SD-WAN is a modern networking solution with increased performance, reliability, and security. Designed with flexibility, efficiency, and cost savings in mind, it centralizes control and management, optimizes traffic routing, and improves redundancy and failover.
Unlike traditional MPLS, which backhauls traffic to the data center, SD-WAN sends cloud and internet-bound traffic directly out of the branch office. This significantly improves application performance.
Network Virtualization
The first question you might ask is, what is SD-WAN and how it works? As networks become more diverse, SD-WAN allows IT to deploy and manage multiple WAN transport types. This flexibility reduces costs, enhances application performance, and provides centralized control.
Most traditional enterprise WANs use hub-and-spoke architecture to connect remote locations to the corporate data center via individual VPN connections. These connections are susceptible to network latency, jitter, and packet loss, which erodes application performance. SD-WAN uses a network overlay to virtualize the WAN and replace legacy branch office routers, simplifying the infrastructure.
With an SD-WAN solution, IT teams can provide a consistent quality experience to users across the enterprise. IT can prioritize traffic on an application basis and create policies based on the needs of the business. Additionally, IT can onboard a new location to the WAN in days or hours rather than weeks or months.
While a basic SD-WAN may direct traffic on an application basis, this is less advanced than a business-driven SD-WAN that monitors and manages all underlay transport services. A business-driven SD-WAN can overcome problems like jitter, packet loss, and latency by implementing forward error correction, resending lost data packets, and introducing jitter buffers to compensate for high network latency (imagine cars waiting at a stoplight). It also ensures that applications are always served over the best available path. This can prevent a total transport outage from interrupting critical applications such as voice and video.
Overlay Networks
SD-WAN decouples network software services from the traditional physical infrastructure. It creates a virtual overlay network, consisting of VPNs, that enables businesses to use more cost-effective internet connections than MPLS to communicate between branches and the data center. This allows organizations to reduce reliance on expensive leased lines and lower networking costs without compromising uptime, performance, or security.
SD-WAN provides application traffic steering based on business intent to enable more flexible WAN connectivity. This is accomplished by separating WAN transports into categories (like broadband, LTE, or MPLS) and assigning pre-defined policies to each class. These policies automatically steer applications to the best-performing transport based on specific performance metrics, such as packet loss and latency.
SD-WAN also leverages multiple WAN links for redundancy and more efficient routing. This is achieved using technologies to allow remote locations to direct to cloud-based applications rather than backhauling them to a central hub site.
Lastly, SD-WAN can reduce complexity and cost through centralized control and management. This is done by reducing or eliminating separate gateway and router configurations and deploying operational policies over a secure control plane between the controller and edge devices. This centrally configured policy-based framework can be pushed to 10s, 100s, or 1000s edge devices over a single-pane-of-glass interface. This unified approach to management and control streamlines operational workflows and eliminates manual processes at the edge.
Underlay Networks
As applications become more cloud-centric and business-critical, the WAN must deliver application performance without sacrificing security or data privacy. The traditional WAN model backhauls traffic to a hub or central data center and forwards it onto the internet, which introduces latency and impairs application performance. The SD-WAN solution separates and optimizes the network layers for different types of applications. It also leverages a single point of management and controls over the entire network to simplify operations and scale.
This enables the WAN to be optimized for specific application requirements, such as low latency and high availability with voice and video. It can also prioritize traffic over the best path based on business intent and automatically remediate performance degradation over multiple connections.
To make this happen, the WAN needs to be able to segment and partition different connection types. This allows the WAN to send some traffic over MPLS, some over broadband, and some over wireless connections. To do that, it needs to be able to build overlays. Traditionally this would be done with hardware, but with SD-WAN, it is virtualized in software and pushed from the controller to 10s or 100s of nodes at the edge. This simplifies management and increases the speed of deployments or policy changes at the border. In addition, it makes it much more difficult for attackers to attack the WAN on a box-by-box basis.
Control and Management
SD-WANs elevate the management of a complex series of WAN networks into an abstracted software layer and make that control accessible anywhere to authorized users. IT staff can perform network segmentation to divide the WAN into smaller segments where localized policies can be set and enforced. This centralized control dramatically reduces the number of devices that must be managed by IT staff to manage WAN connections.
SD-WAN uses a programmable device model and dynamic best-path routing to improve cost, agility, and application performance. It can also prioritize mission-critical applications with quality of service and ensure SLAs are met. Backhauling traffic from branch offices to the data center for central processing is eliminated, reducing latency and improving application performance.
Another benefit of an SD-WAN is that a single, logical, virtualized application-delivery path can be created for each business service. This eliminates the need to upgrade network bandwidth to meet growing application needs, which can save on IT costs.
A secure connectivity option is built into most SD-WANs, ensuring the data being sent over the WAN can only be accessed by authorized users. This ensures the information is protected from unauthorized access, even in cases where it must travel over an unsecured internet connection, such as at public Wi-Fi hotspots or hotels and coffee shops. This feature reduces the likelihood of exposing sensitive information to hackers and helps companies avoid costly fines for security breaches.
