What is SD-WAN?

A software-defined wide area network (SD-WAN) is a wide area network that

uses software-defined network technology, such as communicating over the Internet using
overlay tunnels which are encrypted when destined for internal organization locations.

If standard tunnel setup and configuration messages are supported by all of the network
hardware vendors, SD-WAN simplifies the management and operation of a WAN by
decoupling the networking hardware from its control mechanism. This concept is similar to
how software-defined networking implements virtualization technology to improve data
center management and operation. In practice, proprietary protocols are used to set up and
manage an SD-WAN, meaning there is no decoupling of the hardware and its control
mechanism.

SD-WAN uses software to control the connectivity, management and services

between data centers, remote offices and cloud resources. Like its technology
brother software-defined networking (SDN), SD-WAN works by decoupling the
control plane from the data plane.

An SD-WAN deployment can include existing routers and switches or virtualized

customer premises equipment (vCPE) all running some version of software that
handles policy, security, networking, and other management functions.

One of SD-WAN’s key features is the ability to manage multiple connection types
(MPLS, broadband,wireless), and to segment, partition and secure the traffic
traversing the WAN.

A Software-defined Wide Area Network (SD-WAN) is a virtual WAN

architecture that allows enterprises to leverage any combination of
transport services – including MPLS, LTE and broadband internet services
– to securely connect users to applications.

The traditional model of backhauling traffic from branch offices to the data
center for robust security inspection is no longer optimal as it wastes
bandwidth and adds latency, ultimately impairing application performance.
There is a real need for a better way to send traffic directly over the internet
from branch locations to trusted SaaS and cloud-based applications while
maintaining compliance with enterprise security mandates.

An SD-WAN assures consistent application performance and resiliency,

automates traffic steering in an application-driven manner based on
business intent, improves network security, and simplifies the WAN
architecture. An SD-WAN uses a centralized control function to steer traffic
securely and intelligently across the WAN and directly to trusted SaaS and
IaaS providers. This increases application performance and delivers a high-
quality user experience, which increases business productivity and agility
and reduces IT costs.

A key application of SD-WAN is to allow companies to build higher-performance WANs

using lower-cost and commercially available Internet access, enabling businesses to partially
or wholly replace more expensive private WAN connection technologies such as MPLS.

When SD-WAN traffic is carried over the Internet, there are no end-to-end performance
guarantees. Carrier MPLS VPN WAN services are not carried as Internet traffic, but rather
over carefully-controlled carrier capacity, and do come with an end-to-end performance
guarantee.

SD-WAN combines several technologies to create full-fledged private networks, with the
ability to dynamically share network bandwidth across the connection points.

SD-WAN products are designed to address network problems. By enhancing or even

replacing traditional branch routers with virtualization appliances that can control
application-level policies and offer a network overlay, less expensive consumer-grade
Internet links can act more like a dedicated circuit. This simplifies the setup process for
branch personnel. SD-WAN products can be physical appliances or software based only.

SD-WAN architecture
Traditional WANs based on conventional routers were never designed for
the cloud. They typically require backhauling all traffic, including cloud-
destined traffic, from branch offices to a hub or headquarters data center
where advanced security inspection services can be applied. The delay
caused by backhaul impairs application performance resulting in a poor
user experience and lost productivity.

Unlike the traditional router-centric WAN architecture, the SD-WAN model

is designed to fully support applications hosted in on-premises data
centers, public or private clouds, and SaaS services such as
Salesforce.com, Workday, Dropbox, Microsoft 365, and more, while
delivering the highest levels of application performance.

Components

The MEF Forum has defined an SD-WAN architecture consisting of an SD-WAN Edge, SD-

WAN Gateway, SD-WAN Controller and SD-WAN Orchestrator.

SD-WAN Edge

The SD-WAN Edge is a physical or virtual network function that is placed at an

organization's branch/regional/central office site, datacentres, and in public or private cloud
platforms.
SD-WAN Gateway
SD-WAN Gateways provide access to the SD-WAN service in order to shorten the distance
to cloud-based services or the user, and reduce service interruptions.
SD-WAN Orchestrator
The SD-WAN Orchestrator is a cloud hosted or on-premises web management tool that
allows configuration, provisioning and other functions when operating an SD-WAN. It
simplifies application traffic management by allowing central implementation of an
organization's business policies.

SD-WAN Controller

The SD-WAN Controller functionality, which can be placed in the Orchestrator or in an SD-
WAN Gateway, is used to make forwarding decisions for application flows.

