Your Resource for All Things Apps, Ops, and Infrastructure

Adopting SD-WAN in the Enterprise | Overdue Transformation for the Wide Area Network – Pt. 1

The software-defined revolution has dominated the IT industry over the past several years as enterprises relentlessly pursue increased efficiencies, lower costs, greater agility, and accelerated ROIs. We’ve seen significant transformation within the data center as software-defined solutions have displaced traditional architectures and matured to become the de facto standard for many use cases, yet most of the software-defined advances have been focused on the data center, public cloud, and delivering as-a-service consumption models.   

While this focus is understandable, a significant portion of an enterprise’s IT budget, resources, and capabilities are committed elsewhere in supporting the end user, their endpoint(s), and their connectivity back to the applications they are consuming. In these areas, specifically wide area networking, there has been little focus on bringing the benefits of software-defined, until now.  

What’s SDN?

Before we can speak to the benefits of Software Defined Networking (SDN) outside of the data center, it is important to first provide a clear definition of SDN, irrespective of the specific application. AHEAD believes that for a network solution to truly be software-defined it needs to provide two key capabilities:

  • Centralized Management – SDN solutions are built around a centralized controller. The management plane is decoupled from the data plane; meaning that if you have twenty devices that comprise your network, you are managing all twenty from a single location rather than logging into each device individually to administer a locally significant configuration. This affords a considerable reduction in administrative overhead, reduces the risk of configuration inconsistencies, and streamlines operational tasks such as monitoring and troubleshooting.
  • Support for Automation – The controller should provide a well-defined and fully featured RESTful API to allow the entire SDN platform to be programmable, and affords tight integration with automation and orchestration solutions.    

Note, we didn’t say that the function of the SDN solution must be performed in software. Some SDN solutions leverage full Network Function Virtualization (NFV) and perform all aspects of the solution in software. This removes the need for custom hardware and leverages commodity x86 compute.  There are advantages to this approach but full NFV solutions typically cannot reach the same throughput as purpose-built hardware unless a scale-out deployment is leveraged. This may not be feasible in all scenarios, however, so NFV solutions may not be a fit for certain deployments.  

Other solutions centralize the management plane and allow full automation of the platform through RESTful APIs but perform the actual network functions of switching, routing, and inspecting packets in either software running on proprietary hardware or directly in purpose-built silicon.  

In networking speak, there are broadly two types of networks outside of the data center:  

  • Local Area Network (LAN)
  • Wide Area Network (WAN)

The LAN, sometimes known as the campus or access network, connects devices within a limited geographic area, such as an office building, medical campus, school or residential home. This typically includes both wired and wireless connectivity.

Applying SDN benefits to the LAN is an obvious evolution. We expect to see rapid development and enterprise adoption in this area over the next few years, driven primarily by the operational benefit of centralizing the management of, what can be, a very large number of devices, as well as the goal of enforcing security policies as close to the end user as possible.       

WAN Benefits

The focus of this blog series, however, is the WAN: networks that are traditionally built with leased telecom circuits that are interconnected to provide communications between localized, yet geographically separated networks. 

WAN is highly scalable and can interconnect a small number of sites within a single state, or provide connectivity to thousands of sites across the globe.   The job of the WAN is to, ultimately,  route the right traffic to the right place and to do that securely and reliably.  

Historically, the WAN has been a significant expense for any business. Combine the high, recurring spend for private telecom circuits, such as MPLS, SONET, leased lines, or dark fiber, with the cost of operating a highly complex environment and maintaining the WAN can quickly become a large portion of the IT budget.  

The WAN is often the most complex piece of an enterprise network. We are increasingly leveraging more SaaS-based applications that demand more bandwidth. We leverage rich, streaming media, such as voice and video to increase employee collaboration and productivity.

In the past, these technologies have typically required expensive, private circuits to ensure an acceptable, predictable, and consistent experience. We expect an optimal user experience which means we have to have optimal path selection under the hood. End users have little to no tolerance for outages, pushing the networking team to build infrastructures that have high resiliency and fast convergence times when there is a failure.  

