Introduction to ngena's SD-WAN-as-a-Service - WINNER OF THE NETWORK TRANSFORMATION AWARDS 2018
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
WINNER OF THE
NETWORK
TRANSFORMATION
AWARDS 2018
Introduction to ngena’s
SD-WAN-as-a-Service
Table of Contents
1 Market drivers for Software defined-WAN 3
2 Introduction to ngena 5
3 Characteristics of ngena’s Software-Defined WAN-as-a-Service 7
4 ngena’s SD-WAN-as-a-Service ordering and deployment 9
5 Solution design 11
5.1 ngena’s SD-WAN-as-a-Service access designs 12
5.1.1 Access design XS 13
5.1.2 Access design S 14
5.1.3 Access design M 14
5.1.4 Access design L 15
5.1.5 Access design XL 15
5.1.6 Access design M- 16
5.1.7 Access design S+ 16
5.1.8 Access design M+ 17
5.1.9 Access design L+ 17
5.1.10 Access design XL+ 18
5.2 Design basics and typical use cases for a SD-WAN-as-a-Service 19
5.3 Summary of access designs 20
6 Conclusion 21
7 Abbreviations 22
2 Introduction to ngena’s SD-WAN-as-a-Service
1 Market drivers for Software Defined-WAN
The idea of digitally transforming businesses for Also, enterprises are demanding networks which
enterprise WAN networks is driven by demand for are innovative, feature-intensive and evergreen to
better globalized services, quicker responses to take advantage of the latest value-added service
changing business needs, adoption of private and offered by software upgrades.
public Clouds, and financial pressure to achieve
improved margins and faster growth. Today, enterprises are facing key challenges with
regards to the cost, agility and performance of
Traditional WAN networks are highly hardware running a WAN as an agile network. Recurring
centric and require manual operation. They offer infrastructure deployments and upgrades require
limited capabilities which, in many cases, fails to a high degree of automation and orchestration to
fulfill a business’s full range of requirements. The lower the cost and time of deployments. Without
technology has tended to be closed, restricting automation, deployments take longer to imple-
business and being non-conducive to enabling ment, making networks more complex and less ef-
business opportunities. What businesses need is ficient. In addition to being agile, enterprise WAN
a service-oriented network which can adapt itself requires better performance with higher band-
to changing business requirements. To look at the width and access to Cloud data centers. Different
Hardware Centric
Hardware Centric Software Driven
Software Defined/SDN
Traditional
Manual Manual Automated
Closed Closed Programmable
Reactive Reactive Predictive
Connectivity
NetworkIntent
Intent Business Intent
Figure 1: Evolving traditional network to software defined network
Cloud Based Automation & Scale Security & Compliance Assurance & Analytics
Hosted, managed Speed, flexibility, zero-touch, policy driven Segmentation, threat mitigation Users, applications, devices
changing needs, IT and software providers have Cloud application/infrastructure providers require
changed the way in which they deliver services different traffic models (distributed & centralized),
from a traditional, dedicated server-based ap- leading to differences in the utilization of network
proach to a Cloud-based Software-as-a-Service links, and making overall network management
(SaaS) model. Every enterprise needs software more difficult. A further challenge is ensuring the
and IT applications to run. Traditionally, all the security of such a WAN network as vulnerability
software is hosted on the premises. Today, howe- grows with the addition of each Cloud service.
ver, enterprise software is increasingly hosted in These drivers place immediate demands on enter-
a SaaS private Cloud, and enterprises need con- prise networks to be more distributed and open to-
nectivity to such SaaS application private Clouds. wards the Internet / hosted Software-as-a-Service
These new Cloud-based traffic patterns, SaaS ap- i.e. SaaS private clouds. At the same time, the net-
plication performance requirements, and network work should offer reliable connectivity to branch
agility cannot be fulfilled by traditional WANs. offices and remote users.
Introduction to ngena’s SD-WAN-as-a-Service 3
Enterprises demanding such business and SD-WAN enables the effective running of highly
technological changes have led to the emer- distributed global businesses and immediate integ-
gence of SD-WANs i.e. Software-Defined Wide ration of offnet/far-off sites. SD-WAN provides bet-
Area Networks. A Software-defined WAN allows ter network performance per SLA class and higher
enterprises to build highly distributable under- flexibility to configure your network. To take full ad-
lay network agnostic WANs – whereby net- vantage of SD-WAN at a network level, you need
work agnostic means that any type of underlay to have a service platform which can automate and
technology (i.e. Ethernet, Internet or MPLS etc.) orchestrate all the processes, tasks and choices
can be used. In general, SD-WAN segregates offered by SD-WAN. Only with an end-to-end view
the control plane from the data plane, utilizing of the service delivery will your network be able
efficient network policies to route the traffic to truly transform and become future ready. It is a
Mega Trends
Decentralization: 80% of Globalization: 41% of Bandwidth demand: Cloud adoption: 70% of 18% worldwide
employees and customers are businesses globally say 21% global business large scale enterprises public cloud services
served in branch offices they do business in IP traffic growth (CAGR) use cloud applications market growth in
countries outside their own 2016–2021 2017
Effects on SD-WAN
Revenue growth (CAGR) 18% decrease in MPLS 50% of WAN edge 58% of enterprises 80% of IP-VPN
2017–2021 for global revenues expected in infrastructure refresh will be deploying RFPs demanding
SD-WAN infrastructure & Western Europe by initiative based on SD-WAN services SD-WAN solutions
services 2020 SD- WAN by 2020 by 2018/19 today
US$ 8.05bn US$ 106bn
IDC: “SD-WAN growth is exploding
global SD-WAN infrastructure global VPN market in
for at least the next 5 years”.
