Network virtualization is changing the rules of how services are delivered. Network applications can now be delivered to the cloud, data center, or at the edge from a central location and through different connections.
SD-WAN is one of those virtualization (software-based) technologies capable of delivering virtualized resources to the WAN, whether connections are broadband or private. uCPEs are critical to the evolution of SD-WAN, as they can run virtualized network functions, including SD-WAN at the edge, and connect multiple links together.
Organizations with distributed branch offices are having difficulty installing and maintaining WAN implementations. Current WAN technologies are complicated, expensive, and rigid. For example, when provisioning a network service to a branch office, organizations require a new CE (Customer Edge) to be sent to the branch office, plus new lines, configuration, and synchronization with PEs (Provider Edge), and of course, the presence of a technician. The expenses end up being relatively high.
We will be reviewing a uCPE-based SD-WAN solution that helps resolve most of these challenges. Lanner’s NCA-1515 and NCA-2510 are white box uCPEs that have been designed to run SD-WAN and SD-Security functions. FW-7525 is a desktop x86 network platform, and NCA-2510 is a virtualization-optimized network appliance. Both appliances run as uCPE, SD-WAN, and can also be used as uCPE gateways (controllers).
Multi-site organizations of all sizes, retailers, telcos, school systems, universities, and other distributed companies, operate using branch networks. Each of these distributed sites has the same (or similar) requirements regarding services, connectivity, security, and access to cloud services.
To connect these remote offices, organizations need to have a tremendous amount of infrastructure, from WAN optimizers, routers, firewalls, load balancers, etc., each deployed in each branch. Plus, their type of access to the cloud and headquarters is usually not the same. Some offices might be only able to connect to mobile broadband, others to fiber.
Below are the most common challenges when connecting branch offices with headquarters via traditional WAN:
- WAN infrastructure is expensive and complicated. Delivering resources over WAN technologies like MPLS, VPN via the Internet, or leased lines can grow costly and complex. Installing new lines takes time, especially for technologies like MPLS. Plus, maintaining them requires resources and a high level of expertise.
- Unscalable and Inflexible Technology. Current WAN technologies are too rigid. A distributed organization with WAN infrastructure will have difficulty scaling up (or down) their communications on demand. When provisioning bandwidth-intensive applications with special requirements like streaming video and audio, the bandwidth is often over-provisioned. Traditional WAN routing protocols can’t allocate special needs efficiently, so they end up overprovisioning more bandwidth than necessary.
- Latency and Performance Issues. The hub-and-spoke design of MPLS networks requires all traffic to be backhauled to the data center. Even if traffic may be destined to a location nearby, it has to take a longer road towards the data center, adding up latency and hurting performance.
- Unstable and Dependable Networks. Replacing failed or legacy WAN equipment requires resources. To replace infrastructure, personnel needs to be on-site, and consume time and money. The branch office is also likely to be out-of-service for some time, leading to a loss of employee productivity and customer service.
uCPE-Based SD-WAN Solution
In response to the branch networking challenges, distributed organizations are starting to turn to SD-WAN— a more efficient and cost-effective way to connect their branches. SD-WAN allows these organizations to use a combination of access technologies per branch and manage services from a central platform.
The MEF forum has given a precise definition of an SD-WAN architecture: “SD-WAN consists of an SD-WAN Edge, SD-WAN Controller, and SD-WAN Orchestrator.”
- The SD-WAN Edge is the CPE appliance or VNF server running in the branch or data center.
- The SD-WAN Controller manages all edge devices or CPEs. The uCPE controller establishes and forwards control traffic for all branches.
- The SD-WAN Orchestrator is used to define and manage centralized policies.
The SD-WAN Edge: uCPEs
What is a uCPE? The universal Customer Premises Equipment (uCPE) brings network virtualization to the edge. It is a general-purpose “white box” appliance developed for SDN and NFVs. Fixed functions CPEs are now being replaced by uCPEs. The uCPE allows using a single platform for different functions such as routing, VPN, firewall, IPS/IDS, and of course, SD-WAN.
