Blog :: Network Operations

Monitoring SD-WAN Traffic with NetFlow

scottr sd wan

Many businesses have, or are thinking about replacing their MPLS network infrastructure with Software-Defined Wide Area Networks (SD-WAN). They want more flexible, open, cloud-based, and cheaper WAN technologies. SD-WAN can provide this. In this blog I’ll talk about the two technologies, why we’re seeing an SD-WAN trend, and the benefits of taking advantage of advanced methods of monitoring SD-WAN traffic.

Monitoring SD-WAN Traffic

What are the advantages of SD-WAN?

Perhaps the greatest benefit of SD-WAN is the cost factor. Both internet broadband and 4G LTE are much less expensive than MPLS in most cases. Other benefits of SD-WAN include enhanced global availability, visibility, scalability, control, and performance. SD-WAN is easy and quick to implement, and you can easily add or reduce bandwidth as required. Unlike MPLS, you upgrade by adding new links—generally without changes to the infrastructure or network needed. SD-WANs do not need to rely exclusively on private MPLS services. Instead, they connect branches through any type of data service, including DSL, cable, LTE, and even MPLS.

What are the disadvantages of SD-WAN?

Reliability is the main question mark hovering over SD-WAN. MPLS networks typically offer highly reliable packet delivery. On the other hand, when using SD-WAN, internet uplinks can occasionally fail.

SD-WAN can actually improve packet delivery across the internet and any network on a number of levels. Many customers chose to run their WAN over multiple internet links from different providers. Packet loss gets measured across each of the internet links, so if we see a link is having issues with packet loss, we can automatically route traffic down the link with less loss.

Why are companies switching from MPLS to SD-WAN?

MPLS networks typically deliver packets reliably, even though the MPLS networks themselves are a shared infrastructure. Many MPLS providers also have a service level agreement (SLA) in the contract that is based the percentage of packets they may drop in a given period. This level of service using a high-bandwidth MPLS is usually pricey.

As an unmanaged network, internet connections come with no such SLA and therefore provide no guarantee on how much packet loss you may experience in a given period. Using SD-WAN, however, your company can use multiple high-bandwidth, inexpensive internet connections simultaneously. By aggregating multiple connections, your company will experience fast internet speed at a low cost. You gain seamless circuit redundancy for your WAN across multiple circuit types and service provider networks. Low-priority traffic can be throttled on the fly, and if you have multiple ISP connections, always send your priority traffic across the internet circuit with the fastest route.

Cloud-enabled SD-WAN solutions are also great if your company is using many applications hosted in the cloud. Your on-site SD-WAN box sends your traffic to a cloud gateway, which then connects you to your cloud applications and keeps your cloud sessions running, even while it reconnects you to a better circuit. You connect directly to your cloud provider as opposed to having to continue traversing the public internet to reach them. This means less latency, packet loss, and jitter, which equates to a better user experience with your company’s cloud applications.

What kind of visibility is important when it comes to monitoring SD WAN traffic?

As the transition to SD-WAN goes forward, many network administrators find that they are somewhat blind when it comes to SD-WAN performance reporting. They can see traffic, but cannot confirm that the SD-WAN architecture is working when an event occurs. They cannot confirm which applications, which users, or which network traffic flow in particular is impacted.

By collecting NetFlow/IPFIX and metadata, the network administrator gains insight into not only how much traffic is traversing any interface on the network, but they can determine based on policy change what alternate paths are taken, including the when, the how much, and the why.

Administrators can report/filter to find information like WAN usage, latency, jitter,  packet loss, number of connections, and so forth, for a particular user, host, branch, or application. This allows not only for troubleshooting problems within the network, but also to develop insights into usage patterns, identify cyclic trends, and thus make informed decisions regarding future upgrades.

Answering the question, “Should I use SD-WAN or MPLS?” is complicated—and it really depends on what environment you are working in and the specific needs of your business. Either way you decide to go, you will need to understand the performance metrics that make up the network traffic. Contact our support team if you want to learn more about these monitoring integrations or need help with configurations.