& services revenue by 2021 2022 and CARG of +13%
Sources: 1. Gartner/Viptela; 2. Sage/Populus; 3. Cisco; 4. IDG;
5. Gartner; 6. IDC; 7. IDC; 8. Gartner; 9. Ovum; 10. IDC; 11. IDC; 12. Market Research Future
Figure 2: Digitalization driving global SD-WAN demand
dynamically based on SLA classes. These dyna- massive undertaking for an enterprise, requiring huge
mic policy-based routing decisions contribute investment in network, interconnect agreements and
towards smart traffic handling by combining people. Needless to say, such a venture would consu-
and/or replacing the existing underlay Ethernet me a fair amount of time and detract enterprises from
network with commercially available Internet ac- their actual business focus. Time spent on creating
cess. Availability of CPE as a software instance, a massive global network could be better spent on
white box CPEs, and network programmability maximizing profits and growing business. Enterprises
with WAN application directly hosted as VNFs thus need a new business model with a managed
on CPE have enabled value added services in service approach to enable them to cater to their busi-
the areas of network security, WAN optimization ness demands more quickly, leaving management of
and enhanced connectivity in Cloud networks. network complexity to the managed service provider.
4 Introduction to ngena’s SD-WAN-as-a-Service
2 Introduction to ngena
ngena – the Next Generation Enterprise Network ngena offers highly-secure and high-performance
Alliance – is an alliance of service providers and SD-WAN connectivity solutions for interconnec-
technology providers from across the globe who ting enterprise customer networks globally via
come together to provide SD-WAN-as-a-Service VPNs based on the Internet Protocol (IP). The
to enterprise customers. Alliance partners pool ngena service offering is based on hybrid access
their network resources with ngena’s global technology, i.e. Ethernet Private Lines (EPLs) and
private backbone and service platform to connect Internet Public Lines (IPLs). ngena provides secu-
businesses worldwide through hybrid VPN ser- re, IP-based virtual overlay networks over Internet
vices. ngena brings a new network sharing-based or Ethernet-based underlay networks. It supports
business model which is a win-win for all alliance any underlay topology, e.g. ring, full/partial mesh
partners and allows them to quickly increase their and hub & spoke without needing to make any
network coverage and ability to offer fully-mana- changes to the underlay networks. To realize a
ged, global SD-WAN-as-a-Service and additional complete network, all network components –
value-added services much more quickly than in such as Customer Premise Equipment (CPEs),
the past. VPNs, access bandwidths, security VNFs etc. –
can be ordered via ngena’s central portal.
The ngena model leverages an NFV/SDN-based
managed SD-WAN platform and a global private An innovative, service catalogue-driven approach
network to share underlying network assets from has been implemented for ordering network
trusted service providers around the world, thus functions, such as CPEs, access, ports etc. in
Regional ngena Hubs + Alliance Partner
Network Health global ngena Backbone Network
Dashboard
Nomadic Access Services
MPLS VPN
ngena VPN vEdge CPE
MPLS VPN Interworking ENCS (x86) CPE
Advanced
Security Access Design XL / XL+
Application Optimization
Advanced Network
Advanced Security
Global SLA Access Design L / L+
Application
Private (local access)
Internet
Cloud Optimization Access Design M / M+ / M-
Public
Cloud Cloud Connect
Advanced Access Design S / S+
Network
Access Design XS
Internet Internet
(regional access) (local access)
Secure Tunnel to
3rd Party
CSP
Figure 3: Overview of ngena’s SD-WAN-as-a-Service portfolio
providing global WAN coverage with local care the ngena portal. With an end-to-end business
from regional alliance partners. In addition, ngena process design and orchestration logic, a unique
is building a private SD-WAN network through standard data model has been implemented
strategically located hubs providing global co- across the Business & Operations Support
verage to enterprise customers. ngena comple- System (BSS & OSS), network layer and down to
ments its network backbone with advanced VPLS each CPE. Multiple layers of service and network
services and network to network interconnect, orchestration are deployed to automate all the
and enables aggregation hubs to provide best-in- network management tasks and provide opera-
class network performance. tor-friendlier, agile networks.
