What is SD-WAN, and what does it mean for networking, security, cloud?

Software-defined wide area networks, a software approach managing wide-area networks, offers ease of deployment, central manageability and reduced costs, and can improve connectivity to branch offices and the cloud.

sd wan

There have been significant changes in wide-area networks over the past few years, none more important than software-defined WAN or SD-WAN, which is changing how network pros think about optimizing the use of connectivity that is as varied as Multiprotocol Label Switching (MPLS), frame relay and even DSL.

What is SD-WAN?

As the name states, software-defined wide-area networks use software to control the connectivity, management and services between data centers and remote branches or cloud instances. Like its bigger technology brother, software-defined networking, SD-WAN decouples the control plane from the data plane.

An SD-WAN deployment can include, existing routers and switches or virtualized customer premises equipment (vCPE) all running some version of software that handles policy, security, networking functions and other management tools, depending on vendor and customer configuration.   

One of SD-WAN’s chief features is the ability to manage multiple connections from MPLS to broadband to LTE. Another important piece is the ability to segment, partition and secure the traffic traversing the WAN. 

SD-WAN's driving principle is to simplify the way big companies turn up new links to branch offices, better manage the way those links are utilized – for data, voice or video – and potentially save money in the process.

As a recent Gartner report said, SD-WAN and vCPE are key technologies to help enterprises transform their networks from “fragile to agile.”

“We believe that emerging SD-WAN solutions and vCPE platforms will best address enterprise requirements for the next five years, as they provide the best mix of performance, price and flexibility compared to alternative hardware-centric approaches,” Gartner stated.   “Specifically, we predict that by 2023, more than 90% of WAN edge infrastructure refresh initiatives will be based on vCPE or SD-WAN appliances versus traditional routers (up from less than 40% today).”

nw what is sd wan 1200px x 1000px Network World / Gartner

With all of its advanced features making it an attractive choice for customers, the market has also attracted a number of choices with more than 60 vendors – including Cisco, VMware, Silver Peak, Riverbed, Aryaka, Fortinet, Nokia and Versa – that compete in the SD-WAN market; many with very specialized offerings, Gartner says.  IDC says that SD-WAN technology will grow at a 30.8% compound annual growth rate from 2018 to 2023 to reach $5.25 billion.

From its VNI study, Cisco says that globally, SD-WAN traffic was 9 percent of business IP WAN traffic in 2017 and will be 29 percent of business IP WAN traffic by 2022.  In addition, SD-WAN traffic will grow five-fold from 2017 to 2022, a compound annual growth rate of 37 percent.

“SD-WAN continues to be one of the fastest-growing segments of the network infrastructure market, driven by a variety of factors. First, traditional enterprise WANs are increasingly not meeting the needs of today's modern digital businesses, especially as it relates to supporting SaaS apps and multi- and hybrid-cloud usage. Second, enterprises are interested in easier management of multiple connection types across their WAN to improve application performance and end-user experience," said Rohit Mehra, IDC vice president, Network Infrastructure. "Combined with the rapid embrace of SD-WAN by leading communications service providers globally, these trends continue to drive deployments of SD-WAN, providing enterprises with dynamic management of hybrid WAN connections and the ability to guarantee high levels of quality of service on a per-application basis."

How does SD-WAN help network security?

One of the bigger areas SD-WAN impacts is network security. 

The tipping point for a lot of customers was the advent of applications like the cloud-based Office 365 and Amazon Web Services (AWS) applications that require secure remote access. said Neil Anderson practice director, network solutions at World Wide Technology, a technology service provider.  “SD-WAN lets customers set up secure regional zones or whatever the customer needs and lets them securely direct that traffic to where it needs to go based on internal security policies. SD-WAN is about architecting and incorporating security for apps like AWS and Office 365 into your connectivity fabric. It’s a big motivator to move toward SD-WAN.”

 “With SD-WAN, mission-critical traffic and assets can be partitioned and protected against vulnerabilities in other parts of the enterprise. This use case appears to be especially popular in verticals such as retail, healthcare, and financial,” IDC wrote. "SD-WAN can also protect application traffic from threats within the enterprise and from outside by leveraging a full stack of security solutions included in SD-WAN such as next-gen firewalls, IPS, URL filtering, malware protection, and cloud security.”

What does SD-WAN mean for MPLS?

One of the hotter SD-WAN debates is what the software technology would do to the use of MPLS, the packet-forwarding technology that uses labels in order to make data forwarding decisions. The most common use cases are branch offices, campus networks, metro Ethernet services and enterprises that need quality of service (QoS) for real-time applications.

For the most part, networking vendors believe MPLS will be around for a long time and that SD-WAN won’t totally eliminate the need for it. The major slaps against MPLS are how traditionally expensive the service is and how complicated it is to set up.

A recent report from Avant Communications, a cloud services provider that specializes in SD-WAN, found that 83% of enterprises that use or are familiar with MPLS plan to increase their MPLS network infrastructure this year, and 40% say they will “significantly increase” their use of it.

How that shakes out remains an unknown, but it seems both technologies will have role in near future enterprises anyway.

“For us, MPLS is just another option.  We have never said that SD-WAN versus MPLS so that MPLS is going to get killed off or it needs to get killed off,” said Sanjay Uppal, vice president and general manager of VMware’s VeloCloud Business Unit. 

Uppal said with MPLS, VMware at least is not finding that customers are turning off their MPLS in droves.  “They are capping it in several instances.  They are continuing to buy some more.  Maybe not as much as they probably had in the past but it’s really opening up applications to use more [of the the underlying network responsible for delivery of packets].  All kinds of underlay are being purchased.  MPLS is being purchased, more of broadband, direct internet access,” he said.

