My Journey with SD-WAN

by Wasiu Olaleye

A lot of network engineers feel that SD-WAN/SDN’s advent would result in playing down their expertise as the traditional way of routing and forwarding packets through CLI (command-line interface) placed so much value on their expertise. At first, I felt the same way too and a lot of us would definitely feel the same way but SD-WAN technology is a reality as an overlay VPN for enterprise businesses.

A few years back, cloud computing seemed completely impossible but it is a reality today and cloud skills are obviously mandatory requirements for most IT professionals. The popularity of cloud-based services has necessitated the need for a simplified and highly scalable WAN solution and SD-WAN is the answer. As I have repeatedly emphasized that our knowledge is  important and valued as it will always serve as the fundamentals.  

Let’s look at the basic definition of SDN as a separation or decoupling of control plane (routes storage) from the data plane (packet forwarding) in a virtualized manner and traditionally these components (control, data, and management planes) are usually embedded on a single device. SDN has transformed traditional telecom and service providers to deliver their services on-demand and SD-WAN, on the other hand, is also based on the same methodology of decoupling of the control plane from data plane with different approach.

 Let me dive a bit into their differences – SDN is to LAN or carrier’s core network while SD-WAN is used for connecting geographically dispersed sites and remote users.  So the point is, it takes one with a good understanding of how those planes work to design and implement good SDN/SD-WAN solutions. Let’s now take a  deep dive into some of the basic features of SD-WAN while its enhancements and other features will be discussed in future posts.

Dynamic Connection Establishment:  This is an extremely important  function of the vendor specific SD-WAN architecture deployed in your organization as it is either automated or self-managed. Cisco SD-WAN for instance uses OMP(Overlay Management Protocol) for WAN routing while Versa uses traditional BGP routing concept for control planes. It is not news that more routing is required at the LAN side which has been defined at the data plane as routing stack – BGP route reflector as an option to alleviate iBGP fully meshed iBGP topology is highly emphasized at this plane.   So this explains the testimony to the fact that good understanding of packet routing/forwarding is so required to set up SD-WAN

Virtualized overlay VPN deployment: Of course a good understanding of traditional underlay and overlay VPNs will place most network engineers at the edge to better understand how SD-WAN virtualized overlay VPN works.

Security ( IPsec Specifically): Cisco SD-WAN may have taken a fundamentally different approach basing its core security design around key exchange to be fully automated , however the core three security components –  authentication, encryption and integrity  are extremely factored in security the Cisco SD-WAN overlay network infrastructure. Fortinet SD-WAN security concept is fully automated but good understanding of security key exchange concept is required to fine tune to get better throughput and security. Strong knowledge of IKE phases (1&2) plays a vital role in troubleshooting or dive seep in setting up an overlay VPN between the endpoint devices.

NAT:  It is important to know that an integral part of SD-WAN architecture is local internet breakout at the remote sites which leverages NAT deployment to allow direct access to the cloud based applications such as Microsoft Azure, Google Cloud, AWS, Salesforce and others.  Fortinet integrated NGFW, for  instance, provides a key feature that provides ability to NAT inbound and outbound traffic with either source and destination NAT. Cisco SD-WAN also provides capability to implement destination NAT between multiple vEdges (endpoints). It is not news that there have been compatibility issues with IPsec and NAT in certain encryption types such as AH (authentication header) and the issue still exists in SD-WAN architecture. It requires a good understanding of NAT to have it set up accordingly without running into troubles. 

Better Prioritization, Flexible Bandwidth Allocation: A good understanding of traditional QoS algorithms are helpful setting up policies for prioritization and bandwidth allocation.  QOS (Quality of Service) is essentially a technology often deployed to prioritize or manage data traffic by slowing less important data packets down while critical data packets are assigned with utmost priority to pass through first. The QOS tags have varying levels of importance, from high to medium to low or critical, then important or best effort.  QOS is extremely important when implementing VOIP as parameters such as latency, jitter, packet loss and business of loss and jitter are to be seriously considered in course of the QOS design and implementation.