Introduction to ngena’s SD-WAN-as-a-Service 5
The ngena platform is based on a virtualized ngena tests and qualifies the CPEs based on
pool of resources for compute, storage and their real-time performance to ensure reliability
networking managed by a virtualized infrastruc- for enterprise customers.
ture manager. For advanced network security,
service chains can be created to realize network A holistic Network Health Dashboard based on
services such as secure regional Internet access real-time network data has been implemented
etc. SDN controllers and network routers are to provide a single view of the health status of
successfully implemented to segregate data, the customer network. An assurance platform
control and manage plane traffic, and to connect using Artificial Intelligence (AI)-/Machine Learning
to customer edge networks. Network functions (ML)-based predictive analytics makes managed
and integrated products, such as firewalls, web operations quick and easy. To ensure reliability
security etc., can be installed on preconfigu- of the ngena platform, a DevOps based Continu-
red hardware-based CPEs or on configurable ous Integration/Continuous Deployment (CI/CD)
x86-based CPEs as a software instance. These approach to network development and manage-
CPEs are integrated into the orchestration ment has been established, where each release
stack for automatic configuration by means of is tested for reliability before rolling out changes
zero-touch provisioning processes. In addition, in the production environment.
6 Introduction to ngena’s SD-WAN-as-a-Service
3 haracteristics of ngena’s Software-Defined
C
WAN-as-a-Service
ngena’s approach to SD-WAN-as-a-Service and The characteristics of ngena’s managed SD-
hybrid VPNs is to manage and utilize multiple WAN-as-a-Service solution are described below:
WAN circuits using a combination of Softwa-
re-Defined Networking (SDN) techniques. Data Global coverage with local care: ngena has built
and control planes are separated by means of an a universal global network which connects mul-
application-aware controller to efficiently manage tiple alliance partner networks to provide global
the data traffic and optimize policy-based routing coverage for an enterprise-class SD-WAN solu-
decisions. SD-WAN works as a virtual overlay, tion available across the world. ngena provides
creating logical paths over multiple physical its centralized portal as a single global directory
underlay networks. These overlay networks which shows available network coverage by
are managed by ngena’s platform. The platform ngena alliance partners. It can be used to quickly
works on the concept of product and service data check network availability and rapidly provision
models with integrated workflows to automate new sites. Local presences of various alliance
network deployment and management tasks. partners in their geographical regions provide
ngena offers its centralized portal to all alliance better services and user experience for enter-
partners, enabling them to create a solution prise customers, as local teams and offices are
design by choosing ngena products and services always available to communicate with customers
from a global catalogue. An alliance partner and address any local issues.
Enterprise WAN as a
Value End-to-End Service
Self Service
Managed
Managed NFC/vCPE **
* Orchestration
vCPE
Managed
SD-WAN
Managed
Hybrid WAN
Managed
WAN
*Mainly an issue of clarifying responsibilities and ** Global service catalogue and full automation of
processes between service provider and end customer, global service platform is available; provisioning of Expected development by Gartner until end of 2026
but not of ngena technology or of ngena IT underlay network not yet automated ngena’s capabilities in 2018
2016 2021 2026 Time
Figure 4: ngena is leading with its “SD-WAN-as-a-Service” the SD-WAN evolution
has end-to-end responsibility for designing End-to-end-managed SD-WAN-as-a-Service:
the customer’s solution based on the required The biggest challenge in deploying NFV-/
product offering contained in the catalogue. The SDN-based networks is the early adoption of a
solution created with the ngena portal genera- technology which is not yet fully enterprise grade.
tes a data model which is understood by global In addition, many WAN solutions comprise diffe-
service and network orchestrators. These create rent vendor solutions with segregated respon-
automated workflows for the tasks that need to sibilities, and are not managed fully end-to-end,
be performed by different network nodes. It also thereby resulting in e.g. more-complex incident
triggers actions within the relevant field teams to resolution. ngena therefore decided to take
implement the order. These workflows are fully responsibility for providing end-to-end-managed
orchestrated and implemented end-to-end. SD-WAN services that are secured with fully agile
Introduction to ngena’s SD-WAN-as-a-Service 7and reliable operations and optimized by industry End-to-end encryption and security: ngena provi-
best practices. ngena also provides any neces- des end-to-end security via IPSec and DTLS/TLS
sary field support and proactive service assuran- tunnels to protect private virtual WANs traversing
ce, including service performance visibility and global network. Separate controls are in place for
global SLAs. management, control and data plane traffic. For
secure local Internet access, ngena offers local
Centralized monitoring and service orches- stateful firewalls on the CPE itself, and provides
tration: ngena has developed a centralized secure break-out to the SaaS/Application Clouds or
portal containing a product catalogue to provide towards the Internet routing traffic via Zscaler Cloud.
data-model-based automated services for cen- All traffic passing through ngena’s regional hubs is
tralized operations, maintenance, provisioning, safeguarded by means of a secure service chain of
security, billing and traffic management. These advanced firewall and web-security instances.
services are fully orchestrated to provide maxi-
mum operational efficiency to create a flexible Connectivity to the Cloud: ngena services pro-
service-oriented network. vide connectivity options with major Infrastructu-
re-as-a Service (IaaS) and Software-as-a-Service
Zero touch CPE provisioning: With ngena, it is (SaaS) vendors and can route traffic directly from
now possible to provision a new site or branch remote sites to the Cloud without backhauling to
office with automatic processes faster than ever an enterprise data center. This provides for high
before. This will help to meet business require- performance and secure access to IaaS and SaaS
ments and simplify network configuration and providers on enterprise networks by reducing
maintenance. bandwidth utilization and aligning with the ‘Cloud-
first’ strategy for various enterprises to host enter-
Traffic optimization and Quality of Service (QoS): prise applications in private or public Clouds.
