SD-WAN is really based on the same overall principles as SDN: Centralised Control, Open Networking Standards, Resource Virtualisation and (Network) Function Virtualisation. However, where SDN aims to replace the network, SD-WAN is a much simpler, more approachable and specific application to improve how we use and manage Wide Area Networks. It’s not here to replace anything wholesale, just to layer on-top of what we’re already doing in the WAN, and hopefully to do it a bit better!
What’s in your router?
So you’d like to do some new fancy high-speed traffic management, virtual networking overlay, load-balancing goodness! Ok that will be a new router for every single location, times two if you’d like them to be redundant in case of failure, and every feature you want costs extra on-top of the box!
That’s how the story goes today when businesses look to improve their WAN capabilities.
SD-WAN changes all that. Instead it uses “NFV” short for Network Function Virtualisation to imbue a normal x86 (Intel) server with impressive networking capabilities.
Now if we want a new type of load balancer, a new encryption engine, a new routing protocol – it’s only a click away. Not only can we run these new “virtual” functions on standard computing hardware, leading edge vendors such as Alcatel and F5 networks have for the past few years been quietly developing an increasing number of networking appliances which are in-fact little more than specialised hosts for virtual machines. It’s the cloud come back into the network!
What’s even more interesting is that SD-WAN is in many times designed to work WITH the routers and firewalls you already have, not replace them.
Life on the Hybrid WAN
As we use more and more Cloud-based services, and things that fundamentally exist on the Internet, rather than inside our corporate network, what we really want is to ensure that that traffic goes directly there, via the Internet, and doesn’t clog up our WAN. But it doesn’t stop there:
You see a SD-WAN creates a virtual overlay network that actually includes and encompasses both our traditional WAN network, and the Internet. Now sure, as I’ve already said, you can do this already today, but realistically, how many IT departments have setup their own traffic-engineered fault-tolerant network that automatically routes all the traffic appropriately by application type and requirement over either an MPLS-VPN, an IP-SEC VPN or direct routed traffic? Really I’m getting tired just typing it, I sure wouldn’t want to build it!
That my friends is Software Defined WAN. I give it some networks, I tell it what I want to accomplish, and yes, the software does the rest.
It’s not DIY
The next thing most people are thinking is “great!!! Now I not only have to know how to configure my routers, firewalls and existing switching, I need to learn all about this SD-WAN thing too!”.
Don’t do it! Remember why we moved from leased lines to MPLS and managed WAN? The cost and complexity of creating a full-mesh network of leased lines was crazy. We had very powerful routers at every location, managing fail-over was a nightmare. Ultimately it was a job that was best done by a service provider. They were able to install a single (or dual-resilient) link into each office and then create for us any WAN configuration we wanted. Of course what happened was that our needs grew and grew until we needed to add standalone Internet for lower-cost additional bandwidth at each site. Then the configuration fun began!
Major global players are already offering customers SD-WAN as a service which of course is how it should be. They add the SD-WAN software to each of your sites, some with new boxes, others entirely via virtual appliances, and then work together with you to bond together all of your various network links, WAN, leased line and Internet into a single network with intelligent traffic routing based on actual application needs and available network resources.
What’s even better is that with SD-WAN, you get to control to a far greater extent how the network actually behaves. Unlike traditional managed WAN, you won’t have to wait weeks or months to bring on new sites, or days to reconfigure application priorities; because you’re not actually changing the underlying networks – you’re merely changing the software defined overlay network. Where previous attempts such as Cisco’s DM-VPN were technically capable of these feats, you would have needed a whole team of specially trained engineers to support it. With SD-WAN the intelligence is built-in.
While SDN technology is most often looked at in the datacentre, SD-WAN has truly universal appeal. When networked technology was limited, and most of our data and applications stayed local, the WAN was often seen as a luxury, or a facet only of upper management. As we all move increasingly into the cloud era we are fast reaching a point where our need for connectivity will surpass our need for local computing power. SD-WAN is surely part of the answer that will help manage our congested and underperforming networks without requiring costly bandwidth upgrades ad-infinitum.