SDWAN Failover and Bandwidth Aggregation Explained

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

tom here from lawrence systems and we're going to talk about sd-wan and the context of which we're going to talk about it is dealing with wan failover and bandwidth aggregation this is not something achieved on its own by having two different internet providers connected to a singular firewall unless there's an sd-wan solution and it's some complexities of how that works and i wanted to make this video to explain how to solve that problem and how sd-wan kind of integrates into that and i say sd-wan which is a little bit to me buzzword-y but sd-wan is a blanket applied to a lot of different things so it says zero tier is an sd-wan solution done a video on it i'll leave a link below tail skills kind of an sd-wan vpn replacement solution very similar to zero tier and i've reviewed that i've compared the two products and i've also talked about nebula once again they're different ways of solving things and they kind of fall into the software-defined wide area network type of systems software overlays that go over the top of your existing network but there's another type again and that is where sd-wan solves the problem of having seamless failover bandwidth aggregation and possibly application control and balancing across multiple isps this is not achieved by the firewall by itself but along with coordination software and some cloud servers essentially to help coordinate all of this and that's kind of what i wanted to talk about because this is a problem that a lot of people are presented with and thinking that just having simply two internet providers will give them the redundancy they need but it's not quite as seamless as many people hope so don't worry there's solutions but we're keeping this very vendor agnostic because i want to really just explain the methodologies by which these tools work to give a good understanding now before we dive into this if you'd like to learn more about me my company head over to lawrences.com if you'd like to hire share a project there's a hires button right at the top which includes of course network engineering consulting if you want to support this channel in other ways there's affiliate links down below to get you deals and discounts on products and services we talk about on this channel uh and i happen to be wearing an it pro tv shirt today i do recommend their services and yes they're an affiliate and there's a link to below if you want to get started with itprotv if you're interested in signing up all right now let's dive into the topic now the first example i have here is your standard dual wan isp setup as in we have two connections from isp1 and isp2 so whoever your internet service writer is they provide you some equipment however that connectivity whether it's fiber cable dsl or more recently starlink whatever those connections are you have more than one of them because well internet is critical to many businesses and an inconvenience even greatly to home users when something goes down the internet's quite critical now when you have a connection going let's say from something like a computer and or a phone and it's going to go to the firewall whatever policies that firewall does support will then say all right which of these isps are we going to choose so let's say isp is your primary so we say all the connections should go through isp1 and if isp1 goes down then we will switch over to isp2 why can't you just take and put both isps together and bond them together so if each one's getting 100 megs each can't you get 200 bags or when it fails over can't we just send some packets to one in some packets to another and that's where the complexities start to come in of the way things functionally have to work and we'll use voip as an example when you're on a call with voip it's going to create a session that session is going to go through the your firewall out to the isp based on whatever policies are at that time then go out to the internet and collect to the internet service you are using the problem becomes the server over here sees this public ip of your isp and if this isp goes down breaks connection gets severed we then have to switch over to here the act of doing that then the firewall says oh here's the policy that says keep an eye on this if no traffic is going out of isp one switch over to isp2 that happens relatively quick but the sessions that have been created these states that were created for that voip phone call are going to get dropped and re-established over on the other side that often comes at the cost of losing that call or dropping it these are some of the problems with a lot of the way protocols were designed they're designed to work and keep connections going but when those connections break they aren't quite seamless to start up on the other side now this varies with different things you know ssh and different management tools or other examples of ones that will break sessions when the public ip address changes and then some of the services that are online if they see the public ip address change they may go you know what your ip change do you move we're going to have to re-authenticate you re-log you in this means when the internet goes down there is a time at which there needs to be allotted for switch over so it's not seamless it doesn't instantly just use the other one and bonding these things together and when i do speed tests i've done this channel demoing you know network speed test these are often single sessions so when you do a speed test you have a connection between you and the speed test server is an easy example and once again we can send the speed test through isp one or maybe we have a firewall policy rule that says send through isp2 once again you're