SD-WAN is a relatively new networking technology, but it’s not for everyone. I’ll be looking at use cases in a separate post, but first I wanted to provide a simple introduction to SD-WAN for the uninitiated.
SD-WAN is short for ‘software-defined wide area network’. It applies software-defined networking (SDN) principles to WAN connections to remote sites, such as those linking branches to a data centre, and so is either a substitute for or supplement to existing MPLS connections.
At its core is the use of public networks, SD-WAN also enables multiple network links to be aggregated and used collectively, potentially making use of public IP links, MPLS, redundant backup links and 4G. This connectivity can be managed to give priority to key applications and types of traffic, using policy-based rules to select the best path for each one – which improves efficiency and quality of service (QoS). For example, it will prioritise IP telephony over YouTube, so Skype calls don’t drop out when someone starts watching cat videos.
Aren’t public networks insecure?
Vendors argue otherwise – in fact, many will say that it is more secure than MPLS because of the way data is broken down into packets that often end up taking different virtual paths. This means that an individual file may be sent in separate parts via multiple paths, which makes it less likely to be compromised if network traffic is intercepted. IPSec Encryption normally provides an additional layer of security globally between all SD-WAN devices.
As well as helping with security, the aggregation of multiple links can help improve resilience, with built-in redundancy.
A key feature of SD-WAN is the separation of the control plane intelligence, which is normally is cloud-based, from the hardware. This helps make the network more flexible, for instance, to handle short-term peaks in demand by providing extra capacity, or ‘bursting’.
With its centralised interface, SD-WAN provides a level of insight into network performance unheard of for all but a few of the largest MPLS users. For example, this can give dynamic, real-time information on where the pinch points are, making it possible to allocate resources where they’re needed.
SD-WAN is also typically much faster to provision. While it takes 90 days (or longer!) to get a new MPLS connection, broadband can be operational in seven days and, if urgent, a 4G modem in just a day.
All this is interesting for two reasons.
Firstly, for many organisations, MPLS seems to be an imperfect solution to their WAN needs – with high costs, limited control and visibility, at times questionable QoS, and slow provisioning being recurring themes.
Secondly, as we deliver more services from the cloud, it makes less sense routing everything through the data centre. And SD-WAN lets you break traffic out directly from remote sites to cloud security and SaaS providers, as well as saving valuable bandwidth to your central data centre.
We started by saying that SD-WAN isn’t for everyone, so in the next blog post, we’re going to look at some prime use cases.