In a nutshell SD-WAN stands for ‘software defined WAN’
or ‘software defined wide area networking’.
SD-WAN can be defined as an evolution of the wide area network (WAN), to use a centralised software defined (SD) control function to bring efficiencies and enhanced IT capabilities.
To truly understand what SD-WAN is, we need to look at these phrases in turn:
A private network that can connect across distinct sites, using technologies such as leased lines & multi-protocol label switching (MPLS), allowing organisations to share data & applications within an integrated, controlled & secure environment, irrespective of geographical locations. Traditional WANs rely on most control functions (e.g. routing of traffic or implementation of IT policies) to be managed individually for each location. This approach uses separate hardware appliances or ‘tin’ (e.g. branch routers, switches, gateways etc...) to perform each network function.
The use of software to automate the management and configuration of these network functions & appliances. Rather than being required to manually configure each network appliance individually, network administrators are able to instruct software with the logic of what they are trying to achieve & rely on it to automate the specific configurations. Networks that employ these automations are referred to as software defined networks, or SDNs. SD-WAN can be considered as an application of these SDN techniques to the WAN.
Bringing SD and new networking capabilities to the WAN goes hand-in-hand with the ability to replace physical tin with more flexible virtualised network functions (known as network function virtualisation or NFV) and the centralisation of these functions for more efficient and coherent network management.
When beginning to explore exactly how SD-WAN works, it is useful to consider the characteristics of a typical SD-WAN setup. Individual SD-WAN capabilities can vary considerably as a result of business requirements and the specific strengths of different SD-WAN providers, but the following represents the constituent aspects of a typical offering:
The SD element of SD-WAN allows a WAN’s control functions to be managed centrally from a single software interface. This ‘single pane of glass’ is provided natively rather than requiring separate solutions that attempt to tie configuration of those disparate functions together.
With traditional WAN control functions, the network management and control planes would be spread far and wide across network locations. When network administrators are required to update network configurations, in response to changing IT requirements or policy updates, they would need to roll these out to the appliances within each location individually, with the all the associated strain on resources – not to mention the opportunity for inconsistencies in deployment.
SD-WAN, however, can bring the opportunity of centralised orchestration, whereby a single point of control – a central brain – allows network configuration updates, fixes, policies etc, to be programmed and automatically disseminated to branch locations and devices. This in turn can allow the efficient and rapid roll out of consistent policy and access controls across a WAN, as well as easier onboarding of devices throughout its locations.
Whilst traditional WAN can utilise multiple connectivity options, incorporating multiple elements (such as broadband or mobile connectivity alongside more traditional technologies) to create a smarter network can be a challenging, complex, and laborious process for network administrators. Consequently, many traditional WANs are largely dependent on MPLS or direct leased lines to provide secure connectivity between network locations.
SD-WAN abstracts away the differences in the underlying connectivity to an extent, and so can incorporate MPLS alongside broadband and even mobile networks, to allow flexibility in connectivity options. Using tunnelling technology, differences between connectivity types are minimised and data can be sent through each. Decisions about how traffic is routed can in effect become connectivity agnostic. What’s more, SD-WAN’s network management software can then react dynamically to ensure that the flow of information through these connectivity types best meets business requirements.
Business reliance on cloud-based applications for critical functions is already well established and rapidly growing due to the features, efficiencies, and scalability that they provide. The easier incorporation of public connections can allow internet breakout from network locations to access SaaS applications such as Office 365 or Salesforce, whilst keeping these connections within the network’s central control and policies. This addresses the latency issues that can arise when routing SaaS requests via the data centre (i.e., data centre backhaul), or the security concerns of allowing unsecured internet breakout.
The traditional WAN model primarily relies on address-based routing, with individual local branch routers utilising TCP/IP and access tables to manage the use of network resources. It can therefore require complex and time-consuming configuration of the network conditions around an application to provide individual applications with the access and bandwidth that they need to meet business requirements and maximise their productivity. Bringing new applications online can sometimes prove time consuming and problematic, particularly when those applications live in the cloud.
