Welcome to the Ultimate SD-WAN Guide
SD-WAN services and equipment come in all shapes and forms today. To help kick off your research, we’ve put together this the Ultimate SD-WAN guide. Below you will find answers to some of the most common questions asked here at SD-WAN Experts. You’ll also find a list of vendors with brief profiles. We’ll be updating those profiles regularly so you may want to check back on them.
But no WAN deployment is ever a matter as simple as “painting by the numbers.” There are always nuances to every installation and while we can offer general observations here, only direct engagement can accurately assess your specific requirements. Fill out the form below for a free, WAN assessment.
- What is an SD-WAN?
- What are the Benefits of SD-WANs?
- How is SD-WAN Different from Hybrid WAN?
- How does SD-WAN Compare with MPLS?
- What are the Types of SD-WANs?
- What are the Buying Criteria for an SD-WAN?
- Who are the SD-WAN Suppliers?
What is an SD-WAN?
While there’s no one definition of a software-defined wide area network (SD-WAN), broadly speaking it’s a network where there’s a separation between the underlying data service and the rest of the protocol stack.
As businesses computing has shifted to the Internet and the cloud, the traditional way of building WANs has become increasingly irrelevant. MPLS bandwidth has been too expensive, service configuration and deployment takes too long. The inability to adapt the network to the application forces companies to increase costs by over-provisioning their capacity, or constrain performance due to limited bandwidth.
SD-WANs address this problem by allowing companies to use the right transport for the right application. By understanding the applications’ business requirements and performance constraints, the SD-WAN can direct data flows to MPLS or some Internet service.
This is possible because the SD-WAN creates a virtual overlay across the underlying data services, separating the upper protocol stack from the network. Every network today has some independence from the underlying data service. It’s what allows us to run IP across Ethernet as easily as we do across MPLS.
But even when there’s logical separation from the transport service, dependencies still exist. The routing protocols we use to move traffic across IP networks cannot account for an application’s performance requirements or the business importance of a given flow. As such, the packet loss and latency rates of a connection, for example, will determine whether certain applications can run efficiently or not. The degree of security afforded by a connection impacts whether regulatory compliance concerns can be met, again enabling certain applications to be run.
SD-WANs complete this separation. The SD-WAN nodes form a virtual overlay — practically, a multipoint VPN — across the underlying data services. The nodes gather latency and loss metrics on each connection and use those metrics, along with predefined policies describing application requirements, to steer traffic flows to one or another tunnel. As such, traffic routing and path selection are not done at the IP layer, but by the SD-WAN based on user-defined policies.
- Gather and share statistics regarding their locally attached services providing a map of the performance conditions across the virtual overlay
- Provide application intelligence within those nodes to identify the application traffic flows as they enter the SD-WAN
- Manage the customer-defined policies to determine how to steer those application flows, defining the network conditions that will be used to identify the best path across the virtual overlay
- Perform traffic steering or dynamic path control to direct traffic to the best available path
What are the Benefits of SD-WANs?
By aligning application requirements to the network, SD-WANs deliver the following benefits:
- Optimum network usage — Use the most optimum network at all times. SD-WAN will select between available transports, using the “best” transport for a given application.
- Network reliability — SD-WANs connect locations with multiple data services running in active/active configurations. Sub-second network failover allows sessions to move to new transports in the event of a brownout or blackout without disrupting upper application.
- Manageability — Lower admin costs and better control provides a level of network visibility unmet with conventional networks.
- Security — Encrypted connectivity secures traffic in transit across any transport.
- Flexibility and Scalability — Scale bandwidth up or down on a moment’s notice. Redistribute bandwidth to accommodate flash conditions or new applications. The SD-WAN — not a carrier — controls the allocation of bandwidth. Therefore, businesses can ensure that critical applications receive the bandwidth they require when they need it.
- Financial performance — Today, broadband Internet performance is often comparable to MPLS. In many cases, this eliminates the need for costly MPLS networks. Internet costs can be as much as 90 percent less.
- Fast office moves or adds — Bring up a new office in minutes, not the weeks and months with MPLS. SD-WAN nodes configure themselves and can use 4G/LTE for instant deployment, while you wait for other circuit installations. SD-WANs let you do moves, adds and changes in minutes.
How is SD-WAN Different from Hybrid WAN?
A hybrid WAN describes the specific use of an SD-WAN that mixes Internet and private data services, such as MPLS. Unlike many offices today that have active MPLS connections and passive Internet connections, hybrid WANs will typically utilize both connections. They’ll run connection in active-active and rely on the SD-WAN’s intelligence to distribute the traffic appropriately between MPLS and the Internet.
How Does SD-WAN Compare with MPLS?
While technically, MPLS services and SD-WANs are complementary, practically they’re thought of as being competitive. SD-WANs enable companies to connect sites solely with the Internet. When looked at from this perspective, there are several important distinctions between the two.
Anyone who’s bought MPLS bandwidth for business and Internet DSL for their home has gone through surreal the experience of paying twice, three–times, even ten times more for the same amount bandwidth with MPLS. There’s no question that MPLS services are more expensive than your home DSL service, but just how much is of some disagreement.
Telegeography has suggested that Internet bandwidth can be as much as 90 percent lower than those of MPLS (see figure). A large part of that depends on the type of class of service (COS) being implemented by the MPLS service, whether fiber already exists or not at the location and other factors.
Practically, MPLS services are more expensive than Internet services but probably closer to thirty percent greater. The difference comes from factoring in discounts and service provider offerings often not considered in such surveys. Regardless, the difference is significant.
