Two SDN startups have emerged from stealth mode with technology focused on making the WAN more efficient and cost...
CloudGenix will release SDN technology that helps enterprises virtualize a WAN across MPLS, broadband and wireless 4G connections, and dynamically create network paths to connect specific applications and users. Meanwhile, vIPtela revealed an SDN product that does some similar abstraction and virtualization of MPLS and broadband links, but focuses much more on replacing static VPN WAN links with dynamically configured, encrypted site-to-site links.
"CloudGenix … is focused on traffic management and path control," said Eric Hanselman, chief analyst for 451 Research. "vIPtela can do some of that, but their real focus is on being able to provide secure links across various odds and ends of WAN mechanisms, or links to partners. The whole idea is being able to do all the nasty, gnarly things of key management and integration that come with managing a whole set of secure tunnels."
Both companies are trying to make a more agile, hybrid WAN, said Zeus Kerravla, principal and founder of ZK Research.
"The architecture for [WANs] hasn't change in 30 years, whether it's MPLS, Frame Relay or ATM. It's a hub-and-spoke architecture and it's [about] backhauling all traffic back to a central location. That was fine during the client-server era, but now you have seen more mobile and cloud access. You definitely want more direct connectivity to the cloud. So companies are trying to build in some sort of WAN with direct Internet access," Kerravala said.
SDN WAN vendor vIPtela scales encrypted Layer 3 tunnels
VIPtela has announced Secure Extensible Network (SEN), which includes the company's physical vEdge routers for data centers, enterprise campuses and branch offices. These routers form a secure data plane and typically manage the broadband connections. A central vSmart controller runs as software on an x86 server and orchestrates connectivity among the vEdge routers. On top of that, engineers use vIPtela's vManage software to manage and provision the network and set policies.
SEN creates encrypted Layer 3 tunnels across broadband connections, and it applies policies to applications and services to decide whether to send that traffic over IPSec tunnel via the Internet or over a private WAN link like MPLS.
"We are bringing in elements of policy-based routing and other policy technologies that you can enforce at every site, and you can send traffic accordingly," said Ramesh Prabagran, vice president of product management for vIPtela. "The vIPtela device becomes a point where you can decide if you want to take an MPLS circuit or a broadband circuit. The device says 'This traffic is going to a data center and doesn't need a high service level agreement, so it's fine using broadband. But if it needs five nines of reliability, then it will send it through the local Cisco router over MPLS."
With its ability to dynamically create encrypted site-to-site connections over any transport, vIPtela is targeting four use cases early on -- transport agnostic VPNs, efficient backhauling of Internet access through regional hubs, network service insertion and business-to-business WAN connectivity with partners.
"VIPtela is about being able to mix and match your connectivity capabilities based on the traffic you want to send over," Hanselman said. "If you have latency sensitive traffic, you want to run it across your MPLS network. You can send general Internet access traffic directly out to the public Internet. If you need VPNs to send traffic between branches, vIPtela will do the management and integration to make sure traffic gets pointed in the direction where it needs to go.”
CloudGenix focuses on optimizing WAN infrastructure in branches
CloudGenix, which is only speaking generally about its technology for now, is focusing specifically on the needs of the remote branch office. The company has identified Cisco's Intelligent WAN architecture as the chief incumbent technology it is competing against.
CloudGenix says its software-defined WAN technology will focus on business policy abstractions, hybrid network virtualization and "network function projection," which sounds like an enterprise version of network functions virtualization.
"Instead of connecting locations to data centers, you want a model that is more fluid and that connects users and applications. It's been hard to achieve that in the past because people try to put a management layer on top of the underlying, packet-based network. We're making it an application and user-based network," said Kumar Ramachandran, CEO of CloudGenix.
CloudGenix will offer a controller that abstracts away the complexity of WAN routing protocols and management. Instead, it will present the user with an interface that allows them to set polices for remote connectivity based on user and application. Enterprises will be able to assign business priority and security policy to each application traversing this hybrid WAN, Ramachandran said.
"We are fingerprinting business transactions, and then we make all the networking decisions on our devices based on those business transactions," he said. "We ask people to come in and specify which applications and user groups need to be isolated, what compliance standards they are subject to and what kind of security policies they need."
"CloudGenix is trying to manage that overall connectivity across the entire distributed WAN, as opposed to having enforcement points and bonding in places," Hanselman said.
CloudGenix will sell software or hardware appliances for deployment in remote locations and a head-end appliance for data centers. Control and management software will reside in the cloud, Ramachandran said.
WAN SDN solving bigger problems than data center SDN?
Although cloud providers and some large enterprises have identified the data center as a place where SDN can solve a lot of problems, many enterprises might find SDN more appealing in the wide area for now. In fact, board members of the Open Networking User Group, which met this week in NYC, voted SDN WAN as the highest-priority use case, with data center overlay networks as the second highest priority and network services virtualization as the third.
"You could almost argue that [the WAN] is a better place to start with SDN than the data center," Kerravala said. "WANs tend to be big and expensive for most companies and the single biggest chokepoint in a network. Having SDN principles applied in the wide area potentially could have more upside for users than what you would have in the data center."
WAN SDN allows enterprises to be more agile when delivering new applications and cloud services to remote and mobile users, he said. "I think the more dynamic the application environment becomes -- with new applications being built all the time, especially in mobile -- the more you want the capability of creating these dynamic connections [with SDN]."