Building on traditional WAN configurations, SD-WAN can make it easier to deliver application-aware traffic management, whereby the software will recognise specific applications and allow configuration directly on a per-application basis. Consequently, routing and bandwidth allocation can be managed in accordance with the priority and demands of applications to ensure that business critical functions are maintained.
As mentioned above, the move away from low-level labour-intensive manual network configuration to software-based solutions allows SD-WANs to deliver automatic traffic steering based on current network conditions, application requirements, and variations in user demand.
With the evolving profile of business applications and the increasing reliance on high bandwidth streaming for voice and video conferencing, the need for networks capable of dynamically handling fluctuating demand, whilst maintaining QoS, continues to grow.
Rather than conducting regular low-level configuration reviews to optimise the performance of the network, administrators can program an SD-WAN with parameters that reflect the importance and requirements of each application or network function within the business setting. The software can then deliver intelligent path control, or flexible steering, by assessing the current network capabilities and performance in real-time and automatically routing traffic as needed to meet those requirements.
WAN optimisation is achieved through a combination of acceleration and data reduction. Acceleration is achieved through TCP/application proxying, thus reducing the effect of protocol inefficiencies experienced when messages need to travel back over long distances. Data reduction occurs through compression and deduplication techniques to ensure that less data has to traverse the WAN.
Remediation can be described as the combination of packet loss, jitter, and out-of-order remediation techniques:
- Packet loss remediation is the process of using backup information which can be used to repair data if it is lost during data transfer. SD-WAN generates this backup information, referred to as ‘parity’, which travels with the main information, meaning it can be used if data has been lost by the time packets reach their destination.
- Jitter remediation is used is used where latency fluctuates dramatically – usually caused by contention in the transit path. Packets are kept back to enable them to be sent with a consistent latency.
- Out-of-order packet remediation is employed where data is separated during transfer. This prevents packets from arriving in the wrong order – so if part of the data stream is delayed, packets can be kept back to wait for preceding packets to arrive. Once the delayed packets have caught up, they are presented in the correct order.
In addition to intelligent routing and the aforementioned remediation techniques, SD-WAN services may incorporate further WAN enhancements that deliver networks with lower latency and packet loss, redundancy and sub-second downtime on critical applications. Again, these rely on real-time monitoring of network performance degradation but can include load sharing and automated remediation to detect and clean ‘dirty’ network paths.
If there is then a spike in user demand for a business-critical application, or such an application is generating higher data loads, network resources can be automatically and dynamically redeployed to it from less-critical applications to ensure the smooth running of business functions, without the need for complex manual intervention.
The above is only an introduction to the characteristics of SD-WAN. If you’re considering investing in SD-WAN for your organisation read our ‘Buyer’s Guide’ for an insight into what you need to know.
GTT's Rich Vidil, VP of Sales Engineering, gives an easy-to-understand explanation of what SD-WAN is and how it works.
Many of the benefits of SD-WAN have been touched upon above, and while they can vary considerably in accordance with the features installed, the main reasons why SD-WAN may be the best WAN solution for enterprise can be categorised as follows:
The below can all provide opportunities for increased productivity:
- Improved network performance, particularly for applications requiring high network quality such as voice and video
- Access to cloud applications with low latency connections
- Prioritisation of business-critical applications across all network users and locations enables your staff to work more effectively and has a significant impact on productivity
Improved networking capabilities can increase the delivery speed and quality of service for a business’ customers, whether they are accessing those networks directly (e.g., cloud apps) or indirectly (e.g. high street retail).
More efficient use of existing network capacity, the incorporation of broadband and mobile connectivity (perhaps in place of fixed network capacity), increased utilisation of SaaS applications in place of fixed computing capacity and streamlined network management with intelligent routing can all help a business maximise its returns on investment in network architecture with SD-WAN.
Meanwhile, even for those who take a DIY approach to their network management, the move from manual to automated configuration can drastically reduce the demands on network administrators who no longer need to update hundreds or thousands of network appliances individually.
Instead, their time and expertise can be better deployed, expanding the capabilities and efficiency of the network with the new tools at their disposal.
For those who opt for managed services, however, the efficiencies are even more pronounced as they can benefit from the wealth of specific SD-WAN expertise that a managed service provider can bring, to optimise network performance and minimise labour demands.
