Software-defined Wide Area Networks (SD-WAN) are virtualization of on-premise infrastructure, cloud services, and any combination of transport services (MPLS, LTE and broadband) with the aim of intelligently coordinating traffic more securely and efficiently between SD-WAN resources and users.
What main problem does SD-WAN solve?
Traditional WANs are based on router technology, and because of physical technology IT units used a hub and spoke model to connect smaller company networks within the larger company WAN. This meant that branch traffic would route back to a central data center where security was then applied before going to its destination or to the public internet. This type of routing of traffic back to the central datacenter is called backhauling and was less concerning before the explosion of cloud computing applications.
Now that many companies operate with growing dependency on cloud services, backhauling has become a massive traffic burden on traditional WAN architectures. As traffic demands on the WAN increase, so does congestion, which in turn diminishes the user quality of experience (QoEX). If all cloud traffic must first be backhauled, then as cloud services increase so does traffic through the central data center, even if that traffic is intended for the cloud.
By instituting an SD-WAN, companies can use the application-aware routing software to coordinate traffic across all SD-WAN resources, bypassing unnecessary routes, and securing sensitive traffic. What this means is that instead of the distributed controls of a traditional WAN across routers and network devices which then make local routing choices, the centralized software controls of SD-WANs intelligently identify application traffic, categorize it, apply appropriate security policies, and then directs traffic efficiently to its destination. If that traffic does not need to go to a centralized data center, then it is routed on the fastest path to its destination. In this fashion, SD-WANs provide tremendous traffic and security control at a granular level.
How does an SD-WAN work?
In SD-WAN architectures, software virtualizes all WAN services, whether they are local or cloud-based. In effect, software treats all these resources as a single resource pool. When resources are requested, software allocates traffic to the appropriate resources with the best possible efficiency.
This is achieved with the use of business intent overlays, a method of distinguishing which apps support which efforts. This is especially useful when prioritizing critical services, such as real-time apps, like VoIP, stock prices, and point of sales apps. It is also useful in securing traffic sources, like guest Wi-Fi.
SD-WANs typically have the following characteristics.
- Software Based vs. Hardware
- Intelligently “steers” Traffic
- Prioritizes for Business Needs
- Works on Off the Shelf Hardware, Virtual Instances, Private and/or Public Clouds
Cloud computing is an on-demand delivery model for computing resources, notably data storage and compute power, provided as a service via the internet and mobile platforms.
Cloud services are generally divided into three categories, each providing different levels of resources: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Infrastructure-as-a-Service (IaaS) provides networking, storage, servers, and virtualization services, users manage all the operating and applications on top. Platform-as-a-Service (PaaS) provides hardware and software tools for developers to manage their own data and applications over the internet. Software-as-a-Service (SaaS) provides a specialized third-party application to users over the internet.
Network virtualization is an abstraction technique meant to overcome the rigidness of networking infrastructure hardware. By allowing software to create a virtual layer on top of physical network resources, resources from both cloud and on-premise infrastructure can support a singular network view. Network managers can administer the network environment as a single software-based network.