SD-WAN at Gap Inc. Snehal Patel Network Architect, Gap Inc.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
Introducing Campus Networks
Deployment of MPLS VPN in Large ISP Networks
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
NM Interoperability Technical Exchange
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Enterprise Traffic Management Challenges Performance Management for Converged Networks.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.
Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.
MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,
SaaS, PaaS & TaaS By: Raza Usmani
Transport SDN: Key Drivers & Elements
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
1 © 2004 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Cisco Case Study: Cisco Uses WAN VPNs for Cost-
Copyright Kenneth M. Chipps Ph.D. 1 VPN Last Update
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Improving Customer Satisfaction Through Advances in Remote Management Technology Greg Michel Product Manager Quintum Technologies Inc.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Motorola Mobility Services Platform
The Future of GovNeTT – Where are we Heading?. GovNeTT 2.0 Current State Obscure Governance Framework Design is Difficult to Evolve to Changing Needs.
Adapting B/OSS to Software Telco World
Making Managed Services Easier Presenter: Greg Henderson Director, International.
1 UHG MPLS Experience June 14, 2005 Sorell Slaymaker Director Network Architecture & Technologies
Your Business Challenges
Planning for Capacity “Infrastructure Consolidation at ENOC”
CUTTING COMPLEXITY – SIMPLIFYING SECURITY INSERT PRESENTERS NAME HERE XXXX INSERT DATE OF EVENT HERE XXXX.
©2015 EarthLink. All rights reserved Cloud Express ™ Optimize Your Business & Cloud Networks.
UNI Manager Project Proposal to OpenDaylight
T8. Open Source Tools That are Changing the Content Technology Landscape Gilbane San Francisco 2010.
1 | © 2015 Infinera Open SDN in Metro P-OTS Networks Sten Nordell CTO Metro Business Group
Mr. Mark Welton.  WAN transportation method that formats data into frames and sent over a network controlled by a service provider  Frame Relay is often.
Copyright © 2014 Juniper Networks, Inc. 1 Juniper Unite Cloud-Enabled Enterprise Juniper’s Innovation in Enterprise Networks.
Simplifying Cloud Connectivity for Your Clients Presenter: Tom SharkeyTom Sharkey December 8,
How Are Customers Using Opalis? Automate provisioning, resource allocation and retirement Extend virtual machine management to the cloud Virtual Machine.
RouterOS, in a Distributed Internet Services Delivery Environment Mike Everest, DuxTel Pty Ltd.
Introduction to Avaya’s SDN Architecture February 2015.
Jenny Hobbs Consulting Systems Engineer April 2016 Business Case for Tailored Datacenter Integration (TDI)
Atrium Router Project Proposal Subhas Mondal, Manoj Nair, Subhash Singh.
Agenda Current Network Limitations New Network Requirements About Enterasys Security Branch Office Routers Overall Enterprise Requirements Proposed Solution.
CERTIFICATION EXAM QUESTIONS DESIGNING CISCO NETWORK SERVICE ARCHITECTURE (ARCH) V 2.1 Presented By : com.
Avtec Inc Virtualization - Securely Moving to the Cloud.
Digital Transformation with SD-WAN
By: Raza Usmani SaaS, PaaS & TaaS By: Raza Usmani
Deploying a Million-AP WiFi Network
Hybrid Management and Security
2016 Citrix presentation.
The NPD Group - Enterprise DC Agenda
Introducing Novell IPv6 Stack
Your Business Opportunity
WAN. Re-invented..
Network Optimizer Optimize Your Business & Cloud Networks
Kireeti Kompella Juniper Networks
Cloud Consulting Services and Solutions
NSX Data Center for Security
Introducing Cisco SD-WAN
Dynamic WAN Selection Optimize Your Business & Cloud Networks
Cisco Meraki Digital Solutions for K-12 Education
Managed Services in a Dynamic Cloud-Connected World
NFV and SD-WAN Multi vendor deployment
Microsoft Virtual Academy
Providing Teleworker Services
Applying CIM to SD-WAN Weiqiang Cheng, Feng Yang(CMCC)
Title: Robust ONAP Platform Controller for LCM in a Distributed Edge Environment (In Progress) Source: ONAP Architecture Task Force on Edge Automation.
Presentation transcript:

SD-WAN at Gap Inc. Snehal Patel Network Architect, Gap Inc. Twitter - @SnehalPatel1410 LinkedIn - https://www.linkedin.com/in/snehalpatel1410

Why SD-WAN at Gap Inc.? Reduce Costs!! Lack of Bandwidth and slow time-to-market constraining the business New store provisioning took time. Current T1 services are limited in bandwidth Current model will not scale for rapid delivery of new projects/initiatives Security Initiatives (Segmentation) Evolving threat landscape driving rapid and flexible security model Segmentation becoming hot topic to protect customer data Encrypting all transports Easy Orchestration Rapid provisioning of services due to automation High number of touch points delay simple operational tasks (software upgrades, ACL changes, adding VLANs, etc.) Reduce Costs!!

