An Introduction to SD-WAN

Share with your friends


Implementing branch offices for Enterprise organizations can be a challenge regardless of whether there is one branch or hundreds of branches. One of the many challenges that enterprises face is the selection of technology used to connect headquarters with each of the individual branch offices. Traditionally, the technology selected included leased lines or Multiprotocol Label Switching (MPLS) access links. The problem is that, while both provide a guaranteed amount of service, they also come with a high price tag. In response, many organizations have chosen to implement connectivity with a cheaper commodity Internet connection by tunneling traffic into the main site with a Virtual Private Network (VPN). Although less expensive,. this type of connection isn’t without it’s own problems.  Most critically, it provides no guarantees on the type of service that will be delivered at any given time, so customers juat have to hope for the best.

To bridge the gap between these two disparate technologies, a new WAN service has been developed that couples medium to high service quality along with a relatively low price tag: Software Defined WAN (SD-WAN).

Hybrid WAN vs. SD-WAN

We’ll get into SD-WAN in just a minute, but before we do, let’s talk about something referred to as Hybrid WAN.  You might hear the terms SD-WAN and Hybrid WAN used interchangeabley, but there are some stark contrasts that must be understood.

Hybrid WAN refers to the implementation of multiple connection types from a branch to a central location.  An example of this would be the implementation of an MPLS link along with a backup leased line. In this scenario, it is typical for the leased line to sit idle as the MPLS link is used primarily; the leased line’s purpose is to be there should the MPLS link fail. Obviously, this type of implementation leaves a lot of money sitting idle most the time.

SD-WAN extends on the idea of having multiple connectivity methods by not only having multiple types of connections that can provide resiliency, but also that can use all the links simultaneously. This piece of SD-WAN is typically referred to as Virtual WAN (vWAN). The important thing to remember is that this is just a single piece of the SD-WAN pie.

SD-WAN Fundamentals

So, what defines SD-WAN software? To answer this, we first need to briefly cover what this term means in modern networking. The term describes a technology that is a subset of software defined networking (SDN). At a high level, the goal of SDN is to remove the requirement to configure each individual networking device across the network.  This is handled by splitting up the functionality of these devices.

Traditionally, each of these devices handle three different duties: management, control, and data forwarding:

  • The management plane is responsible for the management of the device and the configuration of the device.
  • The control plane is responsible for taking the configuration and managing the data forwarding decisions for the device.
  • The data forwarding plane is responsible for the forwarding of the data.

With SDN, these duties are split; the device that is deployed has its control plane functionality shifted to a centralized controller, effectively removing most of the complexity from the device and leaving it having to handle only forwarding responsibilities.

With SD-WAN, the device implemented at each branch location is responsible for connecting the branch to whichever access method is selected. The access method could be Internet connections or private links or both. This device would then be controlled by a centralized controller to determine how traffic will flow.  So, the local device handles forwarding only while the centralized controller handles management and control plane activities and just instructs the branch-based device on what to do.

For example, if a branch is connected via multiple Internet connections, the SD-WAN device could be configured to use these links simultaneously to take advantage of the qualities of both connections (vWAN). SD-WAN can expand on this to monitor each of the connections to determine the ones that are currently providing the greatest service quality and then only use those links to forward higher priority traffic.

If you choose to add an MPLS or leased line link, the traffic flowing over these connections can be controlled as well. For example, traffic going to the central office could be directed to use one of these links while traffic destined for the Internet or directly to a cloud provider could follow a more direct path.

The principle thing to remember is that the forwarding behavior for the branch’s connectivity is managed and configured from a central location that can be altered as needs change. In essence, the connections to the branch are abstracted and the flow of traffic is left to the will of the person setting the branch’s policy centrally on the controller. This opens the possibilities considerably in terms of the flow of traffic and in the types of connections that can be deployed while also providing medium to high levels of quality. On top of this, it can be implemented with little to no on-site expertise as the box just needs to be connected to the site’s deployed link and turned on.


Connections to branch offices will continue to get more complex as time goes on and as new services are offered while, at the same time, organizational budget continue to shrink. The connection possibilities that SD-WAN offers allows enterprises to have the flexibility to configure their branch connections in whichever way they require depending on the traffic and budgetary needs.

Sean Wilkins
No Comments

Post A Comment