not aggregating the bandwidth the single stream will go through one or the other but can't simultaneously go through both because of the way of the architecture of the way the data transfers these sessions can't exist in two places at once you need something to orchestrate that we'll get to those slides with sd-wan for how that works now you can at the firewall level create policies provide your firewall supports this and say all right maybe we want traffic for streaming services and media services to go out one isp and we want to use the other isp for our line of business applications so we have the least amount of latency and we want the fastest connections and priority given to the traffic that's going to go to our line of business applications these are things that the firewall can accomplish and can do and in the event and provide the firewall copy program to do this fail over to the other one that's a different connection but once again back to that thing i said those sessions may break and have to restart again and this may also include even vpn and other services that you have going when the public ip adjusts switches things may fail now this is where sd-wan comes in to solve this problem in the sd-wan world we have your sessions going we have the firewall and then we have the firewall and or sdn device i see and or because the sd-wan may be integrated into the firewall some firewall companies offer it as an integration but there's always two pieces to an sd-wan integration if it's a separate firewall separate sd-wan or combination of the twos not completely relevant but what occurs is the firewall is going to see from the firewall function of it a connection to the sd-wan device the sd-wan device whether it's built-in firewall or not is going to see these two separate internet service providers and it's going to merge them together now from the perspective of some internet service you're using over here it sees the connection coming from the sd-wan providers data center or if you've set this up yourself the virtual private server that happens to be running the endpoint for the sd-wan the aggregation of this the transport being immune to speak to the public ip changes or anything that goes on with isp1 and isp2 the sd-wan here is talking to the sd-wan system here and creating a tunnel essentially and this might show it a little bit better graphic here so this as a service which is going to be everything here this sd-wan service is essentially coordinating all this information so it can depending on which one you get like i said i'm not here to endorse a specific product but talk about the functionality of the system the sd-wan service can look at whichever way is the best path to get that data and when you have isp1 and isp2 it's going to take these and bring it over to their data center now the service sees a single ip coming from here so essentially your public ip has moved to wherever the out is for the st-wan service so the in being essentially tied to the firewall it could even be its own private ips all internal here because the firewall no longer has a direct wan address and then the sd-wan service talks to the two different isps or more you could even have more isps in here you create a series of policies depending on the service of how you want them prioritized together or working together and because these can act as a data planning the sd-wan is going to say send some packets over isp1 send some over isp2 and provided the latency is reasonable on two of these this is an important factor to get this to work we can aggregate the bandwidth provided the latency is the same if the latency is not the same and well then that creates a different problem because if the latency is very off on one of the isps the packets won't arrive in the right order they have to be assembled in the right order for all the data to get there if not your voice when it traveled across here wouldn't go properly now depending on the strategies they use for this this also will create a seamless failover because if the sd-wan provider realizes that isp2 has failed or is in some type of failed state where they're losing packets they can reduce the number of packets and move them over to here but because the service always comes out of the sd-wan data center provided the sd-wan data center is not where any of these problems are which these sd-wan providers have redundancies upon redundancies to help provide and mitigate against this as a problem when you go from the some internet service all the way back to the end points that are behind the firewall everything seems very very seamless which of course is the goal of these sd-wan products sobriety seamless failover and transparent whether one isp goes out or not no users are angry no phone calls got dropped services weren't disrupted other advantages of some of these sd-wan tools is the ability to prioritize applications but of course you can also go back to the firewall and look at firewalls that have that feature and do prioritization of your line of business applications to go over a certain connection these are something that a lot of higher end advanced firewalls do offer but sd-wan obviously goes that step further now should you get it well there's a couple considerations here what does your budget allow will this work for you and the way you want to do things do these extra costs justify the extra conveniences that come with them these are all just determining factors and i as i said before i'm not pointing at any particular vendor the goal of this is just to kind of throw it out there and make people aware of how these systems work and how just having two isps does not give you seamless failover because that's sometimes a call that comes in a lot to us is hey we'd like this to fail over