Published: 14 June 2024
A software-defined wide area network (SD-WAN) is a virtualized WAN architecture that abstracts and centralizes the management of smaller and otherwise disconnected WAN networks
SD-WAN allows an organization to share data and applications across branch offices, remote workers and authorized devices (also referred to as “nodes”) that span vast geographical distances and multiple telecommunications infrastructures.
Think of an SD-WAN architecture as a software-defined WAN layer that rests on top of one or more physical WAN networks. Because an SD-WAN architecture is software-based, IT staff can use it to set governance polices—such as those that determine how network resources should be prioritized—adjust and enforce user permissions, and monitor for security threats across the WAN networks that sit beneath it. Edge devices within a WAN network can also be controlled remotely from the SD-WAN solution in the architecture layer.
A strong SD-WAN monitoring strategy is critical to business success in order to monitor and manage performance effectively in a mixed network environment.
Learn why network operations teams must modernize their network performance management tools to support digital transformation.
Top 5 challenges of managing SD-WAN and wifi in the modern branch office
A traditional WAN is a network of physical routers that transmit data to and from devices within multiple local area networks (LANs) such as ethernet or Wi-Fi networks. A WAN can use one of several protocols to transmit data, such as multiprotocol label switching (MPLS). An MPLS is a protocol that routes WAN traffic using the shortest physical path.
While a single LAN is relegated to a physical location such as an office building, a WAN can include multiple LANs that are in the same office as well as different buildings miles apart.
However, WANs are restricted to their region’s telecommunications circuit and the service-level agreement (SLA) of an internet provider’s transport service. For example, a WAN that carries information across cable or broadband internet provided by that region’s internet provider cannot extend beyond that physical infrastructure. So, the WAN network can encompass all 20 LANs from both offices only because they share the same transport service. If the organization owns a third office building that resides in a region with a different transport service, a separate WAN is needed to manage any LAN connections there. Additionally, the offices within the WAN are limited to the bandwidth their internet access guarantees. This is where an SD-WAN offers several benefits over a traditional WAN.
By serving as the software layer that lives on top of a series of router-based WANs, an SD-WAN extends beyond the physical limitations that those WANs face. It allows all network traffic spanning various regions, infrastructure types, and transport services providers to be monitored, controlled, and optimized from a single application accessible to any authorized user from anywhere. Conversely, without an SD-WAN above a series of WAN networks, the control and configuration of each individual WAN is restricted to the hardware level.
A secure access service edge (SASE) architecture is an alternative to SD-WAN. Both architecture types serve as forms of WAN optimization and fall under the broader category of software-defined networking (SDN). However, much like how an SD-WAN centralizes the management of a series of WANs in an abstracted software layer, a SASE architecture abstracts a network’s management and security services into a cloud-based deployment that resides closer to or on the edge of a network.
While SD-WAN architecture places emphasis on the connectivity between locations, a SASE deployment is concerned with network endpoints and the devices that use the network.
An SD-WAN architecture establishes a software-based controller that consolidates and centralizes the unique configuration settings of each underlying WAN network, enabling data provisioning, network security protocols, and policy settings to be orchestrated to multiple WAN endpoints and edge devices at the same time.
This centralized software layer is formed by establishing encrypted tunnels (also known as “the overlay”) between it and the WAN networks it manages via an SD-WAN device. Each WAN location is equipped with an SD-WAN device that serves as a communication hub between that physical WAN network and the SD-WAN software layer. This device receives and enforces customed-defined configuration and traffic policies from the centralized SD-WAN layer above it. These physical SD-WAN devices can be managed remotely and are what enable the SD-WAN layer to operate beyond a WAN’s physical boundary.
An SD-WAN is not a virtual private network (VPN). SD-WAN architecture serves as a central gateway for all devices on the underlying series of one or more WAN networks. In contrast, a VPN establishes a private point-to-point connection across a public network such as the internet. In a VPN internet connection, network traffic is routed through an encrypted tunnel managed by the VPN provider’s private server network.
Because an SD-WAN combines the underlying network services of multiple WANs together, it can utilize any of those services to achieve the performance optimization of each application. These services include the physical infrastructure such as transport service, bandwidth capacity, and security features such as firewall settings. Optimized settings for each application are determined by application performance monitoring and configured through policy settings.
Due to the SD-WAN existing as a virtualized layer, it provides several advantages over a traditional WAN, including:
An SD-WAN can overcome a circuit issue from one of its underlying WANs by redirecting traffic. Alternatively, IT staff can also automate the SD-WAN to perform one of the following quality of service (QoS) techniques to mitigate packet loss and jitter:
Yes, three common SD-WAN architectures include:
An internet-based SD-WAN is also known as a “Do it Yourself” SD-WAN, and it occurs when an organization deploys an SD-WAN using in-house resources. The company’s IT staff is responsible for the installation of necessary SD-WAN devices, the deployment of the SD-WAN software, and the ongoing maintenance and management of the SD-WAN.
A telco or MSP service SD-WAN is one in which an organization pays a service provider to install and deliver SD-WAN connectivity across its WAN locations. The provider supplies equipment and labor, as well as ensures the necessary network and transport services are available.
Managed SD-WAN as a service allows an organization to access a provider’s existing SD-WAN architecture through software orchestration. This SD-WAN resides on the provider’s private network and is often offered as a Software as a Service (SaaS) to clients.
IBM® SevOne® is a robust SD-WAN monitoring tool that complements the management features in SD-WAN controllers to provide continuous visibility into the various segments of your network. With customizable dashboards and metrics, it provides a single source of truth to help assure network performance across multivendor, enterprise, CSP and MSP networks.
Modern network infrastructures built for digital transformation require solutions that can be just as dynamic, flexible, and scalable as the new environments. IBM SevOne provides application-centric, network observability to help NetOps spot, address, and prevent network performance issues in hybrid environments.
IBM Cloud Pak® for Network Automation is an intelligent cloud platform that enables the automation and orchestration of network operations so CSPs and MSPs can transform their networks, evolve to zero-touch operations, reduce OPEX and deliver services faster.
Built for the hybrid cloud and AI era, application-centric networking solutions from IBM provide high-performing connectivity to power your apps and business end-to-end. Featuring automation and zero-trust security, IBM software networking solutions remove barriers to connectivity, improve operational efficiency and service deployment and safeguard network performance across distributed environments.
IBM Hybrid Cloud Mesh offers simple, secure, and predictable application-centric connectivity.
Learn why network operations teams must modernize their NPM tools to support digital transformation.
Learn how your organization can benefit from modern NPM capabilities that are dynamic, flexible and scalable.
These steps help network operators and engineers quickly measure their network performance management capabilities against what is actually required in modern IT environments.
The SDDC extends virtualization from compute to storage and networking resources, providing a single software toolset to manage those virtualized resources.
Disaster recovery (DR) consists of IT technologies and best practices designed to prevent or minimize data loss and business disruption resulting from catastrophic events.
Both plans are risk management strategies that businesses rely on to prepare for unexpected incidents. But which is right for your organization?