 Tom here from Lauren systems and we're gonna talk about SD WAN and the context of which we're gonna talk about it is dealing with WAN Failover and bandwidth aggregation. This is not something Achieved on its own by having two different internet providers connected to a singular firewall Unless there's an SD WAN solution and it's some complexities of how that works And I wanted to make this video to explain how to solve that problem and how SD WAN kind of integrates into that And I say SD WAN which is a little bit to me buzzwordy But SD WAN is a blanket applied to a lot of different things So it says zero tier is an SD WAN solution done a video on it I'll leave a link below tail scales kind of an SD WAN VPN replacement solution very similar to zero tier And I've reviewed that I've compared the two products I've also talked about Nebula once again, they're different ways of solving things and They kind of fall into the softer to find wide area network type of Systems software overlays that go over the top of your existing network But there's another type again, and that is where SD WAN Solves the problem of having seamless failover bandwidth aggregation and possibly application control and balancing across multiple ISPs This is not achieved by the firewall by itself but along with coordination software and some cloud servers essentially to help coordinate all of this and that's kind of I wanted to talk about because this is a Problem that a lot of people are presented with and thinking that just having simply two internet providers will give them the redundancy They need but it's not quite as seamless as many people hope They don't worry their solutions But we're keeping this very vendor agnostic because I want to really just explain the methodologies by which these tools work to give a Good understanding Now before we dive into this if you'd like to learn more about me my company head over to Lawrence systems comm if you Like to hire sure project There's a hires button right at the top which includes of course network engineering consulting If you want to support this a channel in other ways There's affiliate links down below to get your deals and discounts on products and services. We talk about on this channel And I happen to be wearing an IT Pro TV shirt today. I do recommend their services and yes They're an affiliate There's a link to blow if you want to get it started with IT Pro TV if you're interested in signing up All right now let's dive into the topic now The first example I have here is your standard dual WAN ISP setup as in we have two connections from ISP 1 and ISP 2 So whoever your internet service writer is they provide you some equipment However, that connectivity whether it's fiber cable DSL or more recently starlink Whatever those connections are you have more than one of them because well internet is critical to many businesses and an Inconvenience even greatly to home users when something goes down internet's quite critical now When you have a connection going let's say from something like a computer and or a phone and it's going to go to the firewall whatever Policies that firewall does support will then say alright, which of these ISPs are we going to choose? So let's say ISP is your primary So we say all the connections should go through ISP 1 and if ISP 1 goes down then we will switch over to ISP 2 Why can't you just take and put both ISPs together and bond them together? So if each one's getting 100 mags each can't you get 200 mags or when it fails over can't we just send some packets to One in some packets to another and that's where the complexity start to come in of the way things Functionally have to work and we'll use VoIP as an example when you're on a call with VoIP It's going to create a session that session is going to go through the your firewall out to the ISP based on Whatever policies are at that time then go out to the internet and collect to the internet service You are using the problem becomes the server over here sees this public IP of your ISP And if this ISP goes down breaks connection gets severed We then have to switch over to here the act of doing that then the firewall says oh Here's the policy that says keep an eye on this if no traffic is going out of ISP 1 switch over to ISP 2 That happens relatively quick But the sessions that have been created these states that were created for that VoIP phone call are going to get dropped and Reestablished over on the other side Then often comes at the cost of losing that call or dropping it These are some of the problems with a lot of the way protocols were designed they're designed to work and Keep connections going but when those connections break they aren't quite seamless to start up on the other side now This varies with different things You know SSH and different management tools or other examples of ones that will break sessions when the public IP address changes And then some of the services that are online if they see the public IP address change Then you go you know what your IP change do you move? We're gonna have to re authenticate you re log you in this means when the internet goes down There is a time at which there needs to be allotted for switchover. So it's not seamless it doesn't instantly just use the other one and Bonding these things together and when I do speed tests, I've done this channel double wing, you know Network speed tests. These are often single sessions so when you do a speed test you have a connection between you and the speed test server is an easy example and Once again, we can send the speed test through ISP one or maybe we have a fire firewall policy rule It says send through ISP two Once again, you're