SD-WAN management overview.

Managed Services and Technical Service Building Blocks.


The goal of the Expereo SD-WAN Service is to provide the next generation of connectivity for Business. Expereo offers different vendor implementations under the name Expereo SD-WAN Management

Expereo supports the following Vendor Solutions:

  • Cisco SD-WAN
    • Former Viptela
    • Legacy Cisco Intelligent WAN Design (IWAN) [legacy]
  • Silver Peak EdgeConnect
  • Velocloud

Even though the various Vendor solutions differ in their individual approach, they are similar
in many aspects.
The Expereo SD-WAN Management Service aims to provide the following key features:

  • Flexible and cost-effective
  • High Availability and Resiliency options
  • Best user experience and Application oriented performance,
  • Highest security standard
  • Highest Agility to adapt to fast-changing business needs and reporting

2. Expereo SD-WAN Managed Services Building Blocks

Expereo SD-WAN Management is a fully managed network service and provides end-to-end managed services supporting multiple SD-WAN technologies (Cisco, Silver Peak and VeloCloud), with complete lifecycle management – from Service Design, Service Transition, Service Activation to 24/7 helpdesk for Service Assurance.

Our managed SD-WAN services in a modular design, as an overlay network to Expereo managed Global Internet connectivity or as part of a Hybrid internet/MPLS WAN.

These are summarised in the building blocks below in this document:

SD-WAN Managed Services

2.1 Consult & Design

Expereo Consult & Design is a start for the SD-WAN engagement where we first understand your requirements and design a solution that fits. It includes the choice of appropriate Internet access connectivity, addressing any non-SD-WAN requirements, and accurately scaled SD-WAN equipment.

Expereo acts as your Global ISP, having built a complete overview of ‘best-fit’ internet connectivity for 190+ countries and for specific customer requirements based on multiple factors, strategic sourcing for the right supplier based on quality, last mile access methods, redundancy options and limitations, routing/peering options and limitations, and overall limitations of connectivity in certain geographies, to help you choose the best options.

Expereo has extensive experience for both SD-WAN and legacy DMVPN solutions integration.

2.2 Procurement & Logistics

With the surge in interest for SD WAN equipment, we have established the optimal sourcing strategy to ensure that delivery lead time is aligned with the project. Depending on geographies, this process can be a blend of regionalised and centralised procurement. As an example, Cisco equipment may be procured within emerging markets our supplier relations team will evaluate based on delivery lead time and cost.

It is important to note that SD-WAN equipment is not readily available in all countries. Expereo monitors the situation closely and can advise customers throughout the project management stage on current availability and expected timelines.

2.3 Install & Stage

Alongside our partnerships to provide Internet access in 190+ countries, Expereo maintains an extensive network of local system integrators and vendors (hands and feet locally) that enables us to install and stage SD-WAN equipment globally.

During the initial stage of an SD-WAN order, Project Manager should work with the customer to provide details of each site’s WAN and LAN design through an SD-WAN Questionnaire form. This form should be completed and returned to Expereo no later than five working days prior to the on-site installation of the SD-WAN device.

The supplier will hand over the Internet circuit’s information to Expereo after the installation of the NTU at the Customer site. Expereo onsite engineer proceeds to confirm circuit availability from service activation team. Expereo Service Activation engineer confirms circuit availability and prepares the initial configuration required for ‘Zero Touch Provisioning’ as per the Installation Guide for the field engineer as per the SD-WAN Questionnaire document. After staging configuration is ready, SDM will request with Customer for an on-site appointment, usually within the local office hours.

2.4 Configure & Integrate

The project management team will play a key role during this stage, as they will coordinate with Expereo engineering team who are equipped with skill sets across all supported SD-WAN technologies. Across these different technologies, our engineers will configure the agreed setup for each site, as well as integrate it into the overall agreed network design. It includes migration from legacy MPLS networks, coordination with Enterprise IT teams on project plans and timelines, the coordination of third parties, and more.

