Bringing the Cloud to the Branch

This series has covered data center networking and an overview of the operational mindset shift that SDN can bring to your business. Now let’s look at SDN for branch locations.

In your business the network will be generally referred to in the singular: ”the network is slow”, ”the network needs reconfiguring”, etc. The assumption is that the network is one entity that seamlessly reaches into every location of your business, and in its simplest form this is not an incorrect assumption. However when you scratch under the surface of ”the network” you find that it’s not so seamless.

The network in your business will be made up of islands of networking. There will be a network in the data  center, networks in your branches/head office (LANs) and a network that links all your business locations together across the wide area (WAN). The role of your network team is to configure these islands of networking into a patchwork of connectivity that meets the needs and wants of your business, and I’ll bet they work hard night and day tapping into the routers, switches and firewalls of your network to achieve this.

With SDN the reliance on manual network configuration within the data  center has abated and as a result we have a reactive networking environment that works in concert with the applications. So if SDN can improve network agility in the data  center can it also be applied to the other network islands of your business, with the next logical island being the wide area?

The constructs for wide area networking have remained stagnant for over 30 years. Network connectivity is purchased from a Service Provider (either as point to point circuits or as a VPN service) via a multi-year contract, and then the networking team rolls out routers to the branch and applies a site specific configuration that creates the network topology, generally based on a hub and spoke (HQ to branch rather than branch to branch) architecture.

The workflow for these network rollouts is rigorously managed with formal project management and change control processes to ensure any deployment or augmentation happens with minimal disruption to the business.

This procurement and workflow process has made the wide area one of the less adaptable parts of the business network. This is due to the contractual framework for purchasing the VPN service and maximizing the usage of each branch link.

WAN bandwidth is expensive and thus a limited supply, so the skill in wide area network management is squeezing the last drop of performance out of a finite resource. This has been achieved with advanced configurations within the branch routers or the addition of network appliances, but comes with the cost of network complexity.

Today’s IT environment is straining the rigidity of the wide area network. Historically traffic has been client to server, so hub and spoke WAN designs have fitted well: the client at the branch and the server in the data center.

But now with Cloud IT the traffic patterns have changed. This applies to the business applications that reside on virtualized compute. That compute does not always reside in the same rack or row of the data center and may for capacity or disaster recovery reasons be relocated in completely different data center. With static network architectures this poses a problem with resolution via overbuilding (inefficient and expensive) or reconfiguration on the fly (manually intensive).

The same change is happening in the client side of networking. That PC that is connecting to the application above is the client, but that’s only the case for that application session.

The employee at the branch could initiate a videoconference call to an employee in another branch; in this case the PC becomes the host or source of the traffic. This direct branch-to-branch communication is not optimally transferred in the HQ-branch (or hub-spoke) network architecture.

Both cases are legitimate business tools and with the later becoming more prevalent as richer collaboration workflows emerge and both aren’t naturally accommodated with the traditional wide area network implementation. Which until recently there hasn’t been an alternative but with the emergence of SDN the same shift in mindset can be applied to rethink the way the wide area network is constructed.

The abstraction and automation principles of SDN can be applied to the WAN to improve the overall flexibility and agility to match the changing IT environment. SDN in the data  center is powerful as it separates the network intelligence from the networking hardware.

In the WAN the same applies, the enterprise WAN can be managed separately as an overlay service that rides over the top of the underlying connectivity. Just this change opens up a world of alternative bandwidth providers, connectivity service options (premium VPN, Business Internet or mobile broadband) and a competitive environment that breaks the shackles of long-term contract lock-in.

Secondly, instead of individually configuring each branch router those routers could be centrally administrated with an SDN based network policy automatically distributed when connected.

This would reduce the need for highly skilled resources in the deployment phase and via automated policy guarantee the integrity of the running configuration of the network as a whole. For instance, if a regulatory requirement means a routine change of password or the deployment of a specific security policy at each branch, these can be worked into a template and distributed to all sites with an audit trail of success.

Another significant change that’s driving Cloud IT is the proliferation of bandwidth from network rollouts like NBN. Traditionally the bandwidth to the remote branch will be a fraction of the bandwidth afforded to your residential broadband at home or available to your smartphone on your 4G mobile networks. The key driver for the explosion in Internet bandwidth has been the technology strides made in the access network. Newer technologies based on DSL are driving up the bandwidth over the existing copper network to over 100Mbps and with the national fiber rollouts the deployment of both Gigabit Passive Optical Networking (GPON) and dark fiber services the last mile network is no longer a bottleneck.

The separation of the WAN service (as an overlay) from the network connectivity (underlay) provides the option to pick and choose the Service Provider on per region or even per location basis. Couple this with the availability of next generation access services such as those from NBN and the competitive landscape for higher bandwidth lower cost connections becomes a viable alternative.

A key benefit of SDN is the separation of the network intelligence (control plane) from the network forwarding (data plane) to simplify the hardware within the data  center network. Today at the branch the control plane and data plane are tightly integrated within proprietary routing platforms.

If the same principles of the data  center are applied to the WAN and configuration management is centralized with policy and the network intelligence is simplified with SDN controllers, then the hardware within the branch can be simplified.

Just as common of the shelf (x86) compute hardware has redefined the data  center the same open compute based hardware can be deployed at the branch to break the vendor lock in.

The networking industry is following this direction with various SDN based options [link to VNS] that utilize open compute platforms or even customer provided x86 server resources at the branch in place of proprietary routers.

Through this series of articles I’ve covered the topics of data  center networking, an overview of SDN and the mind shift change its providing businesses moving to Cloud IT and lastly the benefits of an SDN based WAN to remove the network bottlenecks.

In the last post of the series I’ll focus on bringing these networks together and exploring the use of SDN to seamlessly manage the islands of networking as one.

About the Author

James McInroe is Marketing Director for the Alcatel-Lucent (News - Alert) Software Defined Network venture Nuage Networks.  He is focused on the key product and solution launches for network virtualization of the data center network and beyond including the launch of Virtualized Network Services (VNS), and is a frequent and popular blogger on the subject.