In part one, we examined the backdrop behind the industry’s first SD-WAN standard, MEF 70 (released in May, 2019). We explored the drivers that motivated the MEF to pursue an SD-WAN service standard, the market fragmentation resulting in confusion and complexity, industry challenges, and provided an overview of MEF SD-WAN service framework.
In part two, we take a closer look at the MEF 70 SD-WAN service, focusing on the technical approach, including the service interface, SD-WAN elements, policy, and target use cases. In addition, we offer a glimpse of enhancements under consideration, along with companion initiatives MEF is pursuing to enhance the MEF SD-WAN platform.
MEF SD-WAN Services Overview
The MEF SD-WAN standard specifies an overlay service that interconnects end-user sites through available WAN services using secure tunnels at Layer 3. Path selection is governed by application-layer policies that may be applied to individual application flows, or application flow groups across individual applications.
The SD-WAN service standard adopts a provider/consumer model and specifies the service attributes exchanged over the interface. MEF has defined extensive and precise terminology that collectively forms a common service definition, along with a framework for the service interactions across the overlay as well as the relationship to the underlays.
Key concepts are illustrated in figure 1 below:
- Subscriber: End user consumer of service provider’s SD-WAN services
- SD-WAN User Network Interface (SD-WAN UNI): Service interface through which end users access MEF SD-WAN service; demarcation point between subscriber and service provider
- SD-WAN Virtual Connection (SWVC): Association between SWVCEPs (see below) interconnected at Layer 3
- SD-WAN Virtual Connection End Point (SWVCEP): One end of a SD-WAN virtual connection, where policies are enforced, and Layer 2 packets are mapped into Layer 3 application flows
- SD-WAN Edge:
- Underlay Connectivity Service (UCS): Underlay WAN connection service, e.g., MPLS, LTE, private line, internet, etc.
- Subscriber Network: Subscriber network that utilizes service provider’s SD-WAN service through an SD-WAN UNI
Figure 1. MEF SD-WAN service framework
Source: MEF 70 draft standard
A logically centralized SD-WAN controller provides an intelligent link between the back end and the network. High-level service requests accepted through the SD-WAN controller northbound API are translated into detailed configurations applied to the SWCEPs. This includes the overlay-to-underlay interactions, policies, security, and other network configurations. Increasingly, the SD-WAN controller is distributed as a Virtualized Network Function (VNF) and integrated with additional VNFs, including security, QoS, backup, WAN optimization, etc.
At the core of the SD-WAN service standard are application-level policies that are applied to application flows and application flow groups. Table 1 summarizes the baseline policies included in the initial standard. MEF is continuing to discuss which policies are required versus optional, primarily based on how such policies are supported by the common UCS. For instance, while encryption services are available for most underlays, availability of WAN underlays that support fixed versus usage-based billing varies widely.
|Indicates whether the application flow requires encryption|
|Indicates whether the application flow can traverse public or private UCSs (or both)|
|Indicates whether the application flow should be forwarded to an internet destination|
|Indicates whether the application flow can be sent over a UCS that has usage-based or flat-rate billing|
|Indicates whether the application flow can use a TVC designated as backup as well as primary or only a TVC designated primary|
|Specifies a rate limit on the application flow|
Table 1. MEF SD-WAN application-aware policies
Source: MEF 70 draft standard
Principle Use Case
While the MEF SD-WAN standard has been defined to address a wide range of use cases, the most important is referred to as the hybrid WAN. This use case exploits the availability of low-cost internet bandwidth, which can be used to optimize the utilization of the relatively expensive fixed services, such as MPLS, or wireless resources, such as LTE.
By examining the performance needs for individual applications, non-performance-sensitive traffic may be offloaded onto the internet, freeing up — and presumably minimizing — the demands on the high-QoS, fixed line WAN services (refer to figure 2). The primary goal is to ensure that application performance is optimized, while reducing overall costs.
What we can expect in the near future?
Looking ahead, there are a number of MEF projects underway that will enhance the SD-WAN ecosystem:
- Intent-based networking
- Inter-provider API
- Security as a service
Intent-based networking is the basis for virtualization, selecting the appropriate abstraction to decouple the SD-WAN controller from the underlying details of the infrastructure (UCS). MEF’s intent project allows services to be invoked through natural language expressions that will be mapped into detailed orchestrator/controller instructions, shielding service consumers from the infrastructure details. By introducing an intent compiler, a generalized solution may be introduced up and down the stack.
Figure 2. MEF hybrid WAN use case
Source: MEF 70 draft standard
Another relevant program underway in the MEF Lifecycle Services Orchestration (LSO) Committee is the development of an LSO API that facilitates end-to-end services across multiple providers. The MEF introduced the Sonata API and associated Software Developer Kits (SDK) in late 2018 to enable inter-provider service ordering.
As multinational organizations, many service providers — based on their reach, cost, and capabilities — find end-to-end services expensive, time-consuming to establish, and complex to manage. Service providers are compelled to negotiate pairwise arrangements for service fulfillment, which typically, are manual, custom processes that take weeks to satisfy.
MEF’s Sonata inter-provider API (refer to figure 3) facilitates the inter-provider integration and offers an important step towards fully automated service ordering and fulfillment. To accelerate adoption, MEF is in the process of introducing a pilot Sonata API technical certification program, an important step on the journey towards multivendor interoperability.
Figure 3. MEF Sonata Inter-provider LSO API
MEF SD-WAN is among the first carrier-grade services where security is an important attribute from the outset. As SD-WAN adoption rapidly rises, enhancing both the scope and depth of security coverage has become increasingly important in the face of ever-changing threats.
MEF has undertaken an ambitious program to address how service providers can deploy and maintain an agile and extensible security framework that may be tailored to the needs of each individual environment. The project is referred to as Security as a Service (SECaaS) and relies upon virtualized agents to exercise and monitor the growing number of security VNFs that will be deployed (refer to figure 4).
Figure 4. MEF Security as a Service (SECaaS) typical environment
The SECaaS initiative is an extension to the SD-WAN standard, and the subject of part three in this series, which we will be posting shortly.