SD-WAN in China: The use case for the Asian superpower
On the surface, the business case for SD-WAN is solid: your data and applications virtualized on a secure encrypted overlay, with public IP networks providing the underlay. Frictionless to set up? Fast to deploy? Flexible to upgrade? That’s the theory. But theory isn’t practice.
In reality, an effective SD-WAN rollout depends on a long list of technical decisions and optimizations—so anyone considering it needs to make sure every base is covered. The practicalities of peering, the continuity of connections, administrative hassles of staying within the law where you’re operating in a nation where “following the rules” is very, very important. All matter. Fortunately, there are ways to address each one.
One of today’s most instructive cases is China. A country where every growth-focussed enterprise needs to be—but a market (actually, many regional markets) where government policies and the nature of competition make a huge difference to how an SD-WAN performs.
In this blog, we’ll look at the special case of the Middle Kingdom—and how Expereo solves its challenges.
China: the rediscovered country
China is a “special” place. With a 3,000-year (some say 5,000) history, its norms, rules, and beliefs are very different to those in the West. With all the challenges that implies for market entrants.
It’s developing at breakneck speed—yet the benefits are unevenly spread, concentrated on the coasts. And while its people are among the most connected in the world, their experience of sites and apps can vary wildly from one province to another.
It’s a place where octogenarian grandmothers buy noodles with their phone, and hipsters sell lipstick in conversational channels that encompass media, productivity, and e-commerce too. (WeChat and Weibo, each used by 500m+ people, look like all-in-one super-apps that combine services similar to YouTube, Instagram, WhatsApp, and Facebook.)
Yet it’s also a place where national carriers rarely play well together, content is policed and penaltied, and a Great Firewall blocks access to many international websites. It adds up to a true witch’s brew for technical types. But not an insoluble one.
Broadly, the problems are fourfold: in-country peering, international bandwidth, local connectivity, and the Great Firewall itself.
The peering problem
Perhaps the biggest problem—outlined by Expereo’s Salim Khouri (Director of Global Solutions Engineering) in a webinar—is peering. Or rather the lack of it.
In much of the West, peering is something many customers barely think about. Telcos, datacenters, and T1 ISPs peer without argument, thanks to long-established contract models with names like settlement-free and sender-keeps-all. In the PRC, the picture is very different. There’s no cultural precedent for carriers to peer freely for the greater good—and many do not.
China Telecom and China Unicom—the country’s terrestrial carriers—aren’t best buddies when it comes to peering. Even between major cities, the resources for traffic handoffs at switching hubs can be extremely tight. A customer in Beijing can enjoy tremendous bandwidth with his office in Shanghai … if his business internet is with China Telecom, and his traffic travels on CT’s infrastructure all the way. If the routing includes a single POP of Unicom? Prepare for a massive drop in the performance stats.
Like so many things in China, it’s a conundrum: in one of the world’s most connected countries, actual network performance can be deeply subpar.
(This isn’t solely a China problem, of course. Old-timers in networking will recognize it and groan. In the 80s USA, AT&T exerted such a stranglehold over its network that regulators broke it up—but when the Internet arrived a decade later, the “Baby Bells” proved little different to Ma Bell, employing more lawyers than engineers. To this day, America’s mobile market remains deeply fragmented, leading to high prices for consumers. While across Europe, internet connectivity across the EU often seems far from a borderless marketplace.)
Of course this isn’t a problem for traditional MPLS, whose whole reason for being was to replicate a circuit-switched model in an IP world with no surprises in the routing table. But for anyone switching to SD-WAN for their China ops, this lack of consistent underlay is the first and biggest problem.
More on how Expereo solves it later. Next: crossing borders.
From internal to international
In-country peering is a hurdle, thanks to a paucity of agreements between China’s carriers. As you’d expect, international peering has the same problem, magnified.
