SD WAN Solutions

Started by routerdork, August 22, 2016, 10:02:43 AM

Previous topic - Next topic

routerdork

So I've been absent from here for a bit. I got a new job a month ago. Former employer that had no upward mobility 8 years ago, cleaned house and is bringing network support in house for the first time ever. I'm the first engineer on board with two network admins that handle the servers with maybe more engineers later on. Gets me back home too, I'm moving back to Oregon this week and couldn't be happier  :joy: :excited: :pub:

Anyways I've had to do some research into SD WAN at a previous place so I've got some exposure to it. Right now looking through vendors, doing demos, etc. We have about 130 sites and growing. Management is sure they want some sort of SD WAN solution. Problem I have is most of them are young unproven companies. I've looked at Silver Peak, Versa, Riverbed, waiting on a demo with Talari. I've started working on an IWAN lab to look into it. Anyone else doing the same or already done it?
"The thing about quotes on the internet is that you cannot confirm their validity." -Abraham Lincoln

deanwebb

We did a look at those vendors, I think we settled on Riverbed.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

mmcgurty

Currently involved in Phase 1 of a POC with Cisco IWAN using APIC-EM and Cisco Prime/LiveAction.  Phase 2 would add WAAS.  About to also POC Riverbed.  We spoke with Talari and Fatpipe before deciding to POC Riverbed.  We should be getting our Riverbed POC hardware tomorrow but I won't be able to see until later in the week nor have we come up with a network digram of where everything should be placed yet.  So it might be next week before I can speak more about it.

routerdork

Quote from: mmcgurty on August 22, 2016, 01:09:42 PM
Currently involved in Phase 1 of a POC with Cisco IWAN using APIC-EM and Cisco Prime/LiveAction.  Phase 2 would add WAAS.  About to also POC Riverbed.  We spoke with Talari and Fatpipe before deciding to POC Riverbed.  We should be getting our Riverbed POC hardware tomorrow but I won't be able to see until later in the week nor have we come up with a network digram of where everything should be placed yet.  So it might be next week before I can speak more about it.
How are you liking IWAN? I hear so many negative things about how long it takes to configure but once you do it seems to be cookie cutter. Did you not like Talari?
"The thing about quotes on the internet is that you cannot confirm their validity." -Abraham Lincoln

mmcgurty

Quote from: routerdork on August 22, 2016, 03:03:04 PM
Quote from: mmcgurty on August 22, 2016, 01:09:42 PM
Currently involved in Phase 1 of a POC with Cisco IWAN using APIC-EM and Cisco Prime/LiveAction.  Phase 2 would add WAAS.  About to also POC Riverbed.  We spoke with Talari and Fatpipe before deciding to POC Riverbed.  We should be getting our Riverbed POC hardware tomorrow but I won't be able to see until later in the week nor have we come up with a network digram of where everything should be placed yet.  So it might be next week before I can speak more about it.
How are you liking IWAN? I hear so many negative things about how long it takes to configure but once you do it seems to be cookie cutter. Did you not like Talari?

Cisco IWAN hasn't gone very smoothly.  We were able to get the POC equipment in the data center configured in about a day and then it was supposed to be an afternoon to a day at most to setup the labs.  We are on like week three (maybe four, I gave up keeping track).  One of the main things is Zero Touch Provisioning didn't work out of the box, then the BU flew someone in and they wiped and reinstalled APIC-EM, then it worked once and then couldn't be recreated.  I think we have figured that out now.  It seems really cobbled together from what I have seen where other vendors have a holistic product, Cisco is trying to shim a bunch of existing things together.

We talked to Talari and we learned from another retailer at Cisco Live that they were POC'ing Talari, but they spent an hour showing us slides and we never really got a good feel for the product or where they were at on the call.  I think Riverbed is where other members really wanted to go anyway but I would have liked to talk to Viptella as well.  From what I have been told in Podcasts and from others personally, Viptella is a pretty cool product.

routerdork

Interesting. We talked to Riverbed and thought they were way to young. The product they showed us last week was acquired earlier this year.

IWAN makes sense for us because we already have two routers at each location  (MPLS & DMVPN). Cisco is supposed to be getting us some demo gear in a couple weeks. I'm hoping to get a working config using the CSR1000V before that though. If I can get it working we have a site going live at the end of the month that I have proposed using it on.

Versa is being pitched to us by two different companies we do business with, one as a manage service and the other as a managed service with us having access. So we are looking at them on our own as well.

Talari meeting is in an hour so I'll know more about them soon but I keep reading that they are the only proven name with over 100 site deployments.
"The thing about quotes on the internet is that you cannot confirm their validity." -Abraham Lincoln

routerdork

Quote from: deanwebb on August 22, 2016, 11:15:50 AM
We did a look at those vendors, I think we settled on Riverbed.
Do you know what product you guys got? We weren't very impressed with them. Especially when they laughed at being priced higher than Cisco for WAN Op.
"The thing about quotes on the internet is that you cannot confirm their validity." -Abraham Lincoln

icecream-guy

my experience with Riverbed a few years ago that it was mainly best at getting better throughput for larger files.
:professorcat:

My Moral Fibers have been cut.

wintermute000

#8
I've just been talking to our local Viptella SE and if what he says is true (heck, if 80% is true) it wipes IWAN off the map - one overlay, true service chaining, seamless integration with zscaler for local internet egress, VRF aware, no certs to manage but can still revoke keys. Basically, keep everything you liked about DMVPN, now eliminate everything you hated, and add all the stuff IWAN can't do (service chaining, smart local egress etc.) Quite keen to take a closer look.

Working for a Cisco partner, I have no doubts I'll be shoved onto an IWAN deployment at some stage so I'll deal with it when it comes. I've spent enough time driving APIC-EM labs to be pretty clued into what it looks like. There are so many questions re: brownfields. How did you guys choose to deploy (presumably brownfields) and any findings? All I can get from Cisco is to use loopbacks for hub DMVPN source addresses (to maintain co-existence with the 'standard' WAN), but there's still so many questions when you get into the details, like 'er so how does the magic IWAN app migrate it from loopback to the real underlay addressing after all spokes are migrated'. But yeah its totally cobbled together, and speaking as someone with extensive certificate based DMVPN phase 3 battle scars, I don't think that's a good thing (now shove PfRv3 on top and a 'controller' that is a dumb orchestrator and BTW has no real support for any multi-tier CA architecture except making itself the root CA, though apparently, that's coming LOL).

Riverbed's stuff is very new and beta, I don't even think its properly released yet. Based on their heritage I wouldn't be expecting too many routing chops.


I can't  believe you guys are having issues with ZTP, that's like the most basic thing ever. I recall our local SEs demoing it at a partner session and the room full of VAR guys universally asking 'so how's this different from smartinstall / autoinstall' (hint: it ain't, except for the baked in hardware certs). Its like there's some conspiracy to keep guys from figuring out that hey, cisco stuff has been able to pull configs on boot for like, forever, just like config t revert has been around forever.

routerdork

I've been away for awhile.

At this point we have decided no to use IWAN. We are currently planning a PoC with Versa. I'm going to be doing an onsite hands session with them to go over design, operation, configuration, troubleshooting, etc. If things don't work out we discussed taking the time to do a full lab of IWAN. Also there is a book coming out from Cisco Press on IWAN next month. I pre-ordered figuring it can't hurt whether we use it or not.
"The thing about quotes on the internet is that you cannot confirm their validity." -Abraham Lincoln