A software-defined wide area network (SD-WAN) is defined as a virtual WAN architecture, in which the control of network connections, application flows, policies, security mechanisms and general administration is separated from the underlying hardware. Everything is managed in software on centralized consoles instead of at the physical locations of individual edge devices and infrastructures.
An SD-WAN connects end users to virtually any application, hosted at any location (e.g., in the public cloud or a company data center), via the best available or most feasible transport service, whether that’s an MPLS (Multiprotocol Label Switching), broadband, cellular or even satellite internet link. To deliver this level of flexibility and performance to users in digital workspaces, an SD-WAN utilizes a control function that continuously analyzes traffic flows across the WAN and intelligently directs traffic in accordance with current policies.
An SD-WAN is able to leverage connectivity from transport options including:
Why is this important? Because in the past, bandwidth-rich and inexpensive broadband internet was unsuitable for corporate WANs, since it was only a best-effort mode of transport without the rock-solid reliability or security of MPLS.
Since SD-WAN forms a virtual network, multiple connections can be bonded together to aggregate bandwidth and provide resiliency. If a primary link were to go down, traffic could be steered to the backup link with minimal disruption to the user experience.
In practical terms, that means the SD-WAN sends traffic down the specific network connections that can fulfill current policy requirements, such as those for:
These rules are applied to the various flows, or packets (in certain solutions), passing through the SD-WAN’s circuits. The SD-WAN solution can also dynamically redirect traffic as needed, for example if a link fails during a or gets congested, or if a VoIP application needs priority to bypass a less demanding TCP-based app. Overall, SD-WANs are much more sophisticated than traditional WANs, which rely mostly on simple routers to steer traffic based on access control lists and IP addresses.
SD-WAN separates the control functions of a network and centralizes them in either a cloud service or an on-premises application. This simplifies operations by obviating the need for each individual SD-WAN appliance to be provisioned and managed physically. Most SD-WAN solutions offer a way for administrators to remotely setup SD-WAN appliances in branches.
Zero-touch provisioning (ZTD) allows discovery and setup of new appliances in the SD-WAN network, primarily focused on streamlining the deployment process for SD-WAN at branch or cloud service office locations. The service is publicly accessible from any point in a network via public Internet access and is accessed over Secure Socket Layer (SSL) Protocol. This allows customers to get new sites up and running allows fast set up of sites in minutes with local staff instead of hours or days.
SD-WAN technology also avoids the main bottlenecks and inefficiencies of legacy WAN architectures. To review, traditional WANs:
Fortunately, SD-WANs can use mechanisms such as deep packet inspection and policies to identify and steer traffic directly over the internet and/or to cloud security services using next-generation firewalls to balance performance and security. They can also enforce automated segmentation so that distinct types of traffic are kept isolated from one another and prioritized as needed. This is an essential capability in the context of digital workspace which has numerous, disparate applications and services.
Today, SD-WAN brings it up to par, making it fully viable for serving a wide variety of apps via digital workspaces to users. An SD-WAN can leverage policies in tandem with firewalls, WAN optimization, VPNs and web gateways to maximize the utility of more affordable internet connectivity. Beyond broadband, SD-WANs can also weave in 4G/LTE or later cellular plans and satellite internet, either as replacements for MPLS or supplements to it, for purposes of additional bandwidth and failover.
MPLS is a technique for sending traffic across a network with low latency, through the avoidance of complex and time-consuming routing table lookups. For decades, it has been a staple of hub-and-spoke WANs because of the reliability and consistency it provides. A router can simply look at the label in a packet’s header and then forward it over a predetermined low-latency MPLS route.
However, MPLS is too inflexible and costly to be the foundation for modern enterprise networks that require deployment speed and cloud connectivity.
For starters, MPLS relies on conventional hardware to make routing decisions. Creating and managing the rules for all of the routers involved is a major undertaking, and one that doesn’t scale well to the numerous locations and application-driven environments of today’s cloud-connected workplaces. In addition, MPLS is carrier-owned technology that requires multi-year contracts and takes weeks, if not months, to provision and make changes in case of need for more bandwidth or to standup a new location quickly.
MPLS connectivity is many times more expensive per Mbps than broadband internet. SD-WANs make broadband a usable transport type for both real-time and TCP-based apps. MPLS can still play a role in an SD-WAN, either running in parallel to the new architecture or within a virtual overlay on a legacy WAN.
Ultimately, SD-WANs are better suited to modern digital workspaces than their MPLS-oriented counterparts.
An SD-WAN architecture can be easily scaled to support new users and branch offices through automatic zero-touch provisioning. Moreover, it delivers optimal performance for cloud apps via dynamic path selection and resiliency against service outages and degradations.
For workers in modern digital workspaces, the advanced technology behind an SD-WAN ensures a superior user experience. It enables reliable, secure access to cloud apps, including bandwidth-intensive real-time solutions for VoIP and video. SD-WAN is essential to enabling consistent workflows across multiple devices, cloud services and locations.
A well-implemented SD-WAN solution from an experienced and reputable provider are wide-reaching:
More predictable and reliable application performance, which helps support users in any digital workspace, across all connections. Superior connection security for cloud applications, without the performance tradeoffs of MPLS backhaulingCongestion reduction due to lack of bandwidth or brownouts with aggregation of bandwidth via multiple bonded and disparate or redundant links