The importance of SD-WANs and the need for application awareness

Why are SD-WANs important?

In today’s digital economy, businesses rely on connectivity. Especially in times of the COVID-19 pandemic with people around the world working and using applications from home in greater numbers than ever before, it has become increasingly critical to ensure predictable application performance and reliability along with secure, uninterrupted connectivity at all locations.

Software-Defined Wide Area Networks (SD-WANs) offer better control at lower cost and ultimately give network managers the ability to configure and deploy branch offices quickly and easily. SD-WANs allow you to manage your entire WAN centrally in the cloud even if your enterprise is spread across many different locations around the world. SD-WANs increase network agility and are a cost-effective alternative to dedicated network connections and Multiprotocol Label Switching (MPLS) infrastructures.

However, in order to ensure advanced security, optimize user experience, enable real-time business decisions, improve customer service, and increase business productivity, SD-WANs must now become smarter, or “application-aware”.

Traditional vs. software defined WAN
Traditional vs. software defined WAN

DPI & SD-WAN – A powerful combination for intelligent, application-aware networks

Application awareness is providing the intelligence that is required to take SD-WANs to the next level. With the help of DPI technology, SD-WAN vendors can now deliver intelligent routing, traffic steering and enterprise application performance with advanced reporting capabilities. DPI offers an exponentially growing amount of information on the network and plays a key role in providing critical information on the health and performance of the network. The accuracy of the data and the frequency of data collection also drive network management automation and efficiency and enable more predictive application and security policies. Besides the delivery of application-based network performance, other advantages of this powerful combination of SD-WAN and DPI are reduced costs as well as improved efficiency, security and business sustainability.

DPI-enabled advanced SD-WAN features and security

Application visibility — by site, app or app family

Identify over 3000 applications and be able to manage quality of service (QoS) and application security.

Application performance — per app, per session, per site

Gain insight into application delivery in order to manage user experience proactively with statistics computed in real time (e.g. MOS for VoIP).

Traffic management — inbound and outbound

Gain insight into application traffic and bandwidth usage and support secure cloud migration at branch offices.

Per-app policy control

Prioritize mission-critical apps — in case of bandwidth limitations, route these apps dynamically to have the fastest available transit time. Closed-loop automation maintains high performance for mission-critical enterprise apps, even if a link fails. Balance high-bandwidth apps across multiple links to provide steady performance for large file transfers.

Application-level security

Identify potentially malicious traffic and anomalies, prevent data leakage and receive actionable security information in real time (e.g. to identify forged or corrupted files automatically). Enhance security and enable safe direct connections from branch offices to cloud-based internet and software as a service (SaaS) applications. Secure data with application-level visibility, security policies and data segmentation.

Application WAN optimization

A range of techniques such as TCP flow control, data compression, deduplication and protocol optimization improve end-user experience and optimize bandwidth.

Management and visibility

Report application delivery to users in the branch office for monitoring and managing portals.

Export data to third-party applications that offer insight into networks and applications.

Hybrid WANs (MPLS and internet)

Based on the underlying network infrastructure — MPLS or internet site —, map each application to the best path through the network and ensure high quality and a secure user experience.

Application visibility for next-generation firewalls

Policy rules based on application identity, IP blacklisting, IP whitelisting, geo-IP and customer app ID signatures.

Protection based on firewall SSL certificates, expired certificates, untrusted CAs, unsupported cyphers and key lengths.

Application visibility and control to segment traffic

Segment company-internal traffic and apply individual security policies to each segment. Create multiple virtual private networks (VPNs) on top of a single fabric to achieve functional segregation between different types of traffic in private and public cloud environments.

Steer traffic from a remote hub to a regional hub for inspection. Supports various treatments of client applications using encryption, e.g. surveillance, PCI and load balancing between circuits.

Multi-layered security at the application level

Supports predictive network analytics and unified threat management such as threat profile reports, URL filtering and captive portal actions, IDS/IPS, antivirus, SSL certificate anomaly detection, packet capture for known or unknown applications and detected vulnerabilities, etc.

Why choose R&S®PACE 2 to integrate into your SD-WAN?

The DPI software R&S®PACE 2 from ipoque, a Rohde & Schwarz company, is the easiest to integrate, whether on an SD-WAN appliance or an SD-WAN vCPE platform. The R&S®PACE 2 protocol and application classification engine offers the industry’s most efficient memory and CPU utilization, featuring the smallest processing footprint. It only requires approx. 400 bytes per flow while using very little processing power (CPU load) and no memory allocation during runtime. The R&S®PACE 2 OEM DPI software can be implemented in the user space or the kernel space of the processor, reducing the impact on processing performance. The backward-compatible R&S®PACE 2 engine has an intuitive, highly flexible and platform-agnostic application programming interface (API) that speeds up integration and has no external dependencies. R&S®PACE 2 also simplifies upgrades by allowing for automatic weekly signature updates without rebooting.

R&S®PACE 2 identifies applications up to Layer 7 of the OSI model accurately and allows managing network and application performance in real time. By integrating ipoque’s DPI technology, SD-WANs can keep up with dynamic changes in protocols and applications, ensuring the highest detection rate. The R&S®PACE 2 software makes it easy to extract metadata and to report and handle information in real time. The modular DPI engine can be tailored to meet customer SD-WAN requirements including configurable event reporting to improve performance and customizable analysis saving time and effort.

ipoque, a Rohde & Schwarz company, is recognized globally as the leading developer of deep packet inspection software. Rely on more than 15 years of expertise in optimizing the performance of networks and network solutions around the world.

Related material

Stay informed. Subscribe to our newsletter.

For more details about how we protect your privacy and information, please read our privacy policy.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news.ipoque@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the "Statement of Privacy".

What does this mean in detail?

I agree that ROHDE & SCHWARZ GmbH & Co. KG and ipoque GmbH, a ROHDE & SCHWARZ company may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.