WAN engineers must eat, sleep, and breathe complex routing protocols, quality of service, access control lists, route maps, traffic classification and route redistribution. Even for highly experienced engineers, managing this complexity is not a trivial undertaking. While this has worked in the past, this model of operation is not sustainable given the rapid changes taking place in enterprise IT today.  

When we apply SDN principles to the WAN, we introduce what has become known as SD-WAN. In addition to the underlying benefits of consistent, centralized control, and full automation support that we have already mentioned, SD-WAN brings several other advantages to the enterprise, filling gaps that legacy WAN technologies could not address:

Transport Flexibility & Independence 

SD-WAN affords true transport independence. All SD-WAN solutions abstract the data plane and rebuild it across all available circuits, using overlay tunnels such as IPSEC or GRE. Since the WAN data plane is now virtualized (or encapsulated),  it can reside on top of any supported underlay circuit using many different transport protocols. For example, an SD-WAN solution could leverage MPLS, 4G LTE, MetroEthernet, Serial, or Public Internet circuits. Enterprises that deploy SD-WAN have the flexibility to leverage multiple transport types and can look to include lower-cost, higher-bandwidth Internet circuits as part of their overall WAN topology to reduce or potentially eliminate the need or dependence on expensive private lines. 

Multi-Link Utilization 

Having rebuilt the data plane to be able to use all available circuits at a given site, the question now becomes, “Which circuit should I use?” Traditional approaches to WAN have not had a good answer for this question. While there are many different techniques that can be brought into play, such as Policy Based Routing or Equal Cost Multipathing, the short answer is that traditional approaches would typically only pick a single path for a given destination. All other paths would become failover routes in case the primary path becomes unavailable.

 SD-WAN allows us to get far more granular. While the exact decision engine for path selection varies from solution to solution, some SD-WAN offerings get as granular as choosing a path for each individual application user session and allowing different sessions to traverse different links concurrently.  No longer are businesses needing to pay for circuits as insurance policies that sit idle until needed. SD-WAN allows us to use all available circuits and benefit from the aggregate bandwidth.

Integrated Security

Network services and security services, particularly in the branch office, have typically comprised multiple solutions, each with their own respective appliances. SD-WAN is collapsing many of these functions into an integrated solution with a significantly smaller footprint and reducing the WAN TCO. Where services cannot be provided locally by an SD-WAN appliance, flow steering and cloud-based services can be leveraged to deliver Layer 7 services, such as content and malware filtering for every branch connected device.

Additionally, for SD-WAN solutions that provide application awareness, security policies can be defined by application rather than by subnet or IP address, further extending application-centric policies out of the data center and enforcing them closer to the user.

Distributed Internet Access

Traditional approaches to WAN design typically backhaul all Internet-bound traffic to centralized locations (usually the data center) where all egress traffic is filtered, monitored and logged before reaching the public Internet. However, traffic patterns have changed with the adoption of SaaS and Public Cloud services and this design is far from optimal. SD-WAN solutions allow organizations to offload trusted Internet traffic locally at the branch. This reduces the need for fat Internet circuits in the data center to handle the aggregate load of the organization, minimizing latency and round trip time (RTT) to SaaS applications and improving the user experience.  

SD-WAN is challenging the traditional approach to building and operationalizing the Wide Area Network. We can now have multi-link utilization, application based prioritization and quality of service, and at the same time bring impactful operational efficiencies and opportunities for cost reduction.  

Has SD-WAN removed the complexity around the technical challenges of building and maintaining the WAN?

Some, but not completely! There is still technical complexity but the centralized controller has streamlined deployments, changed configuring to provisioning, and slashed operational challenges.

In the next few posts in this series, I’ll look at several of the offerings currently available in the market and explain how each solution brings value to the business as part of our Cloud Delivery Framework.

If you’re interested in learning more about AHEAD’s SD-WAN capabilities or other network services we offer, feel free to email me at or register now to attend our free technology summit, Looking AHEAD 2017, where you can learn more about SD-WAN, and connect with AHEAD networking specialists and other industry experts. 

Subscribe to the AHEAD i/o Newsletter