Easy Peasy SD-WAN?

S

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
7,367
Does it exist? I've been considering upgrading all our equipment if implementing SD-WANs where we've got multiple isps will be 'config and replace' easy. Main reason to do this will be to have more reliable IPsec tunnels between sites. Thoughts welcome!
 
Velocloud is good & easy, but $$$$. I was able to get a legit copy of the software (don't ask, it's an old copy now) and it was quite easy to d.i.y.
Company I work for uses rapidscale, same software. Still expensive, $600 per site, 1gig performance.
I've been looking into other solutions, but haven't found anything that I like. ZeroTier on OPNsense seems to be as simple as it gets on the cheap, which can be free & can be paid, and also could be hosted yourself but loose the "simple".
Let me know if you find anything, I've also looked at nebula & zerotail.
 
I know this is possible with enterprise hardware (and it's probably possible with even the hardware I have right now, but I can't figure it out), so I'm just looking for the boxes I need and how to configure them. Then I would just set up all the other stuff like the IPsec tunnels, etc, and then just pull the old boxes out and put the new ones in for minimal downtime.
 
How is SD-WAN different from, say, a VPN? Obviously there is a difference, I just can't see it. :D
 
Nobu said:
How is SD-WAN different from, say, a VPN? Obviously there is a difference, I just can't see it. :D
Click to expand...
From my understanding, SD-WAN will use multiple IPs and even types of Internet across a VPN link, automatically taking into account line quality of each internet connection. It's full name is Software Defined Wide Area Network, but that doesn't tell you much about it, lol.
 
  • Like
Reactions: Nobu
like this
Fortinet is “easy” once you get the hang of it. It’s not cheap if you have all of the threat mitigation etc, but depending on your links it can be very reasonable
 
sdwan should also bond multiple links, so you get more bandwidth, and the better ones will monitor links for which can provide more bandwidth vs latency and with QoS rules route packets intelligently. Velocloud does this per packet, some do it, per flow. Others (sonicwall) just do failover. ZeroTier does it per packet, but it's in JSON https://docs.zerotier.com/zerotier/multipath
Here is a piece of my QoS rules for velo.
1697283652277.png
 
Keljian said:
Fortinet is “easy” once you get the hang of it. It’s not cheap if you have all of the threat mitigation etc, but depending on your links it can be very reasonable
Click to expand...
I've got an older c series that I've been messing with on and off for a few years--would it have it?
 
vxspiritxv said:
sdwan should also bond multiple links, so you get more bandwidth, and the better ones will monitor links for which can provide more bandwidth vs latency and with QoS rules route packets intelligently. Velocloud does this per packet, some do it, per flow. Others (sonicwall) just do failover. ZeroTier does it per packet, but it's in JSON https://docs.zerotier.com/zerotier/multipath
Here is a piece of my QoS rules for velo.
View attachment 605913
Click to expand...
Exactly and I know there's enterprise routers that can do this--just don't know which ones are easy enough for me to config, swap into place, and be done.
 
Nobu said:
How is SD-WAN different from, say, a VPN? Obviously there is a difference, I just can't see it. :D
Click to expand...
The best way to think of SDWAN is a full mesh VPN that uses layer 4+ measurement and active routing protocols, bgp mostly, to find the best route for given traffic. As for Fortinet ... any device running fortios 6+ has some degree of sdwan included in the base non-expiring license. Their sdwan gets better with every release as do their mgmt tools. Early releases are all manual setup but with 7.4 there is a lot tooling in place to ease the configuration. That said most of the advanced tooling is license controlled. You can still do it manually though.

I'll add that by definition SDWAN is simply using network layers 4+ to make routing decisions vs the typical layer 3 routing. Anyone that says otherwise is likely selling some flavour of SDWAN.
 
Nicklebon said:
The best way to think of SDWAN is a full mesh VPN that uses layer 4+ measurement and active routing protocols, bgp mostly, to find the best route for given traffic. As for Fortinet ... any device running fortios 6+ has some degree of sdwan included in the base non-expiring license. Their sdwan gets better with every release as do their mgmt tools. Early releases are all manual setup but with 7.4 there is a lot tooling in place to ease the configuration. That said most of the advanced tooling is license controlled. You can still do it manually though.

I'll add that by definition SDWAN is simply using network layers 4+ to make routing decisions vs the typical layer 3 routing. Anyone that says otherwise is likely selling some flavour of SDWAN.
Click to expand...
Thank you for the details. As I suspected, it's a bit off from a 'built-in' feature that will be easy to configure. I guess it doesn't exist how I need it right now without some major $$.
 
Arista, former Untangle, will let you trial their SDWan, MicroEdge for free. Load it up on Esxi and go.

Cloudflare might be an option based on need with magicwan and zero trust. I use this for my self hosted stuff.
 
Last edited:
kydsid said:
Arista, former Untangle, will let you trial their SDWan, MicroEdge for free. Load it up on Esxi and go.

Cloudflare might be an option based on need with magicwan and zero trust. I use this for my self hosted stuff.
Click to expand...
Link?
 
You must log in or register to reply here.
Back
Top