Building network automation solutions

9 module online course

Start now!

SD-WAN: A Service Provider Perspective

A reader of my blog was “blessed” with hands-on experience with SD-WAN offered by large service providers. Based on that experience he sent me his views on whether that makes sense. Enjoy ;)


We all have less-than-stellar opinion on service providers and their offerings. Its well known that those services are expensive and usually lacking quality, experience, or simply, knowledge. This applies to regular MPLS/BGP techniques as to - currently, the new challenge - SD-WAN.

The fact that SD-WAN (regardless of the vendor) is -mainly- aimed at enterprises over-complicates the design, deployment and management (whole design life-cycle) when a provider is responsible for it. Processes that would be already complex for an enterprise customer itself, like network discovery, eliciting the right questions to find requirements, and ultimately translate those inputs into policies for SD-WAN (being data/control/routing, etc.), gets exponentially difficult when a provider posses as a man-in-the-middle. Communication and political discussions are the order or the day, everyday.

Depending on the agreement in the contract, the SD-WAN solution may/may not be upgraded from version to version till approved by the customer; or even worse, it may be upgraded by the provider without notice and bugs would appear. Being feature-rich and immature may also turn the solution into a time bomb (note that some SD-WAN solutions don’t allow you to downgrade, only upgrade). New features are implemented in the new version, the old one works well, but customer wants the new one. Upgrade process occurs, and the anticipated feature works, but suddenly your IPsec tunnels are brought down, or the throughput goes to the floor, or devices suddenly crash due to kernel panic. The volatility caused by the lack of maturity is also a major drawback. And the fact that you might not be able to return to the previously stable version makes it even worse.

Add on top that many vendors do not offer in-depth training about their products (I would love to be corrected), people mostly get marketing information with shiny PPT slides offering the networking equivalent to panacea in all possible realms: security, application aware routing, flexibility, automation and orchestration, and similar buzzwords you hear every day. Engineers supporting those customers are also learning, sometimes on their own, sometimes they all get together to find one answer that might or might not be in the documentation of the specific vendor. So, we are back to square one: lack of knowledge, complex and expensive service offering and lack of direct control over your policies and routing, which was supposed to be fixed by the new solution.

Once again, we managed to add another level of indirection. Now, the result of all this are even higher political discussions raised to the VP level in many organizations and a bunch of meaningless escalations because nobody bothered to guarantee proper training and was shortsighted or even blinded, by the radiance of the dollar signs and the fast-to-market promises that agile and similar disciplines offered.

SD-WAN are already complex solutions, simplifying the visualization of complexity (hiding/abstracting it) with cute GUIs and similar views, but they give this false/wrong feeling of simplicity. Many customers or providers are not ready to automate/orchestrate them, or even to manage them, and yet, these are key points to sell them. A complete paradox.

Add comment
Sidebar