What is SD-WAN?
Software-defined wide area network (SD-WAN) is a modern, software-based approach to creating and operating a wide area network. An SD-WAN virtualizes network functions so that the network can be used over a variety of heterogeneous physical and logical network connections and protocols, such as Multiprotocol Label Switching (MPLS), cellular networks, and even public Internet. It also adds higher-level management features and the ability to incorporate external services like SD-WAN optimizers and SaaS-based services.
An SD-WAN can extend the reach of a WAN across any available network infrastructure you already have or across the Internet. And it’s more manageable, flexible, and interoperable with heterogeneous network infrastructures.
An SD-WAN is defined by the following required characteristics, as outlined by Gartner:
- It can support multiple heterogeneous connection types such as MPLS, last-mile fiber, or 4G and 5G
- It can dynamically choose the best path for resilience, reliability, and load balancing
- It’s easy to configure and manage and must include zero-touch provisioning
- It can support virtual private networks and external services like WAN optimization, Web gateways, and firewalls
SD-WANs allow for more flexible and cost-effective use of existing network services. Furthermore, they enable higher-level software management of these services by virtualizing network operations. Using existing physical and logical networks — including the public Internet — makes SD-WANs highly scalable. This flexibility, low cost, and scalability draw some companies away from traditional WANs like those based on MPLS.
Before the early 2000s, the Internet was considered mainly too unregulated and insecure to carry WAN traffic. However, software’s computing power became available to handle real-time traffic over the next decade. This created avenues to develop virtualization, control, and management layers on top of existing Internet and other network infrastructure. In 2014, these emergent technologies were collectively labeled “SD-WAN.”
Traditional WANs operate on dedicated physical network transports, limiting their reach and flexibility. Unlike router-centric WANs, SD-WANs are designed to deliver reasonable QoS control and performance that meets the needs of modern applications running in data centers, on SaaS services like Microsoft 365 or Salesforce, and in private and public clouds, among others.
Traditional WANs typically route traffic — including traffic intended for the cloud — through a hub or data center to inspect and filter it. This backhauling creates application latency and degrades the user experience, so WANs aren’t suited for applications residing in the cloud.
By contrast, an SD-WAN distributes functions across every point on the network and can leverage broadband and multiple dedicated networks. This makes it easy to adopt cloud services (and even other WANs) as part of an application’s effective network while delivering a balanced performance that meets the needs of modern applications.
SD-WAN is a transport agnostic technology that can route any traffic. An SD-WAN can operate over any combination of private or public networks — including LTE, MPLS, and broadband — making it highly flexible and efficient.
Zero-touch provisioning (ZTP) is a method that automatically configures network devices without local manual intervention. A ZTP-enabled device only needs to be installed and powered on by an employee during setup. The device obtains configuration information from the network based on its installation environment.
A critical benefit of SD-WAN adoption is the ability to perform a local internet breakout to a cloud service. A branch can be directly connected to a cloud service via broadband instead of routing traffic through a data center.
Coupled with a SaaS or IaaS solution like Microsoft Azure or Amazon Web Services, administrators and the system can monitor network performance along with these connections. The system can even make real-time decisions and connect to the nearest SaaS point of presence (PoP), which sometimes yields dramatic performance improvements for end-users.
Instead of being limited to filtering by interface or port, modern SD-WAN devices can inspect network traffic on all seven layers of the OSI stack. Together with applying granular access policies, this lets you control access based on traffic content or by application.
Support for Micro-Segmentation
SD-WAN can isolate workloads by enabling policy-based micro-segmentation. This zero-trust networking approach means that if malicious actors attack a branch, it can be immediately quarantined from the rest of the network.
SD-WAN technology supports virtualized VPN functionality. You can use virtual routing and forwarding (VRF) to multiplex up to 16 VPNs overlaid on the SD-WAN.
SD-WAN technology can automate VPN key rotation, which is otherwise a manual process that requires network downtime.
Programmatic API Access
SD-WANs typically expose their features through APIs. This lets you use software to access and control your network.
Benefits of SD-WAN
SD-WAN is inexpensive and simple to deploy because it overlays existing network infrastructure and is transport-agnostic.
Implementing a traditional network that relies only on transports like MPLS is costly. Connections can take weeks or months to provision and are often tedious to modify once established.
SD-WAN allows you to freely use any combination of available private or public networks, including broadband and LTE, to route your traffic. Businesses moving from WAN to SD-WAN technology can expect to spend around 30% less per bit and provision their networks in days.
Additionally, companies using SD-WAN technology and requiring multiple VPNs for separate networks no longer need to purchase hardware for each VPN and can instead use VRF to multiplex VPNs.
SD-WAN networks can be quickly and easily deployed by staff without specialist IT knowledge. ZTP-enabled devices remove much of the manual labor of provisioning network nodes by automating setup.
In a traditional WAN, new infrastructure is typically configured and staged by specialists before being shipped to a branch to be installed as configured. Instead of sending additional personnel to the premises, businesses using an SD-WAN can rely on staff already at the location to install, upgrade, or reinitialize devices.
This adds reliability and security to an SD-WAN network, as ZTP setup is less prone to misconfigurations caused by operator error or changes in the installation environment — although you should take care to ensure your ZTP server is secure and configuration files are tested before being deployed, as a vulnerability in a ZTP setup is likely to affect a large number of devices.
Programmatic APIs make SD-WAN technology well-suited for Infrastructure-as-code (IaC) architectures. APIs let you streamline your workflow by integrating many existing tools to automate your network management. If your organization has more specialized needs, you can code a more bespoke solution to interface with your SD-WAN infrastructure.
In all cases, SD-WANs are provisioned and managed centrally. Many solutions offer a GUI-based dashboard that provides real-time status and performance metrics.
A modern SD-WAN can prioritize and dynamically route traffic to deliver the best user experience. SD-WAN technology uses Level 7 visibility to remain content- and application-aware.
Different types of data require different levels of service. Most SD-WAN devices can identify and recognize the performance requirements of many applications and route traffic using the best available path for each data type. For example, video might be prioritized over the MPLS portion of the network instead of broadband for tighter QoS guarantees.
With some additional configuration, you can also use an SD-WAN’s content-aware routing to add a layer of security to your network. For example, you can filter out malicious content traffic after providing FTP access to only specific applications.
You can use micro-segmentation to implement a zero-trust security approach. If your network is breached, monitoring software on an SD-WAN isolates the affected branch from the rest of the network and routes traffic around it.
A software-defined wide area network (SD-WAN) is a wide area network that uses software to virtualize and configure network control and decouple it from the underlying networking hardware. It has the following features:
- It’s transport-agnostic and supports heterogeneous connections
- It chooses the optimal connection path based on the traffic it carries dynamically
- It’s centrally managed, automatable, and supports zero-touch provisioning (ZTP)
- It supports VPNs and external services like WAN optimization, Web gateways, and firewalls
Building your company’s network on SD-WAN technology can make it more flexible, automatable, resilient, and inexpensive. In short, SD-WANs are well-suited for the distributed nature of modern cloud-native applications.