Global SD/WAN

Overview

Unitedgrids consultant played a key role in designing and implementing global SD-WAN solution for German Engineering household brand name that describe themselves as “a German multinational conglomerate company headquartered in Munich and the largest industrial manufacturing company in Europe with branch offices abroad”

Unitedgrids consultant acting as the Lead consultant on the project was instrumental in decision making for the preferred SD-WAN vendor.  The selection process was carried out during two separate Proof of Concepts, Piloting selected vendors across 12 sites located across four different continents.  After the selection the finalised SD/WAN solution was rolled out across 1496 customer sites. The sites are located in North and South America, Europe, Middle-East, Africa, China, Russia, South Asia (India and neighbouring countries), Far East Asia and Australia. Deploying a complex overlay technology such as SD/WAN to so many regions and countries presented numerous challenges ranging from infrastructure through the regulatory.

Requirements

In summarising the drivers behind the project, the company CTO famously provided the tag line of “Double the bandwidth for half the cost”. A succinct statement of a list of complex requirements that included:

  • Internet as backbone
  • Zero Touch provisioning
  • Local Breakout (Zscaler Cloud Proxy)
  • Local Breakout (Zscaler Cloud Firewall)
  • Application Visibility
  • Application Steering
  • Redundant hardware on site
  • Up to 9 Different site Types design
  • End to End Encryption
  • Integration with Legacy Network and migration
Challenges

The project was very challenging, not only because of the size but also from complexities. Some of the key challenges we faced are listed below:

  • Developing technology (Hardware & software issues,technology limitations)
  • Use of ZTP (Zero Touch Deployment) to enable fast migration schedule
  • Unreliable Internet infrastructure in developing worlds
  • Regulatory restrictions in specific countries (Russia, China tec)
  • Speed limitations with Cloud Proxy solution
  • Use of optimal transport technology (MPLS or Internet) for specific business applications.
  • Identify optimal SD-WAN AAR (Application Aware Routing) policy to define routing of business-critical application using appropriate SLA
What we did.
  • Two separate PoC to demonstrate functions and capabilities of SD-WAN Solution by Cisco and Juniper
  • Pilot of Cisco SD-WAN solution for 12 sites located across 7 countries spanning North America, South America, Europe, Australia and Asia
  • Define 6 different site categories (A, B, C, D,E and F) each with subcategories for different circuits and connectivity options. For example, Category AA, with Dual vEdges each connected to a MPLS and Internet circuits. Category E with a single vEdge connected to two Internet broadband circuits: one Business broadband circuit and the other one  consumer broadband circuit.
  • Define SLA for path performance monitoring and integrated then with SD-WAN AAR Policy
  • SD-WAN Solution compliant with regulations in China using SD-WAN overlay tunnel over the Internet
  • Geographical grouping of sites based on continents in ‘SD-WAN regions’ interconnected using MPLS backbone
  • Full mesh connectivity inside a ‘SD-WAN region with separation of ‘private’ and ‘public’ colors
  • Internet cloud proxy (ZScaler) integration with vEdge at remote sites for LBO (Local Break Out) solution for the Internet bound traffic.
  • Design documentation including High Level Design (HLD), Low Level Design (LLD), Site Specific Design (SSD), Configuration templates for various site types on vManage, software policy, AAR Policy documentation, Migration Plan, Site Test plan and other template documents (SRT, CMDB, SRF,  ect)
Technology involved.
  • Cisco SD-WAN Solution running 17.2.3 software (later upgraded to 18.3.5 and 19.2.3)
  • Cisco SD-WAN vEdge 100, vEdge 1000, vEdge 2000 and vEdge 5000
  • Zscaler Cloud Proxy and cloud firewall
Benefits.

The client was looking for some major improvements in performance, productivity, and cost savings. They were also wanted to insure the implementation provided a high level of future proving and adaptability. Some of the key tangible benefits are detailed below.

Security

  • Cloud based proxy solution enable customers to do away from complicated PAC file management
  • Centralised administration and enforcement of Internet policy based on country and regions.
  • Use of ZBFW (Zone based Firewall) and Transport side (VPN 0) to Service Side (VPN1 onwards) at remote site vEdge to provide  protection from INternet based threat.

Costs

  • Reduction in cost by replacing MPLS circuits with business grade Internet circuits
  • Use of vEdge hardware instead of Cisco ISR/ASR routers reducing cost for WAN hardware

Productivity

  • New SD-WAN Solution provided visibility of Applications utilising WAN connectivity, using policy we were able to steer application to appropriate underlay. For cloud application, we were able to route traffic to the Internet using local breakout solution, thus improving application Application response time enhancing user experience.
  • Vastly Improved throughput of data increased the productivity in the clients operation doing more, more quickly.

Flexibility & Agility

  • Ability to get new sites up and running using ZTP solution allows flexible site deployment
  • Ability to get a new site location up quickly using a 4G or Internet broadband connection. This allow for a site to be operational while an .

Risk Management

  • Improved resilience has reduced the risk of any down time and allowed the client to improve its internal SLA’s within the business..
  • Improved security management and resilience has provided the client to fully comply with compliance and governance requirements.
Engineering Level Used.
  • Viptela Certified Engineer (VCIE)
  • Cisco CCIE Switch & Routing