not aggregating the bandwidth the single stream Will go through one or the other but can't Simultaneously go through both because of the way of the architecture of the way the data transfers these sessions can't exist in Two places at once you need something to orchestrate that we'll get to those slides ST Wean for how that works now you can at the firewall level Create policies provided your firewall supports this and say alright Maybe we want traffic for streaming services and media services to go out one ISP and we want to use the other ISP For our line of business application So we have the least amount of latency and we want the fastest connections and priority given to The traffic that's going to go to our line of business applications These are things that the firewall can't accomplish and can do and in the event and provide the fire walk We program to do this fail over to the other one. That's a different connection But once again back to that thing I said those sessions may break and have to restart again There and this may also include even VPN and other services that you have going when the public IP Adjusts switches things may fail now. This is where ST. WAN comes in to solve this problem in the ST WAN world we have your Sessions going we have the firewall and then we have the firewall and or STN device And I see and or because the ST WAN may be integrated to the firewall Some firewall companies offer it as an integration But there's always two pieces to an SD when integration if it's a separate firewall separate ST WAN or Combination of the two is not completely relevant But what occurs is the firewall is going to see from the firewall function of it a Connection to the ST WAN device the ST WAN device whether it's built-in firewall or not It's going to see these two separate internet service providers and it's going to merge them together Now from the perspective of some internet service you're using over here It sees the connection coming from the SD WAN providers data center Or if you've set this up yourself the virtual private server that happens to be running the endpoint for the ST WAN the aggregation of this the transport being Immune so to speak to the public IP changes or anything that goes on with ISP one and ISP two the SD WAN here It's talking to the SD WAN system here and creating a tunnel essentially and this might show it a little bit better Graphic here. So this as a service, which is going to be everything here This SD WAN service is essentially coordinating all this information So it can depending on which one you get like I said, I'm not here to endorse a specific product But talk about the functionality of the system The SD WAN service can look at whichever way is the best path to get that data And when you have ISP one and ISP two is going to take these and bring it over to their data center Now the service sees a single IP coming from here So essentially your public IP has moved to wherever the out is for the ST WAN service So the in being essentially tied to the firewall could even be its own Private IPs all internal here because the firewall no longer has a direct WAN address And then the ST WAN service talks to the two different ISPs or more You could even have more ISPs in here You create a series of policies depending on the service of how you want them prioritized together or working together And because these can act as a data planning The SD WAN is going to say send some packets over ISP one send some over ISP two and provided the latency is Reasonable on two of these is an important factor to get this to work We can aggregate the bandwidth provided the latency is the same if the latency is not the same and Well, then that creates a different problem because if the latency is very off on one of the ISPs The packets won't arrive in the right order They have to be assembled in the right order for all the data to get there If not your voice when it traveled across here wouldn't go properly now depending on the strategies they use for this This also will create a seamless failover because if the ST WAN provider realizes that ISP two has failed Or is in some type of failed state where they're losing packets They can reduce the number of packets and move them over to here But because the service always comes out of the ST WAN data center provided the SD WAN data centers Not where any of these problems are which these SD WAN providers have redundancies upon redundancies to help provide and mitigate against this as a problem When you go from the some internet service all the way back to the endpoints that are behind the firewall Everything seems very very seamless Which of course is the goal of these SD WAN products to Friday seamless failover and Transparent whether one ISP goes out or not. No users are angry. No phone calls got dropped services weren't disrupted Other advantages of some of these SD WAN tools is the ability to prioritize applications But of course you can also go back to the firewall and look at firewalls that have that feature and do Prioritization of your line of business applications to go over a certain connection These are something that a lot of higher-end advanced firewalls do offer But SD WAN obviously goes that step further. Now, should you get it? Well, there's a couple considerations here What does your budget allow will this work for you and the way you want to do things do these extra costs justify the Extra conveniences that come with them. These are all just determining factors And I as I said before I'm not pointing at any particular vendor The goal of this is just to kind of throw it out there and make people aware of how these systems work And how