SD-WAN deployment pitfalls: How to avoid five common challenges

Changing the network architecture is a vital task, and the entire process can be divided into three stages: planning, deployment verification, and operational insight. Here are five common challenges that can go wrong during deployment and operations.

 

As organizations accelerate their cloud adoption and digital transformation plans, they begin to realize that traditional network architectures cannot handle the resulting complex and huge workloads. This in turn promotes the growth of flexible and powerful SD-WAN deployments, and analysts predict that the SD-WAN market will grow to more than $8.4 billion by 2025.

 

Changing the network architecture is a vital task, and the entire process can be divided into three stages: planning, deployment verification, and operational insight.

 

The planning phase is fairly simple, but requires caution: service performance parameters need to be benchmarked across end users, applications, networks, and multi-cloud services. Common requirements at this stage include inventorying and locating all internal applications, cataloging SaaS and IaaS applications, and appropriately adjusting the scale of MPLS and Internet connections to accommodate expected traffic. There are some tools on the market that can help the NetOps team do all this work, because manual operations are almost impossible.

 

Once the planning is completed, the actual deployment and operation begin, and this stage is also the most error-prone stage. The deployment phase allows visualization of application performance, traffic segmentation, DSCP, and SD-WAN policies for service provider tunnels, as well as verification and monitoring of end-to-end application performance behavior.

 

In this process, NetOps can also use bandwidth consumption, QoS marking, and SD-WAN policy verification to isolate the problem and find the root cause to quickly solve the problem. The final stage implements deployment through visual analysis, custom dashboards, alerts, reports, and rapid troubleshooting required to properly manage SD-WAN.

 

Here are five common challenges that can go wrong during deployment and operations.

  

Technology patchwork & hodgepodge

For more than two decades, MPLS and Internet connections have been part of the enterprise WAN, which has led to a hodgepodge of new and old commands and technologies. This may include statically constructed tunnels, open ports, forgotten network devices, etc. All these undocumented changes may expose the organization to migration risks.

It is important to realize that some undocumented changes may be missed during the deployment process. This is where baseline planning before and after migration and good visibility tools are essential to identify traffic patterns and collect the necessary analysis to determine the integrity after migration.

 

Poor application performance after migration

Prior to stress testing the network, configuration or policy issues usually do not appear. This makes verification a key process during SD-WAN deployment. A good NPMD platform is essential for visualizing before and after patterns.

 

For example, after a successful SD-WAN migration, file sharing performance may be significantly reduced. This is because file sharing traffic was previously accelerated by edge routers on MPLS connections. When it is downgraded to a standard Internet circuit and its priority is cancelled At times, problems such as pauses may occur, and the verification process can help quickly deal with such problems. In order to find problems quickly, a tool that can provide a complete end-to-end view of the SD-WAN overlay and transmission bottom layer is needed.

 

Unable to verify path selection

SD-WAN relies on path selection, but it is difficult to verify that the strategy is working as expected. It is necessary to use site-to-site traffic analysis tools to identify and verify the final path selection over time, and to visualize when a different transmission method is selected (and which traffic strategy determines the behavior).

 

Service provider connections proliferate

Operationally, one of the biggest challenges facing SD-WAN migration may be the sudden proliferation of managed service providers. With SD-WAN, each remote site can have its own ISP (including SLA).

More complicated is that although the virtual overlay looks good, the physical bottom layer is likely to hide a lot of problematic links and real problems. Therefore, it is important to ensure that the tools used provide appropriate visibility (preferably for each application, each site, and each ISP) to determine the performance of each ISP, and to analyze and isolate specific issues in depth. One point is very important. The indicators to be monitored include packet loss, delay, jitter, and WAN capacity utilization.

 

Security policy changes

Inevitably, the new SD-WAN requires a different security strategy from traditional networks. For example, SD-WAN allows encryption when traffic moves from one site to another, and allows network segmentation for layered protection. Therefore, everything from employee and visitor access, to the creation of a DMZ, to Internet access, to the construction of site-to-site connections, all things may need to be reviewed. In addition, it is also very important to ensure that audit data is captured and policy verification is performed to ensure that the network operates in accordance with the expected security (and performance).

 

If deployed and managed properly, SD-WAN can bring unquestionable value to the organization. Understanding these stumbling blocks on the road to deployment and using appropriate tools to help avoid these challenges is the key to success.