Make Networking Great Again? Sure, I’m with SD-WAN
He’s old, clunky, verbose, and makes absolutely no sense in today’s world. She’s intelligent, revolutionary, modern, and equipped to handle the complex fabric of today’s eco-system.
I’m referring to the old CLI-based versus the modern SD-WAN way of networking, of course. What did you think?
Enterprises are changing. And so are their business needs. Gone are the days when different office locations were connected to each other singularly via MPLS with access to the Internet only from the headquarters.
Today’s enterprise is not just global, but also cloud-connected from every site. Every employee in every location needs to instantly connect to both the private and public clouds. The WAN has transformed from being rigid MPLS links to a flexible fabric often woven using a combination of MPLS, broadband Internet and/ or LTE connections. User are global more connected than ever.
Here’s an example. Let’s say you, as a network engineer, want to connect two office locations securely via an IPSec VPN tunnel. There’s different ways to do this but here’s one common way it is done.
First, you have to establish Security Associations (SAs) between the end routers at both locations. So after logging into the console of the router in the first office location, you create an ISAKMP Phase 1 Policy with its encryption protocol, and authentication mechanism.
You know you should be setting up your router to generate RSA key pairs, and then configure a Certificate of Authority server on it. But you skip that step knowing you might compromise on security and decide to go with the common examples for pre-shared keys instead (cisco123 seems like as good of a key as any).
Step one done. You’re feeling pretty good.
Then, to create the actual IPSec tunnel, you know to define an access-list to allow the kinds of traffic to pass through it. You define the source and destination network addresses, but are a bit weary since you know these might change. Also, the thought of cloud connectivity crosses your mind about here. You shudder, and decide to ignore it for now and move on.
With a slightly weakened confidence, you then define a transform-set with the encryption and hash algorithms (this time for the actual tunnel traffic). You know you’re almost there so you carefully design a crypto-map (with the peer router address, transform-set, and access-list matched) and then (finally!) assign it to an interface on your router. Done!
Well, almost. You know you have to repeat the same process for the other (peer) router.
Then, after a silent prayer, you hold your breath, and ping from one router to the other. At this point, there are two outcomes.
One, the ping fails. In this case, you rack your brain on which line in this long verbose process you had the butter-finger-syndrome.
Or, two, it works. After a brief Eureka! moment, you remind yourself you still have many more tunnels to configure to cover all your office locations. Your enterprise has 100 locations, so that’s only… err… 450 tunnels to create!
Okay, if that sounded complicated, it’s because it is. If that sounded unreal, it’s actually not. Most networks even today have to be configured by network professionals who spend days, if not weeks configuring just this. Entering ever single step of this verbose process carefully and correctly on a command-line interface is a herculean task. And if connectivity has to be extended to the cloud, it doesn’t get any easier.
This process is outdated, and makes no sense for today’s global and cloud-connected enterprise.
Riverbed’s software-defined WAN (SD-WAN) solution—SteelConnect—provides an intelligent and intuitive approach to designing, deploying and managing distributed networks for today’s hybrid enterprise.
With SteelConnect as you configure and provision your sites in a matter of minutes, a secure full-mesh VPN topology is automatically created by the SD-WAN intelligence built into SteelConnect. There is no need to manually configure every tunnel on every router. The cloud console allows you to orchestrate your entire network from a single pane of glass. With SteelConnect you can also centrally manage a unified connectivity fabric across WANs, remote office LANs and also cloud networks.
This means that all that cost and time associated with configuring VPN tunnels across all your sites laboriously, can now be completely eliminated by the automation provided by SteelConnect.
Also, SteelConnect automates all of the networking associated with the connectivity required to extend your network to the Amazon (AWS) cloud. This not only drastically reduces deployment times and costs but also eases management and provides complete visibility into your entire global network.
Let’s make networking great again… in a smart way. See how Riverbed can help your organization in your path to digital transformation in a cloud-centric world. #ImWithRiverbed