just having two ISPs does not give you seamless Failover because that's sometimes a call that comes in a lot to us is hey We'd like this to fail over better faster and obviously there's tuning strategies for how you fail things over inside of a firewall But they're still not going to be as seamless as a SD WAN solution Now finally, what about if you wanted to play with this yourself with some type of open-source solution around it There's actually one out there. I found I've not used it But I thought hey, why not you know turn a few people on to it in case they're Interested in building this themselves because it's a great network engineering thing to dive into this and understand how it works It actually starts right here with the Linux kernel multi-path TCP project So this is the multi-path TCP is an effort towards enabling simultaneous use of several IP address interfaces by the modification of TCP That presents a regular TCP interface to applications while in fact spreading data across several sub blows That's the longer version of SD WAN solution for failover. No, this is built into the Linux kernels This is not a brand-new started yesterday projects actually been around for a little while and there is also this project as I said, I don't have any videos or Currently plan to do any on how to use this but they've got some decent documentation here to kind of get you started looking through it and I thought it was kind of neat it Unfortunately doesn't work with any of the firewalls I've talked about it's kind of specifically built into the open WRT project, but either way it's actually they give you some tools to get started a matter of fact if you go over to the download section They have the ability to build this on a couple different platforms such as the banana pies and Espresso bin nano pie raspberry pies and a few others including support for Linksys edge router X and Some x86 images and part of the thing that's important when you're looking at this And this is the way this works is we have the open MP TCP router So there's that component of it then you have your two different internet connections And then you have your virtual private server in a cloud just like I talked about in the SD WAN example this is where your public IP address comes from and so all the bonding you do here aggregates those together and Yeah, it's a good way I think to dive into this and learn but like I said I it's right now not on my path in case people are wondering if There's gonna be a video from it on me not right now It's more of a hobby project But I think this is still cool network engineering to play with and do some testing to really dive into how this works I'll also mention if you want to play with it again in zero tier because I've done several videos on zero tier solution We really like a zero tier also has some bonding things that can be done within their tool itself to tie it together Now I know I said I'm not endorsing any commercial products But it's wanted to mention because one their documentation kind of breaks down different strategies of how these failovers work Back to the network engineering side because a lot of this is open source and things you can play with That's kind of fun Just go in here and kind of get a better understanding and of course wear these fault tolerance fully tolerant versus brief interruption of The different strategies that can be used Now hopefully this clears up some of the confusion around failover and ST WAN and if you're interested I said that tool I left to link to I'm not planning on doing a video on it But hey It looks pretty cool If you want to dive into the nuts and bolts of how to build an ST WAN solution and there are solutions built on that multi path TCP but they're often sold and packaged as a greater service by some of the ST WAN providers And I didn't really want to throw an endorsement to any particular ST WAN fighter because there's not one in particular at all that I don't like or do like they just kind of are things we run into that some of the Unmanaged clients that we've worked with on projects have had and they're using it So I wanted to make people aware of how the functionality is to this because that is where the often confusion comes in is thinking that You can just grab more than one internet connection and aggregate them together easily It's a little bit more complicated than that But understanding the complexities is the first step to kind of figuring out a solution for them But thank you for joining and leave links below if you have some favorite ST WAN solutions or something Maybe you want me to check out. Also, this will be posted in my forums where we can have a more in-depth discussion on this topic All right, and thanks And thank you for making it to the end of this video if you enjoyed this content Please give it a thumbs up if you like to see more content from this channel Hit the subscribe button and the bell icon to hire a sure project head over to Lawrence systems calm and click on the Hire us button right at the top to help this channel out in other ways There's a join button here for YouTube and a patreon page where your support is greatly appreciated For deals discounts and offers check out our affiliate links in the descriptions of all of our videos including a link to our shirt store We have a wide variety of shirts and new designs come out. Well, randomly, so check back frequently And finally our forums forums at Lawrence systems commas where you can have a more in-depth discussion about this video and other tech Topics covered on this channel Thank you again, and we look forward to hearing from you in the meantime check out some of our other videos