Software-Defined SD-WAN:
SD-WAN Analogy:
Consider the analogy of traveling by car. Prior to the emergence of navigation software such as Google Maps, for the travel from Manchester to London, a paper road map was typically used to identify the best route. If there was road closure or delay along the route, the driver would be forced to find an alternative route based on limited information. This is the way WAN routers operate in a traditional WAN network. Each router makes its own autonomous decisions about how to route the packets, based on a limited view of the topology around it.
Now compare this approach to today's road navigation with GPS. Navigation software such as Google Maps can help a driver to avoid road closures, accidents, travel delays, and inefficient routes. This is possible because the navigation software relies on satellites in the sky that have a real-time sophisticated view of the road network. With SD-WAN, edge routers can now rely on the centralized control/management plane for auxiliary information on how to forward the traffic. In the same way, as the GPS helps drivers avoid travel delays, SD-WAN helps routers avoid jitter, packet loss, and latency in the network.
Introduction to SD-WAN:
The comprehensive Multi-Connection WAN solution is called SD-WAN. It can be said that it replaces everything. SD-WAN is a virtual interface that consists of a group of member interfaces (minimum one, maximum 255) that can be connected to different types of lines. Configuration is simplified because we set one group of routes and FW policies. Where we use the SD-WAN interface, it automatically applies to all interfaces that are members of the SD-WAN. We can use various load balancing algorithms to route traffic to individual lines. For example, according to bandwidth usage or the number of sessions. We can create only one SD-WAN interface within VDOM. We can create a maximum of 4000 SD-WAN rules and line health monitors. Interfaces that we want to include in the SD-WAN must not be used in most configurations otherwise they cannot be included.
SD-WAN is a Software-Defined approach to managing the Wide-Area Networks (WAN). It consolidates the physical transport connections, or underlays, and monitors and load-balances traffic across the links. Health checks and SD-WAN rules define the expected performance and business priorities, allowing the FortiGate to automatically and intelligently route traffic based on the application, Internet Service, or health of a particular connection. SD-WAN, or Software-Defined Wide-Area Networking, is a method for using software to build Wide-Area Networks easily. The Configurations and access methods are controlled easily and applied to all sites and also removing the requirement to manual administer each WAN device individually. The top benefits of SD-WAN are its higher capacity bandwidth, centralized management, network visibility, multiple connection types.
SD-WAN Zones:
SD-WAN is divided into zones. SD-WAN member interfaces are assigned to zones, and zones are used in policies, Static Routes, and SD-WAN rules. You can define multiple zones to group SD-WAN interfaces together, allowing logical groupings for overlay and underlay interfaces. Zones are used in firewall policies, as source and destination interfaces, to allow for more granular control. SD-WAN members cannot be used directly in policies. When configuring a static route, the SDWAN-Zone variable has replaced the SDWAN variable.
You can divide SD-WAN interface into smaller or larger groups called SD-WAN zones, you can use these SD-WAN zones in firewall policies to allow you to have more granular control over traffic being inspected and allowed. Multiple SD-WAN zones can be created for SD-WAN members, by default, FortiGate Firewall has the Virtual WAN Link zone created. However, SD-WAN members cannot be shared between multiple zones.
SD-WAN Advantages:
SD-WAN is a way to remove high cost, low speed connections from your locations and replace them with lower cost, higher speed connections. SD-WAN gives you flexibility of choosing any provider that can give you public Internet connection and create a secure connection on it. Save money and get more for it, what else can you ask for.
SD-WAN is a cost-effective alternative to WAN infrastructure that improves speed and branch uptime through public network broadband. SD-WAN allows remote sites to connect more easily to networks, data centers, and/or multiple-clouds with lower latency, better performance, and more reliable connectivity. SD-WAN allows remote sites to connect more easily to networks, data centers, and/or multiple-clouds with lower latency, better performance, and more reliable connectivity.
SD-WAN Members:
SD-WAN members are also called interfaces, SD-WAN members are the ports and interfaces that are used to run traffic. At least one interface must be configured for SD-WAN to function and work. Interfaces use to steer traffic can be physical or logical which is organized in zones. Members also known as links are existing physical or logical FortiOS interfaces that you select to be part of SD-WAN. The interfaces are then used to steer traffic based on the SD-WAN rules configured. When you configure a member in SD-WAN, you must assign it to a zone.