SD-WAN Common Terms and Definitions

Application Performance

AVC

Application visibility and control (AVC) technology provides visibility into application usage and performance over a wide area network (WAN), along with the ability to prioritize and guarantee performance thresholds for business applications.

DPI

Deep Packet Inspection, which is also known as DPI, information extraction, IX, or complete packet inspection, is a type of network packet filtering. Deep packet inspection evaluates the data part and the header of a packet that is transmitted through an inspection point, weeding out any non-compliance to protocol, spam, viruses, intrusions, and any other defined criteria to block the packet from passing through the inspection point.

DWS

Dynamic WAN Selection (DWS) is a core component of SD-WAN and provides user-centric, dynamic path selection. It automatically chooses the best WAN connection for each application flow based on priority to the business, taking into account the real-time end-to-end performance of all available paths. Metrics that include business priority, capacity, real-time availability and link performance quality are used to maximize the end-user experience and optimize the usage of all network resources.

FEC

Forward Error Correction (FEC) is a method of obtaining error control in data transmission in which the source (transmitter) sends redundant data and the destination (receiver) recognizes only the portion of the data that contains no apparent errors. FEC is often employed to boost application performance, however it also introduces redundancy into the network and therefore is not the optimal approach to application control.

Jitter

In Voice over Internet Protocol (VoIP) technologies, jitter refers to a delay in receiving a voice data packet. This delay affects the transmission of voice quality and voice data.

Latency

Network latency is the term used to indicate any kind of delay that happens in data communication over a network. Network connections in which small delays occur are called low-latency networks, whereas network connections which suffer from long delays are called high-latency networks.

Packet Loss

In a packet-switched system, packet loss refers to the amount of data (number of packets) that fails to arrive at its intended destination. Network administrators consider this metric when looking at the efficacy and performance of data systems.

WAN Op

WAN Optimization (WAN Op) is a collection of techniques for increasing data transfer efficiencies across wide-area networks (WANs).

Cloud Delivery

Cloud Mesh

Cloud-based mesh is a network architecture that leverages software-defined interconnect (SDI) to deliver full mesh connectivity. Full mesh is a network architecture that allows any site on the corporate network to connect directly to any other site on the network. Physical full mesh architectures typically have negative impacts on application performance, since traffic may have to traverse several “jumps” to reach geographically distant sites, resulting in latency and packet loss.

Cloud On-Ramp

A connection service inside a data center, cloud on-ramp directly connects to a cloud provider. Software-defined interconnect enables businesses to secure and control multi-cloud environments and protect application performance by providing direct access to SaaS and IaaS via cloud onramps.

IaaS

Infrastructure as a Service, or IaaS, is a fundamental cloud service alongside Software as a Service and Platform as a Service, which encompasses the provision of virtualized computing resources which are remotely accessed through the internet. The resources are deployed and managed by cloud service providers

Multi-Cloud

A multi-cloud environment is a network infrastructure that combines multiple cloud services from more than one cloud vendor, whether public or private. Multi-cloud environments present WAN management challenges in terms of guaranteeing application performance and security. New SD-WAN technologies like cloud mesh can address these challenges by enabling secure, direct access to cloud environments via software-defined interconnect (SDI).

SaaS

Software as a Service, or SaaS, is a centrally hosted application distributed by service providers over the internet for users to utilize on a subscription basis. Because it’s based in the cloud, users typically may access the application from anywhere, not solely through the corporate network. Examples include Concur, Workday, SAP, Salesforce and Google Apps.

SDI

Software Defined Interconnect (SDI) makes it possible to securely incorporate SaaS/IaaS environments into the SD-WAN network and ensure QoE by routing cloud traffic via direct access through the geographically closest point of presence (POP). SDI helps businesses take advantage of multi-cloud environments securely, and it cost effectively helps them control compute costs by enabling cloud utilization.

Infrastructure and Architecture

Cloud On-Ramp

A connection service inside a data center, cloud on-ramp is provides direct connectivity to a cloud provider. Direct cloud connectivity provides superior security, quality of experience and quality of

Cloud Mesh

Cloud-based mesh is a network architecture that leverages software-defined interconnect (SDI) to deliver full mesh connectivity. Full mesh is a network architecture that allows any site on the corporate network to connect directly to any other site on the network. Physical full mesh architectures typically have negative impacts on application performance, since traffic may have to traverse several “jumps” to reach geographically distant sites, resulting in latency and packet loss.

Extended Edge

‘Extended Edge’ is a term that Infovista coined to capture the idea of the evolving network edge. Historically, the corporate network was a physical entity, interconnecting various types of physical sites on the WAN such as headquarters, remote offices, and the data center. However, in recent years, as businesses have increasingly decentralized operations and shifted their critical applications out of the data center and into cloud environments, the network edge has now expanded outside the physical corporate perimeter.

Hybrid Cloud

This is a cloud computing environment made up of interlinked public and private clouds which perform distinct operations within the same organization. By facilitating the movement of workloads between public and private clouds, a hybrid cloud architecture provides businesses with greater flexibility and additional deployment options, while also enabling them to reduce compute costs by moving applications out of the data center.

