The enterprise WAN has transitioned from dedicated TDM circuits with Frame Relay and ATM, to Packet-over-SONET and MPLS, and now to Ethernet-access services. However, two things have remained constant, WAN bandwidth is still expensive and provisioning WAN services can take a long time.
In addition, WANs have challenges with backup link utilization, security of remote sites, traffic engineering, Quality of Service (QoS), touchless provisioning, and traffic visibility. These issues and many business drivers are causing companies to re-evaluate their WAN design and deployment and look for opportunities for improvement.
Software-Defined WANs (SD-WAN) offer many advantages that make them compelling.
What is SD-WAN?
Software-Defined has becoming an overused term, but it basically means software that helps automate manual tasks. Unfortunately, network devices are often manually configured one at a time using SSH (and hopefully not Telnet). We tend to think of Software-Defined Networking (SDN) as focused on building a data-center fabric and providing micro-segmentation.
The SDN concepts of a centralized controller with global network visibility can be applied to an SD-WAN. Network administrators use a controller architecture to create policy and allow the system to take action without explicit manual change control. The controller platform performs policy-based forwarding based on complete information about the current WAN conditions and the company’s application preferences. Global changes can be made immediately and simultaneously without manually logging into each router.
Here are five benefits of SD-WANs:
1. Transport independence
Imagine having the ultimate hybrid vehicle that can run on gasoline, diesel, electricity, CNG, hydrogen, and discarded French fry oil. SD-WANs have a similar characteristic called transport independence. This means that the WAN can be comprised of any combination of 3G/4G LTE, MPLS, Internet, Ethernet, Serial, or WiFi service. Having a WAN that can use any type of service allows for quicker installation and more bandwidth options.
The reliability and performance of business-class Internet services has increased over the past decade and Internet bandwidth costs are low compared to dedicated long-haul private WAN link that use distance-based pricing. High-bandwidth Internet service can be installed in days rather than weeks for an MPLS circuit.
In the past, organizations have assumed that their WANs were secure because there was no way to apply policy to the carrier’s links. The assumption was that the carrier was not inspecting customer traffic and they were behaving with the same integrity as a postal carrier. Organizations trust their WANs because there isn't anything they can do to secure it.
Historically, organizations would need to purchase multiple security appliances for each branch office. Older routers lacked spare CPU capabilities to perform this type of firewalling, IPS, and malware protection. Instead, enterprises simply forced all branch traffic back through the primary data center where application security defenses existed.
However, SD-WAN solutions come with many of these security capabilities implemented on-box, which further reduces the total cost of a WAN. SD-WAN systems can integrate with a cloud web content filtering service making each branch router function like a web proxy server. SD-WAN systems can offer malware defenses and botnet command-and-control intervention for every branch and remote devices.