High Level WAN design before SD-WAN Internet (ISDN/DMVPN) Non-Flagship MPLS Store Routers Store Switches Primary Path 1xT1 Primary Path 2xT1 Backup-broadband Data Center-1 Data Center-2 Multiple Hubs MPLS Router Flagship

How difficult is it to build a DIY IPSEC overlay? How about thousands of tunnels? How about managing PSK on thousands on end points? Each endpoint can have multiple circuits too? OMG….now you have to build multiple tunnels from each end point?

SD-WAN POC: Discovery & Evaluation Multiple vendors were chosen to participate in the POC. There are at least 20 SD-WAN vendors. List available on www.packetpushers.net Prepared a list of technical requirements and key-features that we wanted to test: Fully Routed Secure Overlay with Centralized Policy Management Segmentation for various business initiatives Easy to maintain templates for zero-touch deployments and mass-config changes These translated to four key areas for scoring: Platform Capabilities Security Operations Automation/Management Routing Scale-out PfR QoS … Defacto encryption Automated key mgmt Segmentation RBAC Syslog SNMP API Integration Auditing SW Upgrades Config Templates Policies ZTP

SD-WAN POC: Scorecard Example Platform Capabilities Area ID Test Case Weight (1 to 5) Vendor 1 Vendor 2 Score (1 to 5) Total Score Platform Capabilities A1 BGP 4 5 20 A2 OSPF 3 15 2 6 A3 Transport Agnostic 25 10 Security B1 RBAC B2 Radius/Tacacs 12 8 Sections were weighted to make sure vendors couldn’t just win by dominating one

SD-WAN POC: Results was selected for Gap Inc.’s SD-WAN deployment in stores after an extensive proof-of-concept and evaluation process. Immediate planning and roll-out of >1,200 stores on Viptela 1100+ stores done to date MPLS T1 circuits replaced with Dual-Broadband and/or LTE Head-Ends deployed at two Data Centers to terminate IPsec tunnels Peer with Gap Inc. Data Centers using BGP Capable of carrying multiple segments (VRFs) vEdge 1000 deployed in all stores (2 x vE1000 for Flagship stores) Control components deployed in Viptela Cloud

SD-WAN: Key features for Gap Full routing stack – BGP and OSPF Scalable Routing over the VPN that you can actually see and control via Centralized Policies IKE-less automated encryption and very cool key exchange mechanism Active-Active data paths with Performance Visibility on all paths Network Segmentation and L3VPN on any transport Easy Router Bring-up using Zero Touch Provisioning (ZTP) Operations – easy code upgrades, circuit stats and usage, centralized template configs, policy changes Operations team to leverage Dashboard for simple tasks

SD-WAN: High Level design Internet Data Center - 1 Data Center - 2 Store IPSEC Data tunnels vEdge 1000 vEdge 2000 TLS Control tunnels Viptela Cloud All stores use dual broadband or broadband and LTE circuits Viptela vEdge 1000 is the store router Routing, security, PfR, Segments & Local Exit via centralized policies

SD-WAN: Where are we today?

SD-WAN: Internet as WAN Average Latency Average Latency Average Jitter LTE Secondary Primary LTE Primary Secondary

SD-WAN: Deployment Challenges/Lessons Learned Ensuring true redundancy for circuits is critical to Store’s success Stores with a common DSLAM and/or non-redundant providers can lose both circuits at the same time – Not real HA. Designed around these via LTE circuits at some locations. Found issues with NAT on some circuits. Leadership Buy-in for Flexibility during SD-WAN roll-outs Coach leadership on new operating model. Not your traditional WAN project! Test the new firmware and features in the lab first. Test the interoperability with other network devices and end hosts. LRT guns are a big pain. Leverage centralized provisioning/software upgrades/roll-backs. Train Operations team(s) EARLY! Training curve varies for different groups. Engaging them early and often helps.

Future of SD-WAN @ Gap Inc. Stores project almost finished! Corporate WAN deployment is well underway US Field/Regional offices being deployed on Viptela WAN APAC Corp SD-WAN network being deployed that has 10 sites in 5 APAC countries Using regional mesh capabilities New Stores & Small Corp offices in US standardized on Viptela SD-WAN Europe Stores in progress for 2016

SD-WAN: What we eventually delivered Performance and Agility New stores provisioned rapidly (deploy 25+ night) New circuits in the Stores have 10-15x more bandwidth now and its easier to deploy services that need more bandwidth. Plenty of headroom to scale for new initiatives and projects Security Initiatives Centralized routing and data policy management (ACLs) Segmentation functionality introduced for various functions Encrypted ALL transports with AES-256 Automated & Cost effective Operations Agile operations with centralized management Mass configuration changes and software upgrades are done faster than ever before …All while maintaining the quality and also reducing the Operations cost.

Thank You !!!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.