SD-WAN to the Rescue #WebRTC


WebRTC is a new protocol that is giving network managers grief on their WAN as it gains adoption. Built into WebRTC are media security, media transport, and media encoding/decoding. For security, WebRTC uses SRTP for encrypting real-time audio and video streams. For transport, WebRTC uses STUN, TURN, or ICE to establish peer-to-peer connectivity across IP networks, which may include intermediary firewalls with NAT. Signaling of a WebRTC session between peers is handled within a separate secure session using HTTPS.
The challenges for the enterprise WAN include:

  1. Application Prioritization – Enterprises typically prioritize voice traffic the highest, then mission critical data, then real-time video, and then other applications.
    • QoS Breaks – QoS identification uses IP addresses and/or TCP/UDP port. Within a WebRTC session, one cannot rely on these traditional methods to identify the voice, video, data. Many web conferencing sessions will have multiple video streams, one for real-time video and another for screen sharing which need to have different QoS classifications.
    • Video CAC Remains Elusive – Regardless of WebRTC or not, the challenge of providing Call Admission Control for video remains elusive since ever video stream can use a different amount of bandwidth, and the bandwidth utilization is very bursty.
    • Visibility – Correlating the impact of jitter and packet loss on the quality of experience within the WebRTC session
  2. End-to-End Encryption – WebRTC encrypts all voice, video, and data within the session between peers. This causes:
    • Lack of inspection – IDS/IPS have no idea what is going on within the session such as a user screen sharing sensitive information
    • Minimal Firewall Controls – Every WebRTC session uses different UDP ports, so the firewall rule set is only about allowing a fixed range of IP address to communicate over a range of UDP ports. This is further challenged by going through additional NAT boundaries and using STUN/TURN/ICE servers.
    • Minor WAN Optimization – Caching data shared in a WebRTC is not possible and protocol optimization is minimized, being UDP traffic. What occurs when many WebRTC sessions occurring simultaneously is a wave effect on the WAN where the adaptive voice & video codec take up the maximum amount of bandwidth, then when the limit is reached, back off, then hit the max again, back off, … which impacts the quality and the user experience.
  3. Peer to peer – Unlike most Internet protocols that are client server based, WebRTC is peer to peer based. Since most servers reside in the enterprise data center, most of the network security and controls reside there, and not at the edge of the network, thus limiting enterprise control and monitoring of WebRTC sessions between users.
    SD-WAN vendors offer new ways of classification and prioritization of network traffic with centralized control that overcome some of the above challenges. The approaches differ including:

    • Packet Rate – Use the source UDP port and packet rate to identify voice traffic and prioritizing it over video and data traffic. G.711 voice packets are a fixed size and come out at a fixed interval (every 20ms as an example).
    • Packet Size – Prioritize small packets (typically voice) over large packets (typically video) and use a packet encapsulation methodology to keep packets in sequence.
    • Session Setup – leverage the STUN/TURN protocol exchange at the beginning of a WebRTC session, to classify and prioritize the audio, video, and data sub-sessions.

Each SD-WAN vendor also has a unique way of centralized control and management of all WebRTC sessions across the enterprise network and some have the ability to prioritize some video sessions higher than others. Some of the SD-WAN solutions provide great application performance monitoring, both real-time and historical. One can tell the maturity of an SD-WAN vendor by the sophistication of their reporting tools. SD-WANs can also provide other benefits including supporting hybrid connections (Internet, MPLS, LTE) and Internet offloading at the edge of the network to rid the network of backhauling traffic through a data center.

If your enterprise is looking at adopting Cisco’s Spark or other WebRTC based communication and collaboration tool, ensure your enterprise WAN is up for the challenge.

Sorell Slaymaker