SD-WAN stands for Software Defined Wide Area Networking. It’s a combination of Software Defined Networking (SDN), which was created for use in cloud data centers, and Wide Area Networking (WAN) which is the network outside of your office (e.g. the Internet, or site-to-site networks like MPLS and Metro Ethernet).
The SD-WAN Umbrella
Network engineers would love to strictly define SD-WAN, but marketing departments have turned it into an Umbrella Term, like Cloud. There are many types of cloud services, like SaaS, PaaS, Public, Private, and Hybrid Cloud; and similarly there are multiple categories of offerings that come with an SD-WAN label. This guide will help you decipher the choices and shed some light on the decision-making process.
The 3 Categories of SD-WAN
1. Cloud Managed Routers and Firewalls
How do you make 15-year old router and firewall technology look appealing? Add a cloud-based web management interface and market it as SD-WAN! That’s essentially what you’re getting with this category. You buy a network appliance to connect your ISP circuits into, and instead of logging into an interface on the actual device to configure it, you now log into the vendor’s shiny new cloud-hosted management dashboard.
- Load Balancer, Aggregator, Firewall, Bonding Appliance, Link Balancer, Failover Router, Dual-WAN
- Cloud Managed, Cloud Provisioning, Cloud Based
- Centralized Management, Single Pane of Glass, Dashboard
- Low Cost
- Familiar Vendor
- 15-year old technology at the core
- No real-time adaptation to ISP performance issues for cloud traffic
- Ineffective (upload-only, fixed rate) QoS
- Generally have access to all your private LAN data (see note on security in category below)
2. VPN Services and Devices
Most “real” SD-WAN offerings fall in to this category. They are meant as a lower cost tool to displace MPLS for site-to-site connections. At their core, these devices and services provide site-to-site VPNs, just like standard firewalls or routers.
So the question becomes: what’s the difference between these SD-WAN solutions and standard network edge devices like firewalls? Well, there’s nothing significant at first glance. They boast of cloud-based management (as noted above), plus other existing networking hardware features like application or user based security and routing policies, or WAN-optimization features like compression or TCP optimization.
But there is a major differentiator, and that is awareness of and adaptation to quality issues on the network paths between sites. Traditional firewalls and routers don’t monitor for or adapt to issues like 3% packet loss or 70ms jitter. These performance issues that affect real-time applications can now be identified and resolved through SD-WAN. Buyer beware: how this detection and adaptation works differs greatly by vendor, with varying results.
One big factor you’ll want to consider when looking at this category is that you’re now trusting your network security to your SD-WAN vendor. Since they’re providing the site-to-site VPNs, all of your private traffic is now touching their equipment, un-encrypted. That brings up some questions:
- If someone hacks their cloud-based management can they access your private data? Are you sure?
- Is their system and/or company PCI, HIPAA, or [insert your compliance need here] compliant?
- How do their security practices and implementations compare with the security offered by major brands like Palo Alto, Watchguard, Checkpoint, Cisco, and others that spend huge resources on this?
If you choose one of these devices or services, be sure you feel good about the answers to those questions.
- SD-WAN, Cloud WAN, Intelligent WAN, MPLS replacement, Hybrid MPLS, Cloud Networking, Overlay WAN
- Real-time, Adaptive, Dynamic, Variable
- Cloud-Managed, Orchestrated, Controller, Control Plane, Forwarding Plane
- Security Policy, Application Aware, Application SLA
- Usually lower cost than MPLS
- Adapts site-to-site traffic to changing network performance (but generally not public cloud applications)
- Strong QoS for site-to-site (not cloud) traffic, as long as network bandwidth is 100% stable (generally only SLA-backed fiber or T1s)
- All-in-one box for firewalling, VPNs, DHCP, NAT and other network edge needs
- Ineffective QoS for cloud traffic like VoIP, VDI/DaaS, and SaaS
- Non-seamless or no network performance adaptation for real-time public cloud traffic
- Many solutions are very expensive hardware, plus yearly maintenance/support fees
- Typically highly complex, requiring lots of configuration and fine-tuning
- Generally require ripping out your existing firewall, or disabling many of its features
- Often trusting your security to a younger company focused on fast growth
3. Internet and Cloud Optimization
Bigleaf is the leader in this category, providing optimization for access to the cloud, and for remote access to on-site resources. Public-cloud and other Internet-based applications are the most difficult to optimize connectivity for, because traditionally there is so little visibility and control to the public cloud. Unlike site-to-site VPNs, which are relatively simple to set up and monitor, connections to cloud services like VoIP and SaaS involve a lot more complexity.
To optimize Internet-based applications like Cloud, you first need visibility. Bigleaf monitors each Internet connection from your office to the core of the Internet 10 times per second, across the exact same paths that all of your data travels. This end-to-end monitoring typically covers over 98% of the path from your office to your Cloud applications.
You then need control. Bigleaf routes all of your traffic via our redundant Gateway Clusters in the core of the Internet. We collocate these in data centers called “Carrier Hotels”. These locations are the major Internet peering points in each region, ensuring you have the lowest possible latency. Because we route all your traffic through these Gateway Clusters we have 100% control of the routing and QoS prioritization of your traffic. This dedicated network architecture is core to our success in optimizing Cloud-based applications.
Of course you also need the best possible network security. There are many vendors that have spent hundreds of millions of dollars building advanced network security offerings, and you’re probably already using them. With Bigleaf, you can keep using your best-of-breed security solutions, and still get cutting-edge SD-WAN benefits for your traffic! Bigleaf drops-in between your firewall and your ISP connections, optimizing traffic while your firewall handles security and VPNs. Bigleaf creates a stable, reliable, and adaptive foundation for both cloud-based applications and site-to-site VPN traffic.
- Internet Optimization, Cloud Optimization, Cloud Acceleration
- Distributed Architecture, Split Architecture, Cloud Routing
- Seamless Failover, Same-IP Failover, No-Drop Failover
- Intelligent Load Balancing, Mid-Stream Adaptation
- Cloud-Managed, Automated, Seamless, Simple, Plug-n-Play
- Dynamic QoS, Cloud QoS, QoS over Broadband, VoIP QoS, SIP QoS
- Automatically adapts both site-to-site VPN and public-cloud traffic to changing network performance
- Strong bi-directional QoS for both site-to-site VPNs and public-cloud traffic that adapts to changing network bandwidth (great for cable and wireless)
- Compliments existing firewall/security
- Doesn’t touch private network data
- Usually lower cost than SLA-backed circuits (plus Bigleaf adds a service SLA even when circuits don’t have one)
- Easy to use with no complex configuration
- Not an all-in-one network-edge box with advanced security functions
- Typically small increase in baseline latency
- Overlay tunnels add slight throughput overhead
Which SD-WAN option is right for you?
While there can be many considerations to end up at the right vendor, the decision of which category is pretty simple. Here’s an infographic with some basic questions to help you choose:
While SD-WAN can be confusing, I hope this guide has made the options clear and oriented you in the right direction. If you have any questions please don’t hesitate to contact us, we would be glad to discuss which option might be best for your environment.