What is SD-WAN?
A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services – including MPLS, LTE and broadband internet services – to securely connect users to applications.
An SD-WAN uses a centralized control function to securely and intelligently direct traffic across the WAN. This increases application performance, resulting in enhanced user experience, increased business productivity and reduced costs for IT.
Traditional WANs based on conventional routers are not cloud-friendly. They typically require backhauling all traffic – including that destined to the cloud – from branch offices to a hub or headquarters data center where advanced security inspection services can be applied. The delay caused by backhaul impairs application performance resulting in a poor user experience and lost productivity. Unlike the traditional router-centric WAN architecture, the SD-WAN model is designed to fully support applications hosted in on-premise data centers, public or private clouds and SaaS solutions such as Salesfore.com, Workday, Office365 and Dropbox, while delivering the highest levels of application performance.
How does an SD-WAN work?
SD-WAN for cloud-first enterprises
How does an SD-WAN enable the new cloud-first model? An SD-WAN uses software and a centralized control function to more intelligently steer or direct traffic across the WAN. An SD-WAN handles traffic based on priority, quality of service and security requirements in accordance with business needs. The conventional router-centric model distributes the control function across all devices in the network - routers simply route traffic based on TCP/IP addresses and ACLs.
Sending SaaS and IaaS traffic directly across the internet delivers the best application Quality of Experience for end users. However, not all cloud-bound or web traffic is created equal. Many cloud applications – and their providers – natively apply robust security measures. Accessing these “trusted” applications directly from the branch, across the internet provides the needed security to protect the enterprise from threats. A few examples include Salesforce, Office365, ServiceNow, Box, and Dropbox.
However, other cloud apps and web traffic may be less trusted, unknown or even suspicious, requiring more advanced traffic screening. A sample security policy might be:
- Send known, trusted business SaaS traffic directly across the internet
- Send “home from work” applications like Facebook, YouTube and Netflix to a cloud-based security service
- Backhaul untrusted, unknown or suspicious traffic such as peer-to-peer applications or traffic to or from a foreign country back to a headquarters-based next generation firewall.
The intelligence and ability to identify applications provides an application-driven way to route traffic across the WAN instead of simply using TCP/IP addresses and ACLs. This software-driven approach delivers a much better QoEx than possible with router-centric WAN model.
Actively use any transport including MPLS, Broadband and LTE
An SD-WAN virtualizes WAN services including Multiprotocol Label Switching (MPLS), broadband internet services and 4G/LTE, treating them as a resource pool.
But why aren’t more internet connections used for enterprise WAN services? Simple. Historically, the internet was a best-effort amalgam of networks. It wasn’t secure or reliable enough to meet business needs. And it certainly didn’t perform well enough to support latency-sensitive or bandwidth-intensive business applications.
Overcoming the challenges of broadband
With internet access redefining the economics of networking, the time is now to actively use broadband services in the enterprise SD-WAN. That is, as long as concerns over performance, reliability and security can be overcome. Common concerns include:
- How do you harden a broadband internet connection to create a secure SD-WAN?
- How do you address the latency and performance limitations of broadband?
- How do you make sure that streaming cat videos don’t override the priority for business-critical applications?
- And if a business has hundreds or even thousands of branch offices, how do you make it simple to configure, manage and expand?
The solution is to shift to a business-driven SD-WAN platform The solution is to shift to a business-driven SD-WAN edge platform that unifies SD-WAN, firewall, segmentation, routing, WAN optimization and visibility and control functions in a single platform.
Advanced software-driven security and performance features enable enterprises to securely, reliably and actively use broadband to transport application traffic instead of simply using it as an idle backup. By augmenting or even replacing MPLS with broadband, enterprises can significantly increase WAN bandwidth while lowering overall WAN costs.
Continuous self-learning and automated adaptation
By continuously monitoring applications and WAN transport resources, an SD-WAN can quickly adapt to changing network conditions to maintain the highest application performance and availability. An advanced SD-WAN delivers the highest levels of end-user Quality of Experience, even if a transport service experiences an outage or a brownout (excessive packet loss, latency or jitter). This improves business productivity and end user satisfaction.
Two key SD-WAN capabilities
Two key features of advanced SD-WAN architectures are:
- Centralized Orchestration. By centralizing the configuration of an SD-WAN as well as application performance and security policies, enterprises can significantly reduce WAN operational expenses.
