Consumer products company Henkel converted a portion of its global network, primarily in Asia, to SD-WAN.
What sold them on the switch? SD-WAN’s ability to support full mesh capability and application-based routing were big selling points.
Henkel is a consumer products company with 53,000 employees in 120 countries, including a strong presence in emerging markets.
Henkel Network Consultant Markus Feldbruegge joined Thomas Lentz, solution manager for Henkel’s SD-WAN provider Singtel, to dig into the SD-WAN selection and implementation process at our recent WAN Summit Frankfurt.
“The internet gets more and more important as more and more business goes into the cloud.”
Prior to the adoption of SD-WAN, Henkel already had a fully managed hybrid network design that used both internet and MPLS connectivity. As Feldbruegge explained, the company had a two-to-one ratio of internet bandwidth to MPLS bandwidth.
“The internet gets more and more important as more and more business goes into the cloud,” he said.
Other advanced features that were already part of Henkel’s network included:
- High availability solution design
- Cloud-enabled routing including internet offloading for trusted internet traffic
- Internet path optimization
- Cisco-based CPE design (no PBR, no iWAN)
According to Lentz, some vendors may say these are the points for why you should buy SD-WAN. But Henkel’s motivation was somewhat different. The company wanted full mesh connectivity with security and central control. Additionally, the company wanted to maximize security, gain greater end-to-end visibility, and reduce the long lead times experienced when establishing new sites.
According to Lentz, some vendors may say these are the points for why you should buy SD-WAN. But Henkel’s motivation was somewhat different.
The company determined that buying SD-WAN as a managed service from Singtel was the best way to achieve that, but could obtain similar functionality with a self-managed SD-WAN.
Full Mesh, Greater Visibility, Security, Faster Turn-up
Henkel’s underlay network relies on a range of connection types.
In some areas, for example, it relies on point-to-point IPSec connections. As Lentz explained, “if you roll out something like Skype for Business, you need a fully meshed network.”
Adding an SD-WAN overlay made it possible to treat the wide range of underlying connections as a single centrally managed network with a single point of visibility.
“One thing SD-WAN supports by default is you have a fully meshed network. Every site can talk to every site, independent of technology, as long as they have some way to connect," Lentz said.
By enabling Henkel to use a wide range of connection types, SD-WAN also addressed another key goal that the company had for its network upgrade: it enables sites to be turned up quickly.
“We can move boxes around, and within five days we can bring up the network anywhere in the world,” Feldbruegge said.
In addition to interconnecting Henkel’s own sites, the company’s SD-WAN also connects partner sites, making secure connectivity even more important.
As Lentz explained, Henkel’s SD-WAN is fully encrypted, regardless of the underlying technology.
Application-Based Routing
Henkel’s cloud providers are also part of the company’s SD-WAN. As part of its SD-WAN deployment, the company established policies controlling which sites can connect to a specific cloud service and how applications are routed.
According to Lentz, policy may dictate that a specific application must be routed “toward a cloud provider and through security and only through there can it be routed out again.” This could be accomplished without SD-WAN but it would be more complicated and time consuming.
“In a standard router world, you can use GRE or an IPSec tunnel, but these connections must be statically managed,” he said. “Using an SD-WAN box integrated into the cloud, you don’t have to build policy for each and every site toward the cloud.”
SD-WAN service chaining capability enables Henkel to push policy settings from a central location to multiple locations over multiple connection types.
The Role of MPLS
MPLS continues to play a critical role in Henkel’s global network.
“Some internal applications need a clear performance guarantee,” said Lentz. But to minimize infrastructure costs, the company still wanted to use the internet as an access method.
The solution was to use service routing via regional hub sites, through which traffic from other locations can use MPLS for international connectivity. In China, for example, Henkel has fully meshed internet connectivity, but all international communication goes through Singtel’s point of presence and via an MPLS hub.
“There are a lot of countries in Asia where there is very little international peering,” observed Lentz. As a result, enterprises lose control of their traffic flow.
By using a single MPLS hub for international traffic, in combination with a service from Singtel, Henkel avoids international gateways, while also gaining performance guarantees for capabilities such as jitter, round trip delay, and packet delivery.
“We don’t see MPLS going away for five to 10 years,” added Lentz.
Lessons Learned
Key takeaways about Henkel’s SD-WAN upgrade:
- SD-WAN can provide a single point of control and enhanced visibility and security to an enterprise network that relies on a mixture of connection types. Because it supports a wide range of underlying connections, it also supports faster turn up times.
- SD-WAN inherently supports mesh networking, which can be critical for an enterprise adopting applications such as Skype for Business that require every location to be able to directly connect to every other location.
- Enterprises, particularly those operating in world regions with less advanced internet peering, should consider the approach that Henkel used for internet connectivity, which routes traffic from individual locations to a regional hub that has an MPLS connection to the internet. Shared by all locations in the region, the regional hub MPLS connection bypasses international internet gateways and offers performance guarantees such as jitter, round trip delay, and packet delivery.
Greg Bryan
Greg is Senior Manager, Enterprise Research at TeleGeography. He's spent the last decade and a half at TeleGeography developing many of our pricing products and reports about enterprise networks. He is a frequent speaker at conferences about corporate wide area networks and enterprise telecom services. He also hosts our podcast, TeleGeography Explains the Internet.