Customize SD-WAN to meet your needs

Why do we always think we can adopt a revolutionary technology by just buying it and connecting it, despite the undeniable fact that everything in the tech space is getting more complex and more sophisticated? Software-defined WAN is one such technology, and since all SD-WANs are not the same, you have to do some development to make the SD-WAN your own.

[[422904]]

Cost of SD-WAN

The way SD-WAN works is by creating a routing overlay, a kind of network above IP. SD-WAN software and appliances typically do this by adding a virtual network header to the IP packet. The size of this header depends on the specific implementation, but it can add anywhere from a half-dozen to a few dozen bytes to the packet.

As an example, a 12-byte SD-WAN will cost around 6%. IoT packets are likely to be much smaller, between 30 and 50 bytes, so the same header size will increase packet size by 24 to 40%. Since the increase in packet overhead has the effect of reducing the effective connection bandwidth, this could mean that smaller sites with limited broadband capabilities could see their speeds further reduced by the overhead.

It is important to ask potential SD-WAN vendors about this cost and how they route packets. A very small number of SD-WAN vendors do not add their routing header to each packet, but to each session between the user and the application, which adds minimal overhead. Therefore, get accurate data on whether a session or packet is routed, and what overhead is added, to make the best SD-WAN choice.

Prioritize packets

SD-WAN performance can be impacted by features that most potential users don’t even consider. Voice, video, and some IoT applications can be sensitive to latency, and if there’s a lot of traffic and packets are backed up at the source, that can make a difference. Some applications are more critical than others, and many users want to have those jump the wire and be sent ahead of other lower-priority packets. Prioritizing packets is a feature that some SD-WANs implement, but how effective it is will depend on how effectively specific applications can be identified for prioritization.

Most SD-WANs simply look at the packet type, or perhaps the TCP/UDP port number, and that assumes that all voice packets or all packets for a particular application have the same priority. In many cases, users prioritize specific workers to applications rather than all users of a particular application, so prioritization may provide less value than you think.

If you have a specific reason for choosing a higher-cost SD-WAN, or one that doesn't prioritize as you'd like, you can reduce the impact of both issues by using access links with higher bandwidth. If not, and you need to use access bandwidth efficiently, then take the time to evaluate your vendor options based on cost and prioritization issues.

This also applies to security. If an SD-WAN can identify specific employee-to-application relationships, it can not only prioritize the important ones, but also identify which of all possible employee-to-application relationships are actually allowed. This means that SD-WAN can actually create better security. Some SD-WAN implementations include this level of relationship awareness, and others may add a security layer to provide these capabilities. For example, this is what Secure Access Service Edge (SASE) technology adds.

Additional application and relationship awareness can be helpful, but it’s important to figure out what you can do with that knowledge. For example, an additional application awareness or SASE capability might improve security, but can it influence prioritization, or be used to choose a different route for SD-WAN packets to avoid congestion? It would be really nice if all of these features worked together, but that’s not always the case.

SD-WAN Offline Performance

Another often hidden issue in SD-WAN is how traffic leaves the SD-WAN overlay and enters the data center. Remember the saying "where there is policy, there is countermeasure"? What goes into the SD-WAN has to come down where these small sites are trying to connect, which is the cloud or data center. SD-WAN implementations make a big difference in the performance of these off-site locations.

Managed services or self-operated

The final question to consider is, "How am I going to manage this stuff?" If you're struggling to staff your network operations center with skilled personnel, imagine how you'll struggle to get field staff with even the most basic knowledge to help troubleshoot issues at those small sites you just connected. Management capabilities are so important to the success of an SD-WAN that they may not even be enough for some international SD-WAN applications. You may want to consider getting your SD-WAN from a service provider or managed service provider (MSP) rather than buying the hardware and software and rolling it out yourself.

You want to buy your own SD-WAN, one that fits all your requirements, even those you haven’t really thought about. Researching requirements and features ahead of time can save you from an expensive, damaging mistake.