What is SD-WAN?
Software-Defined Wide Area Networking (SD-WAN) is a great way to simplify a branch office network and gives optimal application performance by using centrally controlled and managed WAN virtualization.
Compared to a traditional WAN, SD-WAN delivers cost reduction and allows for a more agile Network implementation. SD-WAN has its roots in Software-Defined Networking (SDN), the underlying principle of which is to abstract the network hardware and transport characteristics from the applications that use the network.
Characteristics of Peplink SDWAN
- The device, either virtual or physical, must support more than one WAN source
- The device needs to use all WAN sources simultaneously
- The device must be able to use software to define how those sources are used. For instance, being able to send HTTP traffic over WAN 1 and Voice traffic over WAN 2
- Load balance incoming/outgoing traffic
- Bond all WAN sources between SDWAN appliances
Multiple WANs For Incoming Access
First, it protects from carrier failure, ensuring continuity of services. Additionally, incoming VPNs and SSL traffic can be distributed on all WANs which increases service speeds and reliability for external users. In terms of security, enabling L2TP VPN traffic for employees into the network secures their access allowing them to encrypt their traffic on public networks. Peplink uses L2TP VPNs, which can be enabled on all devices for simplified connectivity for remote workers.
Multiple WANs helps outbound security and reliability by distributing outgoing communications over all circuits. Further, you can use DNS services like WebTitan with Peplink’s built in DNS proxy to prevent users from defining their own DNS provider and bypassing DNS based security. Peplink routers also have subscription free content blocking. When you combine that with a good default deny policy on the firewall, we can reduce unwanted outgoing traffic. Additionally, using multiple WANs makes it more difficult for an attacker to listen to your traffic as standard load balanced sessions are split among all available WANs reducing your attack surface. Adding bonding to your solution makes it even better.
Increases Reliability and Security While Reducing Costs
Bonding increases reliability and security while reducing costs by encrypting all WANs, splitting traffic over those WANs, and centralizing your security architecture. If you previously thought a VPN was secure, imagine a VPN that splits the data over several WANs. Basically, only a small piece of each 256bit AES encrypted packet flows through each WAN, that sounds secure to me.
For added security, when setting up remote sites, with Peplink SpeedFusion VPN, we set “deny all in / deny all out” as their default firewall rule. You might ask, “What about next gen firewall?” We can setup any firewall at your central site to be the default route for all internet-based traffic. Now you have a single, easy to monitor point of entry and exit. By centralizing your firewall, either at a corporate headquarters or in the cloud, you can easily manage total security in your organization.
Security and Reliability are accomplished by:
- Using Peplink routers with multiple WANs which will protect your business from WAN failures and add multiple outbound and inbound paths.
- Adding bonding which allows VPN traffic to be encrypted with 256bit AES and adds packet distribution over all available WANs.
- Bonding for session persistence over all WANs for unbreakable communications.
- When combined with centralized security, Bonding, allows remote sites to enforce a deny all in and out to minimize attack surface.
- Bonding with centralized security provides a single point of entry and exit which is easier to monitor and secure with a single appliance.
Typically, a multisite company might implement technologies like MPLS or P2P ethernet to achieve accessibility between sites. The issue with these solutions is communication and reliability are limited to a single carrier. That carrier is marking up the cost of the circuit exponentially. For the same price as a 5mbps MPLS, most companies can get a 30mbps commodity circuit. When you compare the costs of MPLS/Leased/P2P connections to the cost of quality internet, the cost of quality internet is significantly less.
Also, by opting for multiple internet connections, you have carrier redundancy and more power to control your costs. Additionally, centralizing security leaves you with one next gen appliance with one subscription, and a simplified network design. This allows for lower TCO and simplified management with increased reliability.
MPLS REPLACEMENT COST SAVINGS
- Lowering individual circuit costs by replacing managed circuits with commonly available ones.
- Using Peplink SpeedFusion VPN to create and manage your own site to site WAN network.
- Replacing MPLS/P2P and IPSec and their expensive hardware and service fees.
- Eliminating expensive service contracts.
- Reducing management overhead.
- Taking ownership of your network allowing you to leverage discounts from carriers for lower costs and increased speeds as new option are available.
- Adding bonding with centralized security. You’ll simplify hardware and reduce the cost of expensive firewall subscriptions.
Drop In Mode
Drop In Mode is Peplink’s transparent/bridging mode that allows you to seamlessly slot your Peplink into an existing network without having to change configuration on your existing devices.
When operating, the Peplink forwards traffic between the LAN and the Drop-in Mode WAN without performing any IP address translation/bridging the network. The original firewall/NAT’ing device won’t need any additional configuration/any change in the external IP addresses to work since it’s still on the same network as before.
The SD-WAN Ecosystem
Balance Router Series
MAX Router Series
Transit Router Series
Next Gen Modular Routers
First Net Routers
Switch and APs
They complete the ecosystem!.
Manages the System
Speak Peak: SD WAN Controller
WEST NETWORKS-SDWAN EXPERTS
Are you interested in SDWAN, Bonding, Centralized Security, and saving your organization money? Let us conduct a review and show you the ROI for upgrading your network. We provide engineering, proof of concept, pilot, and full global deployments of SDWAN.
The Peplink SD -WAN Advantage
- In-Control – cloud based device management, monitoring and reporting system. This helps to reduce the complexity of managing and provisioning devices and secure WAN deployment for enterprise class branch networking.
- FusionHub – virtual SpeedFusion appliance from Peplink. Allows you to enable SpeedFusion at your cloud to securely connect your branch locations. FusionHub runs on many mainstream virtual machines software and hosting providers including Amazon Web Services, VMWare, Citrix, XenServer, Oracle VirtualBox, and Microsoft Hyper-V.
- WAN Virtualization – WAN virtualization and the intelligent use of multiple WAN links at the same time to increase reliability and bandwidth whilst reducing costs. Includes two key WAN virtualization technologies, intelligent load balancing for internet access and SpeedFusion VPN Bonding for secure branch to branch connectivity.
Vast Array of Mobile Products
- You’re able to do more with Peplink SD-WAN, such as fixed branch and datacenter connectivity as well as mobile, outdoor, and body worn applications too.
- Provide an extended WAN for your enterprise, company vehicles, mobile command and emergency vehicles, temporary locations without fixed connectivity, all monitored, managed and controlled centrally and capable of using multiple WAN links at the same time.
- X Series – Ultimate connectivity with optimal performance
- MAX HD Series – Mission-critical connectivity
- Balance Series (Enterprise) – stays connected even if a WAN link breaks