Goals of an SD-WAN
Although organizations may have differing goals for deploying an SD-WAN, they generally seek a blend of common business and technical requirements:
- Simplified operations with greater network resilience
- More intelligent pathing, orchestration, and agility
- The ability to embed business logic and policy deep into the network
- Reduced transport costs and optimized resource utilization
- Better observability and application analytics
- Application acceleration (increasingly for SaaS applications sensitive to latency, loss, and jitter)
- Increased security with fine-grained policy control
- Improved user experience and better quality of service
- Programmability, wider automation, and more modern APIs
SD-WAN Benefits and Drivers
As technology morphs and changes, so too do network traffic patterns. Organizations continually seek to better manage network complexity, all while controlling costs and providing the best services they can to their customers and employees. As cloud-based services usher in greater demands on WAN connectivity, the services being accessed may result in flows along trusted or untrusted paths. Depending on the transport used, these paths may make use of shared rather than dedicated links and may not offer multiple classes of service.
To simplify, unify, and secure multiple access types, be they branch, campus, data center, or otherwise, SD-WAN solutions promise greater elasticity, agility, and security delivered in a range of form factors and business models. When evaluating SD-WAN solutions, it’s imperative that organizations are clear about their motivations, requirements, and desired outcomes, not just for Day 0 (design), but all the way through Day 1 (deploy), Day 2 (operate), and beyond.
Who Does SD-WAN Benefit?
SD-WAN benefits large-scale network operators, smaller players, and everyone in between. SD-WAN is not just about enhancing orchestration, operations, and security, but also about enhancing service delivery and improving the quality of user experience. Network operators, a company’s bottom line, and WAN users, whether human or machine agents, all benefit.
For NSPs (network service providers), SD-WAN implementations enable them to offer more robust and enhanced WAN services. SD-WAN is evolving toward becoming a form of IaaS (infrastructure as a service), which can be applied internally or as an MNS (managed network service) at the network edge. As SD-WAN-powered managed WAN services grow in popularity among enterprises, large campuses, and retailers, SD-WAN service providers will continue to innovate their offerings. Many already offer features like ZTP (Zero Touch Provisioning) and ZTC (Zero Touch Configuration) to reduce friction, scale operations, and improve time to delivery and time to value.
Across all organizations, network and security teams that embrace SD-WAN have the capabilities to improve services, decrease response times, and most of all, remove everyday toil. The less time IT teams spend on keeping the lights on, the more time they can spend on projects that help move their business forward. Any business workflow, network flow, or workload that relies upon a WAN has the potential to benefit from SD-WAN features and functionality, resulting in a higher-performing, more resilient, and secure organization.
One of the original goals of SD-WAN was to separate the data and control plane to facilitate higher-order logic and intelligence. Yet there still is no single unified SD-WAN network architecture. There are many approaches and variants, and some people might argue that automated orchestration and operations can also constitute an SD-WAN.
There are, however, common building blocks and boundaries that constitute SD-WAN as a conceptual delivery model. It can be thought of as a platform that may engage with, augment, or displace elements of a WAN and its operation, by either integrating with or replacing network functions in the data and control planes.
SD-WAN designs and solutions also typically play a major role in network provisioning, orchestration, management, and monitoring, while some deliver far more dynamic and granular capabilities for performance, policy, and security requirements.
Even with differing business models and use cases, SD-WAN commonly includes a centralized controller and either a full or partial mesh (versus a traditional hub-and-spoke topology). Although an SD-WAN may leverage an underlying traditional or hybrid WAN to build its new transport overlay, it’s an OTT (over-the-top) model that enables the most rapid deployments and lifecycle management, thus avoiding costly rip and replace upgrades.
Tunnel-Based or Tunnel-Free Designs
Tunnels create packet overheads and increase fragmentation. Additional data and increased processing overheads negatively affect throughput and performance. Tunnel-based approaches also complicate and hinder scaling while contributing to slower session failover across backup paths. Additionally, even when tunnelled, there’s an inability to apply security policies mid-flight until subsequent decapsulation allows for inspection, identification, and profiling from behind the tunnel endpoint.
Newer tunnel-free approaches reduce SD-WAN packet overheads and maintain optimal throughput without using costly encapsulation. This approach also supports rapid scaling and, while not infinitely scale-free, requires a lot fewer resources and configuration to deliver a growing any-to-any topology. Tunnel-free also facilitates better situational and session awareness, leading to the ability to steer flows and apply security policies earlier.
As mentioned, SD-WAN may come in many forms (and form factors), but the most popular involve the least amount of real-world friction. Some scenarios use an on-premises appliance or whitebox, but most SD-WAN architectures and solutions offer virtual machines and virtualized network functions that can be wholly software provisioned on existing servers and routers.
Just as a traditional WAN provides connectivity and transport between sites, assets, and services, an SD-WAN can also extend an intelligent edge or mesh to anywhere there are managed entities or agents (even when using unmanaged underlays):
- Branch and remote office to corporate
- Distributed campus
- Data center to data center
- Remote access
- Corporate to public or private cloud
- CSP or ISP core/edge
As SD-WAN is not an explicit protocol or technology, many implementations of SD-WAN overlay make use of disparate underlying wired and wireless transports or technologies, including but not limited to SD-WAN over MPLS VPNs, DSL, and 5G/LTE (or other wireless backhauls).
SD-WAN vs. MPLS
SD-WAN doesn’t directly replace MPLS VPNs but can offer an alternative when combined with other transports. SD-WAN integrates with a whole host of WAN technologies across disparate architectures. Different flavors of SD-WAN will easily leverage existing MPLS services and build their own new topology or overlay, some of which are tunnel-less. By dramatically decreasing data encapsulation overheads, these tunnel-free SD-WAN solutions immediately address cost optimizations on a wide variety of links while maintaining security and associated confidentiality.
In certain scenarios, SD-WAN implementations can diminish the need for MPLS VPNs by using more cost-efficient connectivity options while maintaining many of the characteristics of more expensive transport options.