5 SD-WAN gotchas to avoid

SD-WANs can help enterprises to manage increasingly complex and diverse network infrastructures at a lower cost, but there are pitfalls to avoid.

supply chain / virtual network of connections

Software-defined WANs (SD-WAN) are becoming key components of modern IT infrastructures. Because they use a centralized control function to securely direct network traffic over the Internet, they can deliver benefits such as increased application performance, better user experience and lower costs.

SD-WAN technology simplifies the management and operation of a WAN by decoupling networking hardware from its control mechanism. As organizations look to support a hybrid workforce and cloud-native network architectures, SD-WAN infrastructure has become an important technology for enabling flexible, agile, and optimized connectivity.

Not surprisingly, demand for SD-WAN is on the rise. The SD-WAN infrastructure market grew 27% in 2021 compared with 2020, to reach $3.8 billion, according to research firm IDC. The market is forecast to grow at a 19% compound annual growth rate over the next five years, reaching $7.1 billion by 2025. 

Deploying this technology is not without challenges, however. Here are some of the potential issues that IT and network managers might confront.

1. Limited cost savings

Enterprises expecting to cash in on the expected financial benefits of SD-WAN might be a bit disappointed.

“Early SD-WAN marketing was all about moving to hybrid WAN to save money on expensive private/MPLS networks,” says Andrew Lerner, vice president at research firm Gartner covering enterprise networking with a focus on emerging technologies. “And SD-WAN products helped people move to hybrid WANs, lowering reliance on MPLS.”

However, the promised massive cost savings never materialized for most organizations, Lerner says. “Many folks supplemented their WANs with [Internet connectivity], and then left MPLS in.” In many regions, business-class Internet “is not a ton cheaper,” he says. In addition, as organizations go to Internet connectivity versus MPLS, they often increase bandwidth, so cost per megabit might go down, but total cost rarely does, he says.

Then there’s the cost of products. “The early SD-WAN products were relatively inexpensive,” Lerner says. “They were lightweight, and one of the key differentiators versus traditional routers was cost.”

SD-WAN hardware appliances were coming in at $500 for the hardware and $100 per month per appliance for the software license, Lerner says. “But in the past few years, hardware and software costs have risen for a number of reasons,” he says. It is now common to see hardware around $1,000 per site and licensing costs of $150 per month per appliance.

Forrester Research has found that the networking and security infrastructure and operations costs of SD-WAN actually rise over time, not decrease, says Andre Kindness, principal analyst at Forrester.

“During the initial rise of SD-WAN, many vendors marketed SD-WAN as a cost savings,” Kindness says. “In particular, the vendors’ marketing material messaged large costs savings if companies shifted their connections from MPLS to Internet. There hasn’t been a large shift from MPLS to Internet. Instead, networking organizations kept MPLS links but now use Internet links as an active connection instead of backup one.”

2. Operating SD-WAN in a vacuum

If enterprises operate their SD-WANs in an isolated manner, without integrating the technology with other systems such as security tools, they will miss out on some important capabilities.

“As the SD-WAN market matures, enterprises are increasingly looking beyond standalone SD-WAN platforms,” says Brandon Butler, research manager, enterprise networks, at IDC. “There are a variety of integrations that SD-WAN buyers can consider to ease operational management while enhancing security and performance.”

Two of the most common integrations are SD-WAN and security, and SD-WAN and LAN/WLAN, Butler says. With SD-WAN and security integrations, common security features such as intrusion detection and prevention, deep packet inspection, and SSL inspection are natively integrated into SD-WAN platforms.

Organizations can also leverage cloud-based security capabilities that integrate with the SD-WAN platform, known as secure access services edge (SASE) architectures. Examples of SASE functions include cloud-hosted firewall as a service, cloud access security broker, and secure Web/Internet gateway. “These may be offered directly by the SD-WAN vendor or by a third-party partner,” Butler says.

