SD-WAN - a Brief Overview

What is SD-WAN?

Software-Defined Wide Area Networking, a.k.a. SD-WAN, is a technology that utilises software-defined networking (SDN) technologies and principles to optimise and manage wide area networks (WANs). This technology enables organisations to connect applications, data, and applications across multiple locations securely and efficiently. SD-WAN offers advantages such as; reduced costs, simplified operations, and improved application performance.

What does SD-WAN do?

SD-WAN creates a virtualised, overlay WAN, that is managed and controlled through software, rather than relying on traditional hardware-based WAN architectures.

How does SD-WAN work?

A centralised controller is used to manage and optimise traffic flows across the network, with traffic being dynamically routed based on pre-defined application policies, circuit priorities, or network conditions.

What are the key benefits?

Some of the main benefits that can be realised through the deployment of an SD-WAN architecture are discussed below:

·         Cost Reduction: SD-WAN can reduce WAN costs by leveraging various connection types (Internet, MPLS, LTE to name but a few) and optimising traffic routing.

·         Improved Application Performance: The performance and user experience of applications can be dramatically improved using a SD-WAN architecture. A few good examples are SaaS and cloud-based applications.

·         Simplified Operations: The centralised management and automation features available within SD-WAN help to simplify network operations and effectively reduce the need for manual intervention.

·         Enhanced Security: Most SD-WAN solution include built-in security features, or they can be integrated with an organisation’s existing security infrastructure to protect the WAN.

·         Increased Agility: The ability to adapt to changing business needs more quickly and efficiently is facilitated by SD-WAN’s flexibility.

Architecture:

A SD-WAN architecture will typically include; physical and/or virtual appliances, a centralised controller for management, and security features such as secure web gateways (SWGs) or embedded firewalls.

Use Cases:

SD-WAN architectures and solutions can be used for various scenarios, such as:

·         Connecting branch offices to data centres;

·         Providing connectivity for large organisations with sites located in different geographic areas or regions;

·         Ensuring end-to-end security for your organisation;

·         Facilitating cloud-first deployments;

·         Optimising on-premises data centres, IaaS, and SaaS application access; and

·         Improving the end-user experience for remote workers.

Let’s dig a bit deeper into these use cases:

Small Branch: This use case refers to smaller sites, and focuses on cost-effectiveness, simplicity, and flexibility of transport choices. Good examples include; convenience stores, petrol stations, small banks, etc.

Global WAN: Large enterprise organisations with hundreds, possibly thousands of sites located in different countries or regions would benefit from this use case. Having the ability to scale for a large, distributed network is key for organisations such as this. this use case caters for a mix of; private data centre, public IaaS and SaaS, with the potential to move more and more resources into the cloud.

Security Sensitive: This use case exists to provide comprehensive security solutions, combined with the networking solution. Organisations who are considering deploying a converged network and security infrastructure would definitely benefit from moving to this model. The security infrastructure can be delivered either from an SD-WAN appliance, or as a cloud service, or a third-party security solution could be hosted at the branch.

Cloud First: Organisations are moving more and more workloads to the cloud today, and this use cases focuses on the need for simple, high-performing WAN-to-cloud access, where a majority of business initiatives are hosted in the cloud, with little or no workloads in on-premises data centres. Benefits here are; cost reduction, improved quality, and speed of delivery. This is because cloud-based solutions can be scaled up or down as and when required.

Remote Worker: Organisations who have staff accessing their enterprise network from remote locations, such as their homes instead of connecting from a branch or head office should consider this use case. Security is facilitated by deploying a Zero Trust Network Access (ZTNA) solution, and provides secure network access based on worker identity and split-tunnelling to securely connect to cloud workloads.

What are the key components of SD-WAN?

Key components can be broadly categorised as follows; management and orchestration, control plane, data plane and network access.

Here’s a breakdown of the key components:

1.    Management and Orchestration:

SD-WAN Orchestrator: This component is the central orchestration and management point for the entire SD-WAN network. A centralised interface is used to configure, monitor, and troubleshoot the network.

SD-WAN Manager: This acts as the management plane, where policies can be configured, performance can be monitored, and the overall SD-WAN environment can be managed.

2.    Control Plane:

SD-WAN Controller: Responsible for establishing and managing the control plane, which includes propagation of routing information and enforcement of policies. Secure connection establishment and authentication are also core functions that are performed by this component.

Control Plane Connectivity: This refers to the communication channels and protocols used by the control plane to exchange information and manage the network.

