A Guide to SD-WAN

SD-WAN has been making waves in the networking world thanks to its ability to provide dependable edge-to-cloud connectivity. Here’s how it works, and how it could help you.


Recent research by Forrester* found that for 1 in 3 IT decision-makers, software defined WAN (SD-WAN) is their top organizational priority in 2022 – but why are businesses excited by the technology?

Due to increasingly complex and distributed network infrastructures, as well as the need to support remote workforces in 2022, enterprises are realizing that having SD-WAN is more crucial than ever. Offering the centralized management, security, and performance necessary for today’s work-from-anywhere, cloud-first business environment, the solution proves a viable option for branch connectivity. 

In this blog, we discuss the benefits and challenges of SD-WAN, its popular use cases, and how you can support your business’ SD-WAN adoption.





Contents

  1. What is SD-WAN?
  2. How it works
  3. Benefits of SD-WAN
  4. Challenges of SD-WAN
  5. Use cases
  6. SD-WAN and security
  7. SD-WAN and SASE
  8. SD-WAN and MPLS: What are the differences?
  9. How to get started with SD-WAN
  10. SD-WAN with Megaport


What is SD-WAN?


Software-defined refers to the fact that the focus of a product and the solution it provides hails from software, rather than hardware, while WAN stands for Wide Area Network, which is a “collection of local-area networks (LANs) or other networks that communicate with one another”. Put these together and you have a technology that takes advantage of software capabilities to bring cloud connectivity to enterprises’ multiple branches through a simplified topology. 

SD-WAN incorporates a traditional hardware-based networking model and adds a software-defined virtual network overlay on top. This overlay—like a network on top of another network—is managed and provisioned centrally by a controller, removing the need for device-by-device network configuration and management. The underlay, or data plane, is then left with the responsibility to process and transit packets between devices.

The overlay can run over a range of standard network transport services (acting ‘transport agnostic’), including the public internet, 4G, 5G, and MPLS. Based on the performance of the underlying network transport, application-aware routing will control where and when an application uses a specific service to maintain the performance of real-time and sensitive applications.




How it works


SD-WAN works to provide “intelligent application-aware routing across the WAN.” And it acts as a flexible, private overlay over any network transport type: Whether that’s the public internet, MPLS, or combination of the two. The brain of your SD-WAN will continuously interrogate these multi-transport “underlays” to determine the best end-to-end network path, which subsequently results in improved performance, resiliency, and lower costs for your business. 

SD-WAN is a response to the growing need for a more efficient method to send traffic directly over the internet from branch locations to trusted SaaS and cloud-based applications, while ensuring security compliance. It answers this need by simplifying the WAN architecture through a centralized control function that steers traffic securely and directly between branches and to cloud service providers (CSPs).




Benefits of SD-WAN


There are a number of benefits to utilizing SD-WAN in your enterprise network that traditional or alternative setups cannot promise. These include: 

  • Centralized management – by moving the control plane of the network from individual branch and data center routers to a central tool, SD-WAN allows administrators to see across the network and manage it by simply pushing policies to branches from the center, which streamlines network administration.
  • Cost savings – when implementing SD-WAN, users can enjoy long-term cost savings – in some cases, over 50% in comparison to an MPLS setup. Because it increases the reliability of both WAN services and the internet, SD-WAN can prove cost-effective for your business by reducing unnecessary or overly complicated network paths and reducing network performance disruptions, meaning you can continue business as usual. 
  • Improved performance – through reduced latency as well as reduced packet loss, SD-WAN can significantly improve your network performance. This means quicker speeds for your employees, whether sitting in the office or working remotely from anywhere in the world. SD-WAN also allows critical traffic to be automatically routed to links with higher bandwidth for improved application performance.
  • Greater visibility and oversight of network operations and traffic – through SD-WAN, organizations can gain a bird’s-eye view of their network, unlocking the ability for network managers to pinpoint any issues that arise and directly troubleshoot. This visibility also means administrators can identify areas of stress in their bandwidth and subsequently conduct capacity planning to improve user experience for their workforce.
  • Remote access – SD-WAN adoption is rising largely due to its cloud access capabilities. Distributed employees can access cloud applications from multiple devices and locations, which is crucial in modern work-from-anywhere business models. 
  • Security protocols – SD-WAN offers a decentralized security model through innovative security capabilities such as firewalls, traffic filtering, and threat identification and management. SD-WAN connects branches to cloud-based apps through a secure, dedicated connection, eliminating the need to backhaul traffic to a data center first. Plus, your SD-WAN security can be managed from a central platform. You also aren’t solely relying on the public internet, which can be unreliable and risky.