For SD-WAN and LAN/WLAN integration, some SD-WAN vendors offer integrations across the WAN and enterprise campus LAN/WLAN, Butler says. “These integrations can ease SD-WAN initial deployments and ongoing management by having centralized application policies across the WAN and LAN/WLAN,” he says.

3. Implementation and performance struggles

SD-WAN has been hailed as easier to implement, Lerner says, due to central management and orchestration and zero-touch provisioning (ZTP), a method of setting up a device that automatically configures the device using a network switch feature.

“SD-WAN products are a dramatic improvement over traditional routers,” Lerner says. “But they still require careful implementation and planning. And very few organizations actually implement using ZTP. Most organizations stage and/or have very controlled deliberate rollouts.”

Most SD-WAN projects get held up for one reason or another and end up being delayed for long periods of time, Kindness says. For example, “networking teams haven’t taken all the facets of security into account, or the amount of security services that need to [be] re-architected,” he says.

While SD-WAN products have encrypted tunnels to protect data in transit, security teams looking to adopt the zero-trust security model need to figure out which security services will need to be adopted, Kindness says.

SD-WANs can also have reliability issues, according to the Markets and Markers report. “SD-WAN is an advanced technology, but some networking experts suggest [another] form of transmission is still needed for reliable quality of service,” it says. For example, to ensure quality of service (QoS) with real-time traffic, enterprises should keep an MPLS link parallel to the broadband link.

“Though SD-WAN is used to improve QoS, it alone cannot guarantee QoS,” the report says. “SD-WAN can detect packet loss and jitter and choose the best path for the packet, however if all paths are bad, SD-WAN cannot guarantee quality of service.”

Part of the problem with reliability and performance is that many organizations “put the cart before the horse,” Kindness says. “SD-WAN’s core value is to improve experiences with applications used by employees and customers at remote site,” he says. “Most networking organizations don’t have a good grasp on the amount and types of application traffic going in and out of the remote sites.”

They want to use SD-WAN systems or services to help their organizations figure out the applications and then optimize them, Kindness says. “No two SD-WAN solutions are the same and will optimize certain types of traffic better than other types,” he says. “This means networking professionals might be choosing a solution that isn’t best for their company.”

4. Lack of visibility/analytics 

Visibility and analytics are critically important for SD-WAN deployments, Butler says. “Having insights into the health of WAN links, the performance of the SD-WAN, and insights into user and application traffic for assurance and capacity planning are among the leading use cases for SD-WAN visibility and analytics,” he says.

It's essential for enabling increased automation, security, and assurance capabilities, Butler says. “Many SD-WAN platforms have integrated visibility and analytics platforms, but customers can also work with third-party tools to provide enhanced visibility and analytics,” he says.

Visibility is especially important for security. “As cyber attackers are trying to find sophisticated methods to attack networks, organizations with sensitive data traffic have a valid concern about network security,” the Markets and Markets report notes. “For organizations with highly sensitive data traffic, [the built-in] security capabilities of SD-WAN appliances they are using might be insufficient.”

There are multiple options for SD-WAN security, the report says, but some organizations “get confused” about what kind of exact setup they need to ensure optimum security.

5. Failure to futureproof

When considering an SD-WAN strategy, organizations need to be looking ahead and consider public or private 5G for their SD-WANs. If not, they could be stuck in the past while the latest wireless capabilities pass them by.

“One of the core tenets of SD-WAN is the ability to centrally manage multiple WAN links,” Butler says. “In the past, organizations have used MPLS plus broadband, or dual broadband links. As 5G continues to roll out, organizations are increasingly looking to use public or private 5G in SD-WAN. Many SD-WAN vendors have begun offering integrated 5G routers in SD-WAN gateways.”

Cellular connectivity can be an attractive option for backup, Butler says, or in the future for primary SD-WAN connectivity. “One of the chief advantages of cellular connectivity is the speed at which it can be deployed,” he says. As organizations are thinking about building out next-generation SD-WAN deployments, they need to consider how a 5G cellular router can help future-proof their investments, he says.

Related:

Copyright © 2022 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022