IaaS

Infrastructure as a Service, or IaaS, is a fundamental cloud service alongside Software as a Service and Platform as a Service, which encompasses the provision of virtualized computing resources which are remotely accessed through the internet. The resources are deployed and managed by cloud service providers.

NFV/VNF

Network Function Virtualization (NFV) and Virtualized Network Functions (VNF) refer to the decoupling of network functions from proprietary hardware appliances (routers, firewalls, VPN terminators, SD-WAN, etc.). VNFs deliver equivalent network functionality without the need for specialized hardware. VNFs offer the distinct advantage of on-demand deployment and flexibility in hardware options.

Orchestration and Orchestrators

SD-WAN orchestration is a centralized administrative service model that provides secure, (ideally) cloud-delivered WAN control and management. It automates network admin functions to streamline and simplify the management of distributed network operations. SD-WAN delivered “as a service” enables managed service providers and enterprises to access an orchestrator from a protected web service portal, in order to centrally manage and monitor SD-WAN branch (edge) deployments based on business policies.

SaaS

Software as a Service, or SaaS, is a centrally hosted application distributed by service providers over the internet for users to utilize on a subscription basis. Because it’s based in the cloud, users typically may access the application from anywhere, not solely through the corporate network. Examples include Concur, Workday, SAP, Salesforce and Google Apps.

SASE

Secure Access Service Edge (SASE) is an acronym coined by Gartner in 2019 and describes a new paradigm in wide area networking. SASE combines a suite of WAN technologies with cloud-native security functions such as secure web gateways, cloud access security broker, zero trust network access, and firewall-as-a-service as core abilities, with the ability to identify sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels. Since SASE, in many cases, utilizes SD-WAN, it is important to make the distinction between the two clear.

SDI

Software Defined Interconnect (SDI) makes it possible to securely incorporate SaaS/IaaS environments into the SD-WAN network and ensure QoE by routing cloud traffic via direct access through the geographically closest point of presence (POP). SDI helps businesses take advantage of multi-cloud environments securely, and it cost effectively helps them control compute costs by enabling cloud utilization.

SDN/SD-WAN

Software Defined Networking (SDN) or Software Defined Wide Area Networking (SD-WAN) centralizes and simplifies network management by separating the control plane from the data plane. Administrators and architects can use such software for network function configuration and management using centralized orchestration portals. This approach enables the business to augment MPLS networks with hybrid forms of connectivity, creating networks that are agile, dynamic and scalable, and providing visibility and control over cloud traffic and application quality of experience (QoE).

Layer Architecture

Overlay

Built on top of the physical infrastructure of a wide area network, an overlay network delivers virtualized network functions (VNFs).

Underlay

The underlay network refers to physical devices (such as MPLS) and connectivity (such the internet), and includes switches, routers and the like that form part of the network. Routing protocols are used to determine IP connectivity for network components in your underlay.

Control Plane/ Data Plane

Many definitions of SD-WAN state that SD-WAN separates the control plane from the data plane. But what are those? The control plane contains the functions that determine which path, or link, to send a data packet to. The data plane contains the functions that actually forward data packets based on the control plane’s “instructions”. In other words, the control plane tells the data plane what to do with data. The controller in a software-defined network performs these functions for the entire WAN network, providing physical or virtual device management for all sites or “edges” on the network.

Security

Firewall

A firewall is a network security function that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. A firewall’s main purpose is to allow compliant traffic in and to keep dangerous traffic out.

FWaaS

Firewall as a Service (FWaaS) takes the functionality of firewalls into the cloud, away from the traditional network perimeter. As a cloud-delivered capability, it provides a number of benefits:

NGFW

A Next Generation Firewall (NGFW) builds upon the capabilities of a stateful network firewall. A stateful firewall is a network security device that filters incoming and outgoing network traffic based upon Internet Protocol (IP) port and IP addresses. By intelligently inspecting the payload of some packets, new connection requests can be associated with existing legitimate connections. A next generation firewall adds additional features such as application control, integrated intrusion prevention (IPS) and often more advanced threat prevention capabilities, like sandboxing.

Security Posture

A security posture is an organization’s cybersecurity strength and its ability to deal with constantly evolving threat, whether predicting them, preventing them or responding to them. Think of a vendor’s “security posture” as a (technical) summary of their security philosophy.

WSG

A Web-Secure Gateway (WSG) protects an organization from online security threats and viruses by enforcing company policy and filtering Internet-bound traffic. A secure web gateway is a cloud-delivered network security service. Sitting between users and the Internet, secure web gateways provide advanced network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible.

ZBF

A Zone-Based Firewall is one that centralizes and automates security. Specifically, it applies security policies at a highly granular and regimented level, is application-aware, and can integrate with your WSG. A good ZBF can do all this at the session level, letting you apply permissions based on topology and application-driven zones and offering the unique capability to backhaul traffic over the data center if the network team determines some traffic requires filtering using the main internet edge firewalls.