An approach to network connectivity that can lower operational costs and improve resource usage for multi-site deployments
What is a software-defined wide area network?
A software-defined wide-area network (SD-WAN) is a type of computer network that abstracts the various connectivity options — such as multiprotocol label switching (MPLS), mobile and broadband — to provide a virtualized enterprise wide-area network (WAN).
An SD-WAN differs from a traditional WAN in how it is deployed and managed. SD-WAN technology is software driven, with application awareness managed from a centralized network point. An SD-WAN connects enterprise networks over large geographic areas. A traditional WAN connects users at a branch to applications hosted on servers in the data center.
With the advent of cloud migration, businesses began to use SaaS/IaaS (software as a service/infrastructure as a service) applications in multiple clouds. WANs were having difficulty handling the increased traffic resulting in a poor user experience — along with other serious issues, such as increased management complexity, data vulnerability and application performance unpredictability.
SD-WANs allowed network administrators to use bandwidth more efficiently while safeguarding security and data privacy. SD-WANs are able do this because of the nature of their software-defined architecture, where the control/management plane is separated from the data forwarding layer. The network is managed by software that interacts with the switching fabric through application program interfaces (API) and standard protocols — known as a software-defined network (SDN) controller. Separating the control plane from the underlying switch fabric provides more flexibility. For example, with SD-WANs, companies are no longer dependent on hardware from a single vendor.
Another advantage of SD-WANs is that they work well in a multi-cloud environment because they improve connectivity and increase security. They can more easily scale across numerous locations and their centralized function helps to uncomplicate multi-cloud management. Many SD-WAN applications have the ability to encrypt data across the connectivity points — giving businesses firewalls and application-based security.
Evolution of software-defined wide area networks
SD-WANSs are an amalgam of technologies (some old, some new) brought together to achieve greater flexibility, efficiency and ability to scale for computer networks. Software-defined networks (the “SD” of SD-WANs) began in 2008 as a research collaboration between Stanford University and the University of California at Berkeley that led to the development of the OpenFlow protocol. OpenFlow manages and directs traffic among routers and switches from various vendors. The programming of routers and switches is divided from underlying hardware.
While redundant telecommunication links connecting remote sites started in the 1970s, central management of those links with application delivery across the WAN evolved in the mid-2000s. SD-WAN puts these links and central management together — along with dynamically sharing network bandwidth across the connection points. By 2014, industry publications were calling this new networking trend “SD-WAN.”
Today’s SD-WANs may feature zero-touch provisioning, central controllers, on-demand circuit provisioning, integrated analytics and even some cloud-based network intelligence. These newer developments allow for better centralized management and security.
Future challenges for SD-WANs include whether enterprises and network service providers can properly strengthen resiliency measures and ensure actual enterprise-grade WAN. New innovations will likely center around analytics-driven network management, predictive fault management and intent-based self-driving networks based on AI. Fundamentally, these innovations are related to ease of management and troubleshooting — two of the biggest challenges for IT departments with large WANs to manage.
Why are software-defined wide area networks important?
SD-WANs are important because they contribute to solving practical problems for today’s enterprise IT teams. Most SD-WAN solutions have taken a software-centric approach, running either in centralized location with a thin CPE (customer premises equipment) at the edge, or on a uCPE (universal CPE) at the customer location. The centralized nature of SD-WAN also provides a single display across the solution, deployment and maintenance lifecycle — encompassing provisioning, configuration, management, visibility, troubleshooting and optimization.
Other benefits of software-defined wide area networks include:
Simplified management. SD-WANs are based on a centralized, cloud-delivered WAN architecture, making it easy to scale across thousands of endpoints. It allows you to streamline branch infrastructure by inserting network services — in the cloud, branch edge or in data centers. With SD-WAN, IT can globally automate zero-touch deployment with one management interface. Because of the centralized controller, IT staff no longer has to do on-site visits to branch offices for configuration changes. And because SD-WAN provides services like WAN optimization, a business may need fewer network appliances at each location.
Reduced costs. SD-WAN enables branch offices with ordinary broadband as enterprise-grade WAN. You’re able to offload expensive MPLS services with more economical and flexible broadband. You can reduce hardware delivery costs because you can choose many different deployment options: virtual-machine on a commercial-off-the-shelf (COTS) device, virtual machine on an existing x86-based router or a purpose-built VMware SD-WAN by VeloCloud Edge device.
Improved user experience. SD-WANs can deliver an optimal cloud application performance from multiple clouds to users in any location. If there’s a link failure or degradation, application-aware routing can dynamically route traffic between dedicated circuits and secure Internet connections — with no loss to crucial applications.
