Communicate with us

Application-Aware Routing related to SD-WAN

Dec 11, 2018

Application-Aware RoutingApplication-Aware Routing is a change to the way we think about how data packets should be routed through an IP network and is closely related to SD-WAN, Policy-based routing and the use of SLA’s – Service Level Agreements.

Ever since the beginning of the Internet, sending information between two Internet points has been done by breaking the information down into packets and adding some header information used by the network to deliver the packets to their destination. The delivery method for each packet has come to be known as “best effort”, i.e., there is no guarantee that the network will actually deliver the packet to its destination, nor of the time it will take to do so. In order to improve the service, an information field was later added to the packet header that informed networks of their obligation to transport the packet. That is to say, the network has to provide preferential treatment of some packets over others, with the operator committed to providing different levels of QoS.

This model is still valid for current IP networks. Routers that make up the core of the network continue to work with individual packets, regardless of the information contained therein, and only in special networks (such as MPLS) do you have the mechanisms mentioned above for prioritizing traffic – i.e., allocating more network resources to some packets versus others while meeting quality criteria in the form of available bandwidth, delay, etc. These networks clearly imply a higher cost for the customer.

Application-aware routing: A change of approach

With Application-Aware Routing, the concept of data streams outweighs the IP packet. The IP network administrator can think about the data streams of a software application, for example Office365, as subject to a particular routing policy and different to those of other applications, for example Facebook. This new approach to routing allows giving routers the ability to identify, from examining data packets, the source customer software application responsible for sending traffic.

The identification process, however, is by no means trivial. A first step might be as simple as using the list of applications defined by IANA to detect applications by destination UDP/TCP port. This first step is not without its limitations however, as compliance with the IANA list cannot always be ensured and nowadays most target applications are HTTP/HTTPS and so use the same port (80 and 443). The only thing you would detect with this first step is that all web applications are the same.

To advance the identification process further, we need to use packet inspection techniques to inspect the packets and extract information from them in order to identify them. When the packets are unencrypted, as is the case with HTTP, identifying them is easier since we can get all the packet information. The problem is that we are seeing more and more HTTPS, i.e., encrypted traffic. In these cases, we can obtain partial information by analyzing the TLS handshake. It’s partial because a TLS connection can have different applications travelling over it.

Thus, identifying applications is an open problem given to proprietary mechanisms. A more speculative step are the techniques based on heuristic methods: by learning recognizable patterns in streams, predictions can then be made as to the types of applications running within a network.

Application identification mechanisms usually reside in network access routers. This is because the application identification process incurs a high computational cost and the routers at the core of the network should offload this type of processing in order to limit themselves to routing tasks.

Application-aware routing and  SD-WAN

Application-Aware Routing is closely related to the concept of SD-WAN. In this technology, access routers form a VPN over different types of network (basically MPLS and Internet), access technologies (DSL, fiber, LTE, etc.,) and operators, so that from the user’s point of view, the deployed network is unique while hiding the complexity of the networks below. As access technology and network quality are not uniform, SD-WAN provides for periodic quality measurements of VPN links. Every identifiable application in the routers (Office365, GoToMeeting, Skype, etc.,) must carry network quality requirements known as SLAs – Service Level Agreements – to ensure that the applications running in customer software systems are functioning correctly. If the requirements are not met for a particular path in the VPN network, then the SD-WAN router chooses another path that meets the application’s quality requirements. And from that moment on, the application’s data streams are routed over the new path without the user noticing the change. In short, the goal is for each application to reach its destination over the highest quality path.

The application identification process can be combined with Policy-based Routing mechanisms to allow routing an application’s packets along SD-WAN paths that meet customer-based SLA criteria. Teldat is positioned as leading provider of SD-WAN in the global market. We put into practice these and many other SD-WAN solutions.

Related Posts 

SSL decryption: Safe communications

SSL decryption: Safe communications

In the immense digital world of today, information security has become a primary concern. Transferring data safely via the Internet is crucial in order to protect the confidentiality and integrity of sensitive information. A key tool for this is...

read more