Gartner says its clients hope to fund their WAN expansion/update by replacing or augmenting expensive MPLS connections with internet-based VPNs, often from alternate providers. However, suitability of internet connections varies widely by geography, and service providers mixing connections from multiple providers increases complexity. SD-WAN has dramatically simplified this approach for a number of reasons, Gartner says, including:

  • Due to the simpler operational environment and the ability to use multiple circuits from multiple carriers, enterprises can abstract the transport layer from the logical layer and be less dependent on their service providers.
  • This decoupling of layers is enabling new MSPs to emerge to take advantage of the above for customers that still want to outsource their WANs.
  • Traditional service providers are responding with Network Function Virtualization (NFV)-based offerings that combine and orchestrate services (SD-WAN, security, WAN optimization) from multiple popular vendors.  NFV enables virtualized network functions including routing mobility and security.

There are other reasons customers will use MPLS in the SD-WAN world, experts said.   “There is a concern about how customers will back up systems when there are outages,” Anderson said. “MPLS and other technologies have a role there.”

HowSD-WAN involves cloud environments

While security and reducing traditional WAN costs are driving SD-WAN adoption, the need to rapidly and securely tie in cloud services is also a big motivating factor.

There are a number of trends driving the increased use of SD-WAN technologies, Uppal said, a major one being the increased use of containers and cloud-based applications that need access from the edge. “The scope of clients needing SD-WAN service access to the data center or cloud resources is growing and changing rapidly,” Uppal said.

Customers are increasingly looking to SD-WAN technologies to tie the data center with cloud resources, Anderson said.   “SD-WAN technologies have evolved a lot in just the past two years or so that makes it easy to spin-up the resources to make that possible in a quick and inexpensive way.”

An important focus will be creating fluidity of data sources between on premises and public cloud. Enterprises will see their private data centers continue to grow, while at the same time expanding their adoption of public cloud services, Kip Compton, senior vice president of Cisco’s Cloud Platform and Solutions Group, blogged earlier this year. 

“They will look to build common management and policy-based governance across their multicloud environments so they can simply and securely innovate, deploy, and manage applications at an accelerated rate,” Compton stated. Cisco’s 2018 Global Cloud Index says that by 2021, 94 percent of workloads and compute instances will be processed by cloud data centers with6 percent being processed by traditional data centers.

Indeed most major SD-WAN vendors including Cisco, VMware and others have teamed with cloud providers such as AWS, Microsoft Azure and Google Cloud to in part ease SD-WAN traffic optimization.

nw forecast table enterprise networking connectivity trends 1200px x 700 Network World / Gartner

Where does SD-Branch fit into SD-WAN?

An offshoot of SD-WAN is another software-based technology called SD-Branch. Network World blogger and principal analyst for Doyle Research, Lee Doyle recently wrote that SD-Branch is the  “next step in the evolution of branch technology can be defined as a single hardware platform that supports SD-WAN, routing, integrated security and LAN/Wi-Fi functions that can all be managed centrally.”

The most compelling argument for SD-Branch is operational agility, Doyle wrote.

“IT organizations can rapidly deploy and provision a network branch-in-a-box solution for new locations. Via a centralized management console, they can control and adjust all branch network and security functions.  Reducing or eliminating the need for trained IT personnel to visit remote branch locations results in significant cost and time savings. SD-Branch also promises to reduce hardware costs by deploying software on consolidated hardware as compared to many separate appliances,” Doyle wrote.

VMware’s Uppal said there are different definitions of SD-Branch. Some say SD-WAN runs from the edge of the branch to the data center or public cloud. And for them, the networking inside the branch, bundled and based on software, is SD-Branch. VMware thinks of it otherwise.

“We prefer to think of it as the scope of SD-WAN is widening to include what’s happening on the campus, to include what’s happening inside the branch, to include everything up to the individual devices or sensors or actuators. When you think of it from that perspective, the SD-Branch piece is just a piece of SD-WAN.  It’s not an independent thing.  It just happens to be one component of it.”

Cisco wrote in a white paper on SD-Branch that with SD-Branch, network functions run inside a virtualized environment.

“SD-Branch deployments can even split up virtual appliances into discrete functions and then centralize these functions (such as any related to enterprise policy) into the headquarters, private data center, or hybrid cloud, rather than have to configure and deploy it all in branches,” Cisco wrote.

“The SD-Branch and a software-defined network are about more than virtualization. They finally separate the monolithic appliances, virtual or otherwise, into a simpler system of functions that can be easily reconfigured to meet changing requirements. Businesses can use SD-Branch to reduce costs and gain reliability, ease of management, and agility. Some will use SD-Branch as a launchpad for deploying innovation in their business.”

What does SD-WAN have to do with SDN?

The idea of programmability is the basis for SD-WAN and in the end its big brother software defined networking.  SDN is a technology that separates the control plane management of network devices from the underlying data plane that forwards network traffic.

IDC broadens definition: “Datacenter SDN architectures feature software-defined overlays or controllers that are abstracted from the underlying network hardware, offering intent- or policy-based management of the network as a whole. This results in a data center network that is better aligned with the needs of application workloads through automated provisioning, programmatic network management, pervasive application-oriented visibility, and where needed, direct integration with cloud orchestration platforms.”

The driving ideas behind the development of SDN are many. For example, it promises to reduce the complexity of statically defined networks; make automating network functions much easier; and allow for simpler provisioning and management of networked resources, everywhere from the data center to the campus or wide area network.

IDC estimates that the worldwide data center SDN market will be worth more than $12 billion in 2022, recording a CAGR of 18.5% during the 2017–2022 period. The market generated revenue of nearly $5.15 billion in 2017, up more than 32.2% from 2016.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2019 IDG Communications, Inc.