What is SD-WAN, and what does it mean for networking, security, cloud?

Software-defined wide area networks offers ease of deployment, central manageability, reduced costs, and can improve connectivity to branch offices and the cloud.

sd wan

The most important change to wide-area networking over the past few years has been the widespread deployment of software-defined WAN technology, (SD-WAN), which changes how networking professionals optimize and secure WAN connectivity.

What is SD-WAN?

SD-WAN uses software to control the connectivity, management and services between data centers, remote offices and cloud resources. Like its technology brother software-defined networking (SDN), SD-WAN works by decoupling the control plane from the data plane.

An SD-WAN deployment can include existing routers and switches or virtualized customer premises equipment (vCPE) all running some version of software that handles policy, security, networking, and other management functions.

One of SD-WAN’s key features is the ability to manage multiple connection types (MPLS, broadband,wireless), and to segment, partition and secure the traffic traversing the WAN.

What are the benefits of SD-WAN

SD-WAN technology has become popular because companies are increasingly utilizing cloud-based applications for many of their business processes. In a traditional WAN model, conventional routers backhaul traffic from branch offices to a hub or centralized data center, where the traffic would be inspected for security purposes. Sending traffic from a branch office to the main data center and then on to the internet caused delays and performance issues.

In addition, backhauling is more expensive that simply allowing traffic to burst directly from the branch office to the internet because traditional MPLS-based connections between branch-offices and headquarters is more expensive than internet broadband or wireless WAN (4G, 5G) links.

SD-WAN's driving principle is to simplify the way companies turn up new links to branch offices, better manage the way those links are utilized – for data, voice or video – and potentially save money in the process.

“SD-WAN continues to be one of the fastest-growing segments of the network infrastructure market, driven by a variety of factors. First, traditional enterprise WANs are increasingly not meeting the needs of today's modern digital businesses, especially as it relates to supporting SaaS apps and multi- and hybrid-cloud usage. Second, enterprises are interested in easier management of multiple connection types across their WAN to improve application performance and end-user experience," said Rohit Mehra, IDC vice president, Network Infrastructure.

"Combined with the rapid embrace of SD-WAN by leading communications service providers globally, these trends continue to drive deployments of SD-WAN, providing enterprises with dynamic management of hybrid WAN connections and the ability to guarantee high levels of quality of service on a per-application basis."

How does SD-WAN help improve network security?

One of the biggest selling points for SD-WAN is that it can improve network security.

Neil Anderson, practice director of network solutions at service provider World Wide Technology, says, “SD-WAN lets customers set up secure regional zones and lets them securely direct that traffic to where it needs to go based on internal security policies. SD-WAN is about architecting and incorporating security for apps like AWS and Office 365 into your connectivity fabric. It’s a big motivator to move toward SD-WAN.”

SD-WAN also enables organizations to partition and protect mission critical traffic and assets against vulnerabilities in other parts of the enterprise. This use case is particularly important in verticals such as retail, healthcare, and financial services.

In addition, SD-WAN solutions can include firewall capabilities that help companies perform quick deployments at branch offices without compromising security.

For example, network administrators could create zones to segment the network based on identity or roles; detect and prevent intrusions (including DDoS attacks); perform deep packet inspection and filter based on applications; monitor active network connections; secure connections through data encryption; log security events; and tightly integrate with cloud-security functions, including Secure Web Gateways, Cloud Access Security Brokers (CASB), and Zero-Trust Network Access.

Will SD-WAN kill MPLS?

One of the hotter SD-WAN debates is whether it will lead to the demise of MPLS, the packet-forwarding technology that uses labels in order to make data forwarding decisions. The most common use cases are branch offices, campus networks, metro Ethernet services and enterprises that need quality of service (QoS) for real-time applications.

For the most part, networking vendors believe MPLS will be around for a long time and that SD-WAN won’t totally eliminate the need for it.

Gartner says many organizations are able to fund their WAN expansion/updates by replacing or augmenting expensive MPLS connections with internet-based VPNs, often from alternate providers.

SD-WAN has dramatically simplified this approach for a number of reasons, Gartner says. Due to the simpler operational environment and the ability to use multiple circuits from multiple carriers, enterprises can abstract the transport layer from the logical layer and be less dependent on their service providers.

This decoupling of layers is enabling new MSPs to emerge who are offering to help organizations outsource their WANs. And traditional service providers are responding with Network Function Virtualization (NFV)-based offerings that combine and orchestrate services (SD-WAN, security, WAN optimization). NFV enables virtualized network functions including routing mobility and security.