Challenges of SD-WAN


Alongside the benefits, there can also be challenges that arise when adopting and utilizing SD-WAN for your enterprise. Some possible drawbacks to be aware of include:

  • Security concerns – when it comes to its on-site security features, SD-WAN can fall short and lack effective built-in security measures, meaning a data breach in one single location could affect the entire organization. Security inefficiencies in your SD-WAN architecture could open your business up to threats such as virus vulnerabilities and a compromised network, putting not only your business’ sensitive data at risk, but also your customers’.
  • Choice of vendor – choosing the SD-WAN vendor that’s right for your business can be both time-consuming and difficult. Features, prices, and contract terms can vary between providers, and some models may not be appropriate for your enterprise operations.
  • Deployment time and costs – SD-WAN adoption can be expensive for companies with smaller networking budgets, and time to deploy and replace traditional infrastructure may seem undesirable.




Use cases


There are a handful of use cases for SD-WAN connectivity that address the many modern challenges present in enterprise networking. These include:

  • Direct branch and cloud connectivity – SD-WAN provides the most direct path to cloud-based apps. This means you can transfer data straight from your branch to the cloud, which saves time and improves network performance unlike traditional hub-and-spoke models.
  • Multi-cloud application workflows – hybrid and multicloud application architectures also benefit from SD-WAN solutions to deliver resilient, secure, and high-performance connectivity. System-to-system data flows now span multiple cloud platforms for services like virtual desktop infrastructure (VDI), enterprise resource planning (ERP), and database replication.
  • Interconnect regions – using centralized automation control and capabilities, network managers can set up full or partial topologies across their network to connect various branches and regions. This means distributed, remote employees can access cloud-based applications with ease.
  • Managing network traffic and application interoperability – as performance and security requirements vary by application, enterprises need to cleverly dictate rules on where their network traffic travels. SD-WAN’s central console can be used to establish management policies across the board (as opposed to on individual devices), which can then be updated and modified simply. Having interoperability between cloud applications improves network performance, too. 
  • Maintaining service-level agreements (SLAs) – SD-WAN allows network managers to specify SLAs for various applications, which serve to protect your organization by setting clear expectations between you and your service providers.





SD-WAN and security


You can level up your SD-WAN through a Zero Trust Network Access (ZTNA) solution (something we’ve covered previously). This offers an alternative to general network access, instead replacing it with secure per-user and per-session access to specific applications. This then increases visibility into who is accessing what data at any given time, and allows for easier management of resources as well as more effective safeguarding. 

This is particularly helpful when your enterprise is dealing with a remote workforce, as it enables you to discern whether one of your employees is just working from a different location than usual, or if that new sign-on is coming from someone more sinister.

The current generation of SD-WAN solutions available on the market often house multiple ZTNA elements, positioning them as exceptionally secure, integrated solutions. ZTNA is a particularly beneficial security integration for remote workforces and while it can be implemented independently, it can also be implemented as part of a broader network solution which includes SD-WAN, known as SASE.


SD-WAN and SASE


Gartner predicts that “by 2025, at least 60 percent of enterprises will have SASE strategies and timelines in place.” SD-WAN is an important foundation of any SASE architecture. The term SASE refers to a framework for converging the best elements of software-defined networking and SD-WAN with modernized edge security. 

The end result is a transformed network architecture that is dynamic, flexible, and secure, and can provide the performance needed for today’s 24×7 applications and resources hosted across public, private, and hybrid clouds.

