It’s the era of IoT, Big Data and AI. It’s the age where enterprises are processing unprecedented amounts of data on their IT systems. And it’s the time where these enterprises, regardless of their size and the sector they are in, are moving to the Cloud in their efforts to cut costs, improve efficiency and increase their business sustainability.
According to LogicMonitor’s Cloud Vision 2020: The Future of the Cloud Study, by 2020, 83% of enterprise IT workloads will be in the Cloud. Over time, Cloud is expected to include the entire breadth of Enterprise applications, where applications such as CRM, ERP, BI, HRM, Email, Billing and Payments will be deployed publicly, privately or as SaaS over public and private network links to form the ever expanding Enterprise WAN network. In the meantime, SD-WANs have started taking over MPLS, with the deployment of virtualized network functions (VNFs) promising leaner infrastructure and more cost effective options to deliver Enterprise networks’ performance, security and cost efficiencies.
What is DPI and how is it related to SD-WAN?
The increasing use of applications from the Cloud will mean that micro application-level analytics on performance, security and cost efficiencies are now just as important, if not more, than the aggregate network level measures. And one of the tools SD-WAN providers are turning to, to meet this requirement, is deep packet inspection (DPI).
DPI is a method of analysis that dissects network data at packet level to extract useful metadata. A DPI engine uses pattern matching, behavioral analysis and statistical analysis (collectively known as heuristic methods) to detect and profile secured or encrypted traffic. DPI’s detection capabilities at the packet level provide the very tool required by SD-WANs to have real-time control on application traffic and to deliver application-specific outcomes while managing the overall network.
DPI drives performance
Cloud-based applications are very susceptible to issues that impact their performance and end-user experience. Performance issues include traffic congestion, inconsistent latency, jitter, high packet loss and slow response time. Latency-sensitive applications such as VoIP, HD video conferencing and unified communications (UC) along with business-critical applications under stringent SLAs can be severely impacted by these performance issues.
DPI comes into picture in these cases by providing real-time deep-dive visibility, advanced performance analytics and reporting. These include network and link level matrices such as link latency, round trip time, jitter, throughput, available capacity, bandwidth consumed and packet loss; and application and user level matrices such as response time, QoE, throughput and capacity.
With these application level analytics, Enterprises are able to execute automated application aware policies such as dynamic routing and application acceleration and prioritization in their SD-WANs, sending for example, latency-sensitive applications via premium routes (such as private links) and fast-tracking them through selected checkpoints.
DPI enhances security
On the security end, issues such as data breach relating to Cloud applications are becoming more rampant and serious. In May 2016, an estimated 167 million LinkedIn email addresses and passwords were stolen and put up for sale on a dark web marketplace. Apart from data breach, Enterprise Cloud Applications are susceptible to a wide range of other threats namely data loss, insider threats, DDoS attacks, unauthorized use of APIs and hijacking. Security threats collectively cause massive downtimes on applications, damage the Enterprise’s reputation and diminish customer trust, resulting in huge business losses.
At this point, DPI comes in handy as it is able to monitor and report, at the application level, threats detected at the network edge in real-time. Using this information, Enterprises are able to execute dynamic security policies such that each application can be managed differently based on their susceptibility to these risks and their criticality to business operations.
Based on the detected threats, necessary VNFs such as next-generation firewalls, secure web gateway, malware protection, anti-virus, URL and content filtering, and intrusion detection and prevention can be deployed automatically without requiring manual interventions.
Where service chaining is used, DPI also supports unified threat management by the type of application. Based on the threats identified by DPI, each application is intelligently routed through a centralized security hub created from a set of security VNFs chained together. Consequently, each application receives its own security screening based on the information provided by DPI, enabling SD-WANs to manage threats smartly while delivering excellent QoE on each application.
DPI optimizes cost
Long term cost reductions are becoming top priority for enterprises
Apart from performance and security issues, cost issues have also started weighing down on Enterprises with a huge cloud-based application portfolio. In a survey conducted by IHS Markit on the North American market last year, Enterprises expect their overall bandwidth usage to grow more than 20 percent annually with branch offices experiencing an annual growth close to 30 percent. At the same time, Enterprise WAN expenditures rose by nearly 20 percent or USD300,000 per Enterprise.
Bandwidth consumption will be compounded further by the increasing dependence on Big Data, AI and IoT. On top of this, Enterprises are forced to fork out more dollars for the use of private links such as MPLS for latency-critical and business-critical applications. All these will see a gradual yet progressive increase in bandwidth spend, leading to Enterprises seeking the best measures to optimize bandwidth, especially at the application level.
Here, DPI provides real-time insights on the usage of bandwidth at a very granular, per-flow level, even for encrypted traffic. This input allows SD-WAN to allocate different bandwidths and different traffic routes to different applications at a given time, automatically.
These insights will thus help Enterprises to implement flow optimization, compression and de-duplication for data-rich applications; dynamic provisioning which allows scaling up of bandwidth by application usage for example, during data backups; and dynamic routing which routes application traffic based on criticality where non-critical applications are provided on lower cost routes.
Enterprises are then able to deploy the newer, cost effective Bandwidth on Demand (BoD) model across their WAN networks. With the BoD model, Enterprises pay only for incremental bandwidth as and when they need it. For example, BoD allows an automated response to traffic peaks experienced on specific application content such as video conference calls and live video streaming and also surges on traffic arising from IT processes such as data backups and migrations.
This allows Enterprises to move away from rigid fixed cost models and the need to manually adjust bandwidth-related resources on their WAN networks.
Digging deeper into DPI
In short, DPI works hand-in-hand with the SD-WAN to enhance its capability to manage the application layer traffic, delivering performance, security and cost efficiencies which in turn, allow Enterprises to scale up their cloud operations.
While DPI is not new in the realm of networking, its use in SD-WAN presents many new opportunities for Enterprises to deliver improved QoE to their customers and optimize their network operations continuously, equipping them the tools necessary to take on the era of the digital enterprise. And for SD-WAN vendors looking for more details on how they can leverage DPI to enhance their solutions and explore its many deployment options, here’s a recent white paper on ‘SD-WAN and DPI: A Powerful Combination for Application-Driven Networking’ by Rohde and Schwarz discussing the topic in more detail. Time to dig deeper.