Software Definded - Wide Area Network (SD-WAN) Services and their Implementation on an Open Source Linux Based Platform

Table of Contents

Chapter 1: Introduction

1.1 Thesis structure

Chapter 2: SD-WAN

2.1 General SD-WAN Architecture and Components

2.1.1 SD-WAN Edge

2.1.2 SD-WAN Controller

2.1.3 Service Orchestrator

2.2 Benefits of using SD-WAN

2.2.1 Overlay Networks

2.2.2 Hybrid WAN

2.2.3 Dynamic Path Selection and Increased Bandwidth

2.2.4 Zero Touch Provisioning

2.2.5 Easy access to the Cloud

2.2.6 Security

2.2.7 Per Application Routing

2.3 SD-WAN Architecture Types

2.3.1 On-Prem-Only

2.3.2 Cloud-Enabled

2.3.3 Cloud-Enabled plus Backbone

2.4 SD-WAN Deployment Models

Chapter 3: Used Technologies

3.1 gRPC

3.2 VxLAN

3.3 VRF-lite

3.4 STUN

3.5 Etherws

Chapter 4: EveryWAN

4.1 EveryWAN Architecture

4.2 EveryWAN Services

4.3 EveryEdge

4.4 EveryController

4.5 EveryGUI

4.6 Authentication and Registration Procedure

4.7 Tenant Management

4.8 EveryEdge Management

4.9 Overlay Management

Chapter 5: Southbound

5.1 VxLAN Implementation in Linux

5.2 VRF Implementation in Linux

5.3 Southbound API

5.3.1 Device API

5.3.2 Configuration API

5.4 NAT traversal with VxLAN

5.5 Management Tunnels

Chapter 6: Northbound

6.1 Northbound API

6.1.1 Edge API

6.1.2 Overlay API

6.1.3 Tenant API

6.2 Create Overlay Algorithm

6.3 Remove Overlay Algorithm

6.4 Generic Resource Manager

Chapter 7: Persistence with MongoDB

7.1 Tenants

7.2 Devices

7.3 Overlays

7.4 Configuration

Chapter 8: Emulation Environment and Demo

8.1 Emulation Environment

8.1.1 Open and NATed Access

8.2 Emulated Network Topology

8.3 Demo

Chapter 9: Conclusion and Future Work

9.1 Future Improvements

Research Objectives and Core Topics

The primary goal of this thesis is to design and implement a high-level, open-source SD-WAN solution called "EveryWAN," which utilizes concepts of network slicing and overlays to provide end-to-end connectivity and service management for enterprises, addressing the limitations of traditional, monolithic networking hardware.

• Design of an open-source SD-WAN architecture based on SDN and NFV principles.
• Implementation of the "EveryEdge" vCPE and "EveryController" for automated orchestration and Zero Touch Provisioning (ZTP).
• Utilization of VxLAN and VRF-lite for traffic isolation and overlay networking.
• Development of Southbound and Northbound APIs using gRPC for robust communication and control.
• Persistence of network configurations via a MongoDB database.
• Validation of the system through a Mininet-based emulated network environment.

Excerpt from the Book

Summary of Chapters

Chapter 1: Introduction: Outlines the limitations of traditional WAN models and introduces the development of the open-source SD-WAN solution, EveryWAN.

Chapter 2: SD-WAN: Describes the general SD-WAN architecture, key components, benefits such as overlay networks and hybrid WAN, and various deployment models.

Chapter 3: Used Technologies: Provides an overview of open-source technologies utilized in the project, including gRPC, VxLAN, VRF-lite, STUN, and Etherws.

Chapter 4: EveryWAN: Details the EveryWAN architecture, the roles of EveryEdge and EveryController, and processes for authentication, registration, and management.

Chapter 5: Southbound: Explains the technical implementation of VxLAN and VRF in Linux and the Southbound API for device-level configuration and NAT traversal.

Chapter 6: Northbound: Describes the Northbound API exposed to applications, overlay creation/removal algorithms, and the resource manager.

Chapter 7: Persistence with MongoDB: Discusses how network configuration and status data are stored in MongoDB collections.

Chapter 8: Emulation Environment and Demo: Details the Mininet emulated topology used to test and demonstrate the EveryWAN solution functionalities.

Chapter 9: Conclusion and Future Work: Summarizes the thesis findings and suggests future improvements, such as adding IPsec support and intelligent hybrid WAN features.

Keywords

SD-WAN, EveryWAN, EveryEdge, EveryController, SDN, NFV, VxLAN, VRF-lite, gRPC, Overlay Networks, Zero Touch Provisioning, Network Slicing, Mininet, MongoDB, Southbound API, Northbound API

Frequently Asked Questions

What is the core focus of this research?

The research focuses on the design and implementation of an open-source Software-Defined Wide Area Network (SD-WAN) solution, named EveryWAN, intended to simplify network management and reduce capital and operational expenses for enterprises.

What are the primary components of the EveryWAN architecture?

The architecture consists of the EveryEdge (a vCPE border router), the EveryController (the SDN controller and orchestrator), the EveryGUI (for user management), a MongoDB database for persistence, and a STUN server for NAT/firewall discovery.

What is the main goal or research question?

The primary goal is to provide a complete, open-source SD-WAN platform that exploits Network Slicing and Overlay concepts, allowing companies to interconnect branch sites over multiple underlying network types while ensuring service isolation.

Which technologies are used for implementation?

The solution relies on the Linux platform, using VxLAN for tunnels, VRF-lite for routing table isolation, gRPC for API communication, Python for scripting, and Mininet for network emulation.

What does the main body of the work cover?

The main body covers the architectural design, the technical implementation of the Southbound and Northbound APIs, the algorithms for overlay management, and the specifics of the data persistence layer using MongoDB.

Which keywords characterize this work?

The work is characterized by terms such as SD-WAN, EveryWAN, SDN/NFV, VxLAN, gRPC, Zero Touch Provisioning (ZTP), and network orchestration.

How does EveryWAN handle NAT traversal?

EveryWAN uses STUN to detect NAT types and employs port-forwarding with VxLAN tunnels to ensure connectivity for management and data planes, even when devices are located behind restrictive NAT/firewalls.

Why are VRF-lite and VxLAN essential to this solution?

VxLAN provides the ability to create dynamic overlay networks on existing infrastructure, while VRF-lite enables traffic isolation at Layer 3, allowing different services to share the same physical connectivity without compromising security.