BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Software-defined WAN (SD-WAN) is a technology that distributes network traffic across wide area networks (WAN) that uses software-defined networking (SDN) concepts to automatically determine the most effective way to route traffic to and from branch offices and data center sites.
Most forms of SD-WAN technology create a virtual overlay that is transport-agnostic -- it abstracts underlying private or public WAN connections, like MPLS, internet broadband, fiber, wireless or Long Term Evolution (LTE). Enterprises can keep their existing WAN links, while overlay SD-WAN uses the multiple tunnels to optimize bandwidth by directing WAN traffic along the best route to and from branch offices and data center sites. SD-WAN technology centralizes network control and enables agile, real-time traffic management over these links.
SD-WAN is managed by a centralized controller. The software enables IT staff to remotely program edge devices and reduce provisioning times, thus minimizing or eliminating the need to manually configure traditional routers in branch locations.
While SD-WAN products and services vary among providers, most are based on one of two types: overlay SD-WAN or network as a service. With an overlay SD-WAN, a vendor provides an edge device to the customer that contains the software necessary to run the SD-WAN technology. For deployment, the customer plugs its WAN links into the device, which automatically configures itself with the network.
Providers that offer SD-WAN as a type of network as a service enable their customers to access their own private networks. SD-WAN functionalities, like traffic prioritization and WAN optimization methods, are incorporated into the service.
Segmentation is an essential component of SD-WAN security. This method enables enterprises to isolate, prioritize and assign network traffic. If traffic from an unknown device requests access to the network, IT can assign network policies to automatically route that traffic through a firewall first. Also, IT staff can prioritize high-priority traffic so it always travels on a specific link. Most SD-WAN services also incorporate IPsec into their services to authenticate network traffic.
SD-WAN services include a management console or interface to manage traffic, assign policies, and configure devices and sites. This interface also helps increase end-to-end network visibility.
Additionally, many SD-WAN vendors partner with security companies to integrate those security services with SD-WAN technology.
SD-WAN improves application performance through a combination of WAN optimization techniques and its ability to dynamically shift traffic to links with bandwidth sufficient enough to accommodate each application's requirements.
SD-WAN uses automatic failover, so if one link fails or is congested, traffic is automatically redirected to another link. This, in turn, further boosts application performance and reduces latency.
SD-WAN architecture enables administrators to reduce or eliminate reliance on expensive leased MPLS circuits by sending lower priority, less-sensitive data over cheaper public internet connections, reserving private links for mission-critical or latency-sensitive traffic, like VoIP. The flexible nature of SD-WAN also reduces the need for over-provisioning, reducing overall WAN expenses.
Ideally, SD-WAN simplifies the network by automating site deployments, configurations and operations.
SD-WAN and MPLS
SD-WAN's ability to route traffic across multiple links has led some enterprises to re-evaluate their use of MPLS, the most popular WAN transmission technology. MPLS provides guaranteed performance with quality of service (QoS) policies that govern throughput, delay and jitter.
But MPLS is expensive, and it can take months for an MPLS connection to be provisioned and put into operation. Because internet broadband is less costly and easier to provision, organizations are combining multiple links to provide enough bandwidth to transmit their applications and services. These links do not offer the QoS or throughput guarantees of MPLS, but do give organizations additional maneuverability in how they design their WANs.
Use cases for SD-WAN
SD-WAN is a compelling early SDN use case. The overlay technology is also relatively easy to implement in pilot testing, making it attractive to decision-makers who might shy away from the rip-and-replace approach required to convert legacy network architectures to SDN.
SD-WAN use cases extend across the majority of industry verticals and horizontals. Retail, government, financial services and other industries that communicate among distributed locations can benefit from SD-WAN's ability to prioritize traffic. Large enterprises with multiple sites worldwide have a compelling use case because SD-WAN can help manage those various branch offices more easily and can ease connectivity.
Smaller enterprises can capitalize on SD-WAN's ability to work with multiple WAN connection types. For example, instead of relying on more expensive MPLS lines, the organization could use cheaper internet or LTE connections. Enterprises -- particularly smaller organizations -- can benefit from managed SD-WAN services, in which an external provider is responsible for implementing, managing and troubleshooting the service.