Industry Insights

The Importance of Application Intelligence in SD-WAN

As we look at the field of SD-WAN we begin to see the importance of going beyond simple protocol and port recognition in achieving the nirvana of true policy controls for performance and security. First generation SD-WAN allowed for rudimentary traffic control via protocol and port identification in much the same way that it is handled via access lists on routers. This was sufficient for in house applications that didn’t change address ranges, or ports and could be statically defined. However, it poses a problem when being used with current and future SaaS applications that are constantly evolving in complexity and capability.

Techniques such as application fingerprinting rather than signatures and deep packet inspection are needed to fully understand the applications and any sub characteristics necessary for proper classification, queueing, and security. Machine learning will also be beneficial in future iterations of this technology. Through machine learning, a scalable approach of defining and continual refinement of application flow fingerprints is possible, enabling a self-learning methodology to understanding exactly what applications are on the network.

The existing encyclopedia of applications currently running across both private enterprise connections as well as across the broader Internet provide a dense pool of information for machine learning in this context. This pool provides not only information on off-the-shelf applications, but also on fingerprints for custom developed applications within the enterprise and service provider markets.

Let’s break down a simple example of inference when looking at the application flows. We will use the ubiquitous NETFLIX infrastructure to understand the flows. When a user is using the app or website, there are several different types of information flowing between the CDN and Netflix, as well as between the end user client application and the CDN servers. You have traditional HTML and Javascript elements, high definition video flows, standard definition video flows, diagnostics information, and other assorted flows. If an SD-WAN infrastructure doesn’t have the ability to differentiate the different types of flows, it will be difficult to properly develop a policy for different video types and other flows. By watching the endpoints involved in the application flows, it is easy to look for other sub flows that are occurring between the endpoints and effectively learn all traffic that is part of that application.

Utilizing this intelligence, it is much easier to properly classify all traffic flows between the endpoints and apply proper queueing, QoS markings, and prioritization as part of a policy. It allows the SD-WAN solution to adapt to changing IPs if the solution is deployed via a CDN. It also allows for quicker adaptation to changing application features and functionality. The adaptation will be automatically ingested, and proper policies applied. A prime example of this is in the custom applications that many enterprises have built. If you add a chat component to your software to service your customers, the SD-WAN solution will see a new type of traffic being generated from IPs that are already involved in a policy. Then through inspection of that traffic, it will add it as a sub-flow of the existing application where the appropriate policies can be applied to suit business needs. If the traffic is of a known type, then the policies can be applied automatically upon recognition. A prime example of this is if we see traffic carrying a marking of DSCP EF in the data center being sent towards a remote location. It would be safe to assume that this is a real-time communication protocol such as VoIP.

As we begin to see the 2nd generation and future SD-WAN products mature, these features will become a must have more than just new additions. Some vendors are already pursuing Gen 2 SD-WAN and embracing these changes. Increasing intelligence about the native behavior of the applications will create a new paradigm in management and maintenance of WANs. The base operation of a transport independent overlay will begin to permeate the entire network landscape.

To Top