Based on customer requirement, the integration will be based on customer’s methodology. For standard practices, Expereo installs and implement SD-WAN solution when the Internet circuit is ready, followed by migration of customer’s existing LAN from MPLS to SD-WAN, then migration of MPLS circuit to be the second access underlay leg of SD-WAN. If the customer wants to start with MPLS, the pre-requisite will be that MPLS must have Internet breakout somewhere to facilitate Zero Touch Provisioning as well as Orchestration and Management.

It is common that Configure & Integrate is carried out at a later stage and not during the physical installation, to allow customer IT to prepare for the change. On some occasions, for example, when adding a new site to an existing network deployment, this step is completed together with Install & Stage.

The customer should arrange resources at each site, to connect existing LAN of each site to the new SD-WAN CPE from Expereo and to test the Intranet and Internet connectivity (UAT) before actual migration. Expereo will provide Customer with an engineer to be standby for remote assistance when each site is connected to Expereo SD-WAN network.

2.5 Incident Management (CPE)

Expereo provides full Incident Management for RMA on Expereo managed SD-WAN CPE. As outlined in Procurement & Logistics, Expereo recognises there is a limited SLA on RMA support globally. Therefore, Expereo proposes dual equipment (PRM) or cold standby based on the priorities of the site, and other factors applicable to specific geographies.

2.6 Incident Management (SD-WAN)

Expereo support engineers provide support and service assurance on the SD-WAN overlay network for all supported SD-WAN technologies. Expereo acts as a single point of contact to triage and investigate any SD-WAN incident reported by Enterprise IT. It includes Incident Management related connectivity issues in the network underlay issues.

2.7 Change Management

Based on our experience, changes occur most often in three areas of SD-WAN deployments:

  1. The physical layer – equipment changes, cabling changes,
  2. The overlay (SD-WAN design and policies), and;
  3. The underlay (WAN IP, BGP routing).

Throughout the service lifecycle, Expereo works together with the customer to develop and fine-tune change management scenarios that best fit the customer environment.

2.8 Network Management Services

It is very common for further network optimisations to be made as a customer’s SD-WAN environment matures. For example, when an application flow is moved from MPLS to Internet-based SD-WAN, reviews of application policies might be required. Alternatively, when the customer is opening a new data centre or cloud location, the existing internet routing/peering might need to change. Expereo carries out ongoing optimisation services to identify the most optimal solution to meet the enterprise requirements, supported by Xpertise – Professional services including project management and dedicated account management. Network management services also include 24/7/365 NOC and CSC support, backed up by a comprehensive customer portal for complete network management visibility.

2.9 Security

Securing SD-WAN overlay, local internet breakout and underlay access handoffs are already integrated into Expereo SD-WAN managed service suite. However, the scope does not include managed security for additional service handoff such as additional public IP subnets provisioned through the same underlay networks, meant for public hosting by the customer or zone-based security for granular control of traffic flow.

As an optional module, Expereo provides a comprehensive suite of on-premise and cloud-based security services for enterprises to securely operate SD-WAN and move to the cloud with confidence. For SD-WAN deployments, Expereo SecureXDN services deliver services including security infrastructure management for internet break-out services and firewall management, threat monitoring and response, and vulnerability lifecycle management.

3. Expereo SD-WAN Network Overview

3.1 High-Level Architecture

Figure 2: High-Level Architecture showcases the components in a typical SD-WAN deployment. It makes up of:

