SD-WAN

Is a

Technology

Technology attributes

Related Industries

‌

Software-defined networking

Other attributes

Also Known As

Software-defined wide area network

Wikidata ID

Q25349770

Overview

Software-defined wide area networks (SD-WAN) is the application of software based network technologies that virtualize WAN connections. SD-WAN works to decouple network software services from the underlying hardware to create a virtualized network overlay. SD-WAN is capable of connecting several locations to a central hub office or to cover multiple locations on a large campus. Because it is abstracted from the hardware, it is more flexible and available than a traditional hardware-based WAN. SD-WAN relies on four components:

Edge connectivity abstraction
WAN virtualization
Centralized management
Elastic traffic management

How SD-WAN works

An SD-WAN, similar to software-defined networking, decouples the control plane from the data plane and uses software to control the connectivity, management, and services between data centers and remote branches or cloud instances. This makes the control and management processes centralized, meaning network administrators can write new rules and policies and configure and deploy them across an entire network. As well, an SD-WAN deployment can include existing routers and switches or virtualized premises equipment (vCPE) running some version of software that handles policy, security, networking functions, and related management tools.

SD-WAN works by creating a network of appliances connected by encrypted tunnels. Each site on the network has an SD-WAN appliance, and all traffic flows through that appliance. And with a centralized management of these appliances, they can apply consistent network policies with enforcement through an organization. When traffic enters a given appliance, the appliance determines the type of application traffic and routes it to its destination based upon those policies and the availability and performance of different network links.

SD-WAN benefits

There is a rapid adoption of SD-WAN technology. This is due, in part, because of the financial and operational benefits that SD-WAN technology offers businesses.

Software-defined wide area networks

lower WAN OpEx, CapEx, and overall cost of ownership
provide greater business agility and responsiveness to keep pace with IT innovations
support multiple, secure connections and eliminates backhaul penalties
improve performance by enabling load sharing across connections and adjusting traffic flows based on network conditions
support the automated provisioning of, and changes to, network services such as VPNs, firewalls, security, WAN optimization, and application delivery control
support zero touch provisioning (ZTP)
improve network security by encrypting WAN traffic and segmenting the network to minimize damage if a breach occurs

SD-WAN architecture

Example of the SD-WAN architecture with an MPLS integration.

SD-WAN uses an abstracted architecture for the network, and this means the network is divided into two parts: the control plane and the forwarding plane. The SD-WAN architecture places the control plane in a centralized location, which means the network is able to be managed remotely without need for an on-premise IT team. This virtualized network is composed of three main components:

The edge—this is where the network endpoints reside, which can be a branch office, a remote data center, or a cloud platform.
The orchestrator—this is a virtualized manager for the network that oversees traffic and applying policy and protocol set by operators.
The controller—this centralizes management and allows operators to see the network in a single place while also allowing the operator to set policies for the orchestrator to execute.

In addition to these components of the basic structure of an SD-WAN, there are three main types of architecture:

On-premise—this is where SD-WAN hardware resides on site and network operators are offered direct access and management of the network and the hardware it resides on, and it does not use the cloud for its connections. This makes it ideal for sensitive information that cannot be sent over the internet.
Cloud-enabled—this is where SD-WAN is connected to a virtual cloud gateway over the internet, which can make a network more accessible and provide better integration and performance with cloud-native applications.
Cloud-enabled with backbone—this gives an organization an extra backup by connecting the network with a nearby point of presence, such as within a data center. This allows traffic to switch from a public internet to a private connection, and the move to a private connection leads to a more secure SD-WAN and adds consistency when a connection is overwhelmed or fails.

Problems SD-WAN solves

MPLS cost and constraints

Multiprotocol label switching (MPLS) has been a component of WAN connectivity for a while. It was able to deliver guaranteed bandwidth, predictable latency, and privacy. However, MPLS is expensive and not obtainable in many geographic locations. Broadband internet, by contrast, costs less than MPLS and is more widely available, even if it is not as reliable and can have varying latencies. Many organizations moved to a hybrid-WAN blend of these transports. SD-WAN is easier to set up and deploy than hybrid-WAN and find the balance with cost, reliability, and performance for a diverse mix of application traffic. This is in large part due to the capabilities of policy-based management and dynamic path selection SD-WAN offers.

Managing complex networks

SD-WAN addresses the problems of managing traditional WAN—the management of which is one of the most expensive and rigid aspect of running an enterprise network. SD-WAN eases the burden by responding to a real-time network and related conditions. And it can do this through programmable devices and remote and dynamic best-path routing, both of which can improve network cost, agility, and performance.

Unpredictable performance of public networks

With the uncertainty of performance that comes from broadband internet and related public networks for WAN connectivity, including different transmissions between sources and destination devices, and latency varies as a consequence. However, this type of network can also create bottlenecks along the network path due to time-of-day congestion and other factors that can constrain bandwidth. To avoid these kinds of interruptions, many IT organizations set up redundant connections and services at each internet breakout point.

SD-WAN monitors the health of each WAN link and can use path selection to steer traffic down the best available at any moment. Further, it can discriminate between the traffic of different applications or users to maintain the best connections for the most important traffic. While lower priority traffic can be routed to a connection that is less reliable. These priorities can be set by the centralized policy and management of SD-WAN control layers.

SD-WAN versus VPN

Often, VPNs are offered as a possible solution for organizations to support remote working, as they are capable of providing a secure connection to the organization's network. However, VPNs are considered inferior to SD-WAN in cost, performance, or reliability. This is, in part, due to the complexity and latency of scaling a VPN to a large remote workforce, which can be considered to outweigh the cost benefits. Meanwhile, SD-WAN solutions often provide performance features such as quality of service and application routing, and an embrace of cloud computing that VPN cannot do, as VPNs rely on public internet for speeds and bandwidth. Meanwhile, SD-WANs offer enterprises the comfort of service-level agreements for performance.

History of SD-WAN

Traditional WAN architectures followed a hub-and-spoke model, in which traffic flowed from a remote location to a central network hub and usually included organizations using leased lines from service providers to connect users at a branch to applications hosted on servers at the data center. In the 1980s and 1990s, the WAN connects were maintained through point-to-point (PPP) leased lines and frame relay services, which used the same lines to connect cloud environments to the service provider.

By the 2000s, frame relay was replaced by multiprotocol label switching (MPLS), which is an IP-based WAN connection that routed traffic based on predetermined labels, essentially sending the data on a best possible path to a destination. This is done by labeling packet data, which are used to classify traffic based on business priority, such as real-time, mission-critical, or best-effort. MPLS is generally an outsourced service managed by service providers and can be costly for that management.

Cloud computing followed these developments, and increased in popularity, as it allowed applications to become available outside of the traditionally centralized hubs. Instead of accessing business applications through central data centers, users were able to go through the cloud, and traditional WAN architectures had to backhaul all the data through the data center. But backhauling this data is inefficient and costly. With the rise of cloud computing driving bandwidth demands higher, the legacy WAN architectures began to be harder and more expensive to manage and to scale.

SD-WAN grew out of this problem and proved to be a lower-cost, scalable networking solution without sacrificing the ability to use quality networking services like MPLS.