• SD-WAN Explained

  • What is SD-WAN?

    A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services – including MPLS, LTE and broadband internet services – to securely connect users to applications.

    An SD-WAN uses a centralized control function to securely and intelligently direct traffic across the WAN. This increases application performance, resulting in enhanced user experience, increased business productivity and reduced costs for IT.

    Traditional WANs based on conventional routers are not cloud-friendly. They typically require backhauling all traffic – including that destined to the cloud – from branch offices to a hub or headquarters data center where advanced security inspection services can be applied. The delay caused by backhaul impairs application performance resulting in a poor user experience and lost productivity. Unlike the traditional router-centric WAN architecture, the SD-WAN model is designed to fully support applications hosted in on-premise data centers, public or private clouds and SaaS solutions such as Salesfore.com, Workday, Office365 and Dropbox, while delivering the highest levels of application performance.

    What is SD-WAN?
    An SD-WAN securely connects users to any application, whether hosted in the data center or in the cloud across any WAN transport service including broadband internet services.

    How does an SD-WAN work?

    SD-WAN for cloud-first enterprises

    How does an SD-WAN enable the new cloud-first model? An SD-WAN uses software and a centralized control function to more intelligently steer or direct traffic across the WAN. An SD-WAN handles traffic based on priority, quality of service and security requirements in accordance with business needs. The conventional router-centric model distributes the control function across all devices in the network - routers simply route traffic based on TCP/IP addresses and ACLs.

    Sending SaaS and IaaS traffic directly across the internet delivers the best application Quality of Experience for end users. However, not all cloud-bound or web traffic is created equal. Many cloud applications – and their providers – natively apply robust security measures. Accessing these “trusted” applications directly from the branch, across the internet provides the needed security to protect the enterprise from threats. A few examples include Salesforce, Office365, ServiceNow, Box, and Dropbox.

    However, other cloud apps and web traffic may be less trusted, unknown or even suspicious, requiring more advanced traffic screening. A sample security policy might be:

    • Send known, trusted business SaaS traffic directly across the internet
    • Send “home from work” applications like Facebook, YouTube and Netflix to a cloud-based security service
    • Backhaul untrusted, unknown or suspicious traffic such as peer-to-peer applications or traffic to or from a foreign country back to a headquarters-based next generation firewall.

    The intelligence and ability to identify applications provides an application-driven way to route traffic across the WAN instead of simply using TCP/IP addresses and ACLs. This software-driven approach delivers a much better QoEx than possible with router-centric WAN model.

    Actively use any transport including MPLS, Broadband and LTE

    An SD-WAN virtualizes WAN services including Multiprotocol Label Switching (MPLS), broadband internet services and 4G/LTE, treating them as a resource pool.

    But why aren’t more internet connections used for enterprise WAN services? Simple. Historically, the internet was a best-effort amalgam of networks. It wasn’t secure or reliable enough to meet business needs. And it certainly didn’t perform well enough to support latency-sensitive or bandwidth-intensive business applications.

    Overcoming the challenges of broadband

    With internet access redefining the economics of networking, the time is now to actively use broadband services in the enterprise SD-WAN. That is, as long as concerns over performance, reliability and security can be overcome. Common concerns include:

    • How do you harden a broadband internet connection to create a secure SD-WAN?
    • How do you address the latency and performance limitations of broadband?
    • How do you make sure that streaming cat videos don’t override the priority for business-critical applications?
    • And if a business has hundreds or even thousands of branch offices, how do you make it simple to configure, manage and expand?

    The solution is to shift to a business-driven SD-WAN platform that unifies SD-WAN, firewall, segmentation, routing, WAN optimization and visibility and control functions in a single platform.

    Advanced software-driven security and performance features enable enterprises to securely, reliably and actively use broadband to transport application traffic instead of simply using it as an idle backup. By augmenting or even replacing MPLS with broadband, enterprises can significantly increase WAN bandwidth while lowering overall WAN costs.

    Continuous self-learning and automated adaptation

    By continuously monitoring applications and WAN transport resources, an SD-WAN can quickly adapt to changing network conditions to maintain the highest application performance and availability. An advanced SD-WAN delivers the highest levels of end-user Quality of Experience, even if a transport service experiences an outage or a brownout (excessive packet loss, latency or jitter). This improves business productivity and end user satisfaction.

