Simple, Powerful, Transformative SD-WAN:

(1)

DongChoon Lee SE / Riverbed Korea

SD-WAN:

Simple, Powerful, Transformative

(2)

1

제조건설/중공업/엔지니어링 플랜트화학/에너지

금융운송 리테일게임 서비스공사/공관

많은 기업들이 해외로 진출하여 비즈니스(영업/생산/서비스)

(3)

브랜치는 비지니스를 만드는 곳… 하지만 비즈니스 성능은?

브랜치 사용자의 애플리케이션 성능은 곧 비즈니스 성능

(4)

3

REAL TIME MONITORING CENTRALIZED

MANAGEMENT COST SAVING

기업의 CIO IT Initiatives

(5)

THE NEW IT LANDSCAPE

COMPLEX INSECURE

UNPREDICTABLE

(6)

5

IT관리자의 Challenges 복잡한 지점 네트워킹 관리

- 복잡한 하이브리드 환경 - 다양한 지점 네트워크 장비 - 관리 복잡성 및 비용 문제

(7)

Networks

Local Branch Applications

Cloud to Branch Applications DC to Branch

Applications

Source: ESG 2015. ROBO TRENDS SURVEY

Applications Data

Source: Riverbed Feb, 2015. DATA CENTER AND BRANCH OFFICE RESILIENCY

Data Center SaaS / IaaS

Branch

지사에서 사용하는 다양한 애플리케이션 형태

전통적인 전용회선(MPLS), Hybrid WAN 및 WiFi 관리

원격에 있는 Data:

Security, Backup & Recovery

data resides outside the data center

50%

지사/지점 IT의 Challenges

(8)

7

클라우드처럼 네트워크도 적은 비용으로

언제든 쉽게 구축하고 쉽게 관리할 수 있다면 …..

(9)

The WAN used to look like this

Now the WAN is looking more like…

MPLS-A

SaaS

Internet

Hybrid Applications

Hybrid WAN

MPLS-B or Internet

.

... this.

“Network managers now find branch office network solutions are increasingly complex and inflexible, as well as costly, to deploy and manage.”

Gartner:

Market Overview for SD-WAN.

December 1, 2015

Hybrid WAN increases management complexity.

(10)

9

The future of the WAN is NOT …

class-map match-any QOS-Control match ip dscp cs3 af31 class-map match-any QOS-Video

match ip dscp af41

class-map match-any QOS-Red match ip dscp cs2

class-map match-any QOS-Voice match ip dscp cs5 ef

class-map match-any QOS-Routing match ip dscp cs6 cs7

interface TenGigabitEthernet1/1 description DC1 to DC2 via MPLS 1 mtu 1600

ip address 172.16.1.1 255.255.255.252 ip pim query-interval 5

ip pim sparse-mode ip route-cache flow

ip ospf message-digest-key 10 md5 7 12345abcde ip ospf network point-to-point

ip ospf cost 10

ip ospf hello-interval 1 wrr-queue cos-map 2 2 3 wrr-queue cos-map 3 1 4 wrr-queue cos-map 3 2 5

priority-queue cos-map 1 6 7 mls qos trust dscp

policy-map qos_policy_155 class QOS-Routing

bandwidth percent 5 class QOS-Voice

bandwidth percent 30 class QOS-Control

bandwidth percent 10 class class-default

random-detect

router bgp 65536

no synchronization

bgp router-id 192.168.1.1 bgp cluster-id 2274532623 bgp log-neighbor-changes timers bgp 2 8

neighbor MY-IBGP-PEER peer-group

neighbor MY-IBGP-PEER remote-as 65536

neighbor MY-IBGP-PEER update-source Loopback0 neighbor MY-IBGP-PEER next-hop-self

neighbor MY-IBGP-PEER send-community

neighbor MY-IBGP-PEER soft-reconfig inbound neighbor 10.10.10.10 peer-group IBGP-PEER neighbor 10.10.10.10 description DC2

maximum-paths 4 auto-summary

crypto ipsec df-bit clear crypto gdoi group MYGROUP

identity number 12345 server address ipv4 192.168.1.6

!

crypto map GETVPN local-address Loopback0

crypto map GETVPN 10 gdoi

description GetVPN crypto map set group MYGROUP

match address GETVPN_LISTS qos pre-classify

!

… a router.

