The importance of SD-WANs and why they need application awareness

Why are SD-WANs important?

In today’s digital economy, businesses rely on connectivity. Especially in times of the COVID-19 pandemic with people around the world working and using applications from home in greater numbers than ever before, it has become increasingly critical to ensure predictable application performance and reliability along with secure, uninterrupted connectivity at all locations.

Software-Defined Wide Area Networks (SD-WANs) offer better control at lower cost and ultimately give network managers the ability to configure and deploy branch offices quickly and easily. SD-WANs allow you to manage your entire WAN centrally in the cloud even if your enterprise is spread across many different locations around the world. SD-WANs increase network agility and are a cost-effective alternative to dedicated network connections and Multiprotocol Label Switching (MPLS) infrastructures.

However, in order to ensure advanced security, optimize user experience, enable real-time business decisions, improve customer service, and increase business productivity, SD-WANs must now become smarter, or “application-aware”.

Traditional vs. software defined WAN

DPI & SD-WAN – A powerful combination for intelligent, application-aware networks

Application awareness is providing the intelligence that is required to take SD-WANs to the next level. With the help of DPI technology, SD-WAN vendors can now deliver intelligent routing, traffic steering and enterprise application performance with advanced reporting capabilities. DPI offers an exponentially growing amount of information on the network and plays a key role in providing critical information on the health and performance of the network. The accuracy of the data and the frequency of data collection also drive network management automation and efficiency and enable more predictive application and security policies. Besides the delivery of application-based network performance, other advantages of this powerful combination of SD-WAN and DPI are reduced costs as well as improved efficiency, security and business sustainability.

DPI-enabled advanced SD-WAN features and security

Application visibility — by site, app or app family

Identify over 3000 applications and be able to manage quality of service (QoS) and application security.

Application performance — per app, per session, per site

Gain insight into application delivery in order to manage user experience proactively with statistics computed in real time (e.g. MOS for VoIP).

Traffic management — inbound and outbound

Gain insight into application traffic and bandwidth usage and support secure cloud migration at branch offices.

Per-app policy control

Prioritize mission-critical apps — in case of bandwidth limitations, route these apps dynamically to have the fastest available transit time. Closed-loop automation maintains high performance for mission-critical enterprise apps, even if a link fails. Balance high-bandwidth apps across multiple links to provide steady performance for large file transfers.

Application-level security

Identify potentially malicious traffic and anomalies, prevent data leakage and receive actionable security information in real time (e.g. to identify forged or corrupted files automatically). Enhance security and enable safe direct connections from branch offices to cloud-based internet and software as a service (SaaS) applications. Secure data with application-level visibility, security policies and data segmentation.

Application WAN optimization

A range of techniques such as TCP flow control, data compression, deduplication and protocol optimization improve end-user experience and optimize bandwidth.

Management and visibility

Report application delivery to users in the branch office for monitoring and managing portals.

Export data to third-party applications that offer insight into networks and applications.

Hybrid WANs (MPLS and internet)

Based on the underlying network infrastructure — MPLS or internet site —, map each application to the best path through the network and ensure high quality and a secure user experience.

Application visibility for next-generation firewalls

Policy rules based on application identity, IP blacklisting, IP whitelisting, geo-IP and customer app ID signatures.

Protection based on firewall SSL certificates, expired certificates, untrusted CAs, unsupported cyphers and key lengths.

Application visibility and control to segment traffic

Segment company-internal traffic and apply individual security policies to each segment. Create multiple virtual private networks (VPNs) on top of a single fabric to achieve functional segregation between different types of traffic in private and public cloud environments.

Steer traffic from a remote hub to a regional hub for inspection. Supports various treatments of client applications using encryption, e.g. surveillance, PCI and load balancing between circuits.

Multi-layered security at the application level

Supports predictive network analytics and unified threat management such as threat profile reports, URL filtering and captive portal actions, IDS/IPS, antivirus, SSL certificate anomaly detection, packet capture for known or unknown applications and detected vulnerabilities, etc.

Why choose R&S®PACE 2 to integrate into your SD-WAN?

The DPI software R&S®PACE 2 from ipoque, a Rohde & Schwarz company, is the easiest to integrate, whether on an SD-WAN appliance or an SD-WAN vCPE platform. The R&S®PACE 2 protocol and application classification engine offers the industry’s most efficient memory and CPU utilization, featuring the smallest processing footprint. It only requires approx. 400 bytes per flow while using very little processing power (CPU load) and no memory allocation during runtime. The R&S®PACE 2 OEM DPI software can be implemented in the user space or the kernel space of the processor, reducing the impact on processing performance. The backwards-compatible R&S®PACE 2 engine has an intuitive, highly flexible and platform-agnostic application programming interface (API) that speeds up integration and has no external dependencies. R&S®PACE 2 also simplifies upgrades by allowing for automatic weekly signature updates without rebooting.

R&S®PACE 2 identifies applications up to Layer 7 of the OSI model accurately and allows managing network and application performance in real time. By integrating ipoque’s DPI technology, SD-WANs can keep up with dynamic changes in protocols and applications, ensuring the highest detection rate. The R&S®PACE 2 software makes it easy to extract metadata and to report and handle information in real time. The modular DPI engine can be tailored to meet customer SD-WAN requirements including configurable event reporting to improve performance and customizable analysis saving time and effort.

ipoque, a Rohde & Schwarz company, is recognized globally as the leading developer of deep packet inspection software. Rely on more than 15 years of expertise in optimizing the performance of networks and network solutions around the world.

Further readings

Case study ipoque Nubewell: SD-WAN APPLICATION SECURITY THROUGH DPI INTELLIGENCE
Case Study

Case Study: SD-WAN application security through DPI intelligence

More information

Whitepaper: SD WAN and DPI - A powerful combination for application-driven networking
Whitepaper

Whitepaper: SD-WAN and DPI

More information

Enhancing network visibility for SD-WAN in the era of cloud and SaaS
Blog post

Enhancing network visibility for SD-WAN in the era of cloud and SaaS

More information

RS image resources webinar sdwan
Webinar

Webinar - DPI: The key technology for next generation SD-WAN solutions

More information

Stay informed. Subscribe to our newsletter.

For more details about how we protect your privacy and information, please read our privacy policy.