Greater security. Because SD-WAN architecture has distributed security at the branch level, data doesn’t have to return to a data center for additional security protection — such as a firewall, domain name system (DNS) enforcement or intrusion prevention. Additionally, virtual private networks (VPN) can be used for security.
Increase branch agility. SD-WANs enable multiple links, devices and services to coexist and interoperate with existing solutions — making the branch more agile. They can also reduce deployment and configuration times for increased agility. In fact, network agility was the most important reason companies are adopting SD-WANs, according to a recent industry survey. ⁽²⁾
2. The Future of SD-WANs – Peril or Promise? Cato Networks. April 2017. https://go.catonetworks.com/rs/245-RJK-441/images/Cato-Networks-The-Future-of-SD-WAN.pdf?aliId=29962183
Using software for software-defined wide area networks
Despite its many benefits, SD-WAN control and management across multiple locations is still a challenge. Many organizations look to third-party vendors to provide SD-WAN management. One example is IBM Multi-Network Services. IBM Multi-Network Services makes SD-WAN management simple and intuitive. IBM provides a dashboard that gives an organization a single, consistent view of the WAN infrastructure — making it easier to manage the entire network.
The Global Network Peering Platform (GNPP) is the backbone of IBM’s hybrid and SD-WAN solution. It enables the seamless movement of data and applications across a hybrid-cloud environment. GNPP combines MPLS and ISP technologies, peering the MPLS networks of different providers to enable a seamless operation.
IBM controls the carrier customer edge routers — including full control of traffic flow and bandwidth allocation per class-of-service — which can be adjusted depending on business criticality. A NetFlow export shows what applications are using the network, allowing sophisticated capacity planning that empowers more effective resource budgeting. Companies using this management service have realized better performance, visibility and global agility — all at a lower cost. Another benefit of these IBM services is improved network security with Zero Trust Security from IBM Security Services.
Key features of effective software-defined wide area networks
According to the research report, Real-World SD-WAN Deployment, when an enterprise is evaluating SD-WAN solutions, the following are key features to specify:
Central management and cloud-based controls. SD-WAN solutions provide a single view that allows IT teams to set up WAN configurations across multiple locations and virtual circuits. The SD-WAN controller also captures performance metrics and error conditions that can be summarized in reports, used to trigger alerts and forwarded to other IT functions like trouble-ticketing systems.
End-to-end encryption. Most SD-WAN solutions provide security using IPSec (or other encrypted) tunnels that automatically protect private virtual WANs traversing public, shared networks. In addition, encryption on private MPLS networks is sometimes viewed as necessary in regulated industries.
Multi-path and multi-link support with dynamic path selection. SD-WANs should be able to bond multiple physical circuits into a single logical channel to increase aggregate capacity and reliability. They should also dynamically monitor path performance and adjust traffic flows between available physical circuits to load-balance and reduce congestion and oversubscription.
Path conditioning and WAN optimization. Some enterprises might find WAN optimization features necessary, including: data compression and deduplication, traffic shaping to control contention and latency, client-side caching and TCP protocol optimization. They can also include the ability to handle LAN protocols and reduce chattiness over higher-latency WAN circuits.
Security and firewalling services. Most SD-WAN platforms will provide some level of firewall and security capabilities, ranging from simple TCP/UDP-port-based blocking to sophisticated malware detection and prevention.
Quality of service traffic prioritization, with forward error correction. Application categorization with traffic management to provide bandwidth guarantees for different classes of service can improve performance in certain latency- and loss-sensitive applications. These applications include real-time communications such as VoIP, video conferencing and screen sharing.
Policy-based controls and service chaining. SD-WAN platforms will usually provide intelligent policy-based routing of traffic and the ability to insert virtual network services (VNFs) like firewalls, content filters, proxies and other L7 network functions into the traffic flow dynamically without disrupting the underlying network.
Local breakout for cloud services. Many SD-WAN solutions will allow for local inspection and direct routing of traffic destined for trusted cloud services like SalesForce — removing the need to backhaul all traffic to a centralized location for inspection. This saves on bandwidth utilization and maximizes the use of cheaper local direct Internet access without compromising security.
Case studies for software-defined wide area networks
Blogs about software-defined wide area networks
More resources for software-defined wide area networks
SDN for Data Center
Design, deploy and manage your data center networks, built on software-based programmability, network virtualization, and network functions virtualization (NFV).
Managed Hybrid Networks: Evolving IT Networking in the Digital Age
See why enterprises need to revisit their existing LAN/WAN infrastructure due to the increased complexity being experienced by digital transformation.
IBM Network Services – Strong Need, High Value
See what is driving the need for greater network bandwidth, agility, reliability, scalability and compliance.
Secure SD-WAN service offering from IBM Security
Learn why Zero Trust Security is the guiding principle made possible by next generation architectures and technologies.