BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Software-defined WAN (SD-WAN) is technology that uses software-defined networking (SDN) concepts to distribute network traffic across a wide area network (WAN). An SD-WAN follows configured policies to automatically determine the most effective way to route application traffic between branch offices and data center sites.
SD-WANs are managed by a centralized controller, which sends policy information to all connected devices. The software enables information technology (IT) staff to remotely program network edge devices with zero-touch provisioning or low-touch provisioning and minimize or eliminate the need for network engineers to manually configure routers in branch locations.
Most forms of SD-WAN technology create a virtual overlay that is transport-agnostic by abstracting underlying private or public WAN connections, like Multiprotocol Label Switching (MPLS), internet broadband, fiber, wireless or Long-Term Evolution (LTE). This overlay enables enterprises to keep their existing WAN links, while SD-WAN technology centralizes network control and enables agile, real-time application traffic management over these links.
How SD-WAN works
While SD-WAN products and services vary among providers, most are based on one of two types: overlay SD-WAN or network as a service (NaaS). With an overlay SD-WAN, a vendor provides a network edge device to the customer that contains the software necessary to run the SD-WAN technology. For deployment, the customer plugs its WAN links into the device, which automatically configures itself with the network.
Providers that offer SD-WAN as a type of NaaS enable their customers to access their own private networks. SD-WAN functionalities, including application traffic prioritization and WAN optimization, are incorporated into the service.
Segmentation is an essential component of SD-WAN security. This method enables enterprises to isolate, prioritize and assign network traffic. If traffic from an unknown device requests access to the network, IT can assign network policies to automatically route that traffic through a firewall first. Also, IT staff can prioritize high-priority traffic so it always travels on a specific link. Most SD-WAN services also incorporate Internet Protocol Security (IPsec) into their services to authenticate network traffic.
SD-WAN services include a network management console or interface to manage application traffic, assign policies, and configure devices and sites. This interface also helps increase end-to-end network visibility.
Additionally, many SD-WAN vendors partner with security companies to integrate those security services with SD-WAN technology.
SD-WAN technology offers a range of benefits to enterprises, including the following:
- Improved application performance through a combination of WAN optimization techniques and the ability to dynamically shift traffic to accommodate each application's requirements.
- Automatic failover so, if one link fails or is congested, traffic automatically redirects to another link. This, in turn, further boosts application performance and reduces latency.
- Reduced reliance on expensive, leased MPLS circuits by sending lower priority, less sensitive data over cheaper public internet connections, reserving private links for mission-critical or latency-sensitive application traffic, like voice over IP (VoIP). The flexible nature of SD-WAN also reduces the need for overprovisioning, reducing overall WAN expenses.
- Automated site deployments, configurations and operations.
SD-WAN and MPLS
SD-WAN's ability to route traffic across multiple links has led some enterprises to reevaluate their use of MPLS, the most popular WAN transmission technology. MPLS provides guaranteed network performance with quality of service (QoS) policies that govern throughput, delay and jitter.
But MPLS is expensive, and it can take months for an MPLS connection to be provisioned and put into operation. Because internet broadband is less costly and easier to provision, organizations are combining multiple links to provide enough network bandwidth to transmit their applications and services. These links do not offer the QoS or throughput guarantees of MPLS, but they do give organizations additional maneuverability in how they design their WANs.
Some enterprises opt to use both MPLS and broadband connectivity with their SD-WAN technology. This option enables IT teams to assign business-critical traffic to a more reliable MPLS link and other traffic to a less expensive broadband link.
Use cases for SD-WAN
SD-WAN is a compelling early SDN use case. The overlay technology is also relatively easy to implement in pilot testing, making it attractive to decision-makers who might shy away from the rip-and-replace approach required to convert legacy network architectures to SDN.
SD-WAN use cases extend across the majority of industry verticals and horizontals. Retail, government, financial services and other industries that communicate among distributed locations can benefit from SD-WAN's ability to prioritize application traffic. Large enterprises with multiple sites worldwide have a compelling use case because SD-WAN can help manage those various branch offices more easily and can ease connectivity.
Smaller enterprises can capitalize on SD-WAN's ability to work with multiple WAN connection types. Instead of relying on more expensive MPLS lines, for example, the organization could use cheaper internet or LTE connections. Enterprises -- particularly smaller organizations -- can benefit from managed SD-WAN services, in which an external provider is responsible for implementing, managing and troubleshooting the service.
Differences between SD-WAN and traditional WAN
SD-WANs are a logical progression from traditional WAN technologies and methods, such as WAN optimization and virtual private networks (VPNs). Like VPN technology, SD-WAN securely connects remote sites to data center resources. But SD-WAN enhances this method by applying intelligent traffic routing and security policies.
WAN optimization was built on understanding private WAN links and optimizing them for traditional traffic patterns. SD-WAN takes that one step further by tapping into all available resources, including inexpensive internet services, to get the biggest bang for the network buck. It uses methods like dynamic path selection, traffic steering and application prioritization.