Skip to main content

The IF THEN ELSE of SD-WAN reflects on reality versus the lab

The underlying reason behind closed loop automation in Software Defined Wide Area Networking (SD-WAN) and not ignoring ignoring negative events that will think the system.

ZX81

When I first started programming many moons ago on a ZX81, within the first day I learnt about:

IF logical expression THEN procedure
ELSE procedure
No alt text provided for this image

I would have a procedure for when the data matched and a procedure for when it did not. Most programmers now avoid the latter. They programme the data to match and ignore mismatches. Basically error handling goes out the window. Often a decent programme would double in size when all the error handling routines were added. In those days we started with 16KB memory so space was at a premium but we still implemented it.

SD-WAN is effectively closed loop automation relying on a set of conditions and actions associated with those conditions being matched. Also its crucial to handle mismatches as well as outliers.

CIA

Now over to SD-WAN and error handling but let us rather call it exception handling because there are three types that can occur namely loss, faults and errors. It is important to distinguish between them as it is fundamentally the basis of the well-known CIA security framework. This is specified as follows:

  • C = Confidentiality (where the exceptions are a loss);
  • I = Integrity (where the exceptions are errors); and
  • A = Availability (where the exceptions are faults).

Loss

Let us start at the first. Loss is usually associated with theft. In our neck of the savannah that is a common occurrence. From the cable on the last mile to the SD-WAN CPE itself. I have previously written about power management and the SD-WAN CPE here using IoT technology. Of course when someone is going to abscond with your CPE, the first thing they are going to do unplug the power. A method to monitor the power as I have previously explained in the aforementioned article is a good start. The next obvious aspect would be if the SD-WAN CPE had an accelerometer (or alternative) it would detect and notify on movement. Of course, the additional attributes of geo-tagging that I wrote about here are also relevant. Additionally, the SFP cage and use of smart SFPs that I wrote about here will also detect and solve the cable break issues related to the last mile that has been provisioned on fibre.

Errors

The next one is errors. Errors can be detected using a higher level protocol scheme which is slow or the SD-WAN hardware can read the error counters directly on the hardware and make a determination. As an example, wireless connections might experience BERs and it would be better to deal with these via queuing or alternative paths than dropped packets. Also during congestion, it would be better to handle traffic in a deterministic manner. The problem when broadband is used is that the throughput to use for QoS calculations is not always consistent. Thus the mechanism that I described here is relevant. This facilities the QoS calculations being closer to the actual link ability instead of a perceived one.

Faults

Finally faults. In an SD-WAN environment there are both uplinks (connection to the carrier) and downlinks (connection to the client). It is crucial that the SD-WAN portal measures the uptime availability of these connections and reports them as separate metrics. We have talked previous about cable break on the carrier side which will lead to faults but the actual probability of faults is higher on the client side. The fibre cables get bend or unplugged. The equipment itself fails so it is crucial to know the status of the downlink as well as downstream networking kit. Here the use of LLDP as I have described here will be crucial.

In conclusion, when building a SD-WAN CPE, "Fuck Everything, Do Five Blades."

Fusion Broadband South Africa

IF you would like to contribute THEN please comment below ELSE please click the like button.

Ronald works connecting Internet inhabiting things at Fusion Broadband.

Comments

Popular posts from this blog

easywall - Web interface for easy use of the IPTables firewall on Linux systems written in Python3.

Firewalls are becoming increasingly important in today’s world. Hackers and automated scripts are constantly trying to invade your system and use it for Bitcoin mining, botnets or other things. To prevent these attacks, you can use a firewall on your system. IPTables is the strongest firewall in Linux because it can filter packets in the kernel before they reach the application. Using IPTables is not very easy for Linux beginners. We have created easywall - the simple IPTables web interface . The focus of the software is on easy installation and use. Access this neat software over on github: easywall

No Scrubs: The Architecture That Made Unmetered Mitigation Possible

When building a DDoS mitigation service it’s incredibly tempting to think that the solution is scrubbing centers or scrubbing servers. I, too, thought that was a good idea in the beginning, but experience has shown that there are serious pitfalls to this approach. Read the post of at Cloudflare's blog: N o Scrubs: The Architecture That Made Unmetered Mitigation Possible

Should You Buy A UniFi Dream Machine, USG, USG Pro, or Dream Machine Pro?