    Two key SD-WAN capabilities

    Two key features of advanced SD-WAN architectures are:

    • Centralized Orchestration. By centralizing the configuration of an SD-WAN as well as application performance and security policies, enterprises can significantly reduce WAN operational expenses.
    • Zero-Touch Provisioning (ZTP). With ZTP, configurations and policies are programmed once and pushed to all branch locations without having to manually program each device individually using a CLI. It eliminates the need to send specialized IT resources out to branch locations whenever a new application is added or a policy is changed. ZTP also reduces human errors, resulting in more consistent policies across to enterprise.

    Why SD-WAN?

    As applications continue to migrate to the cloud, networking professionals are quickly realizing that traditional WANs were never architected for the cloud.

    Applications are no longer hosted solely in enterprise data centers. They are also hosted in:

    • On-premise data centers
    • Public or private clouds
    • Subscription-based Software as a service (SaaS) solutions such as Salesforce.com, Workday, Office365, Box and Dropbox

    The traditional router-centric model that backhauls traffic from the branch to headquarters to the internet and back again no longer makes sense.

    Backhaul adds latency – or delay – that impairs application performance resulting in poor user experience and lost productivity. Employees often report that their business apps run faster at home or on their mobile devices than at the office. Learn more reasons why it’s time to think outside the router.

    Geographically distributed enterprises are embracing SD-WANs at an accelerating pace because they help businesses become more agile, enhance business productivity and dramatically lower costs.

    SD-WAN benefits for enterprises

    • Increase business productivity and user satisfaction
    • Enhance business agility and responsiveness
    • Improve security and reduce threats
    • Simplify branch WAN architecture
    • Reduce WAN costs by up to 90 percent

    For more on benefits, check these top benefits of SD-WAN

    SD-WAN vs. SDN

    Software-defined Networking (SDN) concepts and the OpenFlow protocol were introduced in 2011 to deliver increased agility, flexibility, operational efficiency and choice to data networking. Fundamental to SDN was the separation or disaggregation of the control or management function (plane) from the data forwarding function (plane) of the network. SDN proposed centralizing control while leaving the data forwarding function distributed amongst network elements (switches and routers).

    The SD-WAN architectural model is similar to SDN in many ways:

    • Centralized management or orchestration – the control plane
    • Distributed data forwarding function – the data plane
    • Application-driven traffic routing policies

    SD-WAN, similar to SDN solutions, do not support interoperability between vendors. However, various SDN and SD-WAN industry working groups continue to propose and debate the creation of industry standards.

    SD-WAN delivers value to enterprises of all sizes

    In contrast, SD-WAN vendors focused on delivering production-worthy WANs and providing value to enterprises of all sizes. SD-WAN interoperability efforts focused on working with existing WAN infrastructure such as routers, firewalls and transport services and not on multi-vendor SD-WAN solutions.

    SD-WAN delivers a tangible ROI

    SD-WAN is being rapidly adopted in production by companies of all sizes and in all industry verticals because it delivers an easily attainable, tangible ROI. As of the second half of 2018, SD-WAN has moved beyond the early adopter market acceptance phase to the early majority, with more than 10,000 production SD-WAN deployments industry-wide.

      SDN SD-WAN
      Mainly used in data centers Deployed in branch offices and data centers
      Centralized orchestration and control Centralized orchestration, control and zero-touch provisioning
      Separation of control and data forwarding plane Separation of control and data forwarding plane
      Technology has taken a long time to mature Recent technology but maturing very rapidly
      Variations of commodity and specialized switching hardware Off-the-shelf x86 appliances – physical, virtual, cloud
      Savings come from improved operational efficiencies Savings come from leveraging lower WAN transport and infrastructure costs and improved operational efficiencies

    SD-WAN vs MPLS -
    It’s not either or!

    There have been some misconceptions that SD-WAN and MPLS are mutually exclusive. In fact, they are quite complementary. While most SD-WAN deployments include active utilization of broadband services, many continue to utilize MPLS circuits as part of the WAN transport resource pool.

    Enterprises with dual MPLS circuits at each branch site often allow one contract to expire and then continue with a hybrid strategy. We are beginning to see customers allow their secondary MPLS contracts to expire as they become comfortable moving forward with dual broadband services only. The result is tremendous bandwidth improvements and cost savings.

    An intelligent SD-WAN platform can combine transport services into a single, logical high-bandwidth link, improving application performance. More advanced platforms continuously monitor the throughput, packet loss, latency and jitter of all transport services. The SD-WAN then automatically routes traffic – and when necessary, reroutes traffic – to maintain compliance with Quality of Service and security policies.

    >> See how to choose an SD-WAN Vendor