Although both MPLS network and Internet providers will quote comparable connections of comparable bandwidth, significant differences remain. As a managed service, MPLS ports bring lower latency and packet loss, and better uptime than Internet connections. The routing policies of an MPLS service will be designed for maximum performance. The over-subscription ratio in the access layer will be lower with MPLS service than an Internet service so there is much less contention for backbone bandwidth. All performance characteristics will be backed with service level agreements (SLAs).
Internet services are more unpredictable and do not come with SLAs and there’s no management and control. With that said, Internet backbone performance has significantly improved over the years in part driven by the shift to fiber and more undersea cables.
In fact, Internet backbone performance can often show packet loss rates comparable to that of MPLS network. What’s different is the predictability. Spikes in Internet loss are common, particularly when looking at packet flows traversing backbones or factoring in local loop performance. In those cases, packet loss rates can be much higher than with MPLS with periods of 1 percent (ten times greater than with MPLS) being common.
Latency rates will also vary and on average will be higher with an Internet VPN than with MPLS services. This is particularly true with international routes. Internet routing is aligned to the service provider’s business requirements, which may not necessarily align with customer requirements. Traffic may be dumped on another provider’s network for business reasons when the optimal path would be to remain on the backbone. The reverse is also true. There may be times that packets would be better served traversing another provider’s backbone, but peering restrictions make the improbable or impossible.
MPLS services come with SLAs governing time to deliver the service, downtime, time to repair and more. Such SLAs are often end-to-end, governing the entire network. As such, MPLS uptime is typically much higher, on the order of 99.99% per year depending on the service. When fiber and redundant connections are used those numbers are even higher.
Business-class Internet services may or may not be backed by some SLAs, depending on the provider. Complete Internet blackouts are rare within the service provider’s network because of the density of interconnections. However, access layer outages are not unusual as any customer will tell you, and the same is true with brownouts. Complete failures of an Internet connection may not happen all the time, but intermittent slowdowns are common. Routes will be available, but at significantly reduced performance as packets may need to be routed around the globe to do so, significantly increase packet loss and latency while reducing throughput.
What are the Types of SD-WANs?
We’re seeing several different SD-WAN deployment models. Major differences between categories will exist in where SD-WAN overlay resides, the infrastructure and device management.
- Edge – Edge providers offer virtual and physical appliances for deployment at the enterprise. All of the capabilities for building the virtual overlay reside in the appliance.
- OTT Services – Over-the-Top (OTT) service providers will provide SD-WANs as a service using third-party infrastructure for the last mile. They may have a backbone as well. OTT services are built from resold SD-WAN edge appliances.
- Carrier Services – With Carrier Services, SD-WAN appliances are bundled with a provider’s own last mile infrastructure.
- Cloud Services – SD-WAN cloud service shift the SD-WAN virtual overlay from the edge to the cloud. Locations VPN into the provider’s cloud. SD-WAN cloud services will have their own backbones and typically rely on third-parties for the last mile.
What Are the Buying Criteria for an SD-WAN?
What to consider when selecting an SD-WAN? In our “Ultimate WAN RFP” we identify 10 categories to consider. Here’s a snapshot of each:
- Installation — Rapid deployment is the hallmark of an SD-WAN. You’ll want your SD-WAN to support zero-touch deployment at a minimum.
- Resiliency — Look for redundancy and failover throughout the SD-WAN. SD-WAN nodes, for example, should be able to sit out-of-path and SD-WAN controllers should be redundant. Evaluate SD-WAN behavior in the event of a link failure, brownout, or brownout. With SD-WAN services, the network core should be fully redundant with customers being automatically connected to the next closest point-of-presence (PoP) in the event of an outage.
- Network Load Balancing — Every SD-WAN supports multiple connections, how they use those connections will vary. Check support for load balancing schemes offered (active/active being the most notable), tunnel bonding, and failover times between connections.
- Security — All SD-WANs should offer encrypted tunnels and most offer basic, firewalling. But a secure SD-WAN goes a step further and incorporates advanced security, such as a next-generation firewall (NGFW) and anti-malware. This is particularly important in the branch office.
- Path Selection — SD-WANs should be able to monitor the characteristics of the various paths to between two locations, selecting the optimum path for a given application. How this is done relies on a number of features including the criteria monitored by the SD-WAN (latency, packet loss, and jitter are most common) and whether the SD-WAN can select from paths or physical connections
- Traffic Management — Restricting access and shaping traffic to the WAN connection is important, particularly when bandwidth is limited. Ask about support for Quality of Service (QoS) between the customer premises and the provider edge, type of traffic shaping (interface, tunnel, VLAN etc.), and rate limiting.
- Advanced Services — Increasingly, SD-WANs are incorporating various advanced services. Security is the most notable, but there are other options, namely WAN optimization. To add missing services into the SD-WAN, such NGFW, vendors need to support service insertion. Service chaining is necessary to add sequences of services.
- Management and Visibility — Steering traffic depends on being able to accurately classify traffic. SD-WAN providers should detail how they classify applications, the parameters that can be configured for application profiles, and the kinds of dashboards and reporting around application usage and performance.
Who are the SD-WAN Suppliers?
Below is a list of SD-WAN providers with links for more information. We update this list on a constant basis. Want to suggest a vendor, product, or just leave a comment? We’d like to hear it. Fill out the form on the bottom of the page.
SD-WAN Vendors and Service Providers