Segregating the data and control plane traffic
provides an intelligent traffic optimization with Innovation and evergreening: Managed services
best path routing. Thanks to the application-aware from ngena ensure that the latest technology and
ngena network, the traffic can be categorized innovative features are fully tested for reliability
into multiple Classes of Service (CoS). In addition, and integrated into the global platform. End-to-
where Ethernet Private Lines are used, Quality end orchestration implementation then allows
of Services (QoS) is supported with SLAs for the such features to be available globally as standard
different Classes of Service. Application quality features. This ensures the fastest possible time to
of experience is further improved by using WAN market, without compromising on network relia-
optimization techniques such as data deduplica- bility, and ensures that the enterprise network is
tion and forward error correction. always up-to-date.
8 Introduction to ngena’s SD-WAN-as-a-Service4 ngena’s SD-WAN-as-a-Service ordering and deployment
ngena is an alliance of network providers that B-End providers are responsible for the
share the individual regional network assets to wholesale supply of the connectivity access lines
form a globally shared network. Powered by in different regions and countries to fulfill ngena’s
ngena’s hubs, private global backbone and central SD-WAN managed service.
platform, the delivered network services use easily
configurable product catalogues, end-to-end auto- ngena provides a centralized BSS (Business Sup-
mated processes and fully orchestrated network port System) & OSS (Operations Support System)
elements, which transform traditional underlay net- solution with the ngena portal for easily managing
works into smart Software-Defined Networks. and automating the solution design process. All
alliance partners receive access to the ngena
ngena offers an entirely new business model which portal, where they can order the global SD-WAN-
is based on end-to-end network services as a who- as-a-Service for their enterprise customers and
lesale service. With this business model, all alliance add additional value-added service options (e.g.
partners can offer the hybrid VPN service to enter- WAN optimization, security services (Firewalls/
prise customers using either their own network, or Cloud based security/Web-security VNFs), Cloud
by adding coverage using other alliance partners’ connect etc.
network assets. With this, alliance partners can save
time, effort and money as they do not have to invest Furthermore, the ngena portal is a one-stop direc-
heavily in their own network infrastructure. tory of all globally available connectivity options.
It shows coverage, availability of different access
In the alliance model, the alliance partner offering designs and SLAs at any particular site. The cata-
services to an enterprise customer is known as logue-based product offerings in the ngena portal
the “A-End provider” while the alliance partner consist of either Internet Public Line (IPL), Ethernet
providing the actual network assets/access is Private Line (EPL) access and/or a combination
known as the “B-End provider”. During a custo- of them available as access design. Customers
mer project, an alliance partner can act simulta- can choose between a number of standard and
neously as an A-End and as a B-End provider. advanced access designs from XS to XL+, offering
single or redundant Internet or Ethernet access
A-End providers are responsible for the enterprise with different SLAs and supported bandwidth.
customer: They collect the customer’s network re-
quirements and use ngena services and the portal Typically, for a given customer solution, the custo-
to design a solution that best fits their needs. The mer may require a set of access designs with dif-
details of the entire ngena service offering are ferent bandwidth and/or pricing characteristics for
explained in the ngena portfolio section. different usage demands at certain locations, and
Your telecoms Single point of contact to the customer
provider • from quotation to fulfillment
(“ngena‘s A-end • monitors network performance
partner“)
• reporting and managing changes
End-to-end service provider
Coordinates full customer solution design
• orders local access,
• coordinates global dispatching and installation of CPE
• test and turn-up, hand-over the solution to the alliance partner
Local alliance partner (“B-end partner”)
• Provides local Ethernet and/or Internet access including
on-site installation & field service
Figure 5: ngena customer order flow
Introduction to ngena’s SD-WAN-as-a-Service 9with applicable tariffs. The ngena portal can be can be added to the shopping cart as well, and the accessed by a user with appropriate credentials. total cost of all the items in the cart would then be Such users are generally employees of the A-End calculated and quoted. partner that manages the customer relationship. The user must choose the country in which the The products and services in each shopping cart customer requires SD-WAN connectivity and then with their associated price quotation – often stated enters the addresses of the sites in that country for as One-Time Charge (OTC) or Monthly Recurring which connectivity is required. The ngena portal Charge (MRC) – would then be submitted to ngena will then check availability of products at the spe- for feasibility and delivery lead time checks, before cified locations in near real-time for the selected final acceptance of the customer order. Once the site locations. Available access design products order has been submitted by the A-End partner are shown on-screen, and the solution designer and accepted by ngena, it automatically undergo- can add the necessary access designs to the es further downstream processing through to the shopping cart. Once these tasks are completed, status ‘ready for service’ and its activation using additional value-added services and a global VPN ngena’s zero touch provisioning process. 10 Introduction to ngena’s SD-WAN-as-a-Service
5 Solution design
With a broad set of standardized and advanced One important difference between EPL and IPL
access designs, ngena supports different busi- is the Quality of Services based on the different
ness needs. These can range from the integration Classes of Services. On EPL and IPL, ngena uses
of a small, single site with existing Internet access a general categorization and prioritization of the
up to a large data-center with geo-redundant traffic with different Classes of Services. But when
Ethernet and Internet access lines. In all cases, it comes to time-critical communication, e.g. gua-
the ngena overlay tunnel will build an any-to-any ranteed latency over a certain distance, only EPL
VPN with full encrypted traffic, to ensure secure can be used as it has the guaranteed SLAs at the
and robust communication between customer transport level.