Businesses can find scaling both up and down more manageable with SD-WAN. Increased cloud computing opportunities, low-touch provisioning that can allow devices and branches to be brought online far quicker, and the ease of upgrading software instead of hardware, can help to future-proof a business’ networks for whatever may be around the corner.
Central orchestration ensures configurations and policies can be updated and deployed consistently to all network locations, on an automated basis, thus reducing discrepancies between locations and any resulting performance and security issues. Enhanced visibility of network performance can also help diagnose and eliminate any discrepancies and issues should they arise.
Tunnelling with end-to-end encryption, on all forms of connectivity, can help to achieve high levels of network security across the board, which can be complemented by consistent security policies resulting from centralised network management.
SD-WAN can be summarised as the movement of WAN management away from physical hardware that is deployed and managed in each network location to a software-based system with a centralised control function. The specifics of any deployment can vary, however through the use of software for low-level network configuration, real-time monitoring and optimisation, any enterprise should be able to find a solution that boosts their operational efficiency and productivity.
For a deeper understanding of the topic read our other techtorials:
- SD-WAN vs. MPLS: Which service is right for your business?
- SD-WAN Architecture vs Traditional WAN: What’s the Difference?
- SD-WAN security: Protecting your traffic without losing efficiency
Alternatively, if you are ready to explore how SD-WAN can help your business, you can learn about our own SD-WAN services or get in touch directly with one of our experts using the form below.
Below are some common mistakes organisations make when deciding whether SD-WAN is for them and when choosing a provider:
Overestimating cost savings
It is common to compare SD-WAN to what they perceive to be alternative options, particularly MPLS, and look at this from a purecost perspective. While there are potential cost savings that can result from SD-WAN deployment, the main benefit is that it improves the performance of networks. There is of course an advantage to using MPLS as an underlay for SD-WAN, as this gives both the performance advantages of SD-WAN and the isolation from Internet-based threats offered by MPLS.
Forgetting about security
SD-WAN may result in data being carried across the public internet, meaning security is imperative. While there are data security features included, such as strong encryption, it is important that SD-WAN is deployed in tandem with a robust security solution to meet your business needs and mitigate potential threats.
Not giving enough thought to the integration of SD-WAN with legacy systems
SD-WAN needs to be able to work with your existing network and systems. It is important that your implementation strategy takes into consideration any difficulties that may be caused by legacy systems to avoid a integration challenges.
Choosing between DIY options and managed service providers
It can be tempting for organisations to opt for the cost savings that come with a DIY service. While this might work for some, particularly large enterprises with an experienced and highly skilled IT team, this may not be the right choice for the majority. A managed service provider will be able to help develop an SD-WAN strategy and deploy the solution to meet your requirements. There are also options that fall between DIY and fully managed solutions where certain aspects of management may be opened up to you.
Choosing between the range of choices
Many new SD-WAN providers have come into the market in recent years. It is therefore important to consider exactly what your requirements are before you start engaging with providers.
With an SD-WAN solution, data can travel across a range of network connections, some of which will be more secure than others. As this will include the use of public internet connections, organisations naturally have questions about the security implications.
With SD-WAN there is a perceived security concern compared to legacy private networks due to the introduction of Internet as transport. In reality this risk is neither more nor less with SD-WAN, and as has always been the case the assessed risk to data in transit should be determined by the underlying access type used. SD-WAN offers a level of built-in security, including strong encryption, but it is important that an SD-WAN solution is complemented by a robust security solution.
For those with security concerns, a managed service provider, with a security product portfolio, might be the best option. These providers can assist in designing a full solution that incorporates SD-WAN and security.
Examples of security products that may be used in conjunction with SD-WAN are:
- Next Generation Firewall (NGFW)
- Advanced Detection and Response (ADR)
- Managed Detection and Response (MDR)
- Security Information and Event Management (SIEM)
- Cyber Security Risk Assessment (SRA)
- SOC Services
- Web Application Firewall (WAF)
- Endpoint Protection
- Proxy Servers
The primary goal of an SD-WAN deployment shouldn’t be to save money, but to provide an enhanced user experience across your network. Whether costs are (or should be) reduced depends on a wide range of factors.