  • SD-WAN Management platform
  • ZTP*: Only minimal configuration of the global IP addresses on the SD-WAN CPE is required to form the connectivity to the SD-WAN Controller;
  • Management: Centralized portal to run and operate the SD-WAN controller and the SD-WAN CPEs.
  • Controller: Ease of operation to apply global traffic/application policies with a single click. Troubleshooting is also performed from the same platform;
  • Visualization: Provides real-time and historical data and other statistics of the GI circuits and the SD-WAN overlay network.
  • Underlay Transport/Handoff
    • Expereo SD-WAN network is transport independence and can run on any underlays, such as MPLS, Dedicated Internet or Broadband Internet access circuits.
  • SD-WAN Overlay/Handoff
    • Expereo proposes three SD-WAN resiliency models (refer to 4.2 Site Typologies) to fit the customer’s business continuity requirements and budget.
  • Customer Network
    • Expereo simplifies WAN and SD-WAN management by connecting the GI CPEs directly to Expereo managed SD-WAN CPEs. Customer has the flexibility to connect their local network to Expereo SD-WAN solution using switches, firewalls, IPS/IDS devices as they preferred.

3.2 Site Typologies

Sites can have flexible deployment profiles, with Expereo standard models such as:

  • Premium Resilient Model (PRM): Dual Access + Dual SD-WAN CPE
  • Standard Resilient Model (SRM): Dual Access + Single SD-WAN CPE
  • Non-Resilient Model (NRM): Single Access + Single SD-WAN CPE

Bespoke Resiliency Models (i.e. Multiple Access + Multiple SD-WAN CPE) are available per individual case basis.

4. Expereo SD-WAN Technical Service Building Blocks

4.1 Underlay Network

By the term Underlay Network, Expereo understands the access technology that is used at any Customer Location. In case of an Internet-only location, this will be provided by the Global Internet as a Service (GIaaS) Solution of Expereo.

The Expereo SD-WAN supports hybrid networking, this means that multiple Access Technologies can be utilized at the same time.

This creates an Access network technology independence, which offers a lower cost alternative (GIaaS) to the often premium-priced MPLS technology and can also facilitate replacing costly transport technologies.

The following Access technologies are currently supported:

  • (existing) MPLS / Metro Ethernet networks
  • Internet Access = Global Internet as a Service (GIaaS) Solution of Expereo

Note: The Internet service needs to be provided on an unfiltered publicly reachable fixed IP address.

Examples of transport independence can be seen in Figure 5: Hybrid and Figure 6: Dual Internet

Figure 5: Hybrid illustrates the connection model in a Hybrid solution, where the customer has Internet Access and MPLS on a site. Both Connections can be utilized at the same time by the SD-WAN Tunnels.

Figure 6: Dual Internet illustrates the connection model in a dual Internet solution (service provider independent), where the customer is provided with resilient Internet Access by Expereo. The SD-WAN Tunnels can apply path optimization and load balancing depending on the vendor solution.

4.2 Managed Edge Device

The XDN portfolio provides a Managed Edge device, that forms the demarcation point between Expereo and the customer. The same applies to the Expereo SD-WAN portfolio, where the SD-WAN functionality is being provided by the managed SD-WAN Edge device.

The Managed SD-WAN Edge functionality can be provided on either:

  • a physical device, residing on the customer premises (CPE)
  • a virtual device (Virtual Machine), residing on a Server in a customer data centre or at a private cloud location such as Amazon Web Services (AWS) or Microsoft Azure Cloud.
  • (future) a software-based virtual network function (VNF), which may run on a virtual CPE (vCPE) at the customer premises.

The Managed Edge Devices can also provide:

  • local Direct Internet Access/Breakout by Network Address Translation (NAT)
  • firewall capabilities

The LAN capabilities of the Managed Edge Devices, such as local routing or DHCP vary per vendor solution. All Edge Devices have a feature parity, independent of the location where they are installed, be it a remote Office, a data centre location, or a cloud location.

4.3 Overlay Network

The Overlay Network removes the complexity of the different Underlay Network technologies. The Expereo SD-WAN Service connects enterprise locations, branch offices, data centres and cloud locations independent of distance in a way that allows improving the agility and performance of the enterprise WAN.

The Expereo SD-WAN Solution offers

  • Secure transmission of all Enterprise traffic
  • Application-Driven Service Assurance
  • WAN Optimization

4.3.1 Secure Transmission of all Enterprise Traffics

Expereo SD-WAN uses the strongest available IPSEC encryption standards to securely transmit the traffic over the non-secure underlay networks. The Edge devices are hardened according to the industry standard specifications.

