The 3 types of SD-WAN architecture

Which type of SD-WAN is the best fit for your company?

SD-WAN Architecture

If you’re contemplating whether SD-WAN will improve your company’s Wide Area Network, I’ve learned it’s important to first get a grasp of the different SD-WAN architectures.

As a long-time business ISP and cloud broker, I’ve had the best seat in the house for watching the SD-WAN craze take flight. As dozens of SD-WAN product offerings pop up, I have the enviable job of making sense of it all. [sigh]

In my observation, there are 3 main buckets of SD-WAN architecture, each of which benefit certain types of companies. Which architecture is “best” depends on the applications your company is accessing through your WAN.

1. On-prem-only

An “on-prem-only” SD-WAN architecture is exactly like it sounds. Your company has an SD-WAN box (essentially a plug ‘n play router), performing real-time traffic shaping at each site… and that’s it.

Side note: Notice I’m slyly using the shortened “prem” terminology, to bypass the IT industry’s notoriously heated “premise vs. premises” grammar argument. [ha!]

Unlike some of the other architectures, the on-site SD-WAN box does not connect to a cloud gateway (discussed later). It only connects to your company’s other sites.

Best Fit:

Companies hosting all their applications in-house (without any cloud applications). If your company isn’t using cloud applications, there isn’t a strong need to utilize a cloud-enabled SD-WAN solution. Adding cloud enablement will increase costs, unnecessarily. A common configuration is keeping a (much smaller), MPLS network for real-time apps (i.e. voice, video, or virtual desktop), and utilizing the public Internet (controlled by the SD-WAN), for everything else.


  1. Lower or zero monthly SD-WAN cloud-enablement bandwidth costs.
  2. Multi-circuit/ISP load-balancing.
  3. Real-Time traffic shaping, improving the performance of all WAN apps.
  4. Improved disaster recovery (DR), by having better connectivity backup.

2. Cloud-enabled

In a cloud-enabled SD-WAN architecture, the solution offers an onsite SD-WAN box connecting to a cloud (virtual) gateway. With this architecture, your company gets the benefits of an on-prem-only architecture (i.e. real-time traffic shaping & multi-circuit load balancing/failover), plus increased performance and reliability of your cloud applications.

The cloud gateway is networked directly to the major cloud providers (i.e. Office 365, AWS, Salesforce, etc.), which results in an overall improvement in the performance of your cloud apps. In addition, if your company’s Internet circuit fails while using a cloud application, the gateway can keep a cloud session active (while the circuit flaps). If your company has an alternate Internet circuit, the SD-WAN can re-route your cloud app instantaneously to your company’s alternate Internet circuit, preventing interruption of a single session.

Best Fit:

Companies running big-name cloud applications, such as Office 365, AWS, Drop Box, Azure, Salesforce, etc. A common configuration is to have in-house real-time apps running on a small MPLS network and have cloud apps (and everything else), running over the public Internet, controlled by an SD-WAN.


  1. Cloud gateways, improving the performance of cloud applications.
  2. Cloud gateways, improving the reliability of cloud applications.
  3. Multi-circuit/ISP load-balancing.
  4. Real-Time traffic shaping, improving the performance of all WAN apps.
  5. Improved DR by having better connectivity backup.

3. Cloud-enabled plus backbone

It’s always good to get a backbone, right? Cloud-enabled SD-WAN architecture can be taken to another level when it gets a backbone. “Cloud-enabled plus backbone” SD-WAN architecture offers an on-site SD-WAN box connecting your site to the SD-WAN provider’s nearest network point of presence (POP), where your traffic hops on the SD-WAN provider’s private, fiber optic, network backbone.

While your WAN traffic is traversing the SD-WAN provider’s private backbone, it is guaranteed to maintain low levels of latency, packet loss, and jitter. This improves the performance of all network traffic, particularly real-time traffic like voice, video, and virtual desktop. The backbone is also directly connected with major cloud application providers (i.e. Office 365, AWS, etc.), which, like the previous architecture, increases the performance and reliability of those applications.

Best Fit:

A company running a lot of real-time network applications, wanting to completely scrap their MPLS network (to reduce costs), but does not want their real-time traffic going 100% over the public Internet, (for fear of high latency, packet loss and jitter).


  1. WAN traffic primarily rides on a private backbone, improving the performance of all network applications, especially real-time apps.
  2. Cloud gateways, improving the performance of cloud applications.
  3. Cloud gateways, improving the reliability of cloud applications.
  4. Multi-circuit/ISP load-balancing.
  5. Real-Time traffic shaping, improving the performance of all WAN apps.
  6. Improved DR by having better connectivity backup.

There currently aren’t many vendors offering this architecture. [whah, whah, whaaah]

But with many ISP’s adding SD-WAN service to their product portfolio, (since ISP’s already have the backbone infrastructure), it only makes sense several ISP’s will eventually add this option to their SD-WAN offering.

Sounds pretty simple, right? Well… kinda. Of course, within each of these 3 architectures are several more variables but I think this gives you a solid start to accurately evaluating and designing an SD-WAN solution for your company.

Copyright © 2017 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022