sites. The following access types are supported
to connect a customer site to the ngena platform: Difference between Broadband, DIA and BYOA
Broadband Internet access is provided either by
Ethernet Private Line (EPL) a Cable Modem or DSL. Services are delivered
EPL consists of connectivity provided over a via a network that is shared between users, and
Layer2 Ethernet link according to the MEF 2.0 SLAs are best effort. The Internet Service Provi-
standard. Bandwidths up to 1Gbps (higher band- der (ISP) makes its best effort to keep the connec-
widths up to 10Gbps are planned) are supported. tivity and uptime high, but ultimately the network
However, bandwidth availability depends on the is not built for mission-critical applications. As the
site location. ngena access designs support two number of connections increases, the perfor-
types of EPLs: mance of the network goes down. Also, band-
• Ethernet E-Tree: This service is a rooted po- width on Broadband services is not symmetrical,
int-to-multipoint service providing sites with hub with Broadband speeds such as 50Mbps/10Mbps
and spoke multipoint connectivity. being supported, for instance. In this case, you
• Ethernet E-LAN / VPLS: This service is a multi- have a download speed of 50Mbps and an upload
point-to-multipoint service that connects several speed of 10Mbps.
sites providing full mesh connectivity.
DIA (Direct/Dedicated Internet Access) is built for
Internet Public Line (IPL) business and backed up by enforceable SLAs.
IPL consists of connectivity provided over stan- DIA delivers Internet services to end users via a
dard public Internet access. IPL can be provided dedicated infrastructure and direct fiber con-
in different ways: nection. Fiber allows much greater bandwidth
• Alliance partner provided connectivity – BB and offers a symmetrical bandwidth option. DIA
(Broadband) services are monitored and more reliable than
• Alliance partner provided connectivity – DIA Broadband.
(Direct/Dedicated Internet Access)
• Enterprise customer provided connectivity – BYOA (Bring Your Own Access) is an option
BYOA (Bring Your Own Access) provided to enterprise customers wishing to use
their own Internet access with ngena CPEs for
Bandwidths (asymmetrical or symmetrical) up their SD-WAN service. The enterprise customer
to 1Gbps are supported. Bandwidth availability needs to provide a transparent Internet access
depends on the site location and the access with a public IP address assigned to the CPE in
technology used. For example, Direct Internet Ac- order to use the service. In this case, the SLA
cess (DIA) has better SLAs compared to a simple provided by ngena is ‘best effort’ and applica-
Broadband (BB) connectivity due to dedicated ble for CPE and service only and excludes the
underlying infrastructure. access uptime.
Introduction to ngena’s SD-WAN-as-a-Service 115.1 ngena’s SD-WAN-as-a-Service access designs
The standard set of the ngena access designs is A customer site can be integrated into ngena’s SD-
offered to connect enterprise network locations WAN by either a public (IPL) or private (EPL) access
to an enterprise’s network. The available access line. ngena provides end-to-end service connecti-
designs (depicted in the Figure 6) are: vity via ngena deployed CPE, which connects to a
B-End alliance partner network. All B-End alliance
• Extra Small (XS) partner networks connect to one or multiple ngena
• Small (S) hub(s) and the global ngena platform via access
• Medium (M) gateways. Each access design provides service
• Large (L) differentiation with respect to access type, redun-
• Extra Large (XL) dancy, line characteristics and SLA.
In line with enterprises’ customized demand for All access designs include several default functio-
higher reliability and redundancy, ngena has come nalities, as noted below:
up with five advanced access variants which are
offered via the ngena portal to connect enterpri- • Fully managed service (including CPE on-site
se locations to an enterprise VPN. The available support and proactive service assurance)
access designs (depicted in Figure 7) are: • Multi-VPN
• Class of Service (4 CoS available for customers
• Small plus (S+) traffic)
• Medium minus (M-) •G lobal Connectivity via inter-regional ngena
• Medium plus (M+) private backbone
• Large plus (L+) • VPN any-to-any communication
• Extra Large plus (XL+) • End-to-end data and control plane encryption
ngena Hub ngena Hub
Node 1 Node 1
Customer site Customer site
XS L
Node 2 Node 2
ngena Hub ngena Hub
Node 1 Node 1
Customer site Customer site
S XL
Node 2 Node 2
ngena Hub Access Gateway
Service Termination Point of B-End Alliance Partner
Node 1
Customer site Internet Public Line
M Ethernet Private Line
Line Termination Device of B-End Alliance Partner
Node 2 ngena Customer Premise Equipment (CPE)
Service Termination Point of ngena
Figure 6: ngena’s standard access designs
12 Introduction to ngena’s SD-WAN-as-a-Servicengena Hub ngena Hub
Node 1 Node 1
Customer site
Customer site
S+ L+
Node 2 Node 2
ngena Hub ngena Hub
Customer site
Node 1 Node 1
Customer site
M+ XL+
Node 2 Node 2
ngena Hub Access Gateway
Service Termination Point of B-End Alliance Partner
Node 1
Customer site Internet Public Line
M- Ethernet Private Line
Line Termination Device of B-End Alliance Partner
Node 2 ngena Customer Premise Equipment (CPE)
Service Termination Point of ngena
Figure 7: ngena’s advanced access designs
5.1.1 Access design XS
Access design XS is the entry level connectivity option for customer sites
to be connected to the ngena SD-WAN using a single CPE with a single IPL
access. There is no redundancy in the solution design and the infrastructure
at the hub is redeployed in case of failure.