Redundancy/High availability: As network engineers, we must have had a great understanding of technologies such as VRRP, HSRP, and GLBP plus a good knowledge of load balancing algorithm like Round Robin, Weighted Round Robin, Random, Source IP, URL hash, Least connections(weighted Least connections), Least traffic and weighted Least traffic, Least latency and finally UTM/NGFW high availability. These play vital roles in deploying SD-WAN’s auto-failover and high availability.

Having unpacked above a few out of many reasons why our expertise as network engineers is extremely needed. It is imperative for us as network professionals to accept the reality that network changes and deployment are mostly being done or executed via network automation tools such as Ansible, Chef, Git,Jenkins,Python, Cisco NSO and few others while few deployments are done via CLI. It is high time we started learning these new skills such as network automation, scripting, virtualization and cloud skills so as to set up highly resilient, simplified, scalable, flexible and changeable networks for enterprise businesses.

Inq. is the the 1st pan-African digital provider promises to provide secure SD-WAN as service in a multi-platform and multi security architecture

Wasiu Olaleye is an IP Design and 3rd Level Network Support Specialist at inq. Nigeria.

inq Launch: The Chairman’s Address

by Andile Ngcaba

I want to begin by greeting my colleagues in Cote d’Ivoire, Nigeria, Cameroon, Malawi, Zambia, Botswana & Mauritius. I’d like to also welcome my colleagues from sister organisations such as C-Squared, Seacom and many others who are in Liberia, Ghana, Uganda, Djibouti, Kenya, Tanzania, Mozambique and South Africa. I would also like to greet my colleagues in Bangalore, San Jose & Mountain View.

I want to thank everyone for joining us today. I’d also like to thank our partners all over the continent, our staff, friends and community of the internet. As we conduct this launch over Zoom, it is clear that the world is experiencing something that none of us would’ve ever predicted. With that said, I have a message for you all.

The second world war (WWII) fundamentally changed the geopolitical and economic system. The end of the war saw the establishment of the United Nations, General Agreement on Trade and Tariffs and The World Bank. These organisations instituted in a new form of global capital markets driven by foreign direct investments.

Like other pandemics that have come before it, COVID-19 will fundamentally change the global architecture and operating models to what will soon be known as the post-COVID state. Digital tools and the internet will underpin this new model. COVID- 19 has availed the opportunity to revisit the global digital infrastructure. We need to relook the way global digital architecture is organised. Currently, there is an inherent risk in the skewed digital landscape. There are high concentrations of digital infrastructure in some parts of the world, continent or country. Post COVID-19 digital architecture and operating models will require all of us, particularly on the continent, to move with speed in reversing the current state of IP transit that is predominantly outside the continent. This externalisation presents a significant risk for the immediate and future of digital Africa. Today intra-Africa IP traffic is 15% while externally transiting IP traffic is 73%. Africa needs to build IP Exchanges and Hyper-scale Data Centers as a matter of urgency post-COVID-19. The Data Center infrastructure must be equitably spread across all the regions and sub-regions of the African continent. Unless Africa develops a clear Pan-African digital strategy, our reliance on external digital infrastructure presents an unmeasurable risk in the near future. Alongside digital infrastructure is the urgent need to upskill African millennials with advanced digital skills such as cloud, AI and network automation. By upskilling African millennials with these advanced skills, we will be preparing them to adequately deal with pandemics such as the one we are in now using digital skills.

The development of Software Defined Networking (SDN) and Network Function Virtualization(NFV) skills are critical to ensure business continuity during these times of crisis when people are unable to go to repair sites. SDN and NFV will allow the businesses to serve the needs of their customers remotely during lockdowns. The availability of cloud computing has also been instrumental during this lockdown period, not only in Africa but across the world. Companies continue to function by leveraging cloud solutions. In these trying times, it gives me hope to see technology companies hard at work to ensure that their clients remain connected. As a technology company, we must be proud that we are allowing our clients to continue their operations without any interruptions during this period.