- Zero-Touch Provisioning (ZTP). With ZTP, configurations and policies are programmed once and pushed to all branch locations without having to manually program each device individually using a CLI. It eliminates the need to send specialized IT resources out to branch locations whenever a new application is added or a policy is changed. ZTP also reduces human errors, resulting in more consistent policies across to enterprise.
As applications continue to migrate to the cloud, networking professionals are quickly realizing that traditional WANs were never architected for the cloud.
Applications are no longer hosted solely in enterprise data centers. They are also hosted in:
- On-premise data centers
- Public or private clouds
- Subscription-based Software as a service (SaaS) solutions such as Salesforce.com, Workday, Office365, Box and Dropbox
The traditional router-centric model that backhauls traffic from the branch to headquarters to the internet and back again no longer makes sense.
Backhaul adds latency – or delay – that impairs application performance resulting in poor user experience and lost productivity. Employees often report that their business apps run faster at home or on their mobile devices than at the office. Learn more reasons why it’s time to think outside the router.
Geographically distributed enterprises are embracing SD-WANs at an accelerating pace because they help businesses become more agile, enhance business productivity and dramatically lower costs.
SD-WAN benefits for enterprises
- Increase business productivity and user satisfaction
- Enhance business agility and responsiveness
- Improve security and reduce threats
- Simplify branch WAN architecture
- Reduce WAN costs by up to 90 percent
For more on benefits, check these top benefits of SD-WAN
SD-WAN vs. SDN
Software-defined Networking (SDN) concepts and the OpenFlow protocol were introduced in 2011 to deliver increased agility, flexibility, operational efficiency and choice to data networking. Fundamental to SDN was the separation or disaggregation of the control or management function (plane) from the data forwarding function (plane) of the network. SDN proposed centralizing control while leaving the data forwarding function distributed amongst network elements (switches and routers).
The SD-WAN architectural model is similar to SDN in many ways:
- Centralized management or orchestration – the control plane
- Distributed data forwarding function – the data plane
- Application-driven traffic routing policies
However, unlike SDN, SD-WAN offerings do not allow interoperability between SD-WAN vendors and the creation of industry standards. Various SDN industry working groups continue to propose and debate, but have yet to fully agree upon standardized SDN controller and network services Application Programming Interfaces (API).
SD-WAN delivers value to enterprises of all sizes
In contrast, SD-WAN vendors focused on delivering production-worthy WANs and providing value to enterprises of all sizes. SD-WAN interoperability efforts focused on working with existing WAN infrastructure such as routers, firewalls and transport services and not on multi-vendor SD-WAN solutions.
SD-WAN delivers a tangible ROI
SDN with all of its underlying complexity continues to struggle with identifying and delivering tangible ROI to all but the largest communications service providers, web-scale cloud providers and only the largest of enterprises. SD-WAN, on the other hand, is being rapidly adopted in production by companies of all sizes and in all industry verticals. As of the second half of 2018, SD-WAN has moved beyond the early adopter market acceptance phase to the early majority, with more than 10,000 production SD-WAN deployments industry-wide.
SD-WAN delivers real business value
Separation of data forwarding and management plane
Centralized orchestration and control
Open standards and APIs
Commodity switching hardware – well, not exactly
Challenging to find ROI
Separation of data forwarding and management plane
Centralized orchestration and control
Off-the-shelf x86 appliances – physical or virtual
Easy to define ROI
SD-WAN vs MPLS -
It’s not either or!
There have been some misconceptions that SD-WAN and MPLS are mutually exclusive. In fact, they are quite complementary. While most SD-WAN deployments include active utilization of broadband services, many continue to utilize MPLS circuits as part of the WAN transport resource pool.
Enterprises with dual MPLS circuits at each branch site often allow one contract to expire and then continue with a hybrid strategy. We are beginning to see customers allow their secondary MPLS contracts to expire as they become comfortable moving forward with dual broadband services only. The result is tremendous bandwidth improvements and cost savings.
An intelligent SD-WAN platform can combine transport services into a single, logical high-bandwidth link, improving application performance. More advanced platforms continuously monitor the throughput, packet loss, latency and jitter of all transport services. The SD-WAN then automatically routes traffic – and when necessary, reroutes traffic – to maintain compliance with Quality of Service and security policies.