SD-WAN Primer Part 1: The Why
Tom Fenton begins a three-part primer on the technology that is revolutionizing enterprise networking, explaining the last-gen way and the new way, marked by benefits such as lower costs and better flexibility and manageability.
Software-defined wide area networking (SD-WAN) is a very hot topic right now, and rightfully so; the global market for SD-WAN grew by 70 percent in 2019, and is expected to grow at a cumulative annual growth rate (CAGR) of 45.5 percent in the next five years, taking it from a market size of $2.3 billion in 2019 to over $22 billion by 2024.
These numbers not only demonstrate company and corporate interest in SD-WAN, but they also show an interesting growth path for the IT individuals that will be implementing and supporting this technology. Over a series of articles, I will be explaining what SD-WAN is, including its architecture and how it works, as well as why people are interested in moving toward this technology. As this series is intended to provide a general overview of SD-WAN, I will be taking a lot of liberties (i.e., using generalizations and simplifications) in my descriptions and explanations.
When describing SD-WAN, I will be using a lot of information from the Metro Ethernet Forum (MEF), a consortium of over 90 companies, including Citrix, Fortinet, Infovista, Nokia/Nuage, Riverbed, Silver Peak, Versaware, VMware, and many others who have taken a leadership role in SD-WAN technology. Members of MEF have produced a document titled The SD-WAN Service Attributes and Services (MEF-70) which "describes requirements for an application-aware, over-the-top WAN connectivity service that uses policies to determine how application flows are directed over multiple underlay networks irrespective of the underlay technologies or service providers who deliver the service."
Because SD-WAN was released as a standard by MEF almost exactly a year ago, the approach used by providers still varies, with often dramatic differences in their features and results. This MEF standard, however, is expected to "enable a wide range of ecosystem stakeholders to use the same terminology when buying, selling, assessing, deploying, and delivering SD-WAN services." Indeed, a common SD-WAN language would enable buyers, sellers, and users to more effectively communicate requirements and intent while open standard APIs would facilitate and accelerate SD-WAN implementations. In general, this new standard for SD-WAN should result in an increase in its market adoption, offerings, and overall sales.
Before digging further into SD-WAN, I would like to first go back and go over how and why network communications were handled the way they were in the past.
Until recently, the main way corporate network traffic was handled was through branch offices contacting a corporate data center or main office over leased lines, usually with Multiprotocol Label Switching (MPLS). This method accounted for around 80 percent of corporate network traffic. The WAN routers were hardware-based, proprietary, expensive, and relatively inflexible. If internet access was required, it was still routed through these lines.
Corporations used this model because it allowed for strict control over the routers, and provided security and reliable quality of service. In the case of multinational corporations, however, national regulations restricted what each country could provide for local service, and complex arrangements were necessary to establish truly global networks.
This brought to light the limitations of WAN: namely, centralized management of the WAN routers was, and still is, difficult. In many cases, the routers need to be physically accessed via a port in the rear of the device, and they use proprietary command languages.
While they have gotten better, there is still a lot of legacy equipment out there currently being used. Because most WAN routers separate traffic at the TCP layer, they don't have deep introspection that allows separating business critical traffic from less urgent traffic, and many applications and processes require jitter-free network connectivity. For example, jitter in a Voice over Internet Protocol (VoIP) application is maddening.
Cost is another huge factor that is causing people to look for ways to get away from traditional WAN topologies and methodologies. In traditional WAN deployments, each segment requires dedicated physical hardware, which is often costly; even minor expansions, upgrades, or reconfigurations can be very expensive.
Indeed, the difference in cost between MPLS and broadband is huge. Cisco, which has an enormous stake in MPLS as well as SD-WAN, released a public case study that claims a company can now save around 70 percent in networking costs by replacing MPLS with SD-WAN. Interestingly, mid-market enterprise customers who run MPLS are being drawn to SD-WAN as they do not have the pricing power with MPLS carriers that larger enterprises tend to have.
Due to advances in computer hardware and software, it is now possible to recreate in software the features of traditional WAN hardware appliances. These software-based appliances are able to analyze traffic and make informed decisions in real time. It is also now possible to create large-scale overlay networks using broadband and commodity x86 hardware, or virtual machines (VMs), that can replicate all the functionality of legacy WANs—at a fraction of the cost.
