This blog was originally published to the 128 Technology website – in 2020, Juniper Networks acquired 128 Technology. Learn more about the acquisition here.
SD-WAN is one of the hottest concepts in networking today, which is a good reason for network operators to look at offering it themselves. But SD-WAN is sold to build virtual private networks (VPNs), and network operators already have a VPN business, a good one. Operators need to be sure that their SD-WAN service is profitable, but also that it doesn’t cost them more MPLS VPN revenue than it gains.
The challenge that network operators now face is to sustain net SD-WAN revenue in the face of two related and negative SD-WAN trends. If all an SD-WAN can do is extend a corporate VPN, the limited feature set ensures that multiple sources of SD-WAN service will push prices down. Basic SD-WAN commoditizes quickly. This decline in pricing could threaten to displace MPLS VPNs in sites where the service is only minimally justified, and the result can cannibalize existing business services.
The solution to price-based competition and commoditization is feature differentiation, and the SD-WAN market has seen three waves of feature enhancements. The first wave was the addition of prioritization and flow or session awareness. Most SD-WAN offerings have this today, so the differentiation this wave adds has largely dissipated.
The second wave was software-based SD-WAN agent processes to connect cloud-hosted applications to the VPN. While there are differences in the way SD-WAN services implement this today, most offer some capability here as well. What’s the third wave? It’s “logical networking” and “Network-as-a-Service” (NaaS), and it’s the most profound shift in decades, not just to SD-WAN but to networking overall.
We think of network users as people, specific people with specific roles and access rights. We think of business applications as application software functions linked to specific business processes, with specific security and compliance needs. The problem is that an IP VPN thinks of everything as an address, and things like mobility and virtualization change the relationship between the “logical identity” of a user or application, and the IP address it has. That makes it difficult to reliably assign rights and access controls.
Logical networking starts with the naming of everything, both users and applications, and assigning each name, which is now a logical identity, a set of rights and restrictions. The first benefit this logical-identity linkage brings is the ability to set connection rules, including access rights and traffic priorities, based on a reliable knowledge of the user/application relationship. These rules will apply if a user moves around, or if virtualization or cloud computing scales or redeploys an application.
RELATED BLOG: Semantic Networking
Users of the network are the real target of those “higher OSI layers” we always hear about. In particular, the Level 4 (Transport) and Level 5 (Session) layers of the OSI model represent specific enduring relationships within a community of users and applications. These layers establish the real basis for prioritizing traffic, permitting or banning connections, and controlling rerouting of critical applications or users. How do you do any of that effectively if you don’t know anyone or anything except by an IP address? Logical networking is essential for business networking.
All of this is essential for what we call “NaaS”. Users think that “NaaS is a model of network service where connectivity is established where and when it’s needed.” Do businesses even today think “connectivity” means connecting sites or servers? Business networking is the networking of identifiable workers and tools, which is the “what” and “when” dimensions of users’ NaaS definition. Logical identities resolve that problem. Now you can define a connection service as one that provides connectivity where security and policy permit, and with a quality of service appropriate to the business mission. That’s what NaaS should be, and we’re on that trail right now. The future of SD-WAN is NaaS.
A logical networking and NaaS capability in an SD-WAN strategy gives network operators an immediate set of differentiating benefits. They can add security to the parts of their enterprise where business communications rely on the less-secure public Internet, by limiting application access to specific users. They can improve application quality of experience (QoE) by prioritizing the specific critical user/application relationships that their business relies on the most. They can create hybrid and multi-cloud deployments that include load-balancing of traffic and support for failover among cloud/virtual resources. None of this is really possible without logical networking and NaaS, and it’s beyond the capabilities of most SD-WAN offerings today.
A logical networking and NaaS capability in an SD-WAN strategy gives network operators an immediate set of differentiating benefits.
The benefits of an SD-WAN NaaS strategy extend into the future, too. Logical networking and NaaS elevate an operator’s business services, creating a layer of connectivity above the traditional IP layer of service. This can be used to extend MPLS VPNs, but also used to add connection management, mobility, and virtualization services to the MPLS VPN users. An operator will be able to sell a NaaS-based service that’s more secure, more agile, than anything an enterprise has today.
In this new model of NaaS, operators can deploy SD-WAN elements using Network Functions Virtualization to add ad hoc connectivity to temporary business locations, integrate software-defined WANs with data center SDN for increased agility, and incorporate NaaS services into their public cloud computing services. An operator can then sell a “VPN” that goes anywhere in the world, even to sites only accessible through mobile networks and into any public cloud. Better security, better QoS, and operator-provided or shared network management are now service features, not integrator-dependent add-ons.
A good SD-WAN strategy takes operators to the same place their customers are already heading, a future of connecting real things not network addresses. A bad one risks their whole business service position. If you’re an operator, make the right choice.
Tom Nolle is president of CIMI Corporation, a strategic consulting firm specializing in telecommunications and data communications since 1982.
