What is SD-WAN
(software-defined WAN)?

A software-defined wide area network (SD-WAN) is defined as a virtual WAN architecture, in which the control of network connections, application flows, policies, security mechanisms and general administration is separated from the underlying hardware. Everything is managed in software on centralized consoles instead of at the physical locations of individual edge devices and infrastructures.

Explore additional SD-WAN topics

How does SD-WAN work?

An SD-WAN connects end users to virtually any application, hosted at any location (e.g., in the public cloud or a company data center), via the best available or most feasible transport service, whether that’s an MPLS (Multiprotocol Label Switching), broadband, cellular or even satellite internet link. To deliver this level of flexibility and performance to users in digital workspaces, an SD-WAN utilizes a control function that continuously analyzes traffic flows across the WAN and intelligently directs traffic in accordance with current policies.

Making the most of broadband internet

An SD-WAN is able to leverage connectivity from transport options including:

  • Broadband internet
  • MPLS
  • Cellular
  • Satellite

Why is this important? Because in the past, bandwidth-rich and inexpensive broadband internet was unsuitable for corporate WANs, since it was only a best-effort mode of transport without the rock-solid reliability or security of MPLS.

Since SD-WAN forms a virtual network, multiple connections can be bonded together to aggregate bandwidth and provide resiliency. If a primary link were to go down, traffic could be steered to the backup link with minimal disruption to the user experience.

Dynamic path selection

In practical terms, that means the SD-WAN sends traffic down the specific network connections that can fulfill current policy requirements, such as those for:

  • Quality of Service
  • Quality of Experience
  • Traffic prioritization
  • Security policies
  • Failover scenarios

These rules are applied to the various flows, or packets (in certain solutions), passing through the SD-WAN’s circuits. The SD-WAN solution can also dynamically redirect traffic as needed, for example if a link fails during a or gets congested, or if a VoIP application needs priority to bypass a less demanding TCP-based app. Overall, SD-WANs are much more sophisticated than traditional WANs, which rely mostly on simple routers to steer traffic based on access control lists and IP addresses.

Centralized control and Zero-touch provisioning

SD-WAN separates the control functions of a network and centralizes them in either a cloud service or an on-premises application. This simplifies operations by obviating the need for each individual SD-WAN appliance to be provisioned and managed physically. Most SD-WAN solutions offer a way for administrators to remotely setup SD-WAN appliances in branches.

Zero-touch provisioning (ZTD) allows discovery and setup of new appliances in the SD-WAN network, primarily focused on streamlining the deployment process for SD-WAN at branch or cloud service office locations. The service is publicly accessible from any point in a network via public Internet access and is accessed over Secure Socket Layer (SSL) Protocol. This allows customers to get new sites up and running allows fast set up of sites in minutes with local staff instead of hours or days.

Direct and secure connections

SD-WAN technology also avoids the main bottlenecks and inefficiencies of legacy WAN architectures. To review, traditional WANs:

  • Typically backhaul all their traffic through a data center, even if it’s bound for the internet
  • That, in turn, creates a noticeable slowdown in application performance for end users
  • Hairpinning traffic in this way is not suitable for digital workspaces in which reliable yet secure connectivity to a wide variety of cloud, web, mobile and legacy apps is paramount

Fortunately, SD-WANs can use mechanisms such as deep packet inspection and policies to identify and steer traffic directly over the internet and/or to cloud security services using next-generation firewalls to balance performance and security. They can also enforce automated segmentation so that distinct types of traffic are kept isolated from one another and prioritized as needed. This is an essential capability in the context of digital workspace which has numerous, disparate applications and services.

Today, SD-WAN brings it up to par, making it fully viable for serving a wide variety of apps via digital workspaces to users. An SD-WAN can leverage policies in tandem with firewalls, WAN optimization, VPNs and web gateways to maximize the utility of more affordable internet connectivity. Beyond broadband, SD-WANs can also weave in 4G/LTE or later cellular plans and satellite internet, either as replacements for MPLS or supplements to it, for purposes of additional bandwidth and failover.

Why use SD-WAN vs MPLS?

MPLS is a technique for sending traffic across a network with low latency, through the avoidance of complex and time-consuming routing table lookups. For decades, it has been a staple of hub-and-spoke WANs because of the reliability and consistency it provides. A router can simply look at the label in a packet’s header and then forward it over a predetermined low-latency MPLS route.

However, MPLS is too inflexible and costly to be the foundation for modern enterprise networks that require deployment speed and cloud connectivity.

Architectural rigidity, high costs and long contracts

For starters, MPLS relies on conventional hardware to make routing decisions. Creating and managing the rules for all of the routers involved is a major undertaking, and one that doesn’t scale well to the numerous locations and application-driven environments of today’s cloud-connected workplaces. In addition, MPLS is carrier-owned technology that requires multi-year contracts and takes weeks, if not months, to provision and make changes in case of need for more bandwidth or to standup a new location quickly.

MPLS connectivity is many times more expensive per Mbps than broadband internet. SD-WANs make broadband a usable transport type for both real-time and TCP-based apps. MPLS can still play a role in an SD-WAN, either running in parallel to the new architecture or within a virtual overlay on a legacy WAN.

Ultimately, SD-WANs are better suited to modern digital workspaces than their MPLS-oriented counterparts.

What are the main benefits of using an SD-WAN solution?

An SD-WAN architecture can be easily scaled to support new users and branch offices through automatic zero-touch provisioning. Moreover, it delivers optimal performance for cloud apps via dynamic path selection and resiliency against service outages and degradations.

For workers in modern digital workspaces, the advanced technology behind an SD-WAN ensures a superior user experience. It enables reliable, secure access to cloud apps, including bandwidth-intensive real-time solutions for VoIP and video. SD-WAN is essential to enabling consistent workflows across multiple devices, cloud services and locations.

10 Advantages of SD-WAN

A well-implemented SD-WAN solution from an experienced and reputable provider are wide-reaching:

More predictable and reliable application performance, which helps support users in any digital workspace, across all connections. Superior connection security for cloud applications, without the performance tradeoffs of MPLS backhaulingCongestion reduction due to lack of bandwidth or brownouts with aggregation of bandwidth via multiple bonded and disparate or redundant links

  1. More reliable access to apps and fewer slowdowns due to congestion
  2. Resiliency and redundancy with fast failover when outages impact WAN connections
  3. Quality of service for prioritizing business-critical application traffic
  4. Fast deployments that fuel business agility when bringing applications online at a branch office, or simply changing the configurations. Zero-touch provisioning allows fast set up of sites in minutes with local staff instead of hours or days
  5. Reduced network transport costs and more flexibility through the use of MPLS-alternatives like broadband and cellular. Quick procurement of bandwidth from multiple transport services, contrast to the long lead times needed with legacy WAN carrier-based technologies
  6. Simplified administration with a centralized console eliminates the complexity of configuring edge devices in the field
  7. Deep SD-WAN analytics to monitor links for performance characteristics. Analytics benefit administrators who can use them when troubleshooting problems across the WAN.
  8. Simpler branch office infrastructure that doesn’t require management of as many single-function devices
  9. Intelligent traffic steering and dynamic path selection
  10. Integrated security with leading 3rd-party solutions, including those for SaaS security

Additional resources: