Addressing Scalability Challenges with SD-WANs

Scalability challenges with SD-WANs include appliances, tunnels, controllers, security, and geographic reach. Cloud-based services offer a viable solution.

istock 1133545557

It’s always difficult to tell how fast your business will grow, and hence how quickly you’ll need to scale your network and other IT infrastructure. When it comes to software-defined wide-area networks (SD-WAN), the scalability issue is particularly thorny because of the myriad factors that play into the equation.

Some will tell you scaling an SD-WAN is a simple matter of adding appliances, but that is far from the case, says David Greenfield, Secure Networking Evangelist with Cato Networks. Cato provides a cloud-based SD-WAN service, so Greenfield is well-versed in the factors that make SD-WAN scalability so challenging. In this post, we’ll examine a handful of them.

Appliance capacity is the first issue. SD-WANs work by establishing overlay tunnels through which traffic flows between sites. But appliances have limits on the number of tunnels they support. If you’re connecting sites and devices in a fully meshed configuration, as most do, you can quickly chew up memory, CPU, and other resources on the appliance, Greenfield says. That can force the need for larger appliances or simply more of them, either of which increases costs.

Additionally, the more tunnels you have, the longer it can take to recover from an outage. “If the SD-WAN device loses connectivity, it needs to re-establish all those tunnels, maybe hundreds of them,” he says. “It will be several minutes before it recovers.”

As with appliances, you also face limits on the capacity of SD-WAN controllers in terms of how many sites each can support. “Maybe a controller can support 100 to 200 sites fully meshed, so as the SD-WAN grows you may need more controllers,” Greenfield says. “Then you have to network them together, which creates a more complicated configuration.”

On top of controllers and appliances, you also have requirements including security, optimization, and supporting mobile users, all of which likewise have to be able to scale as the network grows.

Security, for example, may require an additional enterprise-grade appliance. “It’s well known in security that as you enable additional function in your security appliance, you consume more processing power,” Greenfield says. “Ultimately you reach a point where the lack of computer power means you must choose between only inspecting a portion of the traffic or, more likely, upgrading the appliance.”

Finally, there’s the issue of geographic reach as you add sites. While the local internet may be fine for a network that only stretches across town, it’s too unpredictable for use on a national or global basis, with unacceptably high latency.

How cloud-based SD-WAN addresses scalability

A cloud-based SD-WAN offering such as what Cato offers can address each of these scalability issues, Greenfield says. As with any cloud service, capacity can be added on demand, as needed. The Cato SD-WAN also includes built-in WAN optimization and security features, including a next-generation firewall and threat detection/response – taking those issues off of IT’s plate.

Connecting to the SD-WAN requires only a Cato Socket, a zero-touch SD-WAN appliance that forges a single tunnel to the Cato cloud, so there’s no issue with running out of tunnel capacity. And the Cato cloud is based on a global private backbone, to avoid performance issues with the public Internet.

The cloud is becoming the preferred solution for all sorts of IT applications. Greenfield makes a good case that SD-WAN is another.

Learn more at