ngena Hub
Node 1
Customer site
XS
Node 2
Figure 8: Access design XS
Introduction to ngena’s SD-WAN-as-a-Service 135.1.2 Access design S
Access design S as a connectivity option provides two IPLs for customer sites
to be connected to ngena’s SD-WAN using a single CPE. It supports access
redundancy with both lines in an active-active configuration, allowing total
available bandwidth to be utilized under normal traffic conditions. Important
to note is that both IPLs should have the same nominal bandwidth to optimi-
ze the results of the active-active usage of both access lines and best path
routing and traffic selection path. The infrastructure at the hub is redeployed
in case of failure.
ngena Hub
Node 1
Customer site
S
Node 2
Figure 9: Access design S
5.1.3 Access design M
Access design M is useful for enterprise customer sites requiring hybrid
connectivity options: hereby, a customer site is connected to ngena’s
SD-WAN service termination point using a single CPE with one IPL and
one EPL access. The traffic can be segregated on QoS profiles/policies
to be carried over either Ethernet or Internet. In the event of a failure of
one link, traffic can be re-routed via the other link. This provides an acti-
ve-active configuration, allowing total available bandwidth to be utilized
under normal traffic conditions. ngena ensures that the bandwidth values
agreed for an EPL line in the service level agreement (SLA) are fulfilled at
the service termination point. Access design M provides both access and
infrastructure redundancy on the hub side.
ngena Hub
Node 1
Customer site
M
Node 2
Figure 10: Access design M
14 Introduction to ngena’s SD-WAN-as-a-Service5.1.4 Access design L
Access design L is recommended for enterprise customer sites requiring redundant private
Ethernet connectivity options with access via two EPLs and two CPEs. A customer site is
connected to the ngena SD-WAN service termination point using two CPEs with two EPLs
providing an active-active configuration, allowing total available bandwidth to be utilized
under normal traffic conditions. Important to note is that EPL access is ordered with equal
bandwidth. ngena ensures that the bandwidth values agreed for an EPL in the service level
agreement (SLA) are fulfilled at the service termination point. EPL provides symmetric up-
link-downlink access. This design provides both access and infrastructure redundancy at
the hub side.
ngena Hub
Node 1
Customer site
L
Node 2
Figure 11: Access design L
5.1.5 Access design XL
Access design XL is recommended for enterprise customer sites requiring highly redun-
dant service with resilience through private Ethernet connectivity options with access
via two EPLs and two CPEs. Complete resilience is achieved by providing two sets of
physically isolated and geographically distributed routing components (cables, access
gateway, CPEs etc.) during the implementation procedure. When XL access is ordered
through the ngena portal, a check is triggered which ensures all underlying equipment
used to implement XL design is situated in separate racks and locations to avoid a single
point of failure. A customer site is connected to the ngena SD-WAN service termination
point using two CPEs with two EPLs providing an active-active configuration, allowing
total available bandwidth to be utilized under normal traffic conditions. Important to note
is that both EPL accesses are ordered with identical bandwidths only. ngena ensures that
the bandwidth agreed for an EPL in the service level agreement (SLA) are fulfilled at the
service termination point. EPL provides symmetric uplink-downlink access. This design
provides both access and infrastructure redundancy at the hub side.
ngena Hub
Node 1
Customer site
XL
Node 2
Figure 12: Access design XL
Introduction to ngena’s SD-WAN-as-a-Service 155.1.6 Access design M-
Access design M- provides an option to enterprises requiring only a private connectivity
option for smaller customer sites to be connected to the ngena SD-WAN service termina-
tion point using a single CPE with a single EPL access. The traffic characteristics are similar
to the XS access design. There is no redundancy in this solution design. The infrastructure
at the hub provides active-stand-by redundancy.
ngena Hub
Node 1
Customer site
M-
Node 2
Figure 13: Access design M-
5.1.7 Access design S+
Access design S+ provides two IPLs with two CPEs for customer sites to be connected to
the ngena SD-WAN service termination point. Access level redundancy is supported with
both lines in active-active configuration, allowing total available bandwidth to be utilized
under normal traffic conditions. Important to note is that both IPLs should have the same
nominal bandwidth to optimize the results of the active-active usage of both access lines
and best path routing and traffic selection path. The infrastructure at the ngena hub provi-
des active-stand-by redundancy.
