SD WAN High Level Terminology and Commerial Definitions.docx
Document Details
Uploaded by EvocativeEmerald
Full Transcript
SIGMA & SD-WAN High level Terminology for internal development SIGMA Ecosystem and SD-WAN 1 Definitions: 2 SD-WAN Description 2 SD-WAN Definitions and Nomenclature 3 Product Name: Speedcast SD-WAN 3 Speedcast SD-WAN Feature Options 3 Hardware for SD-WAN 5 Bare-metal SD-WAN only deployments – by...
SIGMA & SD-WAN High level Terminology for internal development SIGMA Ecosystem and SD-WAN 1 Definitions: 2 SD-WAN Description 2 SD-WAN Definitions and Nomenclature 3 Product Name: Speedcast SD-WAN 3 Speedcast SD-WAN Feature Options 3 Hardware for SD-WAN 5 Bare-metal SD-WAN only deployments – by exception 5 Speedcast SD-WAN Core Offering 5 Advanced Core Router 5 VPN Tunneling 5 Failover/ Link switching 6 Load Balancing & Link Aggregation 6 Remote Redundancy (aka. High Availability) 6 Application Steering & Path Priority 6 Next-Generation Firewall (NGFW) Features 6 Direct Internet Connection 6 Dedicated Hub Appliance 6 Authentication Connectors 6 QoS Service 6 Public IP 6 Backhaul 6 Consultancy 6 User Interface 6 Selected SD-WAN Terminology 6 Underlay: 6 Overlay: 6 Organisation: 6 Routing-Instance: 6 Workflow Template: 6 Device Template: 6 Service Template: 6 Common Template: 6 SIGMA Ecosystem and SD-WAN Speedcast’s SIGMA Ecosystem is built with the latest state-of-the-art architecture and software to provide flexibility to consolidate a secure, reliable, and high-performance multi-path high velocity network to serve the people, systems and applications that support your digitalization. SIGMA layers diverse product configurations to suit current and future requirements, enabled by features including flexible network virtualization and containerization. SD-WAN (software defined wide area network) is at the first virtualized network function deployed on the SIGMA platform, offering an enterprise-grade, integrated and cost-effective network solution to connect remote sites to offices, datacenters and cloud whilst providing industry leading network optimization and intelligent path selection to boost continuous application performance, improving operational productivity and user experience. Load balancing policies, link prioritization and monitoring, coupled with Application Steering drive seamless traffic redirection to harness the benefits of the of LEO (Low Earth Orbit), MEO, GEO, Cellular and Fiber of today, and the new constellations and technologies of tomorrow. The platforms Next Generation Firewall can make fine-grained security policy enforcement to identify and mitigate advanced cybersecurity threats. These include Intrusion Detection System (IDS), Intrusion Protection System (IPS), granular application control and URL Group filtering and Antivirus. Definitions: The new SIGMA Ecosystem comprises of software and hardware. The SIGMA Architecture and underlying system is software. The Intelligent Remote Edge component is hosted on Speedcast approved hardware at the customer site. The remote device is split up into three hardware capability groups: SIGMA Essential/Core (Q4-TBD) SIGMA Enterprise SIGMA Elite (2024) Today, there is no integration with Speedcast Compass for monitoring and reporting to customers. This will evolve in tandem with service module development throughout 23/24. Beyond SD-WAN hosted on SIGMA Enterprise, new services will be added from September over the air. SD-WAN Description SD-WAN is a networking technology that utilizes software to manage Wide Area Network (WAN) Infrastructure, providing a cost-effective methodology for connecting Remote Sites, Data Centers, Cloud and Offices. SD-WAN employs intelligent routing algorithms to identify the most efficient path or multiple paths for transit of data between multiple end points, resulting in the provision of optimized network traffic and improvement to application performance. Speedcast’s SIGMA SD-WAN can be scaled easily as network requirements change and as new hybrid network options come into service. SD-WAN Product Definitions and Nomenclature Product Name: Speedcast SD-WAN Definition: Speedcast’s SD-WAN Solution A fully integrated enterprise level SD-WAN solution with best-in-class service optimization over remote hybrid networks, data centers, cloud and offices. In the context of SIGMA, Speedcast SD-WAN is the first product to reside on the new SIGMA Platform and represents a complete hosted Virtualized Network Function in itself. It is the default methodology to provide Speedcast SD-WAN as a virtualized product on the new SIGMA platform. There are rare exceptions in the case of very high-performance machines deployed in the cloud, datacenters or office where all CPU resource must be deployed to SD-WAN. Typically, the Dell 4600 V930 could be used depending on load, but there are circumstances where Versa devices might be required. Speedcast SD-WAN Feature Options SD-WAN Group Options are denoted in the following table where SD-WAN Services are split into three tiers from Tier 1 to Custom. The sum of the aggregated bandwidth required for the customer’s solution must be estimated and used to derive pricing in tandem with the Tier. This is denoted in the pricing sheet. The SD WAN Tiered system enables