However, there are reasons that customers will continue to use MPLS. “There is a concern about how customers will back up systems when there are outages,” Anderson said. “MPLS and other technologies have a role there.”

Most experts see enterprises taking a hybrid approach, with some legacy applications remaining on MPLS, and internet traffic being offloaded to SD-WAN.

How SD-WAN involves cloud environments

While bolstering security and reducing traditional WAN costs are driving SD-WAN adoption, the need to rapidly and securely tie in cloud services is also a big motivating factor.

There are a number of trends driving the increased use of SD-WAN technologies, a major one being the increased use of containers and cloud-based applications that need access from the edge.

Customers are increasingly looking to SD-WAN technologies to tie the data center with cloud resources, Anderson said. “SD-WAN technologies have evolved a lot in just the past two years or so that makes it easy to spin-up the resources to make that possible in a quick and inexpensive way.”

An important focus will be creating fluidity of data sources between on premises and public cloud. Enterprises will see their private data centers continue to grow, while at the same time expanding their adoption of public cloud services,

Where does SD-Branch fit into SD-WAN?

An offshoot of SD-WAN is another software-based technology called SD-Branch, which is a hardware platform that supports SD-WAN, routing, integrated security and LAN/Wi-Fi functions that can all be managed centrally. The most compelling argument for SD-Branch is operational agility.

With SD-Branch, IT organizations can rapidly deploy and provision branch-in-a-box solutions for new locations. With a centralized management console, they can control and adjust all branch network and security functions. Reducing or eliminating the need for trained IT personnel to visit remote branch locations results in significant cost and time savings. SD-Branch also promises to reduce hardware costs by deploying software on consolidated hardware as compared to many separate appliances.

In an SD-Branch deployment, network functions run inside a virtualized environment. “SD-Branch deployments can even split up virtual appliances into discrete functions and then centralize these functions (such as any related to enterprise policy) into the headquarters, private data center, or hybrid cloud, rather than having to configure and deploy it all in branches,” Cisco says.

Cisco adds that SD-Branch and SDN separate monolithic appliances into a simpler system of functions that can be easily reconfigured to meet changing requirements. Businesses can use SD-Branch to reduce costs and gain reliability, ease of management, and agility.

How does SASE relate to SD-WAN?

Secure access service edge (SASE) is a term coined by Gartner in 2019 to describe an emerging technology that delivers WAN and security controls as a cloud-based service. SASE can be applied to end users, devices, Internet of Things (IoT) sensors, or edge locations. SASE includes the integration of several technologies, including SD-WAN, Next Generation Firewall (NGFW) and Firewall as a Service (FWaaS).

The technology also converges WAN with network security services such as CASB, FWaaS and Zero Trust into the single, cloud-delivered service model. In defining the term, Gartner said networks and network security “must become software-defined and cloud-delivered, forcing changes in architecture and vendor selection.” It noted that enterprises that are moving to SD-WAN deployments and offloading traffic from MPLS are accelerating the adoption of SASE.

However, not everyone is buying into Gartner’s definition. For example, IDC analyst Brandon Butler says SD-WAN is evolving into SD-Branch, and that SASE is more of a Gartner marketing term than a new technology.

What does SD-WAN have to do with SDN?

The idea of programmability is the basis for SD-WAN and its big brother software defined networking. SDN is a technology that separates the control plane management of network devices from the underlying data plane that forwards network traffic.

IDC says, “Datacenter SDN architectures feature software-defined overlays or controllers that are abstracted from the underlying network hardware, offering intent- or policy-based management of the network as a whole. This results in a data center network that is better aligned with the needs of application workloads through automated provisioning, programmatic network management, pervasive application-oriented visibility, and where needed, direct integration with cloud orchestration platforms.”

SDN promises to reduce the complexity of statically defined networks; make automating network functions much easier; and allow for simpler provisioning and management of networked resources, everywhere from the data center to the campus or wide area network.

What are some pitfalls of SD-WAN?

Despite the hype around SD-WAN, there are some things that companies need to consider about the technology. Here are five potential pitfalls:

  • Limited cost savings
  • Operating SD-WAN without integrating security tools
  • Performance and implementation struggles
  • Lack of visibility and analytics, especially for security
  • Failure to futureproof by not considering private 5G for SD-WANs

But with industry momentum pointing to more SD-WAN deployments, many of these issues will be addressed by vendors, and customers getting a better handle on their SD-WAN deployments.


Copyright © 2022 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022