If you haven’t seen my colleague Ben Irving’s Network of the Future blog, I recommend you check it out. In this blog I’ll share what we’ve accomplished so far in terms of the new WAN architecture Ben describes here.
Why increase WAN capacity?
Two reasons. First, we need more capacity to keep delivering a great application experience from our private cloud. Employees in our 450 branch offices use the WAN to access applications for engineering, finance, marketing, HR, etc.
Second, we’re becoming a true multi-cloud company. We use almost 1000 cloud services, including Cisco Webex, Salesforce, Office365, and Box. Currently, more than 25% of traffic from our campuses and branch offices heads to public clouds. We expect that percentage to keep growing, so we need WAN capacity to carry that traffic reliably and securely.
Historically, when we needed more capacity we paid the service provider to bump up the guaranteed bandwidth (committed information rate) on our existing circuits. That’s quite costly in some regions, like the Middle East. Scaling WAN bandwidth also takes a lot of time and coordination because our various service providers and carriers use different systems and backend devices.
Now we’re switching gears by optimizing the capacity we already have, using SD-WAN technology. The bonus is that the same SD-WAN solutions also lower our operational costs in ways I’ll cover at the end of this blog.
Offloading traffic to the Internet
Today, Cisco sites receive one of several WAN services, depending on their size and availability requirements. Large offices and TAC sites get two MPLS circuits—one primary and one for backup. Midsize offices get one MPLS circuit and a VPN-over-Internet connection for backup. Smaller offices typically just have the VPN-over-Internet connection.
MPLS circuits are well worth the cost for our critical traffic because they’re fast and secure. But it’s harder to justify MPLS for backup circuits because they’re hardly ever used. So now we’re experimenting with giving large offices one MPLS and one Internet link. We use the Internet link not only for backup but also for less-critical traffic. Shifting less-critical traffic to the Internet frees up more capacity for critical traffic on the MPLS link—and also saves money.
Making this work requires two kinds of SD-WAN intelligence:
- Recognizing the type of traffic currently flowing across the network. Does it have security or performance requirements that require it to go over MPLS?
- Routing the traffic to the right link: critical traffic to MPLS, less-critical traffic to the Internet.
Viptela, our SD-WAN solution, does both. Part of Cisco IT’s mission is to be Cisco’s first customer—“customer zero”—for new products, like Viptela. Putting Cisco products to work to solve our own business needs gives us the chance to validate deployment guidelines, evaluate use cases, and recommend operational best practices for our customers. We’re currently conducting a pilot in nine midsize offices—three in Europe (Scotland, Manchester, and Prague) and six in the Americas (Glendale, Rancho Cordova, Pleasanton, Franklin, Richmond, and Irvine). We’re using Viptela to set policies for which application traffic travels over the primary (MPLS) and secondary (Internet) circuits. For example, video and engineering traffic always travel over MPLS because of their performance and security requirements, while email and web searches can go over the Internet. Based on initial testing, we expect to reduce overall load on the primary circuit at each local office by approximately 25%. You can read about the deployment details in this brief.
Saving money at the same time
In addition to freeing up WAN capacity, SD-WAN technology is also lowering operational costs, by:
- Putting the idle secondary WAN link to work so that we don’t have to pay for more bandwidth.
- Providing direct Internet access.
- Enabling us to manage routing policy centrally from the Viptela cloud. This comes up when we need to apply a security patch, troubleshoot performance issues, or change a WAN security policy. Before, an engineer made the change device by device. With an SD-WAN controller, the engineer can define policy centrally and then push it out to all SD-WAN routers with a click. We expect automation to lower WAN operational costs by 30%.
Next steps
We’ll soon extend Viptela to a total of 25 sites—4 more in August and and the rest in the fall of 2018. In addition to offloading email and web searches to the Internet, we’ll also offload traffic from several business applications, including Webex, Box, iCloud, and Office365. We’ll load-balance this traffic across both circuits.
What are your hopes and plans for SD-WAN? Share them in the comment box.
You cannot make it clearer. I just enjoy reading this blog. Thanks!
You cannot make it clearer. I just enjoy reading this blog. Thanks!
Thank you Sophy. Glad to hear that it is clear and enjoyable.
Once of the best blogs written about SD-WAN in a real world scenario.
Thank you Kiran. Glad I can make it real.
Great granular detail on how technology works and it's implementation in prod
Great Blog on our SD-WAN strategy, Carol!
Thank you Harry. It is important for all of us to understand our long term SD-WAN strategy and where we are at today.
Very Engaging Blog on our SD-WAN Strategy !
Thank you Jerry for reading and commenting.
Wow! Easy to understand the big picture with crisp and clear explanation . Thank you for this post Carol.
Jhansi, Thank you for reading and taking the time to provide valuable feedback.
Being a non technical IT professional, really enjoyed reading this blog that firstly put the business value (why) into context and then explain the technical approach we tackle the problem (how). A great reminder for all IT professionals on how we need to tell our story. Nicely done Carol!
Great, real-world example that's helpful for all of us to share with customers
Great writeup to understand the value of Viptela and how we could translate the same to customers being in the fore-front to prove "Customer 0"
Thank you Jaya.
Thank you Carol for this informative blog- it is very valuable to understand our long term SD-WAN strategy & it is exciting to know that IT, GIS & Network Services are working on enabling outcomes that directly connect to our corporate priorities such as Multi-Cloud.
Thank you Geetha for taking the time to provide valuable feedback.
You are a great story teller Carol. Great job on explaining how our SD-WAN technology works and the business value.
Nice Blog
Very Well explained our Plans for SD-WAN.
Thanks,
Tarun
Hi Carol,
Excelent article. Just a question. What would be the correct path to start SD-WAN training? I have the CCNP certificacion…
Regards and thanks
Hernan,
It depends on where you are at today.
At a high level, probably 3 areas to think about.
– Learning about the technologies (Cisco DevNet is a good resource to start)
– Building out software and data skills
– If you are in an agile environment, get acquainted with the methodologies.
Hope this helps.
Loved the simplicity of the SD-WAN story and the customer perspective. Did not realize we have ~1000 cloud services being used across the company! Thank you for a very informative and enlightening blog, Carol!
Glad to hear that it is informative and enjoyable.
Interesting to hear how the circuits are set up in different-sized locations. I'm surprised the large sites are currently using 2 MPLS circuits since they're so high cost. I'd be interested to know how much of our traffic needs to be low latency/high availability/high security, and how much can operate just fine with normal internet circuits.
The large sites with 2 MPLS circuits are usually the ones that are critical to business, and the 2nd circuit is in place as a full backup.
Presently, with the ability to offload less business critical traffic to business broadband, we are looking at offloading 25% traffic to internet circuits. This number may increase as we evaluate the different applications/traffic.