Software-defined WAN (SD-WAN) technology is intended to redesign and optimize the corporate WAN. A clear understanding of how does SD-WAN work and its benefits and limitations is essential to organizations wanting to optimize with a new, more distributed network.
How SD-WAN Works
Many of the traditional networking media that businesses use have their limitations. For example, multi-protocol label switching (MPLS) circuits have significant geographic limitations and are expensive to deploy and use. In contrast, broadband Internet is relatively cheap, but its inefficient and unreliable routing can lead to poor performance.
SD-WAN is designed to improve corporate networking by taking advantage of each available transport medium’s different benefits. An SD-WAN appliance connects to all available transport media and offers a single “pipe” to applications looking to send data over the network.
When the SD-WAN appliance receives data from an application, it uses application identification to determine which application is the source of the traffic and apply application-specific policies. Based on these policies and the current states of the available transport links, SD-WAN selects the best option and sends the traffic out over it. For example, traffic to latency-sensitive applications may be assigned to MPLS links, which offer high performance but have expensive bandwidth. In contrast, low-priority traffic, like visits to social media sites, can be throttled or sent out over less expensive links if capacity is available.
Links between SD-WAN appliances are encrypted, protecting the confidentiality and integrity of the data flowing over them. Once the traffic reaches the SD-WAN appliance closest to its destination, it is routed there over the best available transport medium.
Why the Modern Enterprise Needs SD-WAN
Historically, organizations have been rather centralized geographically. With most employees and IT infrastructure located on the corporate LAN, implementing network connectivity was relatively simple.
Today, corporate networks are much more distributed as the corporate WAN supplants the corporate LAN. The growth of remote work due to the COVID-19 pandemic means that employees connect to corporate applications and resources from anywhere, and the rise of cloud computing has dispersed these resources across multiple different cloud platforms in a distributed network.
SD-WAN provides a solution to optimizing the new, expanded corporate WAN. As networks expand, trying to route all traffic through the enterprise network and then on to its destination has dramatic impacts on network latency and performance. An SD-WAN deployment enables an organization to take a more decentralized approach, optimizing routing between the SD-WAN point of presence (PoP) nearest to the source of a connection to the one closest to its destination.
SD-WAN enables an organization to intelligently optimize the network links connecting its distributed locations. This allows a company to achieve the performance that its users and applications require while keeping costs low and extracting maximum benefit from investments in pricier network infrastructure (such as MPLS circuits).
The Limitations of SD-WAN
SD-WAN provides several significant advantages to an organization looking to redesign and optimize its distributed network infrastructure. However, these benefits also come with some limitations.
One of the main limitations of SD-WAN is the fact that the capabilities and footprint of an SD-WAN network are constrained by SD-WAN locations. SD-WAN solutions are designed to provide secure, optimized routing to another SD-WAN PoP. The benefits of SD-WAN are limited by where an organization is able to deploy SD-WAN PoPs.
The other primary shortcoming of SD-WAN is that it is a networking solution, not a security one. While SD-WAN appliances often have deep visibility into the traffic that they carry, they use this visibility to optimize routing and to implement policies regarding traffic prioritization. Achieving both optimized network performance and robust security requires deploying a full security stack alongside each SD-WAN appliance, which increases costs, complexity, and maintenance requirements.
Moving Beyond SD-WAN to SASE
There are a number of SD-WAN benefits to the distributed network organization, but its location limitations and lack of security present significant challenges. This is why, instead of adopting SD-WAN, organizations should consider SASE solutions.
SASE is specifically designed to address the main issues of SD-WAN. It is deployed as a virtualized, cloud-based appliance, enabling it to both be deployed geographically near an organization’s primary IT assets (data centers, cloud infrastructure, etc.) and geographically distributed (to support a remote workforce).
In addition to its cloud-based deployment, SASE also boasts a combination of SD-WAN functionality and a fully integrated network security stack. Its SD-WAN capabilities ensure that traffic is optimally routed to its destination, while the built-in security functionality removes the need to deploy additional security solutions or route all traffic through the headquarters network for security inspection.
SD-WAN is a valuable tool for the modern enterprise that allows it to optimize the use of its distributed assets. However, SD-WAN must be deployed as part of a SASE solution for an organization to achieve the full benefits of an SD-WAN distributed network.