The Ultimate Guide to SD-WAN Architecture

In recent years, software-defined wide area network (SD-WAN) has been widely adopted by enterprises. It is an economical and efficient way for branch offices to connect to data centers and other cloud applications. This article will introduce SD-WAN basics, working principles, best practices, and troubleshooting, and analyze the future development of SD-WAN architecture.

[[409657]]

Introduction to SD-WAN

For multinational enterprises or large enterprises with branches in multiple cities, the demand for fast and reliable application performance, the high cost of dedicated network circuits, and the complexity of daily tasks such as configuration, monitoring and management are all magnified in the WAN. Although methods such as WAN optimization and traffic shaping do help to a certain extent, they cannot solve all problems at the edge of the network. The cost of dedicated circuits is still high and may take several months to deploy. Additional staff may be required to manage equipment in branch offices and remote locations.

SD-WAN products and services typically feature WAN connection virtualization, centralized policy supervision, orchestration, and the ability to dynamically manage traffic. Some vendors claim to offer SD-WAN products, but in reality they only offer a small subset of the typical features of the technology, and such products are not true SD-WANs. SD-WAN provides redundancy between WAN connections, automatically failing over to another path if the primary path fails or is unavailable. SD-WAN can also use load balancing across multiple connections to improve application and network performance. SD-WAN has many advantages that can solve the problem of managing and maintaining WAN configurations.

SD-WAN vs. Traditional WAN

SD-WAN has many traditional WAN features built in, such as load balancing and disaster recovery capabilities. However, in traditional WANs, adding these features can be time-consuming and complex. SD-WAN supports real-time, automated and standardized configuration changes, greatly reducing the human errors caused by manual configuration of traditional WANs.

SD-WAN architecture relies on a virtualized overlay, which makes it easier to transfer and replicate policies between distributed edge devices. For example, as an organization grows, it can use an existing WAN connection in one location to connect to the SD-WAN device and remotely manage site policies through a centralized controller. This agility provided by virtualization is critical to meeting business needs.

When SD-WAN is put next to a VPN, the differences are clear. For example, a typical VPN works well for an enterprise with a single IP backbone, but this architecture breaks down when voice and video are introduced or when network congestion occurs. SD-WAN's granular support gives it an advantage in terms of quality of service (QoS) over basic Internet VPNs. Likewise, VPNs cannot always provide the optimization and advanced security required for cloud-based services over Internet connections. SD-WAN is also able to automatically detect network conditions and provide network visibility.

SD-WAN and MPLS

MPLS has been a trusted, go-to connectivity option for organizations for decades, but it is also expensive and somewhat inflexible. SD-WAN architecture enables organizations to continue using MPLS while gaining efficiencies and saving costs by adding alternative, lower-cost links such as broadband or wireless. MPLS still has the advantage of being a dedicated connection that provides end-to-end QoS. MPLS providers can offer relatively more comprehensive SLAs.

SD-WAN Challenges

While the benefits of SD-WAN are numerous, its drawbacks must also be considered. For example, while SD-WAN should reduce connectivity costs in the long run, the cost savings in the short term are often minimal.

Adding a layer to the WAN can introduce new vulnerabilities that must be closely monitored and managed. SD-WANs may present a situation where connections are obtained from multiple vendors, which can increase the difficulty of management. Organizations cannot ignore the expertise required to deploy and manage SD-WAN technology. While vendors try to simplify most of the processes surrounding SD-WAN, enterprises themselves still need to carefully consider the requirements of each feature they want to roll out, as well as the overall security plan.

According to IDC, the SD-WAN market is growing rapidly and is expected to reach $5.25 billion by 2023. Still, it can be difficult to discern exactly what is included in each vendor or service provider's offering. The first thing an enterprise needs to do is determine which product or service is best suited for its network and business needs.

Deploy SD-WAN

Once an organization has identified a vendor and is ready to introduce SD-WAN into its network, it will need to examine its existing network and determine if its hardware can support SD-WAN or if it will need to upgrade or purchase new equipment. Some businesses may need to purchase hardware-based appliances or virtual server software.

Preparation can involve getting into the details, like which routing protocols work best in which locations. Not all protocols work everywhere, so companies must consider their choices carefully.

Before deploying an SD-WAN, users should conduct proof-of-concept testing to measure important metrics—such as failover speed from a failed link to an operational path, isolation of traffic types on different links, and how throughput can be improved by using multiple parallel links.

Beyond that, it’s equally important to have a solid troubleshooting and monitoring strategy in place. Network teams need to consider event handling, active path testing, physical status, and topology, all of which are essential for troubleshooting.

SD-WAN Security

While security is not a primary reason for adopting SD-WAN, vendors and providers have addressed security concerns by integrating protection into their products and services through support for IP security standards and partnering with top security vendors.

One of the fundamental capabilities that organizations want to see in an SD-WAN product or service is the ability to securely integrate new devices into the SD-WAN to prevent malicious devices from accessing their WAN traffic. Other capabilities include data plane encryption and control plane encryption.

Organizations should fully understand the details of the SD-WAN vendor or provider's security policy and ensure it meets business needs. For example, evaluate whether the SD-WAN software logs invalid connection attempts or alerts administrators to unauthorized access or malware. This type of log can detect and prevent DoS attacks.

The Future of SD-WAN

SD-WAN is a technology that pairs perfectly with 5G and the Internet of Things (IoT). Enterprise 5G services and devices are not yet widely available, but the potential of 5G cannot be underestimated. Compared with 4G, 5G has lower latency and will create faster and better connections. SD-WAN is expected to intelligently simplify communications from IoT edge devices to centralized data centers, especially when matched with 5G's low latency.

The future of SD-WAN is set to flourish as new technologies such as SASE emerge. The first task for enterprises is to weigh whether SD-WAN makes sense in their corporate environment.