What is SD-WAN? It’s a simple question with a pretty complex answer. Is it a service? Is it a product? Is there hardware? Software? Is it at the network edge? The core? In fact, there are solutions that are classified as SD-WAN that are pretty much mutually exclusive in capabilities, architecture, and delivery model from other solutions that are also classified as SD-WAN. In this article, we’ll categorize the varieties of WAN solutions that are commonly labeled as SD-WAN, and explain their capabilities.
The Metro Ethernet Forum has recently tried to form order from chaos by delivering the first SD-WAN standard, MEF-70. As it turns out, a lot of products that live in the broad “SD-WAN” landscape manifestly do not meet the standard. That’s a story for another day, but it serves to illustrate that one person’s definition of SD-WAN may not be another’s. And that is a recipe for potential confusion.
It’s hard to give a single, concise definition of what SD-WAN is, but what is clear are the numerous challenges enterprises face that they expect SD-WAN to solve. Among these are:
- Performance – the ability to use the public Internet as a replacement for or augmentation of private networks
- Security – simplifying and lowering the cost of delivering distributed security measures to the branch
- Cloud Access – improving access to SaaS applications and cloud compute workloads
- Managing WAN costs – reducing overall WAN expense through lower operational costs and less expensive transport
- Handling traffic growth – enabling easy, low friction and low cost expansion of usable WAN bandwidth to meet ever-increasing needs
- Flexibility – delivering service to a new location quickly and economically with a minimal investment in manpower
- Greater WAN visibility and control – defining, prioritizing, and analyzing the performance of critical applications and traffic network-wide through a unified toolset
Now that we’ve itemized what we’re solving for, let’s break down the different SD-WAN alternatives.
Think of appliance-based SD-WAN as next generation branch office routers and firewalls. Appliance-based SD-WAN vendors typically offer a strong set of edge security capabilities combined with simplified, centralized management and consolidated network visibility. From a routing perspective, these offers will typically feature dynamic path selection and in some cases forward error correction.
Dynamic path selection allows for transport independence and routing based on application needs. The SD-WAN device has multiple WAN connections (for instance, one connection to a broadband provider, and another connection to an LTE network), and can route traffic based on link performance.
A key limitation of dynamic path selection is that it can only judge the relative merits of the available paths. It can’t improve the performance of the paths themselves. It can tell you that this county road is better than that cow path, but it can’t turn either of them into a superhighway.
Appliance-based SD-WAN with WAN Optimization
WAN optimization accelerates application traffic using techniques like protocol acceleration, deduplication, compression, or caching in order to optimize throughput across a WAN link.
It’s a solid tactic to squeeze improved performance out of the WAN, but any loss, latency, or congestion introduced by the transport can’t be solved through edge WAN op. If you’re deploying SD-WAN with Internet transport as a replacement for your legacy MPLS circuits, for instance, you can’t rely on edge WAN optimization to assure equivalent performance.
Appliance-based SD-WAN with Cloud Gateway Possibilities
SD-WAN vendors recognize that their architectural model is very point-to-point oriented, while enterprises are rapidly moving away from the corporate-data-center-to-branch hub-and-spoke network and toward a high reliance on cloud applications and cloud compute workloads. To address this shift to the cloud, some appliance-based SD-WAN vendors offer cloud gateways to accelerate access to specific cloud or SaaS applications. The appliances identify traffic that is heading to specific applications or cloud providers and push this traffic through proprietary gateways located in cloud data centers to deliver higher performance to select SaaS and IaaS providers. The key word here is “select”- performance improvements are limited to a subset of providers (as you might expect, the most common are targeted). Site-to-site results are still entirely dependent on the transport network.
Private, managed end-to-end SD-WAN
This type of solution vendor not only provides and manages the SD-WAN boxes at the branch edge but also provides a private network so that traffic is managed from end-to-end across the middle mile. This is, essentially, SD-WAN-as-a-Service. The vendor can optimize this network to ensure good performance, and in some cases, integrate security as a network feature. The vendor manages the offloading of traffic to cloud providers and SaaS applications from points-of-presence that are closest to those entities.
Performance and reliability are generally very high with this SD-WAN variety, but there are some drawbacks. Delivering end-to-end accelerated cloud access typically requires the addition of dedicated circuits from the SD-WAN provider’s PoP to the cloud provider’s PoP. That’s a significant premium on top of the cost of the service itself. And while a single vendor solution encompassing edge devices and network core has some obvious advantages, it can cause major vendor lock-in and stand in the way of best-of-breed selection for security and transport.
This type of SD-WAN solution uses the infrastructure of the public cloud providers themselves to deliver intelligent route optimization and WAN optimization as an overlay on the public Internet. Site-to-site performance is consistent with private network SD-WAN, but the native cloud architecture has some big advantages where cloud access is concerned. This is because the cloud-based SD-WAN provider has their edge in the same cloud datacenters that the app or workload reside in. These solutions are typically network-only, so the enterprise is expected to source their edge routing and security devices. Depending on where you are in your refresh cycle, this can be a plus because the device independence of the network allows you to use legacy branch routers or firewalls, or any SD-WAN appliance.
Whats the right choice?
Edge optimization is important. And so is overall network performance. And so is cloud access. And so is cost. So where do you focus? When adopting SD-WAN solutions at your enterprise, it can be critical that you understand the nuances of each type of SD-WAN. As we have seen, solutions called “SD-WAN” can differ quite a bit, even to the point of exclusion, but in some cases can complement each other to provide a comprehensive, end-to-end solution. For instance, an appliance-based SD-WAN solution at the edge with a cloud-based SD-WAN service spanning it is a pretty attractive end-to-end solution that solves the challenges we listed up at the top.
It’s likely that no single provider will be a panacea that will solve all your WAN challenges, so look for the best combination available based on your specific use cases.