In the first three blogs in our “Insights into MEF’s SD-WAN Standard” series (Overview, Technical approach, and Application security project) — we explored the industry’s first SD-WAN services standard, produced by MEF (MEF 70).
Recognizing that a new standard’s value is directly proportional to the degree it is adopted, MEF has devoted significant effort towards that end. Leveraging a particularly effective page from MEF’s flagship standards platform, Carrier Ethernet, MEF embarked upon a comprehensive SD-WAN certification program from the outset.
The MEF Certification Program, now in its third generation, is widely acknowledged as integral to the success of Carrier Ethernet, fueling a multibillion dollar market with pervasive deployment throughout the wireline and mobility infrastructure. At the end of 2019, MEF had certified over 300 services from over 100 service providers. The full list is included in the MEF Services Certification Registry on the MEF public site.
What is certification?
At MEF’s annual event, MEF19, in November 2019 MEF introduced the SD-WAN Certification Program, which enables SD-WAN managed service providers (MSP) along with SD-WAN product vendors to certify conformance to the MEF 70 standard. MEF selected Spirent Communications as their Authorized Certification and Test Partner (ACTP) to codevelop and perform the certification testing.
In January 2020, MEF published the MEF SD-WAN Certification Test Requirements (MEF 90 Draft Standard). This specifies a list of functional requirements deemed testable in the MEF 70 standard. The target SD-WAN certification testing configuration is depicted in Figure 1 below. Managed services will be certified onsite on a live SD-WAN overlay instance and multiple WAN underlay connectivity services (UCS), as referred to in the standard.
Certification testing will be performed over the network, termed MEF SD-WAN Virtual Connection (SWVC), as a black box. Test patterns are injected and monitored through the user network interface provided at the SWVC endpoint, which is also connected through live UCS WAN connections. For each certification, the MSP or vendor seeking authorization selects a subset of the MEF SD-WAN certification test suite; 100% of the test cases must pass for certification.
Certification test cases designed to verify individual requirements will be executed using test generation and analyzers through the SD-WAN User to Network Interface (UNI). With a few exceptions, such black box testing is intended to abstract the certification tests from the underlying SD-WAN managed services implementation.
While the ultimate goal for the standard is enabling multivendor SD-WAN services, the certification program does not explicitly verify interoperability. As the standard evolves and is refined over time, this important objective will be achieved. The success of the MEF Carrier Ethernet program is proof.
The total number of certifications offers a broad indication of how widely the standard, in this case MEF 70, is being adopted.
Source: Frost and Sullivan 2019 Global Managed SD-WAN Market Forecasts
One important caveat — while the MEF technical certification program verifies conformance, it is not a compliance program. These two terms often appear interchangeable, but compliance has legal implications, as explained here. UL and TUV are good examples of compliance, where there are safety or other liability considerations.
Why certification?
The rapidly growing, yet increasingly fragmented, market for SD-WAN managed services motivated MEF to introduce the industry’s first SD-WAN standard in 2019. Recent market projections revealed over 40% growth, as large and medium enterprises shun the do-it-yourself model for managed services as indicated in Figure 2.
Certification yields a number of benefits for end users, SD-WAN MSPs and vendors too:
- End users can enjoy greater confidence that their SD-WAN deployments conform to the standard, which over time is expected to be widely deployed. This also results in greater choice for both managed services and CPE.
- Managed service providers achieve credibility with their end-user customers by certifying their managed service offerings, while accelerating deployment as standard SD-WAN functionality is normalized, pre-tested, and verified. Ultimately, an evolving standardization bolstered by certification facilitates the journey towards multivendor interoperability.
- Vendors benefit through compliance with RFPs demanding certification and accelerated evaluation and trials so their MSP customers can deploy with confidence. As MEF 70 adoption expands, MSPs will demand that all vendors certify their product.
All in the SD-WAN value chain will experience significant cost savings from certification, as the procurement demands, required evaluation/testing, and time-to-market are considerably reduced. Certified products and services help build credibility and motivate MSPs and vendors to consider how they can benefit from certification as well.
MEF SD-WAN Certification Test Areas
MEF 70, and in turn the MEF SD-WAN Certification Program, will verify conformance for the SD-WAN overlay but not WAN underlay connectivity services.
The MEF SD-WAN Certification Test Requirements address the following test areas:
- IP Routing and addressing ― The MEF SD-WAN service is built on a routed network.
- Application Flows ― High-level connections over the SD-WAN overlay.
- Policy ― How flows are directed based on application characteristics.
Of particular importance is policy. MEF 70 specifies six policies. However, none of the individual policies are required. For the certification, MSPs and vendors must select a minimum of three of the six policies.
At this initial stage, MEF 70 does not impose performance requirements on the managed services nor on SD-WAN endpoints. However, over time it is expected that performance requirements ― and subsequently certification tests ― will be added to future versions of MEF 70, and hence the chain of certification standards, specifications, and test cases, as depicted in Figure 3.
Explicit mapping and traceability are essential towards ensuring that test cases actually verify each requirement in the MEF 70 standard.
MEF SD-WAN Certification Program Status
As MEF 70 progressed through the standardization process towards ratification, MEF, SD-WAN ACTP Spirent, and early adopter vendors and MSPs collaborated on a pilot SD-WAN certification program.
The objectives of the pilot were to used a pragmatic, hands-on approach to iteratively refine and validate the following MEF SD-WAN areas:
- Standards and specifications.
- Pilot certification process.
- Certification test configuration.
- Certification test suite implementation.
The pilot program revealed a number of fundamental differences between the various SD-WAN vendors’ implementations, especially in how SD-WAN endpoints may be managed. Several specification issues were also discovered and will be driven into the MEF 70 and 90 standards.
The lessons learned from the pilot will be highlighted in the next blog post in this series.
The MEF announced the first SD-WAN Product Certifications on January 7, 2020, these included InfoVista, Nuage Networks (Nokia), and Versa Networks. On March 18, MEF announced the first managed services certifications, including Comcast Business, PCCW Global, Spectrum Enterprise (Charter), and Telia.
SD-WAN MSPs and vendors interested in certification can contact the MEF for additional details. Certifications may only be performed for MEF Members.
Looking Ahead
The MEF SD-WAN Certification Program is in its early stages. As MEF 70 evolves, so too will the program. It is likely that the evolution of the certification program will be paced by the rate of adoption — as it should be.
Managing a software-oriented certification poses significant challenges in ensuring managed service and product stay current, especially during the early phases. One-time “snapshot” certifications, which were appropriate for hardware-centric standards, will give way to continuous certification testing more appropriate for software-centric standards. This is especially the case for security, virtualized environments, etc. which are more dynamic than today’s embedded implementations. It is likely continuous testing will be integrated into the standard in the near future.