better faster and obviously there's tuning strategies for how you fail things over inside of a firewall but they're still not going to be as seamless as a sd-wan solution now finally what about if you wanted to play with this yourself with some type of open source solution around it there's actually one out there i found i've not used it but i thought hey why not you know turn a few people onto it in case they're interested in building this themselves because it's a great network engineering thing to dive into this and understand how it works it actually starts right here with the linux kernel multipath tcp project so this is the multipath tcp is an effort towards enabling simultaneous use of several ip address interfaces by the modification of tcp that presents a regular tcp interface to applications while in fact spreading data across several subflows that's the longer version of sd-wan solution for failover now this is built into the atlantic journals this is not a brand new started yesterday projects actually been around for a little while and there is also this project as i said i don't have any videos or uh currently plan to do any on how to use this but uh they've got some decent documentation here to kind of get you started looking through it and uh i thought it was kind of neat it unfortunately doesn't work with any of the firewalls i've talked about it's kind of specifically built into the open wrt project but either way it's actually they give you some tools to get started a matter of fact if you go over to the download section they have the ability to build this on a couple different platforms such as the banana pies and espresso bin nano pie raspberry pies and a few others including support for linksys edge router x and uh some x86 images and part of the thing that's important when you're looking at this and this is the way this works is we have the open mp tcp router so there's that component of it then you have your two different internet connections and then you have your virtual private server in the cloud just like i talked about in the sd-wan example this is where your public ip address comes from and so all the bonding you do here aggregates those together and yeah it's a good way i think to dive into this and learn but like i said i it's right now not on my path in case people are wondering if there's going to be a video from it on me not right now it's more of a hobby project but i think this is still cool network engineering to play with and do some testing to really dive into how this works i'll also mention if you want to play with it again in xero tier because i've done several videos on xero tier it's a solution we really like zero tier also has some bonding things that can be done within their tool itself to tie it together now i know i said i'm not endorsing any commercial products but i just wanted to mention because one their documentation kind of breaks down different strategies of how these failovers work back to the network engineering side because a lot of this is open source and things you can play with that's kind of fun just to go in here and kind of get a better understanding and of course where these fault tolerance fully tolerant versus brief interruption of the different strategies that can be used now hopefully this clears up some of the confusion around failover and st wan and if you're interested i said that tool i left a link to i'm not planning on doing a video on it but hey it looks pretty cool if you want to dive into the nuts and bolts of how to build an sd-wan solution and there are solutions built on that multi-path tcp but they're often sold and packaged as a greater service by some of the sd-wan providers and i didn't really want to throw an endorsement to any particular sd-wan fighter because there's not one in particular at all that i don't like or do like they just kind of are things we run into that some of the unmanaged clients that we've worked with on projects have had and they're using it so i wanted to make people aware of how the functionality is to this because that is where the often confusion comes in is thinking that you can just grab more than one internet connection and aggregate them together easily it's a little bit more complicated than that but understanding the complexities is the first step to kind of figuring out a solution for them but thank you for joining and leave links below if you have some favorite sd-wan solutions or something maybe you want me to check out also this will be posted in my forums where we can have a more in-depth discussion on this topic all right and thanks and thank you for making it to the end of this video if you enjoyed this content please give it a thumbs up if you'd like to see more content from this channel hit the subscribe button and the bell icon to hire a shared project head over to lawrences.com and click on the hires button right at the top to help this channel out in other ways there is a join button here for youtube and a patreon page where your support is greatly appreciated for deals discounts and offers check out our affiliate links in the descriptions of all of our videos including a link to our shirt store where we have a wide variety of shirts and new designs come out well randomly so check back frequently and finally our forums forums.laurensystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel thank you again and we look forward to hearing from you in the meantime check out some of our other videos you

Info

Channel: Lawrence Systems

Views: 37,726

Rating: undefined out of 5

Keywords: LawrenceSystems, sd-wan explained, what is sd-wan, sdwan failover, sd wan failover, sdwan bandwidth, bandwidth aggregation

Id: YjhEjWs8YzE

Channel Id: undefined

Length: 15min 57sec (957 seconds)

Published: Tue Aug 17 2021