clear grouping of capability to steer pricing relative to depth of feature set; and the respective language when engaging in consultancy. For example, basic configurations only require minimal consultancy and configuration. Default item in Tier (SD WAN) Tier 1 Tier 2 Custom Failover (WAN Link switching) x x x Load Balancing / Link Aggregation Layer 3 / 4 Firewall x Remote Redundancy (High Availability) x x Application Steering - Path Priority x x QoS x x Firewall (layer 3,4,7 FW + filtering) x x Dedicated Hub Appliance x Tenancy x Monitoring x Full Tunnelling (All traffic tunnelled between branch and hub) x x Public IP Address (PAT Pool) x x Public IP Address (Multiple WAN's/Single Static IP) x Public IP Add-on x NNI/IPSEC Customer Destination (SC <-> Customer) x Direct Internet Access (No backhaul) x x x 10Mbps Backhaul x x 20Mbps Backhaul x x 50Mbps Backhaul x x 100Mbps Backhaul x x 250Mbps Backhaul x x Single NNI/IPSEC Customer Destination X Tier vs Versa License Tier 1 Prime-SDWAN Tier 2 Prime-Secure-SDWAN Custom Any License The above Versa Licenses are associated with the Tiering structure. Tier 1 carries reduced consultancy and configuration rates due to the lower configuration requirements. This increases to relatively higher levels in Tier II and custom due to more extensive consultancy and engineering. Outside of bundled components, all other areas are options. For bundled groups, services are provided under a bundled price; however, the customer does not necessarily have to use every service. Hardware for SD-WAN Hardware is determined by… Speedcast selected approved, standardized, and tested Industrial Computer Systems Specification capable of supporting SD-WAN services over specific bandwidth Ability to support SIGMA platform reasonable set of core services and add-ons relative to initial specification. There will be a limit to deployable extended services on any machine. Example: Mid-range device will support SD-WAN, Core Services, but not hyper-virtualized environment. Speedcast will suggest specific hardware for a specific scenario subject to requirements. Initially the Lanner NCA 1516A mid-range systems will be available for SIGMA Enterprise deployments. Bare-metal SD-WAN only deployments – by exception In some cases, particularly early or existing projects that are on-going in deployment, other equipment may be used to deliver the SD-WAN software in a standalone configuration without the SIGMA software platform. These include: Versa CSG Appliance including the CSG3xx, CSG7xx, CSG13xx, CSG15xx and CSG25xx models Dell VEP appliances including the 1485, v910 and v930 models Any new remote-side solution should be built using the SIGMA software platform on the Lanner 1516a hardware, and any exceptions to this need to be noted during pre-sales activities to the product team for approval. A common exception that will be approved in most cases is where a customer hub is required where the likely throughput will exceed that of an individual SIGMA appliance deployment. Customers with existing hypervisor infrastructure (VMWare, KVM, Xen, Hyper-V, etc) and wishing to deploy the SD-WAN software component must consult with technical product team prior to quotation. Speedcast SD-WAN Core Offering Advanced Core Router Carrier-grade router supporting many network protocols, device port configuration including number of ports, WANs, LANS and VLANS. An extensive range of core routing protocols towards customers are available including BGP and OSPF. VPN Tunneling By default, the SD-WAN software encrypts all traffic it tunnels towards hubs and other branches. Customers may also elect to connect to their HQ/Datacentres from Speedcast hubs via traditional IPSEC tunnelling, or the deployment of customer specific hubs for SD-WAN tunnelling. Failover/ Link switching Critical service and evolution in the realm of multi-WAN intelligent switching based on network QoS parameters such as latency, jitter, throughput and packet loss. Traffic backhauled to the SD WAN hubs over VPN can provide seamless failover. Load Balancing & Link Aggregation Load balancing is a valuable service for maximizing and optimizing bandwidth service across multiple active and similar links. In principle, network traffic can be distributed across multiple paths to ensure optimum performance and network resilience to improve application performance. Remote Redundancy (aka. High Availability) Remote redundancy is when a second device/system, is added to the original to provide automatic failover to the neighboring device in the event of one of the systems failing. Two matching licenses are required (one for each physical deployment). Application Steering & Path Priority Application steering is a service used to direct application traffic over specific links in a multi-WAN environment based on predefined policies and rules. Policies can be built against IP SLA parameters that monitor latency, jitter and packet loss and thus respond to changing or degraded network conditions in an automated manner. Next-Generation Firewall (NGFW) Features Managed Service for Application and Web Filtering Service. Configuration (up to 3hrs included) and changes. Includes IP/Port and Layer 7 firewall. Rules are set-up during the consultancy/configuration