SD-WAN – also referred to as Software Defined Wide Area Network, is an application-aware, over-the-top WAN connectivity service that uses policies to determine how application flows are directed over multiple underlay networks, irrespective of the underlay technologies or service providers who deliver them.

Networking Solutions Cat 5 network cables plugging into a SD-WAN switch

Let’s Unpack That

SD-WAN Controller – Centralizes management, and allows network admins to see the network through a single pane of glass; sets policies for the orchestrator to execute.

SD-WAN Service Orchestrator – A virtualized manager for the network, overseeing traffic and applying/pushing policies and protocols set by network admins.

SD-WAN Edge – A device in which the network endpoints reside. Can be located in a branch office, data center, or cloud platform. Actually handles the application flows and packets affected by the policies and protocols defined by the orchestrator.

SD-WAN Gateway – A virtual cloud gateway accessible over the internet that allows the SD-WAN edge at branches to communicate in the cloud. Will handle SD-WAN traffic and control and provides an extra layer of protection by insulating applications from interruptions during circuit flapping. Because the user sessions are connected to the gateway, the sessions are kept active during the interruptions as opposed to sessions connecting directly to the cloud service.

Application Flow – A sequence of application packets from a source to a destination; in this case usually office to office, office to the datacenter, or office to cloud platform.

Internet Breakout – When one or more of the underlay connectivity services is an Internet Service, certain application flows can be forwarded directly out to the Internet as opposed to sending it to another SD-WAN device.

Policies – A set of rules that are assigned to an application flow to determine how the packets are handled

Virtual Tunnels – The virtual point to point tunnels, built over the top of an underlay connectivity service such as internet or MPLS connecting various SD-WAN Edge devices to another Edge device or to an SD-WAN Gateway.

Why Choose SD-WAN?

  • Faster failover times for critical applications, ensuring virtually no downtime with redundant, diverse circuits
  • Improved application performance for both data and voice/video applications
  • Increased bandwidth at a lower cost, as the network traffic can be provisioned for optimal speeds and throttle low-priority applications
  • Reduced complexity for WAN topology
  • Centralized management across branch networks through a simple management console, which reduces the need for manual configuration and on-site IT staff
  • Consolidation of multiple hardware devices including the router, firewall, wan optimization, wireless access points, and VPN concentrators
  • Full visibility into the network, as the controller gives operators a holistic view of the network
  • More options for the connection type and vendor selection, since the network underlay is independent of the SD-WAN provider
SD-WAN router

Why Work With Us?

  • We are independent and can deliver multiple options
  • We will learn your existing business structure and goals
  • We will understand your existing topology and future state
  • We will determine the optimal SD-WAN solution
  • We will adequately research to source the optimal supplier
  • We will implement and support the solution that best fits your needs
  • After implementation we will provide ongoing support, this includes excellent customer service and escalations
  • We will operate as integrated features of your organization’s ecosystem

Is SD-WAN Right for My Organization?

Enterprises have been increasingly investing in open and flexible cloud solutions, and SD-WAN represents an effort to engineer similar benefits in their data center architecture. SD-WAN architecture is particularly beneficial to environments separated by distance — for example, between main offices and branch offices. Whereas traditional WAN can be expensive and complex, SD-WAN architecture reduces recurring network costs, offers network-wide control and visibility, and simplifies the technology with zero-touch deployment and centralized management. The key to the SD-WAN architecture is that it can communicate with all network endpoints without the need for external mechanisms or additional protocols.

This means customers have the flexibility to choose the type of underlay network that works best for their users and environment, maximizing the utilization by allowing you to use all available bandwidth across available underlay networks.

As cloud based applications continue to be adopted and consumed, leveraging a flexible SD-WAN platform allows you to maximize application performance and efficiency in a way that traditional hub-and-spoke networks cannot. Consider the following:

  • How many offices do you have and where are they located?
  • What is your current network topology?
  • What type of connectivity do you have at each location? MPLS, the internet, etc.
  • What are your mission critical applications?
  • What are you using for your voice or video applications?
  • What cloud or SaaS applications are you utilizing today? Azure, AWS, O365?
  • Do you have remote workers?
  • What kind of firewall are you utilizing today?
  • Are you using any WAN optimization devices?

Things to Consider

  • Understanding the flavors of SD-WAN and their niche focus
  • Understanding the customer’s own internal applications and constraints
  • Understanding the customer’s corporate strategy moving forward
  • Understanding the customer’s cloud strategy going forward
  • Understanding the customer’s security strategy moving forward

These are all considerations that should be discussed before deciding on an SD-WAN solution. There are so many different flavors and specific use cases for SDWAN that understanding the overall environment (the applications, digital strategy, security) is paramount to designing the right SD-WAN solution.

Frequently Asked Questions

There are no single points of failure in the SD-Wan architecture. For the distributed WAN architecture, a hybrid SDN approach offers the benefits of centralized control plane policies, but with distributed local control plane forwarding with local real-time knowledge of link conditions for reliability. All local Edge devices will continue functioning as normal even if communications with centralized orchestrators is disrupted. Onsite Edge devices support high availability configurations and any cloud gateways utilized are also redundant with sub-second failovers.

SD-WAN provides the flexibility to support hybrid WAN connectivity combining private with public Internet circuits or pure Internet only connected sites. The various Dynamic Multi-path Optimization techniques ensure all different WAN circuits are utilized to their fullest based upon pre-defined performance and capacity rules.

Traditional QOS with the DSCP and TOS markings is not possible over internet. However, if you look at the way traditional QOS rules operate, they only go into effect if you run out of bandwidth. And when you run out of bandwidth, then the QOS rules are designed to reserve bandwidth for the critical applications like voice and video to prevent loss and jitter. If you think about it, traditional QOS rules are basically designed to eliminate loss/jitter and to ensure the voice/video packets have the best chance possible to get to the end destination.

SDWAN techniques like packet replication and best path selection provide the same end results. Replicating each voice packet over 2 or 3 internet links eliminates the chance for loss or jitter affecting the call. Best path selection used in conjunction also choose the links that have the least amount of loss and jitter; not just low latency or up/down status. While they don’t utilize the same tagging concept, the techniques utilized still yield the same end result — eliminating loss and jitter and ensuring the packets has the best chance possible to getting to the destination

By default, all site-to-site enterprise traffic are sent over encrypted tunnels independent of the underlying transport — usually AES128/SHA1 ipsec tunnels. Internet-bound traffic typically isn’t as much. However, settings can typically be changed — even the encryption levels.