The terms SD-WAN ( Software-Defined WAN), uCPE ( Universal Customer Premises Equipment) and vCPE ( Virtual CPE) are used a lot these days, yet there is very little information on what are the differences and similarities between them i.e what is SD-WAN vs uCPE vs vCPE
So it is not uncommon that a vendor may mean virtual CPE but a customer understands it as a universal CPE and vice versa. And a vendor may present uCPE and the customer understands it as vCPE.
So this blog is an attempt to clarify and position these technologies in a simple way, so you can pick and choose the right one.
But this is not the only purpose. I will explain it in a way that you will understand the “WHY” behind each of these technologies. i.e. the motivation on why the industry adopted them in the first place.
We do it step by step starting with a traditional CPE and finally moving to the SD-WAN and uCPE. I recommend to follow the sequence in this way in order to have a clear understanding of SD-WAN vs uCPE vs vCPE
Traditional CPE, as you already know, is a physical box at the customer site. This CPE is usually a dedicated box like a router, a PBX, an IPS, etc. In the example below, there are three CPEs that are interconnected together so that packets are processed one after the other going through each box one by one.
Now as you probably have guessed that this is not a very efficient way for a customer to run his CPEs as he needs to manage multiple physical boxes that needs power and space. It is costly, CAPEX and OPEX wise and not a recommended solution today.
vCPE ( Virtual CPE)
Virtual CPE is an answer to the issues presented by physical CPE. vCPE does not need to sit at customer premises. Thanks to NFV, CPE can run in the cloud today ( Reference: ETSI). Any CPE function like routing, firewall, IPS for a customer can be hosted at a data center on NFVI ( NFV Infrastructure). The customer can access the functions remotely through a simple layer 2 switch. Therefore, these functions do not need to run at customer premises. See the diagram below.
Now, this is both a win-win situation for a customer and Service provider. From a customer perspective, he does not need to host anything at his branch office ( power and space savings). From a service provider perspective, he can get economies of scale by utilizing x86 servers as a pool to provide CPE services to its customers.
There are two models for running virtual CPE. In the first model, the virtual CPE is hosted at the service providers Data Center ( DC) as shown below.
Comparing it with the traditional CPE, the exact same functions are shifted now to the NFVI DC of a service provider, while a layer 2 switch just provides a simple transport for the customer traffic to reach the NFVI PoP for processing purpose. What on-premises CPE was doing before is done by the off-premises CPE in DC.
However virtual CPE is not limited to service provider’s DC. In a second model, virtual CPE can also be run at the customer’s own data center/NFVI as shown below ( insider customer’s HQ). In this model, the SP can offer the management of the NFVI but the NFVI itself runs on customer’s premises.
SD-WAN ( Software Defined WAN)
Before moving to uCPE concepts, it makes sense to understand SD-WAN first.
SD-WAN provides an overlay ( a separate network connecting CPEs whose characteristics do not depend on the underlay which is the actual transport like MPLS). This is a new type of connectivity that can use any transport network like MPLS and/or the internet etc. It provides seamless connectivity between customer sites using both MPLS and the internet. It does so by creating an overlay network over the underlay network ( MPLS or internet)
As you know that applications are moving to the cloud and more and more enterprises want to access their applications in the cloud ( also called SAAS). Therefore, let’s take the example of the previous customer topology and introduce a new “requirement” as shown in the diagram below. Before proceeding, consider that the current connectivity between the customer branch on the left and the customer HQ on the right uses an MPLS link from the service provider.
Here is the description of the requirement:
- The customer has decided to use Microsoft 365 that is hosted on Microsoft servers at a remote location as a SAAS application.
- The company wants to divert the social traffic ( like youtube, facebook) away from MPLS so as to offload some traffic from MPLS so backhaul cost can be reduced.
- The customer wants to use the internet as backup transport for the MPLS link.
The traditional way to solve this problem would be as shown below. ( Although a partial solution)
To access the SAAS application, the branch will send the traffic through MPLS and which in turn will route the traffic through the internet to the SAAS cloud. There are two issues.
- Expensive MPLS links are utilized to backhaul traffic to HQ for SAAS and social traffic, which increases the cost as more and more applications move to the cloud.
- We have not been able to solve the requirement of using the internet as a backup to the MPLS link from the Service provider. ( which means, we may end up buying another MPLS from another SP, to be a backup for this MPLS link)
Welcome to the world of SD-WAN. SD-WAN solves exactly these issues. See below.
By adding SD-WAN physical CPE at the branch and HQ and creating SD-WAN overlay seamlessly on MPLS and the internet, we get the following benefits.
- “Internet breakout” is achieved by providing a short path for the SAAS application to route through the internet ( The Green link) This is because the SD-WAN CPE is intelligent, so it can identify the application flows and knows which flows should be forwarded to HQ and which should be forwarded to the internet.
- The social traffic is also offloaded from the MPLS link so it can use the internet breakout path thus reducing MPLS costs. ( Again the green link)
- SD-WAN can seamlessly create a backup for the MPLS link over the internet path. ( Red dotted link)
We have killed multiple birds with a single stone, isn’t it? and this is the motivation for the SD-WAN today that it can provide an efficient way to route traffic directly over internet paths to applications that can reside outside the customer data centers.
uCPE -Universal CPE
OK, so where does uCPE come into the picture then?
While the SD-WAN concept became popular, someone thought, why the heck one should have dedicated physical CPE for the SD-WAN. As SD-WAN can also be a virtual function. Why not just put it on a server or a white box.
And if I can put SD-WAN as one application on the server, why not put more functions. At this point in time, the concept of uCPE was born. The same server that runs SD-WAN can now host more functions, with the result that it is called now universal CPE and it sits essentially at the customer premises.
So we started with the physical CPE at the customer site and we returned to a uCPE which is also at the customer site. However bottom line is that applications can run anywhere, so it makes sense to have a flexible way to run it whether at a data center ( virtual CPE) or whether at the customer premises (uCPE)
So universal CPE is nothing but a server or a white box that can run multiple virtual functions. It can be SD-WAN or it can be other functions like routing, filtering.
Welcome to the new age. There is no place where applications should sit. Applications are not just in Datacenter of the service provider, they are in public cloud, SAAS cloud, private cloud. Therefore having CPE that can have both SD-WAN functionality and other functions does make sense.
So here are the key points
- The focus of SD-WAN is on connectivity ( between customer sites and to the cloud) while the focus of virtual CPE is mainly on “virtual functions” like IPS, filtering, firewall, routing, etc..
- SD-WAN can also be run as a virtual function.
- When SD-WAN is run as a virtual function, it makes sense to be a part of uCPE in addition to other functions on the same box.
- virtual CPE runs at the data center while uCPE runs at customer premises ( Both on servers)
Leave a comment below if you agree or otherwise to this explanation of SD-WAN vs uCPE vs vCPE