SD-WAN

Mergers, acquisitions, consolidations, closures, new applications, and new business needs make designing and managing an enterprise WAN a never-ending, complicated task. A task that, some say, requires the ability to read minds and predict the future. Add in the constant balance between dependability and performance with cost and you have just scratched the surface of architecting and managing an enterprise WAN.

With traditional WAN solutions, organizations suffer a less than ideal quality of experience and have a hard time delivering high-performance bandwidth for critical applications. Since legacy WAN architectures rely on packet routing, they lack in-depth application visibility.

So.. Traditional WAN is broken. It was designed based on multiple devices stacked on each other in the branch office, with expensive and limited bandwidth MPLS links connecting them to each other and data center, which leads to a “data-center dependency” (the traffic is back-hauled to DC with heavy performance penalties).

It also means complex infrastructure and unpredictable application performance (translates to slow apps), inability to prioritize, manage and secure. In the end, it impacts both on-premises and cloud access performance, slowing down your business.

Complexity also means time and time is money, if we all agree. According to Aryaka’s “State of the Wan” report, time to activate new site globally is mostly between a week and a month, with 47% of the responses. In 28% of the cases it takes more than a month! Slow, expensive, inefficient… Add more if you like.

Yeah, quite bad in today’s fast changing world. So, what are really the requirements of enterprise on WAN today? See below.

And exactly that requirements: improve security, guarantee reliability and performance, increase bandwidth, improve scalability, improve access to the Cloud (Public and Private), manage and improve application performance, faster deployments and reduce complexity lead to a creation of more intelligent, simpler, faster, less expensive and more secure connectivity solution called “SD-WAN”.

A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that abstracts software from hardware, creating a virtualized network overlay while using any combination of transport services – including copper, fiber, radio such as MPLS, LTE and/or broadband internet services.

This overlay intelligently identify applications on the very first packet of data traffic and monitors the real-time performance characteristics of the underlying networks. Based on configuration policies, it automatically selects the optimum network for each application.

In more business wording, a simplified and centrally managed SD-WAN architecture lowers both CAPEX and OPEX. Bringing a new branch or remote location online is easy and can be done in just a few minutes. No specialized IT expertise is required on premise at the branch.

In more “techy” wording, it abstracts two main elements of networks, namely the Control Plane (signaling and control) from the Data Plane (forwarding and routing of the payload packets, i.e. of the actual usable data).

SD-WAN architecture is particularly beneficial to environments separated by distance — for example, between main offices and branch offices. Whereas traditional WAN can be expensive and complex, SD-WAN architecture reduces recurring network costs, offers network-wide control and visibility, and simplifies the technology with zero-touch deployment and centralized management.

This overlay architecture provides networking foundation that is much easier to manage than legacy WANs, moving the control layer to the cloud, which means centralizing and simplifying network management.

SD-WAN components

There are three main components to an SD-WAN: The SD-WAN edge, the controller, and the orchestrator.

The SD-WAN edge is where the network endpoints reside. This can be a branch office, a remote data center, or cloud platform.
An SD-WAN Orchestrator is the virtualized manager for network, overseeing traffic and applying policy and protocol set by operators.
The SD-WAN Controller centralizes management, and enables operators to see the network through a single pane of glass, and set policy for the orchestrator to execute.

SD-WAN architecture

These components make up the basic structure of an SD-WAN. In addition, there are three main types of SD-WAN architecture: on-premises, cloud-enabled, and cloud-enabled with a backbone.

On-Premises means that SD-WAN hardware resides on-site. This is particularly useful for sensitive locations and where cloud connection is not needed. Unlike some of the other architectures, the on-site SD-WAN box does not connect to a cloud gateway (discussed later). It only connects to your company’s other sites.
Cloud Enabled SD-WAN solution offers an onsite SD-WAN box connecting to a cloud (virtual) gateway. With this architecture, your company gets the benefits of an on-prem-only architecture (i.e. real-time traffic shaping & multi-circuit load balancing/failover), plus increased performance and reliability of your cloud applications.
Cloud Enabled + Backbone SD-WAN architecture offers an on-site SD-WAN box connecting your site to the SD-WAN provider’s nearest network point of presence (POP), where your traffic hops on the SD-WAN provider’s private, fiber optic, network backbone. While your WAN traffic is traversing the SD-WAN provider’s private backbone, it is guaranteed to maintain low levels of latency, packet loss, and jitter. This improves the performance of all network traffic, particularly real-time traffic like voice, video, and virtual desktop. The backbone is also directly connected with major cloud application providers (i.e. Office 365, AWS, etc.), which, like the previous architecture, increases the performance and reliability of those applications.

We are in Software Era (Cloud, SD-WAN, Apps)

Traditional WANs based on conventional routers are not cloud-friendly. They typically require backhauling all traffic – including that destined to the cloud – from branch offices to a hub or headquarters data center where advanced security inspection services can be applied. The delay caused by back-haul impairs application performance resulting in a poor user experience and lost productivity.

And given the fact that 93% of the Enterprises have Multi-Cloud strategy, it’s quite important factor.