ngena Hub
Node 1
Customer site
S+
Node 2
Figure 14: Access design S+
16 Introduction to ngena’s SD-WAN-as-a-Service5.1.8 Access design M+
Access design M+ is useful for enterprise customer sites requiring hybrid connectivity options
with access via both IPL and EPL with redundancy at a CPE level. A customer site is connec-
ted to the ngena SD-WAN service termination point using two separate CPEs with one IPL
and one EPL access. The traffic can be segregated on QoS profiles/policies to be carried over
either Ethernet or Internet and, in the event of a failure of one link, traffic can be re-routed via
the other link. This provides an active-active configuration, allowing total available band-
width to be utilized under normal traffic conditions. ngena ensures that the bandwidth values
agreed for an EPL in the service level agreement (SLA) are fulfilled at the service termination
point. This design provides both access and infrastructure redundancy at the hub side.
ngena Hub
Node 1
Customer site
M+
Node 2
Figure 15: Access design M+
5.1.9 Access design L+
Access design L+ is recommended for enterprise customer sites requiring both redundant
private Ethernet and public Internet connectivity options with access via two IPLs and EPLs
and two CPEs. A customer site is connected to an ngena SD-WAN service termination point
using two CPEs with two EPLs and IPLs accesses providing an active-active configuration,
allowing total available bandwidth to be utilized under normal traffic conditions. Important to
note is that both IPLs and EPLs are ordered with equal bandwidth. ngena ensures that the
bandwidth values agreed for an EPL line in the service level agreement (SLA) are fulfilled at
the service termination point. EPL provides symmetric uplink-downlink access. This design
provides both access and infrastructure redundancy at the hub side.
ngena Hub
Customer site
Node 1
L+
Node 2
Figure 16: Access design L+
Introduction to ngena’s SD-WAN-as-a-Service 175.1.10 Access design XL+
Access design XL+ is recommended for enterprise customer sites requiring end-to-end
highly available service with resilience through both private Ethernet and public Internet
connectivity options with access via two EPLs and two IPLs with two CPEs. Resilience for
EPL is achieved by providing two sets of physically isolated and geographically distribu-
ted routing components (cables, access gateways, CPEs etc.) during the implementation
procedure. When XL+ access is ordered through the ngena portal, a check is triggered
which ensures all the underlying equipment used to implement XL+ design is situated in
separate racks and data-center zones to avoid a single point of failure. A customer site
is connected to ngena SD-WAN service termination point using two CPEs with two EPLs
and two IPLs providing an active-active configuration, allowing total available bandwidth
to be utilized under normal traffic conditions. Important to note is that both EPLs and
IPLs are ordered with equal bandwidth only. ngena ensures that the bandwidth values
agreed for an EPL line in the service level agreement (SLA) are fulfilled at the service
termination point. EPL provides symmetric uplink-downlink access. This design provides
both access and infrastructure redundancy at the hub side.
ngena Hub
Customer site
Node 1
XL+
Node 2
Figure 17: Access design XL+
18 Introduction to ngena’s SD-WAN-as-a-Service5.2 D
esign basics and typical use cases
for a SD-WAN-as-a-Service
With the aforementioned access designs, nearby very small branch via IPL or a service office up
all use cases in global networking can be cove- to a branch with higher bandwidth needs and
red. From integration of a single site with existing moderate SLAs.
Internet access (BYOA – ‘Bring Your Own Access’
or generally known as ‘customer owned access’) If a higher SLA in terms of availability is needed,
up to high security and high-performance integra- the access design S with two IPLs can be used. To S
tion of a data center with geo-redundant Ethernet offer high redundancy with a second CPE (with in-
access lines. dividual IPL link) to achieve highest SLA level on a S+
pure IPL based access design, S+ can be chosen.
To create the best solution architecture for M
SD-WAN-as-a-Service, several points need to If QoS is needed due to the criticality of the
be considered. The architectural design of the traffic, the access design M can be used, with one
solution starts with the customer requirements, EPL which enables the QoS, and one IPL. For the
traffic profile and communication dependencies highest SLA level with redundancy on a hybrid M+
of single sites with the entire customer network. EPL/IPL based design, access design M+ with an
The most important questions to consider are: additional CPE can be used.
L
1. Are the corporate applications centralized in a For integration of regional head offices and head-
private Cloud, or is the strategy to use public quarters, the access design L with two EPLs and
Cloud services? two CPEs is used. It provides both access lines
2. Is the corporate application landscape a with QoS, highest performance and highest quali-
mixture of dedicated servers, some in private ty. If additional Internet access is needed or within
network and others in a public Cloud? the same regions, there are a lot of IPL connected L+
3. How to access the Cloud itself, via Internet or sites, access design L+ can be used which offers
with a dedicated access? two additional IPLs.
4. Is the Internet access centralized, per region
or local to achieve best performance when For data centers, access design XL and XL+ can XL
using public Internet? be chosen which provide the high performance
5. How to secure the access to the Internet – and quality, like access design L enhanced
independent for the usage of Cloud services with geo-redundant EPL links with the highest
or web-surfing – via a Security Cloud Provi- resilience. This is always an individual solution as
der, with a local built-in Stateful Firewall or a it needs to be checked, if it is feasible to deliver
combination of local VNFs of a Firewall and the two EPLs for the respective address(es) as
Web-Security? geo-redundant / no single-point-of-failure line.