COVID-19 pandemic exposed one of the intricate fault lines in the digital space. Some analysts argue that the surge in cybercrime has increased by nearly or just over 500%. This is manifested in the form of DDoS, Ransomware, Phishing, identity theft and new types of social engineering, deep fake and fake news. These groups use sophisticated search engine optimisation tools to follow and track ordinary people. The psychological impact of this to society at this time that most families are trying to cope with COVID-19 is causing stress amongst family, friends and colleagues. Nation-States of both developed and developing world do not have the tools and skills to deal with this psychological impact. The most aggressive weaponisation of information has availed itself during COVID-19 lockdowns. The danger this presents to children and vulnerable people is immense. This is more so in communities that unable to protect themselves. There is no doubt that today’s Global Internet governance model will be revisited to protect ordinary people who want to trade, conduct e-commerce and engage their loved ones. During COVID- 19, the internet has become dangerous and emotionally draining. There is a need to broaden the online ecosystem and innovation taking place to involve all those who are separated by the digital divide. Africa private and public sector should curve an internet governance model that will encourage Africa’s digitalisation by 2030. This will require investments to be injected with immediate effect. The education sector is one critical industry that will need a capital injection. The digitalisation of education at all levels should be treated an urgent priority.

COVID-19 has changed 4th Industrial Revolution priorities for many governments. There is now a focus on e-health and telemedicine. The Nation States will need to resource and fund not only e-health or telemedicine strategies and policy but full implementation and or roll out of these service to both urban and rural areas. Legislation and regulations that will enable telemedicine and e-health development will have to be prioritised and promulgated across the African continent.

Data is one of the most important catalysts of good governance and business intelligence tool. Unless Africa is able to harness its own big data, sources and be able to build data lakes in the continent that will aggregate all our data, it will be difficult to understand the picture of today’s Africa let alone our future. While we need to respect and maintain our sovereign interest, sharing data based on anonymity under the auspices of AU or equivalent structure is the only we can better understand and fight the COVID-19 or any future pandemic. The next strategy of Africa must be centred around shared data modelling. African data scientists can analyse that. Africa needs to establish a universal High-Performance Computing Platform with the minimum capability of no less than 100 Petaflops. This infrastructure will be required to compute and to understand the future of Africa better-using data. The critical nature of Data and relevant skills is what Africa urgently needs. Without data, we cannot understand or model our response to pandemics or catastrophes. As climate change is an indispensable reality, we need to work out and model scenarios using high-performance computing platforms. This is the only route to predict the future and to be able to plan for any future pandemic or similar disaster. Data is not only an asset for future planning but a tool that is critical in tactical responses.

Food security is one of the most critical issues that Africa will need to address. Data is one essential foundation in modern agriculture. Data can only drive increasing yield and just in time delivery of agricultural produce from farms to cities and homes. In Africa, with so many small-scale farmers, the only way that we can be able to connect these farmers is through digital means.

Pre COVID-19, Africa has been leading in mobile money transfers. This will need to be further developed for this service to reach the deepest rural part of the continent. Relaxing digital financial regulations for this to happen is urgent in particular those countries that still do not allow mobile money transfer as part of the digital business ecosystem. A partnership between Government and Private Sector on a continent-wide basis will be necessary if we as Africans want to build a digital future. The world after COVID-19 will reset the digital clock. Unless Africa moves fast in defining what the priority for Africa is, we might find ourselves in a digital colony. A clear strategy and at the enterprise level, sector level, government, industry or sector and all digital natives need to participate in planning their future. As the world is debating post-COVID-19 operating models and ecosystems, where are we in this debate?

While we are in the eye of COVID-19 storm, we cannot wait and start only after COVID-19 to plan our digital future, and we need to start now. Africa both in the continent and the diaspora have the knowledge and skills to drive this future. It is in the interest of future generations that we need to create a digital Africa that can withstand pandemics, Cyber Attacks, Social Engineering or even “digital pandemic”. Collaboration and working together is the only route to success.

The world is a different place and will never be the same again. Capital markets, movement of natural persons, trade of goods and services, economic, cultural and political relations will all change.

To the African youth, we need to create more digital natives. The role technology plays in situations such as these is critical. We need to decide how we want Africa to look post COVID-19. We need to determine how, as a continent, we will ensure we are better prepared for pandemics such as this one because there will be more. I say we need to create more digital natives because I believe that technology is the one tool that we have to be able to prepare ourselves for times of crisis adequately.

Talk to one of our technical executives

By submitting the form from you agree to our AUP and Privacy Policy.