A uCPE can be deployed at the customer’s premises (branch), at the data center, or at a provider’s network edge. uCPEs are sometimes deployed in hybrid environments, where existing WAN infrastructure is already working. uCPEs could also be used as complete replacements for a branch’s hardware.
How does a uCPE work in an SD-Branch? And what is its relationship with SD-WAN?
The uCPE can run the SD-WAN virtualization function at the edge. It performs the SD-Branch or SD-WAN Edge function. The uCPE is synchronized and managed directly from the cloud and orchestrated by uCPE controllers. Some of these next-generation virtualization uCPE appliances are optimized for the SD-WAN edge.
Lanner’s White box Solution: uCPEs
Lanner’s white-box uCPE solutions have been explicitly built to run SD-WAN and SD-Security functions.
The NCA-1515 is a desktop network appliance (uCPE) ready for virtualization. It may run SD-WAN virtualization functions, among other functions.
The NCA-1515 uCPE comes with six GB Ethernet (RJ45) and two SFP for optical interfaces. Additionally, NCA-1515 can be expanded to support LTE and WiFi, and it is ready for 5G and WiFi 6 (802.11ax). The device is powered by Intel Atom® C3000 ranging from 2-16 cores. It features Intel® QuickAssist Technology to provide cryptographic acceleration and commercial-grade LAN functions.
The NCA-2510 is a virtualization-optimized network appliance built for vCPE, uCPE, SD-WAN, and SD-Security. NCA-2510 can be deployed on-premises (branch, edge, or headquarters) and receive network functions SD-WAN on demand. The NCA-2510 can also act as a uCPE (SD-WAN) controller to manage branch uCPEs.
The NCA-2510 comes with Intel Atom® C3958, C3758, or C3558 CPU (codenamed Denverton). It offers up to 16 cores of processing prowess (that means more VNFs) and support for SR-IOV and AES-NI for more VMs and I/O workloads. Its 10G interface for SFP+ provides higher virtualized throughput.
Although NCA-1515 and NCA-2510 uCPEs are built for network virtualization and optimized for SD-WAN, they are also NFVi-ready. SD-WAN can also be integrated from a virtual (edge device) using NFVi (NFV infrastructure). NFV technology is driving a lot of change, especially for SD-WANs. NFVs and NFVis can be managed and orchestrated from the cloud.
The following are the most common benefits of using the uCPE-based SD-WAN solution:
- Faster and Easier Service Provisioning
Setting up new services for customers or branch offices can be accelerated. Entirely virtual network appliances deployed at the branch allow zero-touch provisioning. A new network appliance (uCPE) can be installed at branch offices without a technician or someone having to configure it locally. The uCPE is sent, and personnel at the branch only need to turn it on and connect it to the network. The uCPE should connect to the cloud (SDWAN) network automatically. The NFV (SD-WAN) orchestrator also authenticates the new branch via the uCPE.
- Centralized Control
All branches at the SD-WAN edge, including their functions and configurations, can be managed from a central location. Since all intelligence is abstracted from hardware and software and deployed into a virtual overlay network, the network (and its traffic) can be managed centrally. Having centralized management allows faster changes and deployments.
- Improve Security
An SD-WAN edge appliance or uCPE acts as the gateway to another network of SD-WAN. It also provides direct connectivity to cloud-based services from the branch. All these connections between sites and the cloud in the SD-WAN are encrypted, just like a VPN. The uCPE-based SD-WAN solution provides a similar work-from-home implementation as VPNs, which are point-to-point connections. But SD-WAN is quicker, easier to implement, and connects entire networks.
- Avoid Vendor Lock-ins
When uCPE is virtualized, it can be turned into anything. With SD-WAN, many virtualization functions like routing schemes, SD-WANs, firewalls, load balancers, etc., can be deployed and managed by a provider remotely. This allows organizations freedom to use a variety of vendors.
- Create New Opportunities
The uCPE-based SD-WAN solution helps to reduce CAPEX and OPEX substantially. SD-WAN does not require the same infrastructure and expertise as traditional WAN technologies, so the initial capital investment to interconnect branches is much lower. uCPE also allows providers to ignite new services and revenue from brand new NFV software or platforms. Additionally, SD-WAN can be an excellent solution for demanding applications like Telemedicine.