6. Finally, which SLAs are needed per site, if it Therefore, the access designs XL and XL+ are, XL+
comes to an incident? What is the necessary compared to the access design L and L+, always a
bandwidth? And what is the criticality of the much more complex and cost-intensive solution.
transported traffic, e.g. do we have time-criti-
cal application usage or just typical applica- For enabling local Internet access, all access
tion traffic, such as voice? designs with an IPL can be used, independent of
the fact that IPL is a BB or DIA. Secure Internet
Based on the answers for an enterprise, a suita- access can be provided via an IPSec tunnel to a
ble access design can be chosen. Cloud Security Provider, a local Stateful Firewall,
or a combination of local Stateful Firewall and
XS Access design XS can be chosen for symmetri- Web-Security appliance. For all access designs
cal/asymmetrical bandwidth from 1Mbps up to with EPLs, the regional Internet access with
1Gbps and the IPL type with the corresponding Firewall and Web-Security per ngena hub can
SLAs (you can choose Broadband with best be used. And if the policies do not allow local
effort SLA or DIA with guaranteed service times Internet access at all, even for IPL the regional
and throughput). XS is suitable for connecting a Internet access can be used.
Introduction to ngena’s SD-WAN-as-a-Service 195.3 Summary of access designs
The table below provides an overview of the characteristics of each access
design and serves as a quick guide for different services which can be orde-
red for each access design in the central portal. Further details are available
in the portal.
Use-Case /
Access Design XS S M L XL S+ M- M+ L+ XL+
Public Access
(IPL only) 1 x IPL 2 x IPL 1 x IPL 2 x IPL 1 x IPL 2 x IPL 2 x IPL
Private Access
(EPL only) 1 x EPL 2 x EPL 2 x EPL 1 x EPL 1 x EPL 2 x EPL 2 x EPL
Hybrid Access
(EPL + IPL)
Number of CPEs 1 1 1 2 2 2 1 2 2 2
Access
Redunduncy
EPL Access
Resilience
CPE – vEdge100 –
up to 50Mbps
CPE – vEdge 1000 –
up to 100Mbps
CPE – vEdge 2000 –
up to 1Gbps
SLA Availability (%)* 98.50 98.75 99.50 99.90 99.95 99.00 99.00 99.50 99.90 99.95
Optional BYOA
(for IPL only)
* Values are indicative.
20 Introduction to ngena’s SD-WAN-as-a-Service6 Conclusion
ngena’s SD-WAN-as-a-Service offers a global software development (Dev) with information
SD-WAN from a single source – your trusted local technology operations (Ops) to reduce develop-
service provider that is a member of the ngena ment cycles and guarantee a constant delivery
alliance. This is possible because ngena has of new features such as Value-Added Services
formed an alliance of 20+ leading telecommunica- for Security or Application Optimization based on
tion providers that offer their Ethernet and Internet Virtual Network Functions (VNF).
access in around 200 territories worldwide to give
enterprise customers truly global connectivity. The use of the ngena portal, Virtual Network Func-
tions (VNF) and an end-to-end orchestration now
Along with the strength of the global alliance allows global enterprise networks and services to
comes the power of a global platform and the be rolled out quickly, and with greater flexibility to
ngena portal that enables our alliance partners to change or upgrade services in response to pre-
design, order, set-up, monitor and maintain global vailing business needs. With this, ngena will help
SD-WANs with a click of a mouse. enterprise networks and industry to evolve further
and bring the digital transformation with least ope-
Our engineers are constantly developing SD- rational impact. Let’s bring the change to enterpri-
WAN services using agile processes, combining se WAN with ngena’s SD-WAN-as-a-Service!
Introduction to ngena’s SD-WAN-as-a-Service 217 Abbreviations
BB Broadband
BSS Business Support System
BYOA Bring Your Own Access
DIA Direct Internet Access
DTLS/TLS atagram Transport Layer Security/
D
Transport Layer Security
E2E End-2-End
EPL Ethernet Private Line
IPL Internet Public Line
IPSec Internet Protocol Security
NFV Network Function Virtualization
Overlay A virtual network abstracted from
Network the transport (underlay) network
SaaS Software as a Service
SDN Software-Defined Networking
SD-WAN Software-Defined Wide Area Network
SLA Service Level Agreement
Underlay The transport network over which
Network the SD-WAN service operates. This
could be an access network or core
network.
VNF Virtual Network Function
VPN Virtual Private Network
WAN Wide Area Network
22 Introduction to ngena’s SD-WAN-as-a-ServiceFollow us
linkedin.com/company/ngena
bit.ly/ngena_on_youtube
twitter.com/ngenagmbh
xing.com/companies/ngenagmbh
ngena.net
ngena.net/infokit
Contact us
ngena GmbH
Hahnstrasse 40
60528 Frankfurt Managing Directors
Germany Dr. Marcus Hacke, Alessandro Adriani
info@ngena.net Commercial register
www.ngena.net Amtsgericht Bonn HRB 20074 March 2019You can also read