(11)

1996 2020

(12)

11

Network Up

(13)

NETWORK DOWN

(14)

13

interface TenGigabitEthernet1/1 description DC1 to DC2 via MPLS 1 mtu 1600

ip address 172.16.1.1 255.255.255.252 ip pim query-interval 5

ip pim sparse-mode ip route-cache flow

ip ospf message-digest-key 10 md5 7 12345abcde ip ospf network point-to-point

ip ospf cost 10

ip ospf hello-interval 1 wrr-queue cos-map 2 2 3 wrr-queue cos-map 3 1 4 wrr-queue cos-map 3 2 5 class-map match-any QOS-Control

match ip dscp cs3 af31 class-map match-any QOS-Video

match ip dscp af41

class-map match-any QOS-Red match ip dscp cs2

class-map match-any QOS-Voice match ip dscp cs5 ef

class-map match-any QOS-Routing match ip dscp cs6 cs7

interface TenGigabitEthernet1/1 description DC1 to DC2 via MPLS 1 mtu 1600

ip address 172.16.1.1 255.255.255.252 ip pim query-interval 5

ip pim sparse-mode ip route-cache flow

ip ospf message-digest-key 10 md5 7 12345abcde ip ospf network point-to-point

ip ospf cost 10

ip ospf hello-interval 1 queue cos-map 2 2 3 queue cos-map 3 1 4 queue cos-map 3 2 5

priority-queue cos-map 1 6 7 mls qos trust dscp

policy-map qos_policy_155 class QOS-Routing

bandwidth percent 5 class QOS-Voice

bandwidth percent 30 class QOS-Control

bandwidth percent 10 class class-default

random-detect

router bgp 65536

no synchronization

bgp router-id 192.168.1.1 bgp cluster-id 2274532623 bgp log-neighbor-changes timers bgp 2 8

neighbor MY-IBGP-PEER peer-group

neighbor MY-IBGP-PEER remote-as 65536

neighbor MY-IBGP-PEER update-source Loopback0 neighbor MY-IBGP-PEER next-hop-self

neighbor MY-IBGP-PEER send-community

neighbor MY-IBGP-PEER soft-reconfig inbound neighbor 10.10.10.10 peer-group IBGP-PEER neighbor 10.10.10.10 description DC2

maximum-paths 4 auto-summary

crypto ipsec df-bit clear crypto gdoi group MYGROUP

identity number 12345

server address ipv4 192.168.1.6

!

crypto map GETVPN local-address Loopback0 crypto map GETVPN 10 gdoi

description GetVPN crypto map set group MYGROUP

match address GETVPN_LISTS qos pre-classify

!

1996 2020

(15)

SD-WAN 솔루션이 제공하는 서비스 및 혜택

50~80%

쉽고 빠른 구축 비용 절감



제로 터치 프로비져닝 - 자동설치



센타 Controller에서 장비 설치전 모든 지점 네트워크 관련 설정 및 정책 설정



장비설치 - 전원 On, 인터넷연결



설치된 장비는 Controller로 부터 설정값을 받아 즉시 동작



센타의 Controller를 통해 모든 지점 네트워크 디바이스 관련 설정 및 정책을 관리

 게이트웨이 – VPN/FW

 라우팅/QoS

 L2 스위치



IP기반이 아닌 애플리케이션 기반의 정책



40% TCO 절감



Subscription & Monthly Pricing



Quality-based Path Selection – 회선의 품질에 따른 애플리케이션 기반의 라우팅 기능으로 WAN 회선 사용의 효율성 증대

손쉬운 통합관리

(16)

15

The Power of Software - Defined Networking

Software-Defined WAN & Remote LAN

Unified Management & Business Intent-based Control

(17)

Operational Efficiency

Operations Workload

사용자 & 지점 수

WAN 업무 감소

LAN 업무 감소

(18)

17

 SD-WAN 도입 고객의 85%가 small and mid-size enterprises 고객

 대형 enterprises 고객들의 고민사항

– Brownfield deployments need a migration strategy to de-risk.

– SD-WAN introduces new layers and components.

– Securing the network can’t be done with legacy methodologies.

– Internet Broadband may not meet enterprise SLAs for network reliability & app performance.

Enterprise 고객의 SD-WAN 고민

In order to cross the chasm into mainstream

adoption of SD-WAN across small to large

enterprises and organizations, we need to

address the challenges above.

(19)

Use Case: Increase Capacity While Managing Cost

1 Branch

Data Center

Branch

Internet

$

Keep in mind…

1. The objective with Internet Broadband isn’t always reducing circuit cost. But it is always about increasing capacity.

2. MPLS will be around for a long time &

WAN OP is the best (ONLY!) answer

for capacity.

(20)

19

Increase capacity without compromise

MPLS: More Expensive (-), Lower Capacity (-), High Quality (+)

Internet Broadband: Less Expensive (+), Higher Capacity (+), Lower Quality (-) 

Internet Broadband can cost- effectively increase capacity.



But it may not deliver the quality, reliability or

performance needed to meet SLAs.



Techniques like packet

duplication & forward-error correction improve quality and/or reliability, but they eat away at the gains in available capacity.

 What if you could dynamically and selectively enable these techniques only when needed?

Data Packets Data Packets Duplicate Packets

FEC

(21)

Use Case: Infrastructure Agility

SD-WAN Controller

Branch

Data Center Cloud

BROADBAND

MPLS

Policy-Based Path Steering

Apps, Users, Sites.

Zero-Touch Provisioning

No truck roll.

Branch Branch

2

(22)

21

Use Case: Backhaul and/or Direct Internet Access

3 Branch

Data Center

Performance AND Security

… no compromise.

