownership belongs to the telecom operator. the telecom operator leases the leased line to you, and then promises the sla (service level agreement) of the line, including bandwidth, delay, and jitter. , packet loss rate, etc.), what kind of requirements can be achieved. as for whether your software is fast or unstable in use, it doesn't matter at all. just like the broadband installed in your home, the operator will only show you the speed-is there 100mbps? yes, as for you to play game cards? sorry, this is none of my business. this is the service based on sla. in any case, it is the root leased line anyway, and the network quality of mpls is still good. the problem is again, you rent, i rent, everyone rents, the operator's physical network is just such a sheet, so many company businesses are running on it, how to ensure separation and isolation? here is a term that everyone is familiar with---vpn vpn (virtual private network), in fact, virtualizes a dedicated channel on the basis of normal physical connection to ensure the isolation and security of communication. according to the network based on it, vpn usually includes pptp, l2tp, ipsec and mpls vpn. ipsec-vpn, internet-based vpn. everyone usually uses this a lot. when employees of large companies are on business trips, they will dial up the vpn, which is equivalent to becoming the company's intranet and can access the intranet's website. mpls-vpn, a vpn based on the carrier's mpls private network. through this connection, the entire branch office and the head office are logically equivalent to everyone in an intranet. let's briefly talk about the two concepts of overlay and underlay that you may often see. literally overlay is above lay (layer), and underlay is below lay (layer), which can be as follows: 相对internet来说,mpls专线的有点,就是比较稳定可靠,安全也有一定的保障,但是随着时代的发展,它的缺点也越来越明显,备受用户吐槽: 1. 使用成本高 一直以来,不管是专业还是vpn服务,运营商给出的价格都是很贵的。 举个来说,某省电信的跨国10m的mpls-vpn的价格为80000元/月。对于一个大型企业用户来说,分公司和办事处比较多,每年花在专线租用上的费用,就高达上千万甚至上亿人民币。 这种级别的成本,使我们几百块钱就千兆包月的家庭用户无法想象的,随着竞争的加剧,这么大的成本压力足以让企业喘不过气来。 2. 部署周期长 申请安装专线之后,运营商内部要走流程,一般要一周到一个月时间。 对于现在节奏越来越快的企业经营来说,这个时间周期越是无法忍受的。 3. 故障排查难 专线网络属于“黑盒子”网络,对于企业用户来说,当专线出现问题,很难判断是哪里出问题。企业只能排查企业内部的防火墙、交换机、路由器等设备。 对于运营商来说,排查问题也很纠结。往往排查到最后,发现自身没问题,问题还是出现在用户侧。这样一来一回,就耽误了大量的时间,影响公司业务的正常运转。 4. 维护人力紧 对于企业总部来说,一般有专门的it工程师进行维护。但对于分公司和办事处来说,处于成本的考虑,一般不会配备专门的it工程师。这样一来给mpls专线维护带来困难,变相的增加了成本。 什么是sd-wan? sd-wan源于sdn。sdn技术的精髓,是将网络的控制权集中管理起来。sd (soft defined) software definition, it does not allow software to replace the hardware, but to extract more capabilities of the hardware and hand it over to the unified software control management. to put it bluntly, it is to make the hardware universal and simple. and the software controller (controller) becomes the core of mastering together. what kind of architecture is sd-wan based on sdn? as shown below as you can see, the trunk of the entire network architecture is actually the internet and mpls dedicated lines, but an sd-wan controller is added to the architecture. this controller is the core of sd-wan management control. at the branch node and the headquarters node, there are more things like ucpe and vcpe. cpe (customer premise equipment) said when introducing 5g before, it is called "customer premise equipment" in the industry. ucpe is universal cpe, universal customer premise equipment. vcpe is virtual cpe, virtual customer premise equipment the administrator can configure the sd-wan controller through the application layer interface, and can also deliver the vfw (virtual firewall, firewall) and vwoc (virtual network optimization controller, wan optimization controller) functions to the cpe to realize the corresponding functions. no need to purchase hardware specifically. we combine the network architecture and node equipment to analyze what changes will be brought about by adopting sd-wan. 1. all interfaces, load balancing from the perspective of branch companies, sd-wan is no longer mandatory to allow only mpls, but allows multiple connection types such as mpls, xsdl, pon fiber broadband, 4g lte, and even 5g. cpe can support bonding of multiple interfaces, thus becoming an interface resource pool. with the help of software capabilities, the cpe on some devices can identify thousands of different application levels and arrange different quality services. for example, video conferencing requires higher network quality, so the priority and qos should be set higher. set a lower level for text chat and let it use a network such as lte. in this way, enterprise users' reliance on mpls leased lines is greatly reduced, and ordinary wide g-band and 4g can also be used. the user's bandwidth utilization has been improved, and the traffic cost has also been reduced. 2. choose the best path independently the key to wan technology lies in path selection. for different branch companies, sd-wan can independently select the best path according to the existing network conditions and configuration strategies. sd-wan also has the ability of load balancing to enhance the reliability of the network. in fact, there are many pops (point-of-presence, point-of-presence) in the operator's network to help solve the problem of link congestion and load between operators. 3. simple deployment, completed in seconds when evaluating the speed of sd-wan deployment, people will repeatedly mention a term called ztp, which is zero touch provisioning, zero-touch deployment. simply put, it's almost plug and play. in addition to automatically obtaining the configuration after the cpe is powered on, you can also use scan code configuration or email configuration. take mail as an example. when it is not sd-wan, the head of the it engineer at the headquarters needs to prepare the configuration data in advance, and send the configuration data to any employee in the branch by email, and the employee can complete the configuration and deployment of the device through the connection. 4. self-management and self-control, intelligent operation and maintenance sd-wan has sdn genes, so it has inherent advantages in network management. any sd-wan management platform can be visualized graphically. administrators can clearly see the operation of sd-wan through the network management page, and deal with problems in time. this greatly reduces the difficulty of maintenance and also reduces the troubleshooting time. all in all, sd-wan is easy to use and saves money.
article classification:
news
|