China’s Big Three—China Telecom, China Unicom, and China Mobile—have immense cultural differences: one an old-school telco, one a deliberate challenger, and one born of waves not wires, despite all three being State-owned companies. So for effective peering to another country—even one with a similar culture and regional proximity, like Singapore—all three need to have separate yet equivalent agreements with a Lion City provider, like SingTel.
At present such arrangements are rare. (An actual statistic from Salim KhoriKhouri: the dropped packet rate in this Shanghai-to-Singapore situation is over 25%, with latency typically around 450ms.)
Again, there’s a way to improve matters. But before that: let’s look at local connectivity.
Continuing with connectivity
Adding to the stack are issues in the local loop. Perversely, it’s an outcome of China’s economic development. There are simply so many local connections, increasingly using high-bandwidth apps like video, that the shared internet underlay suffers from bandwidth congestion.
And demand is lopsided. With huge volumes of data exchanged between mobile devices, but with that data passing through hubs connected by glass in the ground, China’s usage stats vary wildly from city to city and time of day. All with the potential to make SD-WAN reliability even worse. There’s an upside, though—the local loop is improving rapidly, thanks to massive investment by these SOCs. (State-owned Companies.) China’s providers understand this market well. And Expereo’s solution makes use of this.
But before laying out that solution, let’s look at our last—and, surprisingly, lowest—hurdle.
The Great Firewall
Many people believe the government is the main obstacle to connecting in China. Actually, China’s national content-blocking infrastructure—known the the “Great Firewall”—is the smallest of these Big Four problems.
It may conjure up images of brave warriors defending the border against invaders from the barbaric North—but this 21st-century wall isn’t a monolithic structure built by insightful emperors. (Actually, nor was the Great Wall itself, but let’s not get into that here.)
The truth is a lot less colourful: Beijing simply wants to restrict access to websites it doesn’t like. All telecoms providers—State-owned or indie ISP—must comply with a list it publishes, under pain of, well, pain. There’s no point in getting political; China has a walled-garden Internet, and that’s simply the situation. Accept reality.
But while this means Chinese citizens can’t access Google or Facebook—indeed, few Chinese have even heard of them—enterprise applications and databases, information within a business, will rarely have problems. The Great Firewall is largely about control over consumer information sources, not business ones. A foreign enterprise using SD-WAN to connect its Shenzhen outpost with its head office in Sydney will rarely find the Great Firewall troublesome.
So: problems big and small. Now let’s see Expereo’s solution to all this.
China resolved: DIA with owned hubs and Chinese local loop
It’s called China Premium. And it’s working for several customers in the PRC already, providing DIA with reliable bandwidth and uptime without the peaks and troughs of peering issues. How?
It starts with owned hubs. With China Premium underlaying your SD-WAN overlay, your traffic is routed through Expereo POPs at our own hubs. Of course, all our hubs peer effectively with each other. Which leaps the biggest hurdle of problematic peering.
But this solution can’t exist in a vacuum. So the local loop is provided by China’s State providers, China Telecom and China Unicom, doing what they do most effectively: providing bandwidth to devices on their network. (Including devices on your SD-WAN.)
Each local loop, however—while compliant with the Great Firewall—terminates at a China Premium hub, providing dedicated connectivity both within and beyond China. And customer access? It’s DIA: Dedicated Internet Access, with all the service quality and guarantees that implies. It’s the best of both worlds.
And the performance stats confirm it. Remember that 450ms of latency and 25% packet drop rate above? Our Shanghai customers now enjoy China Premium in that precise situation, Shanghai and Singapore. Its latency is nearly six times lower, at 80ms. And the packet drop? Zero.
CONCLUSION: Great overlay needs great underlay
China Premium solves these great problems in the greatest of ways, combining local expertise with international experience. In a way, that’s what Expereo’s famous for. And it means a true performance-par (and performance-beating) MPLS replacement within China is now possible for any enterprise operating in the Middle Kingdom.
With China Premium, Expereo once again shows effective SD-WAN is all about the underlay. And we’d like to demonstrate that underlay to you. For more information, click below on the contact us button.