Everything You Need to Know About SD-WAN

Prior to the emergence of SD-WANs in the 2010s, corporate WANs went through several major evolutionary phases, starting with the standardization of Ethernet in the 1980s. As a technology best suited to LANs, Ethernet was often paired with T1 lines to enable more distributed access to the company network - but this was a costly and impractical setup for many companies at the time. The rest of WAN history has mostly been a story of MPLS vs. SD-WAN.

MPLS vs. SD-WAN: A Quick Overview

The creation of Multiprotocol Label Switching (MPLS) in the 1990s provided a new way forward, leading to the concept of what is now commonly referred to as the “traditional WAN.” MPLS WANs use specialized routers to encapsulate, carry and de-encapsulate traffic from almost any network protocol, including Ethernet, Frame Relay and T1.

MPLS enables very reliable network performance by foregoing routing tables. Plus it is highly secure since all de-encapsulation of traffic happens within a corporate facility like a data center. However, the required infrastructure is expensive and the amount of bandwidth in an MPLS plan is typically far too meager to support applications such as VoIP and video conferencing. 

Enter the SD-WAN. An SD-WAN is built for high-bandwidth flows, thanks to its ability to dynamically send traffic to the best available links at the moment, whether they’re broadband, cellular, satellite or even MPLS. In an SD-WAN, the WAN is centrally managed in software, empowering administrators to make policy changes related to traffic prioritization, security and Quality of Service (QoS) and have them efficiently rolled out to the WAN edge. 

Accordingly, no one has to visit a branch office to physically make a change to the routers or other WAN equipment there. Moreover, the high flexibility and adaptability of SD-WANs means that the hub-and-spoke model of a traditional WAN - in which traffic is backhauled to a data center to apply all policies to it - is no longer necessary. Traffic from on-premises and - crucially - cloud applications can be securely and reliably routed across the WAN.

SD-WAN, Explained

Although SD-WAN providers offer differing SD-WAN definitions, most solutions on the market work more or less the same in practice. 

An SD-WAN is a virtual network architecture, in which a flexible combination of physical, virtual and/or cloud appliances may leverage a virtualized pool of network resources - spanning broadband, MPLS, cellular and satellite services - to intelligently steer traffic and safely and reliably connect users to applications. 

SD-WANs feature centralized control in software, along with advanced security capabilities for protecting the WAN edge without backhauling everything to a data center or HQ. This design makes them ideal for SaaS applications that are accessed over the internet at branch offices, and for reducing latency and administrative complexity across the WAN in general

To see how SD-WANs really work, it’s worth comparing a prototypical one alongside an MPLS (traditional) WAN:

What are the Benefits of SD-WAN?

SD-WAN architectures were designed to meet the growing demand for higher-bandwidth applications on corporate networks, and to ensure that the additional sources of bandwidth (i.e., internet links) could all be properly secured. 

In previous WAN paradigms, MPLS was preferable not only for its performance but also because it was the only sufficiently secure option for network transport. SD-WAN changes that, by making broadband suitable for use in mission-critical workloads, as well as in lower-priority ones. 

The right SD-WAN has the resources and control mechanisms to be the ideal architecture for supporting real-time and TCP apps, securely connecting end-users to the cloud, and reducing the overall operational expenses of running a WAN. The most important benefits of SD-WAN include:

Cloud-Friendly Performance

In a traditional WAN, traffic destined for the cloud must first be backhauled through a central facility, where it is inspected. This process, sometimes called tromboning or hairpinning, causes noticeable degradation in performance. SD-WANs offer more accommodations for different types of traffic, as opposed to the one-size-fits-all approach of a router-centric MPLS architecture. Branch offices can be connected to cloud applications via high-bandwidth broadband links and their traffic secured in accordance with application-driven policies. 

Rigorous Security

SD-WANs allow for the straightforward creation and modification of security rules, which can then be pushed to branch sites. These policies may permit some app traffic to go directly over the internet and require the rest to be backhauled or forwarded to security solutions. NGFWs may be integrated into SD-WANs to reduce risk, while VNFs allow functions like firewalling to be handled by compatible appliances. SD-WAN may also be integrated with cloud security services so that each internet breakout on the network is secure against threats like man-in-the-middle attacks.

Adaptive Intelligence

Performance bottlenecks are facts of life on busy WANs. Non-critical traffic flows such as bulk file transfers can consume so much bandwidth that there’s not enough left over for real-time apps like VoIP and video. SD-WANs solve this type of issue by creating a bigger resource pool that can be dynamically aggregated and managed to ensure that all priority, QoS, and security requirements are consistently met. Broadband, cellular, and satellite links provide more bandwidth than MPLS alone. SD-WAN software also supports more sophisticated decisions about traffic steering than would be possible if using only router-specific information such as IP addresses.

Simplified Management

An SD-WAN features centralized management and orchestration, via software that is separated from the the WAN’s forwarding functions and basic supporting infrastructure. As a result, the SD-WAN can be managed without having to go visit each branch site to ensure everything is correctly configured. Moreover, it’s easy to get new locations up and running through zero-touch provisioning that simply applies existing configurations automatically to the hardware at those sites. Administrators can rapidly respond to changes in business requirements and adjust the SD-WAN accordingly.

Lower Operating Costs

Broadband connectivity is much less expensive than MPLS. An SD-WAN does not necessarily need to eliminate all MPLS links within the network architecture, but it can reduce overall reliance on them and open the door to more cost-effective connectivity. Even existing MPLS bandwidth can be more efficiently managed once an SD-WAN is set up. Additional savings are achievable through the simpler administration of the WAN, which removes a significant burden on IT personnel and lets them devote more time to other tasks.

Do You Need SD-WAN?

SD-WAN is a sensible upgrade option for most organizations that depend heavily on cloud-based applications and support numerous branch offices. The rise of telecommuting also makes SD-WAN more strategically important, because remote workers will need secure access to company applications from many possible locations. Traditional WANs cannot deliver the performance that out-of-office employees expect when accessing these high-bandwidth apps.

SD-WANs can also be combined with SD-LAN solutions to form a more comprehensive SD-Branch architecture that extends the benefits discussed above to all the way to an organization’s local network. Telesystem provides an SD-WAN solution that will put your company in a better position to scale the WAN to all branch locations and employees and improve the performance of business-critical applications. Learn more by connecting with a member of our team today.