As businesses move more applications to the cloud and increase their usage of SaaS applications, while also enabling rich media content in their remote locations, they are finding that they need to modernize their networks to provide better access to these applications. Organizations need to consider bandwidth requirements, as well as ease of deployment and management of their networks, especially when they are opening new locations and networking professionals are quickly realizing that traditional WANs were never architected for the cloud.

The traditional router-centric model that backhauls traffic from the branch to headquarters to the internet and back again no longer makes sense.

Geographically distributed enterprises are embracing SD-WANs at an accelerating pace because they help businesses become more agile, enhance business productivity and dramatically lower costs.

SD-WAN vs MPLS

Realizing ROI for Software-Defined Networking in the campus LAN or even the data center has proven elusive. But not so with SD-WANs. The ROI is dramatic and immediate. With an SD-WAN solution you can now augment or even replace MPLS connections with broadband internet services to connect users to applications and lower WAN costs dramatically.

While MPLS has a solid reputation for reliability, it isn’t perfect and can fail. Redundancy at the MPLS provider level is expensive and can be a pain to implement.

SD-WAN makes leveraging different transport methods easy, thereby enabling high-availability configurations that help reduce single points of failure. If your fiber link from one ISP is down, you can fail-over to a link from another provider.

Of course, this doesn’t mean that SD-WAN replaces MPLS… It depends on the right usage and specific scenarios.

SD-WAN benefits

By continuously monitoring applications and WAN transport resources, an SD-WAN can quickly adapt to changing network conditions to maintain the highest application performance and availability. An advanced SD-WAN delivers the highest levels of end-user Quality of Experience, even if a transport service experiences an outage or a brownout (excessive packet loss, latency or jitter).

Increase business productivity and user satisfaction
Automatic path selection
Improve security and reduce threats
Simplify branch WAN architecture
Reduce WAN costs
End-to-End encryption
End-to-End visibility

SD-WAN provides more options for connection type and vendor selection, since the network can reside on COTS hardware and use both private and public connections to route its traffic.

As SD-WAN can automatically funnel your traffic through the fastest and most reliable connection, common network issues such as jitter and latency are considerably reduced.

Zero-Touch Provisioning (ZTP). With ZTP, configurations and policies are programmed once and pushed to all branch locations without having to manually program each device individually using a CLI. It eliminates the need to send specialized IT resources out to branch locations whenever a new application is added or a policy is changed. ZTP also reduces human errors, resulting in more consistent policies across to enterprise.

Enhanced, automated connectivity to IaaS and PaaS cloud environments without forcing you into existing multi-tenant gateways or a time-consuming manual process.

SD-WAN Improves Security

Aside from that array of SD-WAN benefits, arguably the primary advantage of an SD-WAN architecture is security. And that’s what is the prime concern and prime wish for a TOP Function of an WAN Solution, according to SDx Central.

While traditional WAN solutions handle security through multiple appliances at each branch office, SD-WAN has inbuilt security protocols. SD-WAN solutions have built-in encryption capabilities, ensuring that only authorized users are able to access and view assets connected to the corporate network.

Today’s companies prefer network architectures that integrate security, policy, and orchestration., and SD-WAN covers those bases by unifying secure connectivity. In the SD-WAN architecture, a company benefits from end-to-end encryption across the entire network, including the Internet. All devices and endpoints are completely authenticated, thanks to a scalable key-exchange functionality and software-defined security. All communication between the main office and branch offices is secure, as is communication to and from the cloud.

That leads to a solution called SASE, that unifies SD-WAN, firewall, segmentation, routing, WAN optimization and visibility and control functions in a single platform.

You can read more about SASE in my previous article HERE, but now, let’s continue to how SD-WAN looks today and what the predictions are.

SD-WAN today

Here are the main SD-WAN players in the market, according to Gartner Magic Quadrant.

SD-WAN predictions

Where is the future taking us? In 2019, SD-WAN market broke up the $1BN border.

Although 2019 was dubbed a breakout year for the SD-WAN industry, a fourth-quarter decline resulted in 1 percent year-over-year growth for the worldwide Service Provider Router and Carrier Ethernet Switch market. That’s much less than similar studies of the SD-WAN market, such as last year’s SD-WAN Infrastructure Forecast from research firm IDC, which indicated that the market will grow at a 30.8 percent compound annual growth rate (CAGR) from 2018 to 2023 to reach $5.25 billion.

Who would be interested in SD-WAN technology?

Two factors strongly influence interest: cloud usage and digitization as well as ICT skills levels.

More than any specific sector, it is thus in particular companies with a strong digital and cloud focus, as well as those simply with high ICT skills, that have shown most interest. Certainly, there is a high correlation between cloud services usage and interest for SD-WAN. Companies with strong ICT expertise and that tend to manage many ICT aspects themselves, e.g. managing IP routers and routing, managing IPsec VPNs etc., are also particularly open to SD-WAN. There can be on overlap between companies with high ICT skills and those with a focus on the digital economy and cloud services, but there are also cases where the two aspects can be quite distinct.

We could summarize by saying that two main groups have been interested in SD-WAN so far. Firstly, some large enterprises with many small sites (retail, banks etc.) for whom the main attraction was to reduce MPLS traffic and costs (e.g. by avoiding backhauling), reduce complexity and achieve faster deployments, especially at the branch. The second group would rather include highly digital companies, especially those that both have IT staff and a high cloud usage.