BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Software-defined WAN (SD-WAN) is technology that uses software-defined networking (SDN) concepts to distribute network traffic across a wide area network (WAN). An SD-WAN automatically determines the most effective way to route traffic between branch offices and data center sites. SD-WANs are managed by a centralized controller. The software enables information technology (IT) staff to remotely program edge devices, reduce provisioning times and minimize or eliminate the need for network engineers to manually configure routers in branch locations.
Most forms of SD-WAN technology create a virtual overlay that is transport-agnostic by abstracting underlying private or public WAN connections, like MPLS, internet broadband, fiber, wireless or Long Term Evolution (LTE). This allows enterprises to keep their existing WAN links, while overlay SD-WAN technology centralizes network control and enables agile, real-time traffic management over these links.
How SD-WAN works
While SD-WAN products and services vary among providers, most are based on one of two types: overlay SD-WAN or network as a service. With an overlay SD-WAN, a vendor provides an edge device to the customer that contains the software necessary to run the SD-WAN technology. For deployment, the customer plugs its WAN links into the device, which automatically configures itself with the network.
Providers that offer SD-WAN as a type of network as a service enable their customers to access their own private networks. SD-WAN functionalities, including traffic prioritization and WAN optimization methods, are incorporated into the service.
This video provides an introduction to software-defined WANs.
Segmentation is an essential component of SD-WAN security. This method enables enterprises to isolate, prioritize and assign network traffic. If traffic from an unknown device requests access to the network, IT can assign network policies to automatically route that traffic through a firewall first. Also, IT staff can prioritize high-priority traffic so it always travels on a specific link. Most SD-WAN services also incorporate IPsec into their services to authenticate network traffic.
SD-WAN services include a management console or interface to manage traffic, assign policies, and configure devices and sites. This interface also helps increase end-to-end network visibility.
Additionally, many SD-WAN vendors partner with security companies to integrate those security services with SD-WAN technology.
- Improved application performance through a combination of WAN optimization techniques and the ability to dynamically shift traffic to accommodate each application's requirements.
- Automatic failover, so if one link fails or is congested, traffic is automatically redirected to another link. This, in turn, further boosts application performance and reduces latency.
- Reduced reliance on expensive leased MPLS circuits by sending lower priority, less-sensitive data over cheaper public internet connections, reserving private links for mission-critical or latency-sensitive traffic, like VoIP. The flexible nature of SD-WAN also reduces the need for over-provisioning, reducing overall WAN expenses.
- Automated site deployments, configurations and operations.
SD-WAN and MPLS
SD-WAN's ability to route traffic across multiple links has led some enterprises to re-evaluate their use of MPLS, the most popular WAN transmission technology. MPLS provides guaranteed performance with quality of service (QoS) policies that govern throughput, delay and jitter.
But MPLS is expensive, and it can take months for an MPLS connection to be provisioned and put into operation. Because internet broadband is less costly and easier to provision, organizations are combining multiple links to provide enough bandwidth to transmit their applications and services. These links do not offer the QoS or throughput guarantees of MPLS, but do give organizations additional maneuverability in how they design their WANs.
Use cases for SD-WAN
SD-WAN is a compelling early SDN use case. The overlay technology is also relatively easy to implement in pilot testing, making it attractive to decision-makers who might shy away from the rip-and-replace approach required to convert legacy network architectures to SDN.
SD-WAN use cases extend across the majority of industry verticals and horizontals. Retail, government, financial services and other industries that communicate among distributed locations can benefit from SD-WAN's ability to prioritize traffic. Large enterprises with multiple sites worldwide have a compelling use case because SD-WAN can help manage those various branch offices more easily and can ease connectivity.
Smaller enterprises can capitalize on SD-WAN's ability to work with multiple WAN connection types. For example, instead of relying on more expensive MPLS lines, the organization could use cheaper internet or LTE connections. Enterprises -- particularly smaller organizations -- can benefit from managed SD-WAN services, in which an external provider is responsible for implementing, managing and troubleshooting the service.
Differences between SD-WAN and traditional WAN
SD-WANs are a logical progression from WAN optimization, a technology that was built on understanding private WAN links and optimizing them for traditional traffic patterns. SD-WAN takes that one step further by tapping into all available resources, including inexpensive Internet services, to get the biggest bang for the network buck.