SaaS & Cloud

Direct Internet Access -

• Distributed Security

• Unpredictable Performance

 Leverage Branch Security

 Leverage App Acceleration

Backhaul -

• Centralized Security

• High Latency

 Leverage WAN Optimization

 Leverage App Acceleration

(23)

Direct Branch-to-Internet Breakout Backhaul Through Data Center / Hub

Backhauling vs. Direct Branch-to-Internet Breakouts

Eliminate trade-offs between performance & security

Security  Good

Centralized protections +

Performance  Bad

Increased latency (“tromboning”) - Centralized bottleneck -

Performance  Good

Less latency + No centralized bottleneck +

Security  Bad

Wide threat perimeter -

App Acceleration

 SaaS Acceleration

 Cloud Acceleration

Branch Security Services

Advanced Native Security

3 ^rd Party Service Chaining

(24)

23

Use Case: Adopting SD-WAN

4

(25)

Use Case: Adopting SD-WAN

4

SD-WAN Legacy

 Phased roll-outs. What to know…

a. It’s the common case (always!) b. It’s fraught with challenges

 An enterprise-class SD-WAN solution must have BOTH…

a. SD-WAN

b. Enterprise-grade Routing (differentiator!) And…

 Scales to 1,000s of sites.

 Full-mesh. Hub-n-spoke. Multi-mesh.

 VRF

 Multicast

 IPv6

(26)

25

The Modern Digital Landscape

Users & Devices Applications & Data

(27)

The Modern Digital Landscape

Users & Devices Applications & Data

Internet

MPLS

Cloud

Data Center

Branch

(28)

27

Three Fundamental Trade-Offs

Reduce Costs

Unpredictable Performance Internet Broadband

& LTE

Good

Experience

Less Secure Direct

Branch-to-Internet Hybrid

Apps & IT

Untenable to Manage

Hybrid WAN &

Internet-Only WAN

(29)

Hybrid

Apps & IT

Untenable to Manage

Hybrid WAN &

Internet-Only WAN

Three Fundamental Trade-Offs

+

Hybrid Apps / IT

Agile Networking SD-WAN

Reduce Costs

Unpredictable Performance Internet Broadband

& LTE

Good

Experience

Less Secure Direct

Branch-to-Internet

(30)

29

Reduce Costs

Unpredictable Performance Internet Broadband

& LTE

Good

Experience

Less Secure Direct

Branch-to-Internet

Three Fundamental Trade-Offs

+

Hybrid Apps / IT

Agile Networking SD-WAN

+

Cost Effective

Fast Acceleration

(31)

Good

Experience

Less Secure Direct

Branch-to-Internet

Three Fundamental Trade-Offs

+

Hybrid Apps / IT

Agile Networking SD-WAN

+

Cost Effective

Fast Acceleration

Best Experience

Secure Security

+

Maximize Agility, Performance & Security

… without compromise.

(32)

31

Moving to Cloud

SaaS Performance &

Employee Productivity

Network Visibility

SD-WAN & WAN Edge Infrastructure

Riverbed Digital Networking

Any App ∙ Any Network ∙ Anywhere

Agility ∙ Performance ∙ Security

(33)

Functional Components

향후 Riverbed SteelConnect EX Series 지원방향

Multi-Function VNF Service Fabric

App & Cloud Acceleration

Bandwidth Optimization

Acceleration

Branch Data Center Cloud

SteelConnect EX Appliances

Physical & Virtual Appliances

Physical Virtual Enterprise

Routing

Dynamic Path Control

SD-WAN

Next-Gen Firewall

IPS / IDS

Security

SteelConnect Director

SteelConnect Analytics

Policy-based Centralized Management

Big Data Platform for

Network &

Security

(34)

33

The Full Stack for Enterprise SD-WAN

향후 Riverbed SteelConnect EX Series 지원방향

Orchestration &

Management

Optimization &

App Acceleration

Network Security SD-WAN

Core Network

Services

Orchestration & Management

Templates NETCONF & API Visibility Air Gapped

Optimization & App Acceleration TCP / UDP SSL / HTTPS

Deduplication

Mobile SaaS / IaaS

File / Email Video Compression

Advanced Security NG-FW DDoS Prevention

URL Filtering

SSL Proxy IPS-IDS

Anti-Virus User Auth.

Malware Protection

SD-WAN Key Capabilities

Application SLA IPSEC/VxLAN overlay

ZTP FEC

Packet Racing Flow/Packet LB LTE modem WiFi

Core Network Services

Dual Stack IPv4/IPv6

Enterprise Routing Multicast Segmentation

VRRP MP-BGP

Enterprise QoS

PPPoE

(35)

회선 최적화 지사 네트워크 신속한

장애복구 구축 및 해외지사

업무속도 향상

(On-Premise, AWS/Azure, SaaS(O365))

지사 네트워크

TCO 절감 센터에서

전 지사 네트워크 통합관리

고객의 Benefits

Riverbed

애플리케이션 성능 관리 솔루션

지점 사용자 Riverbed SDWAN IT 팀

(36)

35

Thank You