Fernando Cortés - Fotolia

Get started Bring yourself up to speed with our introductory content.

SD-WAN architecture: What to know before you buy

The hybrid WAN is here and this guide explains how to buy and build an SD-WAN architecture. Learn about key features and 'nice to haves' before you approach vendors and make an acquisition decision.

For decades, the wide area network was all about hardware. ISDN, T1/E1, frame relay and MPLS services all dictated specific hardware interfaces. Similarly, customer-premises equipment that would deploy in conjunction with these WAN services -- routers, firewalls and accelerators -- would typically, but not always, each be its own physical piece of hardware. The result? The traditional WAN was slow, hobbled by expensive lines and lots of boxes. Enter software-defined WAN. With an SD-WAN architecture, vendors contend, all that legacy technology can be swept away, replaced with sophisticated software services running as VNF on commodity hardware. By using low-cost, high-speed internet services and combining those services with an intelligent, cloud-services infrastructure, corporate headquarters and branch offices can be linked together more efficiently than before.

SD-WAN, hybrid WAN explained

The marketplace is full of SD-WAN vendors, each pitching a different value proposition. But one feature is the same for all SD-WAN architectures: the use of commodity bandwidth and computing resources.

Internet bandwidth is dramatically less expensive than dedicated lines. We also know that internet lines can be less reliable than their leased-line counterparts. SD-WAN vendors overcome this limitation by supporting multiple, simultaneous connections.

How it works

Multiple connections enable greater bandwidth, lower latency and multiple path choices. Just as important, an SD-WAN architecture can detect and bypass failed links so that a link failure doesn't mean an interruption of service.

With virtualization, a single piece of commodity hardware can displace a rack of gear that might have included VPN, firewall, intrusion prevention systems (IPS) and bandwidth optimization devices. Now, whatever functions you require can (in theory, at least) be implemented as virtualized network functions (VNFs) within a single virtual machine host system. The host system virtualizes Layer 2 and Layer 3 network connections to link those VNFs to one another and to the outside network as required.

Features to make your WAN software-defined

You build a WAN from the bottom up. So the first requirement of an SD-WAN architecture is a solid foundation. In the category of "must-have" features, the following are essential:

Commitment to your SD-WAN vendor

Okay, this really isn't a feature, but it is a requirement. An SD-WAN architecture is, essentially, outsourced WAN, with your SD-WAN vendor acting as the service provider. And, despite some references to features such as third-party support for Virtual Extensible LAN, or VXLAN, tunnel endpoints, SD-WAN platforms are proprietary. The vendor will deliver all the software and hardware in your new SD-WAN. The sophisticated software that optimizes your network connections and traffic and provides global management and statistics does so by communicating with software elements throughout the network. Your SD-WAN vendor, in all likelihood, created these elements to communicate only with other components by the same vendor.

Unlike a traditional "hardware" network, where Layer 2 and Layer 3 switches and routers from myriad vendors work together, your SD-WAN is likely to be a one-vendor affair.

So make sure that your SD-WAN supplier has a solid architecture that will grow with you and has the financial means to stay in the game for the long haul.

Centralized policy and configuration manager

While you won't need feature-rich, easy-to-use management tools on day one, be sure your SD-WAN vendor has what you need when you are ready.

One of the main draws of an SD-WAN architecture is that it allows you to manage globally and deploy by simply generating VNFs to implement the tasks required at each location. It takes a lot of work for vendors to build powerful management systems that are easy to use, and some vendors may skimp on this and focus on features. Be sure to get some hands-on time with their management system: That is the only way to know how useful and easy it is.

Aggregation platform

Again, starting at the bottom, be certain that your SD-WAN vendor supports the hardware interfaces you require now and plan for in the future. At its most basic, your SD-WAN is an aggregation platform that puts a variety of wired and even wireless communications resources at the ready to handle your traffic.

Routing functionality and resilience

The first piece of hardware your SD-WAN will replace is your router, so you need to establish which features will still be required at sites that convert to SD-WAN. One would expect that all vendors have basic functionality covered, but you will want to verify that.

Of more interest is how sophisticated a vendor's software is when it comes to monitoring not only link status (i.e., up or down), but also how busy the link is. The best software will help optimize traffic flow during congestion periods and not just in the event of link failure.


The next logical, necessary function of the SD-WAN is to virtualize your security functions. Here, too, start with the basics of firewall and VPN. All the SD-WAN vendors should provide these. Other security functions to consider include IPS and data loss prevention, or DLP, modules.

WAN optimization

For many vendors, optimization is where SD-WAN really comes into its own. And, certainly, WAN optimization could qualify as multiple features, as there are different approaches to and elements of WAN optimization, many of which can be used simultaneously.

Fortunately, most WAN optimization techniques are generic -- in a good way -- in that they will be generally applicable and helpful to most traffic streams.

TCP termination will help reduce latency in your applications. Quality of service (QoS) will allow you to prioritize delay-sensitive interactive traffic over less time-sensitive applications like file transfer or backups.

Data compression can help response time and throughput by reducing the amount of data being transported across the WAN. But the benefits of compression vary greatly depending upon the nature of the data -- some data is quite compressible, other data, such as video, is not.

After ensuring you have all the must-haves lined up, there are a number of "nice-to-have" features to consider:

Multivendor interoperability

Being able to mix and match products is almost always a good thing, though from what I have seen, that flexibility doesn't seem to be high on SD-WAN vendors' lists.


Automation features could come in very useful, especially if you have a very large network. For example, you might find that the QoS requirements for the regular workday differ dramatically from after-hours when backups are run. Manually changing the QoS before and after each workday is not a good strategy -- but automation could make it a breeze.

Big data

The SD-WAN system will have access to vast amounts of data about your network and your traffic. A benefit of a single-vendor, proprietary system is that it should be relatively easy to implement data mining. Big data capabilities can help you spot trends and plan for future network expansion before users start complaining about current network capacity.

The bottom line

SD-WAN certainly appears to be a compelling option, but it is a very big commitment. Changing course once underway may require that you return to your starting point, losing both time and money. So look closely. Better yet, build a lab and try out several before you commit to an SD-WAN product.

Next Steps

How to know if SD-WAN is for you?

Learn how a managed SD-WAN service works

Hybrid, virtual and software-defined WANs: What's the difference?

This was last published in September 2016

Dig Deeper on Software-defined WAN (SD-WAN)