什么是sd-wan？

SD-WAN架构

基于传统路由器的传统WAN绝不为云设计。它们通常需要回并从分支机构到集线器或总部数据中心的所有流量，包括云运输流量，包括高级安全检查服务的集线器或总部数据中心。回程造成的延迟造成应用性能，导致用户体验不佳和生产力损失。

Unlike the traditional router-centric WAN architecture, the SD-WAN model is designed to fully support applications hosted in on-premises data centers, public or private clouds, and SaaS services such as Salesforce.com, Workday, Dropbox, Microsoft 365, and more, while delivering the highest levels of application performance.

How does SD-WAN work?

Unlike SD-WAN, the conventional router-centric model distributes the control function across all devices in the network and simply routes traffic based on TCP/IP addresses and ACLs. This traditional model is rigid, complex, inefficient, and not cloud-friendly and results in a poor user experience.

AnSD-WAN使云首发企业能够为用户提供卓越的应用体验质量（Qoex）。通过识别应用程序，SD-WAN提供跨WAN的智能应用程序感知路由。每种应用程序都会收到适当的QoS和安全策略执行，所有这些都是按照业务需求的。安全的本地互联网突破IAAS和SaaS应用程序流量来自分支提供最高水平的云性能，同时保护企业免受威胁。

Watch the video

Why SD-WAN?

Times have changed, and enterprises are using the cloud and subscribing to software-as-a-service (SaaS). While users traditionally connected back to the corporate data center to access business applications, they are now better served by accessing many of those same applications in the cloud.

因此,传统的WAN不再适合able mainly because backhauling all traffic—including that destined to the cloud—from branch offices to the headquarters introduces latency and impairs application performance. SD-WAN provides WAN simplification, lower costs, bandwidth efficiency and a seamless on-ramp to the cloud with significant application performance especially for critical applications without sacrificing security and data privacy. Better application performance improves business productivity, customer satisfaction, and ultimately profitability. Consistent security reduces business risk.

Watch the video

• Continuous self-learning.A basic SD-WAN solution steers traffic according to pre-defined rules, usually programmed via templates. A business-driven SD-WAN, delivers optimal application performance under any network condition or changes including congestion and when impairments occur. Through continuous monitoring and self-learning, a business-driven SD-WAN responds automatically and in real-time to any changes in the state of the network. A business-driven SD-WAN continuously adapts to changes in the network, automatically adapting in real time to any changes that could impact application performance, including network congestion, brownouts and transport outage conditions, allowing users to always connect to applications without manual IT intervention. For example, should a WAN transport service or cloud security service experience a performance impairment, the network automatically adapts to keep traffic flowing while maintaining compliance with business policies.
• Consistent Quality of Experience (QoEx).一个关键好处of an advanced SD-WAN solution is the ability to actively use multiple forms of WAN transport simultaneously. A basic solution can direct traffic on an application basis down a single path, and if that path fails or is underperforming, it can dynamically redirect to a better performing link. However, with many basic solutions, failover times around outages are measured in tens of seconds or longer, often resulting in annoying application interruption. A business-driven SD-WAN intelligently monitors and manages all underlay transport services. It can overcome the challenges of packet loss, latency and jitter to deliver the highest levels of application performance and QoEx to users, even when WAN transport services are impaired. Unlike a basic SD-WAN, a business-driven SD-WAN handles a total transport outage seamlessly and provides sub-second failover that averts interrupting business-critical applications such as voice and video communications.
• End-to-end micro-segmentation.虽然基本SD-WAN提供相当于VPN服务，但业务驱动的SD-WAN提供更全面的端到端安全功能。除了支持基于区域的防火墙之外，SD-WAN平台还应协调并强制跨越LAN-WAN数据中心和LAN-WAN云的端到端微分段。集中配置的安全策略由于与设备为中心的WAN模型或基本的SD-WAN模型，较少的人为错误，通常需要在逐个设备上配置策略。如果策略需要更改，则将其与业务驱动的SD-WAN集中编程，并在网络上被推到10S，100秒或1000多个节点，从而在减少整个攻击表面并避免任何操作效率安全漏洞。
• Secure local internet breakout for cloud applications.许多基本SD-WAN根据固定定义提供一些应用程序分类功能，并手动脚本为ACL直接跨Internet直接指定SaaS和IAAS流量。但是，云应用程序不断更改。业务驱动的SD-WAN不断适应更改并提供自动化的日常应用程序定义和IP地址更新。这消除了应用中断和用户生产力问题。

理想情况下，企业客户需要转移到一个business-driven SD-WAN platformthat unifies SD-WAN, firewall, segmentation, routing, WAN optimization and visibility and control functions, all in a single, centrally managed platform.

Advanced SD-WAN functionality for SASE

Ultimately, the goal of SASE is to deliver the best end-user quality of experience for cloud-hosted applications without compromising security. After working with many enterprises that have designed and deployed their SASE architectures, we’ve learned that basic SD-WAN functionality falls short. An SD-WAN with advanced networking capabilities is required to fully enable SASE:

• 识别第一个数据包上的应用程序流量，并粒度转向它以强制执行由业务意图定义的QoS和安全策略
• 保持云应用程序定义和TCP / IP地址，每天都会自动更新
• 从单个控制台自动执行SD-WAN和云传送的安全服务之间的编排，使其变得简单
• Automatically failover to a secondary cloud security enforcement point to avoid any application interruption
• Automatically reconfigure secure connections to cloud security enforcement points if a newer, closer location to the branch becomes available
• 使客户能够采用云安全服务 - 以及他们自己的速度
• And most importantly, provide the freedom of choice to deploy new security innovations as they become available from any vendor to easily address unknown future threats