Required characteristics

Research firm Gartner has defined an SD-WAN as having four required characteristics:

 The ability to support multiple connection types, such as MPLS, Last Mile Fiber Optic
Network or through high speed cellular networks e.g. 4G LTE and 5G wireless
technologies
 The ability to do dynamic path selection, for load sharing and resiliency purposes
 A simple interface that is easy to configure and manage
 The ability to support VPNs, and third party services such as WAN optimization
controllers, firewalls and web gateways.

How does SD-WAN work?

Unlike SD-WAN, the conventional router-centric model distributes the
control function across all devices in the network and simply routes traffic
based on TCP/IP addresses and ACLs. This traditional model is rigid,
complex, inefficient, and not cloud-friendly and results in a poor user
experience.

An SD-WAN enables cloud-first enterprises to deliver a superior application

quality of experience (QoEx) for users. By identifying applications, an SD-
WAN provides intelligent application-aware routing across the WAN. Each
class of applications receives the appropriate QoS and security policy
enforcement, all in accordance with business needs. Secure local internet
breakout of IaaS and SaaS application traffic from the branch provides the
highest levels of cloud performance while protecting the enterprise from
threats.

WATCH THE VIDEO

Why SD-WAN?
Times have changed, and enterprises are using the cloud and subscribing
to software-as-a-service (SaaS). While users traditionally connected back
to the corporate data center to access business applications, they are now
better served by accessing many of those same applications in the cloud.

As a result, the traditional WAN is no longer suitable mainly because

backhauling all traffic—including that destined to the cloud—from branch
offices to the headquarters introduces latency and impairs application
performance. SD-WAN provides WAN simplification, lower costs,
bandwidth efficiency and a seamless on-ramp to the cloud with significant
application performance especially for critical applications without
sacrificing security and data privacy. Better application performance
improves business productivity, customer satisfaction, and ultimately
profitability. Consistent security reduces business risk.

What are the benefits of SD-WAN

SD-WAN technology has become popular because companies are increasingly
utilizing cloud-based applications for many of their business processes. In a
traditional WAN model, conventional routZers backhaul traffic from branch offices to
a hub or centralized data center, where the traffic would be inspected for security
purposes. Sending traffic from a branch office to the main data center and then on to
the internet caused delays and performance issues.

In addition, backhauling is more expensive that simply allowing traffic to burst directly
from the branch office to the internet because traditional MPLS-based connections
between branch-offices and headquarters is more expensive than internet
broadband or wireless WAN (4G, 5G) links.

SD-WAN's driving principle is to simplify the way companies turn up new links to
branch offices, better manage the way those links are utilized – for data, voice or
video – and potentially save money in the process.

Features
Features of SD-WANs include resilience, quality of service (QoS), security, and
performance, with flexible deployment options; simplified administration and
troubleshooting; and online traffic engineering.

 Resilience
A resilient SD-WAN reduces network downtime. To be resilient, the technology must feature
real-time detection of outages and automatic switch over (fail over) to working links.
 Quality of service
SD-WAN technology supports quality of service by having application level awareness,
giving bandwidth priority to the most critical applications. This may include dynamic path
selection, sending an application on a faster link, or even splitting an application between two
paths to improve performance by delivering it faster.
 Security
SD-WAN communication is usually secured using IPsec, a staple of WAN security.
 Application optimization
SD-WANs can improve application delivery using caching, storing recently accessed
information in memory to speed future access.
 Self-Healing Networks
SD-WANs can incorporate Artificial Intelligence for IT Operations (AIOps) for continuous
troubleshooting and fixes to network issues.
Secure access service edge (SASE)
SD-WAN is a core component of secure access service edge solutions (SASE) which
incorporate network and security capabilities to more efficiently and securely connect
distributed work environments (branch office, headquarters, home office, remote) to
distributed applications located in datacentres, cloud infrastructure, or delivered by SaaS
services.

Complementary technology

WAN edge routers

A WAN edge router is a device that routes data packets between different WAN locations,
giving enterprise access to a carrier network. Also called a boundary router, it is unlike a core
router, which only sends packets within a single network.
SD-WAN versus hybrid WAN
SD-WANs are similar to hybrid WANs, and sometimes the terms are used interchangeably,
but they are not identical. A hybrid WAN consists of different connection types, and may
have a software defined network (SDN) component, but doesn't have to.

SD-WAN versus MPLS

Cloud-based SD-WAN offers advanced features, such as enhanced security, seamless cloud,
and support for mobile users, that result naturally from the use of cloud infrastructure. As a
result, cloud-based SD-WAN can replace MPLS, enabling organizations to release resources
once tied to WAN investments and create new capabilities.