• United States

The future of SD-WAN: Gen2 is here

Nov 21, 20175 mins

No longer does IT have to accept “good enough” solutions, but can integrate best-of-breed without needing additional hardware or, in many cases, even software.

Credit: Thinkstock

SD-WAN is the hottest topic in networking today. On the one hand, analyst reports state that this industry is in its infancy with less than 5% adoption through 2017. On the other hand, the same analysts project over 50% customer adoption in the next 36 months. Why has adoption been modest to-date, and why is 10X acceleration expected now? The answer lies in understanding the differences between the first generation of SD-WAN (Gen1) and the second generation of SD-WAN (Gen2).

In the old days, WAN routers were focused on providing connectivity using MPLS. The goal of Gen1 SD-WAN was to enable usage of broadband for connectivity. So Gen1 SD-WAN provided better VPN manageability and improved the delivery of voice traffic over broadband connections. However, like many first-generation products, Gen1 SD-WAN has serious limitations, three of which I examine below.

First, Gen1 SD-WAN does not address the biggest transition in IT – the transition from data-center based application delivery to a multi-cloud application delivery model. Modern enterprises look to deliver applications to their users from data-centers, private clouds, public clouds, and SaaS locations. This Multi-cloud approach requires application networking – L3 thru L7 – so that policies for networking can managed at the application level. Gen1 SD-WAN solutions have a serious architectural flaw in that they are based on routing packets and define/enforce policy only based on L3, L4, and link conditions. With Gen1 SD-WAN, it is very hard for networking teams to justify an architectural update to the WAN that is not aligned with multi-cloud.

Second, being painfully unaware of applications (dealing with L3, L4, and link conditions) means Gen1 SD-WAN is typically relegated to policies such as “Internet HTTP” and “Intranet HTTP.”  With no awareness of applications, sessions, or transactions, Gen1 SD-WAN is typically unable to identify applications or sub-applications, and even worse, has no understanding of how the applications themselves are performing.  They simply have no visibility into transaction performance, response time, or end user experience.  This means they limit the amount of control offered to the user (policy definition), make enforcement decisions based on only a small set of metrics (network vs application), and can’t make visible the elements that contribute to end user experience to speed time to resolution.

Third, Gen1 SD-WAN is delivered in a carrier-dependent manner. This is at odds with customers looking to gain freedom from being entirely dependent on their carrier. Customers want to look to carriers for connectivity, hold them accountable for price/performance of the connection, and freely change if the carrier does not meet their SLAs. The days of a long-term contract that binds the customer into mediocrity are gone – but Gen1 SD-WAN clings on to this declining model.

The recent acquisitions of Gen1 SD-WAN providers such as vIPtela and Velocloud by Cisco and VMware are not surprising at all. The clear majority of Cisco and VMware’s business are providing hardware or software for data-centers – anything that can slow down the transition to multi-cloud is beneficial to the stock prices of these companies. Second, the long-standing alliances between carriers and these vendors drives them toward carrier-dependent solutions, even if it goes against the trend of carrier freedom that customers are demanding. The marketing and executive sound-bites apart, this is the old guard trying to protect itself even in the face of market change. Third, the long-term prognosis for Gen1 SD-WAN to survive as standalone companies just wasn’t there given their products are mismatched to mega IT trends!

In addition, these acquisitions are marred by the fact that while Cisco and VMware are experts in their respective fields, they have serious gaps in understanding.  Cisco has not been successful as an application company and VMware has no understanding of WANs.  Cisco is looking to fill a hole in its portfolio that Meraki was supposed to address.  It is looking to support its telco and communications customers with a technology that aligns to their needs, not the end consumer of the product.

When looking at the VMware acquisition, they are attempting to solidify their foothold in the data center market with a technology that can bypass routing vendors. VMware began that journey when they announced they would no longer support the use of other vendor’s virtual switches in their flagship ESX product. This is just a natural extension of that prior move.

This is also why I am very bullish on Gen2 SD-WAN. With Gen2 SD-WAN, enabling broadband support is table-stakes. What is exciting is multi-cloud delivery enablement, giving customers carrier freedom, and enabling much more valuable policy controls, enforcement, and visibility based on actual applications. Gen2 SD-WAN architectures are based on actual application policy definitions.

IT expresses directives via application policies for performance, security, compliance – and the network is automatically built to enforce those policies. The application can reside in a data-center/private cloud/public cloud/SaaS – it just doesn’t matter anymore – and the corrections and enforcement made by the network not only consider the network conditions but also the end user experience with that application!

Gen2 SD-WAN not only natively provides deep application analytics, but also auto-corrects the network based on those insights. Even as self-driving cars become a reality, self-driving networks are here and now! Gen2 SD-WAN also provides powerful integration with best of breed cyber security vendors and supports the movement from on-prem to cloud-based security solutions to enable a consistent security perimeter.

No longer does IT have to accept “good enough” solutions, but can integrate best-of-breed without needing additional hardware or even software in many cases. And best of all – you get all this without carrier dependencies. It is no surprise that Gen2 SD-WAN vendors (such as CloudGenix) are leading the charge from 5% adoption to 50% customer adoption!


Erik Fritzler is a network and infrastructure architect for H&R Block. Erik has been a networking consultant for over 20 years. He has worked heavily in the retail and service provider markets.

Erik is a senior level technology architect with diverse experience across a wide array of networking technologies and manufacturers. He has performed as primary architect and engineer on both enterprise and service provider networks.

Erik also runs his own consultancy, EFritzler Consulting at

The opinions expressed in this blog are those of Erik Fritzler and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.