4.3.2 Application-Driven Service Assurance

Service assurance is a critical part of the Expereo SD-WAN managed services. QoS performance, e.g., packet loss and latency, is measured over each SD-WAN tunnel in real-time. These measurements determine whether a WAN meets the performance requirements of an application, resulting in application-driven performance assurance. If any WAN meets these criteria, the application can be forwarded, provided no pre-existing policy disallows transmission over a particular WAN, e.g., only use MPLS VPN and not Internet.

Customer specific policies can also be considered when making forwarding (or blocking) decisions for the SD-WAN tunnels over each WAN. Policies can be based on each application-level classification (up to OSI Layer 7), an application’s QoS, or application grouping, e.g., real-time media or conferencing application. Policy enforcement considers an application’s QoS performance requirements, or an organization’s security or business priority policy requirements.

For example, a QoS policy may be set so Skype for Business packets are forwarded over any WAN if its QoS performance requirements, e.g., latency and packet loss, are met, so users get an acceptable quality of Experience (QoE). A security policy may be set so Skype for Business packets are sent over the MPLS VPN and not the Internet. A business priority policy may also be set so credit card payment transactions are sent ahead of any Skype for Business packets.

4.3.3 WAN Optimization

WAN Optimization can seemingly increase WAN bandwidth and QoS performance and/or WAN latency depending on the implementation. This can be accomplished by the means of data deduplication, data compression/data caching to minimize the amount of data transmitted over the WAN.

Methods of protocol spoofing / local acknowledgements can overcome packet size limitations, and protocol waiting times, and therefore increase the throughput.

Forward error correction (FEC) compensates for WAN packet loss by sending duplicate packets over multiple WANs and then reassembles the packets in the correct sequence at the receiving end. FEC enables SD-WAN overlay tunnels to provide essentially zero packet loss, a low Jitter by using lower cost, higher packet loss Internet broadband underlay networks.

Since WAN optimization is not required at all SD-WAN sites, it is often delivered as a value-added service.

4.4 Service Orchestration and Customized Reporting

A key feature of the Expereo SD-WAN Service is the Service Orchestration. Because of the Service Orchestration, the whole infrastructure becomes agile and adaptable without compromising on configuration consistency and reliability.

The SD-WAN Orchestrator simplifies and automates tasks such as adding, changing and deleting SD-WAN services without disrupting the overall service.

It also provides physical and/or virtual device management for all SD-WAN Edges and SD-WAN Gateways associated. This includes, but is not limited to, configuration and activation, IP address management, and pushing down policies onto SD-WAN Edges.

The SD-WAN orchestrator maintains connections to all SD-WAN Edges and SD-WAN Gateways to identify the operational state of SD-WAN tunnels across different WANs and retrieves QoS performance metrics for each SD-WAN tunnel. These performance metrics can then be used for customized reporting.

5. Expereo Expertise

Xpertise removes the complexity from managing customer’s complete network lifecycle and enables their organization to achieve innovation with complete logistics project management for the SD-WAN deployments. Expereo provides a global footprint with exceptional depth and breadth of in-country solutions for access technologies, equipment and customer site professional services, ensuring delivery of technical, regulatory and quality standards across the globe removes the complexity from managing.

The Expereo SD-WAN service can be tailored to the technical requirements and preferences of the customer. For that reason, Expereo offers different vendor-based solutions under the umbrella of Expereo SD-WAN managed services.

Expereo works closely together with the customer to select the best fitting vendor.

To be able to design the solution in accordance with the customer requirements, Expereo needs to be made aware of all:

  • existing network connectivity (including backend network connects between sites)
  • IP address spaces
  • routing protocols
  • any special configurations

that are currently used or planned to be used, on all sites to be connected to the SD-WAN Service.


Reach out if you want to know more!

Contact Us