Ultimately, SASE is the next step in any modern enterprise’s SD-WAN infrastructure.



SD-WAN and MPLS: What are the differences?


MPLS, or multi-protocol label switching, is the legacy technology to SD-WAN. MPLS is a label-switched-path network model in which data packets take a pre-defined, private route straight to their destination from the provisioning of Layer 2 Ethernet or Layer 3 Virtual Private Networks (VPNs). These label-switched paths can be statically defined to direct traffic around congested parts of a network on an end-to-end, low-latency route.

The two technologies have a handful of similarities. Firstly, they both deliver high-performance, reliable, and private WAN, as they are both a type of private overlay (with SD-WAN relying on Internet Protocol Security (IPSec) VPNs, and MPLS on labels). They also both function to classify traffic into different importance levels to support a more efficient and reliable network. But they differ mainly in that “while MPLS is a dedicated circuit, SD-WAN is virtual overlay and decoupled from physical links.

However, you can use MPLS together with SD-WAN through a hybrid WAN design to get the ‘best of both worlds’. The application-aware routing benefit of SD-WAN can ensure critical traffic like Voice over Internet Protocol (VoIP) is directed over your reliable MPLS transport, with non-critical traffic directed over internet transport. Using MPLS and SD-WAN together is a great way to lay the foundation for your organization as cloud connectivity continues to grow and evolve in the years to come.






How to get started with SD-WAN


With an enhanced SD-WAN fabric on your side, it’s easier for your company to handle distributed and complicated architectures in a multicloud environment.

SD-WAN is generally provided and managed by a service provider like Cisco, VMware, Versa, Fortinet, and Aruba. These vendors provide the orchestration platforms and network appliances, however, choosing the best mix of underlying network transports will ensure the solution will operate at maximum efficiency. It’s also important to determine the operational and support model of the SD-WAN solution that best fits your business, whether is be one fully managed by an MSP, your in-house IT organization, or a mix of both.

Opting for network functions virtualization (NFV) is a great place to start on your journey to SD-WAN. NFV acts as the “the replacement of network appliance hardware with virtual machines” and works to separate your network’s communication services from dedicated hardware like routers and traditional firewalls. Adding NFV functionalities like Megaport Virtual Edge (an end-to-end NFV tool) improves the performance of that SD-WAN by replacing hardware with virtual connectivity right to the branch.




SD-WAN with Megaport


If your business is interested in transitioning to an SD-WAN infrastructure, or needs some help making your current SD-WAN more efficient, Megaport can put you on the right track.

By hosting network services directly on Megaport’s global, private Software Defined Network (SDN), Megaport Virtual Edge (MVE) enables companies to quickly deploy edge networking when coupled with their SD-WAN, eliminating the need to purchase and maintain hardware. MVE enhances your existing enterprise SD-WAN platform by giving you the ability to strategically build optimal pathways to critical applications wherever they reside. 

 

For companies adjusting to a permanent remote workforce, at least part of the time, MVE provides a private, secure, scalable, and global network backbone to optimize SD-WAN connectivity. MVE extends your network to the edge, right to your workers’ home office (or kitchen counter), with no hardware needed. In a way, MVE delivers a hybrid SD-WAN “transport” with the benefits of predictable latency, dynamic provisioning, private layer 2 connectivity, and dedicated bandwidth, making it a preferred solution over MPLS for many customers.

And since Megaport partners with leading SD-WAN vendors—such as Cisco, Fortinet, Versa, Aruba, and VMware, which make up more than 70% of the SD-WAN provider market—your business can shop around for the features and models that suit you best.


*Source: Forrester Analytics Business Technographics® Networks And Telecom Survey, 2021.

Explore your business’ SD-WAN options by booking a demo with Megaport today.

Kevin Dresser
Solutions Architect

Filed under: SD-WAN

forrester report

E-GUIDE

Forrester’s Five Key Attributes to Consider When Evaluating Cloud Connectivity
Get the Guide

Get the latest cloud insights delivered.