exercise with the customer. This is necessarily a managed service and most customers will not have access to self-manage at this point in time. Direct Internet Connection Allows traffic destined for the internet to be broken out locally across one or more WAN interfaces, rather than tunneled back to a hub. Important when considering LTE and Starlink, as there are cost implications to tunnelling all traffic back through a hub. The external IP assigned to the device will change during link switching between WANs. Both DIA and backhaul to hub can be supported when required, such as split-tunnelling corporate traffic vs breaking out internet destined traffic. Dedicated Hub Appliance SD-WAN appliance usually set-up in datacenters or cloud where traffic from remote branches are backhauled to. Due to aggregated bandwidth from all sites, SD WAN licenses, maximum aggregated bandwidth levels and appropriately scaled hardware are required for this purpose. Authentication Connectors This is an add-on service that enables customers to integrate the SD-WAN system with services such as Active Directory, RADIUS and other services to allow authentication of authorised users on the network. The cost is subject to the complexity and scale of the project. QoS Service This is a service to set up prioritization levels for groups of application traffic types, so the most important and valued data flows are served first above others. For example, operational traffic tends to have higher importance over streaming video for entertainment purpose. Public IP Speedcast can provide public IP services using NAT from our edge infrastructure (the Palo Alto firewalls). Public IP will not be directly routed to a remote site under any circumstances due to the inherent security risks associated with allowing the use of public IPs at remote sites. Backhaul Backhaul implies routing of the traffic back to the SD WAN Hub. This comes at a premium due to transit costs and is charged appropriately. Consultancy As defined in the pricing, these services require extensive and detailed set-up, calibration and in-life management to maximise the benefits to the applications that serve your business. Detailed consultancy is provided to maximise the impact of the service across multiple WAN links and in your datacentres and cloud environment. User Interface Speedcast SD-WAN is a fully managed service which is configured and updated by Speedcast through a UI. In some cases, customers with a large-scale site deployment might opt to have their own tenancy which would allow them access to this interface. Extensive understanding of the interface, networking and IT is required to manage this in-life. Selected SD-WAN Terminology Underlay: A WAN transport path that enables connectivity between a branch and a hub – eg. VSAT, Starlink, LTE, etc. Primarily utilizes the Speedcast MPLS network if using our VSAT network, or an internet circuit if using a 3rd party network. Overlay: A series of tunnels between a branch and a hub, other branches and the controllers. The overlay network is what provides connectivity between the LAN side of a branch and the LAN side of a hub unit – eg. It connects LAN side networks to each other within the same routing-instance using a combination of VXLAN tunnels, MP-BGP and optional IPSEC based encryption for the payload data. Organization: A specific business entity that can have its own topology, routing-instances and upstream connectivity. Organizations are the basis of multi-tenancy and interfaces cannot be shared between organizations. A device may have several organizations configured (multi-tenant) sharing a single set of underlay networks, but each organization has a distinct and separate overlay network. Routing-Instance: Analogous to a VRF in Cisco, a routing-instance is an isolated virtual router that segregates Speedcast, Customer and other networks from each other. And organization may have multiple routing-instances created within it (eg. Speedcast-Operations contains the iTalk and Ops-Mgmt routing-instances). Routing instances cannot be shared between Organizations. Workflow Template: The highest-level template that defines general information about a device. This includes the number of interfaces and sub-interfaces, local routing such as OSPF and BGP, and which organizations can be deployed on the device. Variables are often used here as a single template may be used to deploy many devices, with specific information being fed in as bind-data during deployment. The configuration contained in this template is a small sub-set of the total. Device Template: A template associated with a deployed device – this includes all configuration generated from the Workflow template as a base. It does not include service-templates which may be added to a device-group or device during deployment. Service Template: A service/application specific template – it contains a subset of configuration related to specific function and can be re-used many times across many devices. Typically this may be a specific firewall configuration, application steering profile or QoS template. Common Template: A template that contains configuration common to all devices deployed within an organization – eg. TACACS+, NTP, pre-defined zones etc