• SD-WAN Explained

What is SD-WAN?

  • A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services – including MPLS, LTE and broadband internet services – to securely connect users to applications.

    An SD-WAN uses a centralized control function to securely and intelligently direct traffic across the WAN. This increases application performance and delivers a high quality user experience, resulting in increased business productivity, agility and reduced costs for IT.

  • This quick explainer video explains what SD-WAN is and why you need it.
  • An SD-WAN securely connects users to any application, whether hosted in the data center or in the cloud across any WAN transport service including broadband internet services.
  • Traditional WANs based on conventional routers were never designed for the cloud. They typically require backhauling all traffic – including cloud- destined traffic – from branch offices to a hub or headquarters data center where advanced security inspection services can be applied. The delay caused by backhaul impairs application performance resulting in a poor user experience and lost productivity.

    Unlike the traditional router-centric WAN architecture, the SD-WAN model is designed to fully support applications hosted in on-premise data centers, public or private clouds and SaaS services such as Salesforce.com, Workday, Office 365 and Dropbox, while delivering the highest levels of application performance.

How Does an SD-WAN Work?

  • An SD-WAN enables cloud-first enterprises to deliver a superior application quality of experience (QoEX) for users. Using intelligence and by identifying applications, an SD-WAN provides application-aware routing across the WAN. Each class of applications receives the appropriate QoS and security policy enforcement, all in accordance with business needs.

    Secure local internet breakout of IaaS and SaaS application traffic from the branch provides the highest levels of cloud performance while protecting the enterprise from threats. Unlike SD-WAN, the conventional router-centric model distributes the control function across all devices in the network and simply routes traffic based on TCP/IP addresses and ACLs. This model tends to be rigid, inefficient and not cloud-friendly, resulting in a poor user experience.

  • This video explains how SD-WAN works and highlights how it defers from hardware-based, device-centric WANs based on traditional routers.


  • In this video, we’ll explore the reasons that are driving the need for a new WAN model – a soft-ware defined Wide Areas Network (SD-WAN).
  • Times have changed, and enterprises are using the cloud and subscribing to software-as-a-service (SaaS). While users traditionally connected back to the corporate data center to access business applications, they are now accessing those same applications in the cloud.

    As a result, the traditional WAN is no longer suitable mainly because backhauling all traffic – including that destined to the cloud – from branch offices to the headquarters introduces latency and impairs application performance. SD-WAN provides WAN simplification, lower costs, bandwidth efficiency and a seamless on-ramp to the cloud with significant application performance especially for critical applications without sacrificing security and data privacy.

Basic SD-WAN vs Business-driven SD-WAN

  • Not all SD-WANs are created equal - Many SD-WAN solutions are basic SD-WAN solutions or “just good enough” solutions. These solutions lack the intelligence, reliability, performance and scale needed to ensure a superior network experience. And remember, without a fast, secure and high performing network, enterprise digital transformation initiatives can stall because they rely on apps that rely on services that in turn rely on the network. SD-WAN is a hot topic and is driving strategic decisions within the enterprise. So, what is a Business-driven SD-WAN and why is Basic SD-WAN not good enough?

  • Lifecycle Orchestration and Automation. Most basic SD-WAN offerings provide some level of zero-touch provisioning. However, basic SD-WAN solutions do not always aprovide full end-to-end orchestration of all WAN edge functions such as routing, security services including service chaining to advanced third-party security services and WAN optimization. When enterprises deploy new applications or when a QoS or security policy change is required, a business-driven SD-WAN supports centralized configuration, enabling the required changes to be deployed in a few minutes instead of weeks or months.

  • Continuous Self-Learning. A basic SD-WAN solution steers traffic according to pre-defined rules, usually programmed via templates. A business-driven SD-WAN, delivers optimal application performance under any network condition or changes including congestion and when impairments occur. Through continuous monitoring and self-learning, a business-driven SD-WAN responds automatically in real-time to any changes in the state of the network. A business-driven SD-WAN continuously adapts to to changes in the network, automatically adapting in real time to any changes that could impact application performance, including network congestion, brownout and blackout conditions, allowing users to alway connect to application without manual IT intervention. For example, should a WAN transport service or cloud security service experience a performance impairment, the network automatically adapts to keep traffic flowing while maintaining compliance with business policies.

  • Consistent Quality of Experience (QoEx). A key benefit of an SD-WAN solution is the ability to actively use multiple forms of WAN transport. A basic solution can direct traffic on an application basis down a single path, and if that path fails or is underperforming, it can dynamically redirect to a better performing link. However, with many basic solutions, failover times around outages are measured in tens of seconds or longer, often resulting in annoying application interruption. A business-driven SD-WAN intelligently monitors and manages all underlay transport services. It can overcome the challenges of packet loss, latency and jitter to deliver the highest levels of application performance and QoEX to users, even when WAN transport services are impaired. Unlike a basic SD-WAN, a business-driven SD-WAN handles a total transport outage seamlessly and provides, sub-second failover that don’t interrupt business-critical applications such as voice and video communications.

  • End-to-end Micro-segmentation. While basic SD-WANs provide the equivalent of a VPN service, a business-driven SD-WAN provides more comprehensive, end-to-end security capabilities. In addition to supporting a stateful zone-based firewall, the SD-WAN platform should orchestrate and enforce end-to-end micro-segmentation spanning the LAN-WAN-Data center and the LAN-WAN-Cloud. Centrally configured security policies are far more consistent due to fewer human errors than with a device-centric WAN model or a basic SD-WAN model that often require configuring policies on a device-by-device basis. If a policy requires a change, it is programmed centrally with a business-driven SD-WAN and pushed to 1000s of nodes across the network, providing a significant increase in operational efficiency while reducing the overall attack surface and avoiding any security breaches.

  • Local Internet Breakout for Cloud Applications. Many basic SD-WANs provide some application classification capabilities based on fixed definitions and manually scripted ACLs to direct SaaS and IaaS traffic directly across the internet. However, cloud applications change constantly. A business-driven SD-WAN continuously adapts to changes and provides automated daily application definition and IP address updates. This eliminates application interruption and user productivity issues.

    Ideally, enterprise customers need to shift to a business-driven SD-WAN platform, that unifies SD-WAN, firewall, segmentation, routing, WAN optimization and visibility and control functions, all in a single, centrally managed platform.

See why a unified SD-WAN edge platform is critical to realize the transformational promise of the cloud.


  • The primary difference between SDN and SD-WAN is how they are used. SDN has been used in traditional telecom and data center infrastructures, enabling services on-demand, reducing high operational costs and improving network performance and scalability. SD-WAN, on the other hand, is a cost-effective alternative to the traditional Multiprotocol Label Switching (MPLS) networks, providing connectivity for geographically dispersed locations in a scalable and secure way.

    Both SDN and SD-WAN are based on the same methodology of separating the control plane from the data plane to make networking more intelligent. Architecturally they are similar in many ways:

    • Centralized management or orchestration – the control plane
    • Distributed data forwarding function – the data plane
    • Application-driven traffic routing policies

    That said here are the differences between the two technologies.

    • SDN SD-WAN
      Mainly used in data centers Deployed in branch offices and data centers
      Centralized orchestration and control Centralized orchestration, control and zero-touch provisioning
      Separation of control and data forwarding plane Separation of control and data forwarding plane
      Technology has taken a long time to mature Recent technology but maturing very rapidly
      Variations of commodity and specialized switching hardware Off-the-shelf x86 appliances – physical, virtual, cloud
      Savings come from improved operational efficiencies Savings come from leveraging lower WAN transport and infrastructure costs and improved operational efficiencies