Usage scenarios of Application-aware Networking (APN) for SD-WAN

As more and more applications are moved to the cloud, the traditional WAN architecture starts facing challenges. Software-defined Wide Area Network (SD-WAN) provides a cloud-friendly way of interconnecting branch offices and applications in the cloud over any combination of transport services such as MPLS and 4G LTE, which is able to optimising application performance with low costs. Application-aware Networking (APN) is introduced in and . APN conveys application-aware information (i.e. APN attribute) along data packets traversing across the APN domain and facilitate fine-granularity network service provisioning and guarantee their SLA requirements. The ever-emerging network services such as network slicing and IOAM can be further enhanced with APN. This document describes the usage scenarios of APN for SD-WAN.

In large-scale networks, SD-WAN needs to classify traffic by application, user, and destination address, and impose different policies to meet diverse application needs. This is usually classified according to 5-tuple, because different users and applications are discrete in IP address and TCP/UDP port, the configuration work is heavy, and it is difficult to maintain. APN is a potential technology that can transform these discrete nonlinear information into linear information to simplify the complexity of policy matching. This section describes the scenarios that can use APN to meet the fine-granularity service operations in SD-WAN.

In CPE, different application groups are identified based on the existing information in the packet header, and APN attribute is added to the packets along with the tunnel encapsulation. Then the traffic flows can be steered into different WANs that can guarantee their corresponding SLA requirements.

+------+ +-----------+ +------+ | APP1 | /------| WAN1 |------\ | APP1 | +------+ / +-----------+ \ +------+ +------+ +-------+ +-----------+ +--------+ +------+ | APP2 |-----| CPE |------| WAN2 |------| CPE |-----| APP2 | +------+ +-------+ +-----------+ +--------+ +------+ +------+ \ +-----------+ / +------+ | APP3 | \------| WAN3 |------/ | APP3 | +------+ +-----------+ +------+

In the multi-cloud scenario, a CPE can be deployed by an enterprise as its gateway to access different clouds. In the CPE (e.g. an universial CPE, called uCPE), different application groups can be identified based on the existing information in the packet header, and APN attribute is added to the packets along with the tunnel encapsulation. The traffic flows are steered into the corresponding cloud where the application servers are running through the corresponding WANs.

+------+ +-----------+ +----------+ | APP1 | /---------| WAN1 |-----| Cloud1 | +------+ / +-----------+ +----------+ +------+ +--------+ +-----------+ +----------+ | APP2 |-----| CPE |-----| WAN2 |-----| Cloud2 | +------+ +--------+ +-----------+ +----------+ +------+ \ +-----------+ +----------+ | APP3 | \---------| WAN3 |-----| Cloud3 | +------+ +-----------+ +----------+

APN can faciliate the value-added service provisioning in SD-WAN, either at the CPE or the POP. At the CPE, network security and application acceleration services can be provided. With APN, certain malicious traffic can be identified and blocked, while the traffic that requires acceleration can be steered through the acceleration service. At the POP, value-added service can be provisioned for certain application groups according to the APN attribute carried in their packets.

+------------+ |POP(VAS/SFC)| +------------+ | +-----+ +------------+ +------------+ +------------+ +-----+ | APP |----|CPE(VAS/SFC)|-----| WAN |-----|CPE(VAS/SFC)|-----| APP | +-----+ +------------+ +------------+ +------------+ +-----+

In enterprise, usually important data is kept locally and it is preferred to be processed locally, while other data can be processed with the complex processing capabilities in the cloud. With APN, the traffic can be steered according to the localization characteristics of the data, either being processed locally or in the cloud.

+------+ +-------+ +------------+ +------------------+ | Data |-----| CPE |-----| WAN |-----| Cloud (Computing)| +------+ +-------+ +------------+ +------------------+ \ \ +---------------------------+ --- | Local DC (Data Processing)| +---------------------------+

By carrying the APN attribute (including APN ID and APN parameters) through data packets, i.e., the delivery of application-aware information and ensuring the security and reliability of application-aware information, the network senses the application groups' requirements and provides high-quality differentiated services according to the demand of the applications. And when the network transmits the data packets, it matches the network correspondence policy according to the APN attribute in the data packets and selects the corresponding SRv6 path to transmit the data packets (e.g., low latency path) to meet the SLA requirements and service chain in order to improve the service quality.

+------+ +-----------+ +------+ | APP1 | /-----| SRv6 path1|-----\ | APP1 | +------+ / +-----------+ \ +------+ +------+ +-------+ +-----------+ +--------+ +------+ | APP2 |---| CPE |----| SRv6 path2|---| CPE |---| APP2 | +------+ +-------+ +-----------+ +--------+ +------+ +------+ \ +-----------+ / +------+ | APP3 | \-----| SRv6 path3|-----/ | APP3 | +------+ +-----------+ +------+

SD-WAN needs to guarantee the experience of critical applications, and APNs can be used to carry application information to differentiate between different application traffic. At the same time, it is necessary to conduct end-to-end application-level network quality awareness to achieve closed-loop control of network quality. SD-WAN uses Overlay to establish connectivity, which enable flow classification with APN, and work with In-Flow OAM detection to identify critical applications from thousands of streams, thus simplifying network quality assurance technology complexity for critical applications.

By using APNs to identify services, SD-WAN can relate global policies to user service. This allows SD-WAN to automatically enforce performance goals and access security for users, regardless of their location. By identifying and sensing the service type, the global policy automatically selects a path for the service, such as Internet, to offload bandwidth-hungry services to the lower-cost Internet. Based on the global policy, rather than the network architecture, decisions can be made on how to isolate between endpoints, applications, and the cloud. Global policies also can be visualized and changed in real time to achieve sustainable trust as the network evolves.

Bandwidth resource scheduling needs to perceive bandwidth consumption from a high level rather than a fine-grained application perspective. Using APN, a group of applications with the same characteristics can be aggregated into an application group, which is convenient to analyze the bandwidth resource occupation of the application group, so as to optimize network bandwidth utilization and application QoE.

With the digital transformation, the network infrastructure and cloud-based applications are emerging as an integrated service of network operators to provide a complete solution to customer. As an overlay technology, SD-WAN is able to simplify the network and make it more service-focused, which has become the de facto option for the Enterprise WAN Edge. SD-WAN enables the network service providers to reshape their network to provide more complex products to meet customers' various requirements. When SD-WAN is integrated with APN, service providers are able to provide network services together with cloud services in a fine-granularity SaaS-like model. The latest functionalities can be delivered via cloud. Customers benefit from the pay-for-use model in per application granularity and have the agility to adjust the level of functionality, capability, and capacity. According to the APN attribute carried by the packets, corresponding paths/WANs can be selected, the SLA can be guaranteed, and value-added services can be provisioned.

The security consideration can refer to .

There are no IANA considerations in this document.