3.    Data Plane:

SD-WAN Edge (Routers/Gateways): These are the physical or virtual devices located at the edge of network that are responsible for traffic forwarding based on policies that are defined by the control plane.

Data Plane Connectivity: This is referred to as the physical and logical connections used for transmitting data between different locations, including MPLS, internet links, and other transports.

4.    Network Access:

Virtual or Physical Nodes: Routers, firewalls, and other network appliances that connect to the SD-WAN fabric come under this category.

Embedded Firewall: Embedded firewalls can be deployed as part of an SD-WAN solution for enhanced security at the network edge.

Essentially, the SD-WAN orchestrator and controller manage the network, while edge devices make forwarding decisions based on the policies and instructions received from the control plane. This layered approach enables scalability, flexibility, and improved performance compared to traditional WANs.

The diagram below shows the components you can expect to see in a typical SD-WAN architecture.

You can clearly see the SD-WAN controller, the orchestrator and the edge devices. The edge devices will use the overlay tunnels for connectivity, either via MPLS, the Internet, or via 4G/5G (not shown). Policies can be configured to define which transport is used by specific applications.

 So, what makes SD-WAN so great?

I’m glad you asked that question. There is a whole raft of benefits that can be realised through the deployment of an SD-WAN solution. Let’s take a closer look at some of these benefits:

Centralised Management: The Intelligence Behind SD-WAN

The key differentiator for SD-WAN when compared to traditional WAN solutions is its centralised control functionality – this is where the power really exists. SD-WAN separates the control plane from the data-forwarding plane and is controlled by a centralised management plane. Consider the controller to be the brain of the network, as it allows administrators to set up, monitor and oversee the system from a single interface.

Using controller-based solutions enables an intimate understanding of how your network performs and gives you a deeper insight into your security posture. This centralised architecture can; ensure network dependability, speed up problem discovery and resolution, while using less time and money for network management. Centralised control can be likened to getting a bird’s eye view in a dense forest, where distinct insights are available inside a complex networking environment.

Choosing Dynamic Paths: Optimal Path Selection

Dynamic Path Selection is considered to be a key component of SD-WAN performance optimisation. Pre-established policies and current network conditions dynamically direct traffic, while continuously monitoring the health and functionality of various network channels. For example, critical applications might be routed via high-performance links, whereas less important traffic can utilise less expensive links or transports. Of course, sophisticated traffic steering is a pre-requisite for this kind of traffic routing to occur if you want to guarantee optimal application performance and a superior user experience. In today’s world, where even a millisecond of latency may result in substantial losses in revenue, particularly in industries such as finance and e-commerce, accurate dynamic path selection is super-important.

Zero Touch Provisioning (ZTP): Using SD-WAN for Deployment and Scaling Simplification

SD-WAN solutions excel when it comes to scalability and ease of deployment. The ZTP feature provides simplicity of deployment, as network devices can be remotely deployed and configured without human intervention. The benefits that can be realised here are:

·         Less likelihood of configuration errors, which frequently occur when configuring devices manually.

·         The deployment process itself is much quicker because of the automated processes involved.

·         Geographically dispersed organisation can deploy and configure global networks muck more quickly due to the rapid and effortless deployment capabilities of an SD-WAN solution.

·         SD-WAN solutions also offer superior scalability, giving the ability to rapidly add new sites, or remove unwanted sites smoothly and efficiently. Moves, adds and changes are dealt with effortlessly, as organisations react to changing site and staff requirements.

Fortified Networking: Increased Security

Encrypted, secure data transmission is guaranteed when deploying SD-WAN solutions, as traffic is encrypted end-to-end via the establishment of secure virtual overlays. In addition, it is easier to introduce extra security services seamlessly into your network. This gives you the ability to strengthen your defences against a wide variety of cyber threats, as well as converging your network and security infrastructures for a fully integrated network/security architecture.

Summary

Due to the advanced security features available, SD-WAN solutions offer a much-improved security posture, in a world where data breaches are widespread and cyberattacks are on the increase. Secure data transmission across a network is guaranteed by the encryption of all traffic across security virtual overlays. It is also easier to integrate additional security features seamlessly, giving higher levels of security and defence against ever-changing threats and malicious actors.

To summarise, SD-WAN technologies enable software-defined networking across WAN environments, which are driven by automation and simplicity. SD-WAN solutions are not just a passing phase, but more a key player in determining how networks will connect in the future. The centralised control, ease of deployment, increased security and dynamic path selection features ensure that SD-WAN will be a core component of contemporary networking, both now and in the future.

The days of traditional networks, with their archaic architectures and moat-and-castle security perimeters, are all but over, if organisations are to move with the times.