SD-WANs can create full-fledged private networks, with the added ability to dynamically share network bandwidth across connection points. They can also implement central controllers, zero-touch provisioning, integrated analytics, and on-demand circuit provisioning, allowing for centralized policy-based security and management. Along with the benefits that these features bring, SD-WANs can also increase bandwidth at a lower cost since routed network traffic can be provisioned to the proper transport medium, whether it be MPLS, broadband, or something else. This provisioning allows for optimal speeds and the capability to throttle low-priority applications.
As SD-WAN is software-based and designed for different transport mediums, it allows for centralized management across branch networks through a central management console, removing the need for physical access to a WAN router and manual configuration by on-site IT staff. It also provides more visibility into the network, and gives IT staff and middle management a universal network view. This also creates more options for transport medium type and transport vendor selection, since the network uses both private and public transport mediums to route its traffic.
MPLS operates similarly to switches and routers, sitting between layers 2 and 3, and uses packet-forwarding technology and labels to make data forwarding decisions. But SD-WAN has deeper introspection and routes traffic based on layer 7 (application), which ensures a consistent user experience on a network. Furthermore, SD-WAN technology can monitor and reroute traffic as needed to meet service level agreements (SLAs).
Many vendors are involved with SD-WAN; Cisco, Citrix, Velocloud (VMware), Silver Peak (HPE), Arayka, Nokia/Nuage, Riverbed have a huge swath of the market, but a lot of smaller players with interesting IP and features are also in the market, including providers like Aryaka, Bigleaf, Cato Networks, Fatpipe, Juniper, Open Systems, Oracle SD-WAN, and Palo Alto Networks.
To dive deeper into some of SD-WAN's benefits, I will group them more specifically into three categories: flexibility, manageability, and cost:
Flexibility: SD-WAN can select between available transports, using the most appropriate transport for a given application at a given time, with the added capability to reroute applications to different transports during a spike in usage. It can also set policies to use more expensive transports if needed, or, alternatively, to use less expensive transports if they can still meet SLAs. A key point is that the SD-WAN—not the transport carrier—controls the allocation of bandwidth. Moreover, as SD-WAN components are software-based, they can be deployed instantly and use a variety of transports.
- Manageability: SD-WAN's central management console allows for instant global changes if needed, for instance in the case of a new security threat or for cost containment. SD-WAN also boosts network connectivity by using multiple transport/network carriers; if one goes down another can be used, and this failover can happen in seconds, not minutes or days. Lastly, SD-WAN can help improve security by allowing policies to be implemented quickly, and all traffic or classes of traffic to be encrypted.
Cost: SD-WAN technology helps to reduce the overall cost for WAN connectivity in a few ways: by removing or replacing expensive leased lines (MPLS), by allowing for central management and reducing the need for IT staff, and by providing commodity hardware deployment capability.
While these benefits may make SD-WAN seem like an obvious choice for WAN connectivity, there are potential cons that I do need to mention. The biggest drawback to using broadband service compared to MPLS is that broadband is more unpredictable and doesn't have the same SLA. MPLS has lower latency and packet loss, and better uptime than broadband. Furthermore, MPLS simply does not have the over-subscription that broadband has and can provide more predictable service than any other transport. That said, many companies are finding that by having a minimal MPLS presence capable of handling business-critical traffic at the SLAs that are needed, they can still use less expensive broadband and 4G/5G as needed.
Until recently, the de facto standard for WAN connectivity was MPLS with direct connections from external sources to a corporate data center or main office. With the recent explosion of internet resources and public cloud-based applications, however, the inflexibility and cost factors of MPLS have driven companies to look for alternatives to traditional network connectivity methods. Many people have found that SD-WAN has overcome many of these limitations and is a more flexible and cost-efficient option. In the next article in this series, I will look at the components and implementation of SD-WAN.
Other articles in this series:
Tom Fenton has a wealth of hands-on IT experience gained over the past 25 years in a variety of technologies, with the past 15 years focusing on virtualization and storage. He previously worked at VMware as a Senior Course Developer, Solutions Engineer, and in the Competitive Marketing group. He has also worked as a Senior Validation Engineer with The Taneja Group, where he headed the Validation Service Lab and was instrumental in starting up its vSphere Virtual Volumes practice. He's on Twitter @vDoppler.