SD-WAN does not replace wide area networks, meaning budget is still required for MPLS, for example. However, there are potential cost savings, as well as productivity improvements, that can be achieved with an SD-WAN deployment. These include the following examples:
While SD-WAN won’t replace MPLS, it can result in less reliance on it, therefore reducing outlay
As SD-WAN uses software to make intelligent decisions on traffic routing, it can lead to savings on the physical time it takes to manage networks
Faster network speeds
Via fuller use of what were previously backup connections – leading to increased employee productivity
SD-WAN can optimise networks to reduce downtime, again increasing employee productivity
With SD-WAN making decisions on the best way of routing data, it can lead to data travelling an alternative route to reduce latency where possible
The flexibility on offer means updates can be made quicker
There are various steps that should be taken when deploying your SD-WAN solution. Obviously if you’re planning to go down the ‘Managed Service Provider’ route, you should opt for a provider with multiple technology options and they will help you to navigate their different offerings to determine the most appropriate technology. The below is an example of a deployment process:
- Think about integration with legacy systems
- Assess your current setup and your expectations of the improvements SD-WAN will provide
- Put together a clear statement of your requirements before you start talking to providers
Initial search for providers
- Consider at least three providers based on your requirements
- With each provider discuss the problems you are looking to solve and the enhancements you expect to achieve. This will provide them with an opportunity to explain how they can help you meet these objectives
- Ensure you choose a provider with access to multiple technology vendors who can talk you through the different options and help you to choose a vendor solution that is right for your specific needs
- Once you have decided on a provider, involve them in the design of your SD-WAN solution. They are experts in their field so you can benefit from their experience
- Discuss security concerns and required security solutions with your chosen provider
- Discuss your plan with internal stakeholders and consider feedback
- Consider deploying your SD-WAN solution on some parts of your network first so you can test it and become familiar with it before full deployment
- Ensure thorough training is provided to anyone who will be hands-on with the SD-WAN solution
- Roll out further only once you are ready
People often ask what the differences are between SD-WAN and MPLS. However, SD-WAN is not an alternative to MPLS, but it may use MPLS, as well as other connections such as the public internet, as a way of delivering traffic over the most efficient route. To a degree, therefore, SD-WAN and MPLS should be seen as complementary technologies.
An SD-WAN solution will make decisions on the most appropriate connection for data transfer in any particular scenario. In some instances, for example for sensitive data, MPLS will be the preferred route, but in other instances a public internet connection will be suitable. As opposed to exclusively routing data across MPLS connections, this can result in less reliance, and therefore lower spend, on MPLS.
With an increasing number of providers having entered the SD-WAN market in recent years, choosing the right one for you is not an easy task. Things to consider include:
For multinational organisations it is important that the solution you choose is able to cope with your international reach, as well as the range of connections (e.g. leased lines, ethernet, broadband/xdsl, 4G/LTE/5G, etc…) you use to carry your data
DIY vs. managed service offerings
Do you wish to implement and manage your SD-WAN solution in-house or do you need the support of a managed service provider? If the former, you need to be confident you have the required expertise and resources (proactive monitoring, troubleshooting, 24/7 support, etc…) in-house. A managed service will be the preferred choice for many, but it is still important to make sure your provider is able to offer all the support you need
For some organisations, flexibility is important. For example, you might want the flexibility to re-configure your setup due to changing priorities or changes to your network in future
SLA & performance
Having a service level agreement in place can provide you with the confidence that you will receive the level of performance you require
While making a choice simply based on cost is rarely the best strategy, it is important that you are getting good value for money. You need to get the right balance between a solution that meets all your business requirements, while avoiding paying for things you don’t need
Transform your WAN with dynamic network traffic managementLearn More
Leverage anti-virus, firewall and anti-malware services all in one scalable solutionLearn More
Defend against cyberthreats and block access to malicious sitesLearn More
Monitor your cloud environment, enforce policies and mitigate shadow ITLearn More
Strengthen remote access and prevent unauthorized intrusion with identity- and permissions-based authentication policiesLearn More