Transitioning to SD-WANs: Problems to Avoid

October 2, 2017

WAN Transformation: SD-WAN Cost and ROI Analysis

It’s no secret that traditional wide area networks (WANs) have to change. Much has been made about their high costs, long-time to deploy, and poor fit for running Internet and cloud traffic. But cost reductions, in particular, that are often promised with the successor to traditional WANs, software-defined wide area network (SD-WAN), is often misleading.

SD-WAN Cost Savings

Early marketing around SD-WAN technology pointed to the 90 percent cost difference between MPLS and Internet bandwidth costs.  From this many SD-WAN vendors claimed WAN transformation using SD-WAN would lead to comparable savings.

The reality is very different. In fact, Cato surveyed 350+ IT professionals about their SD-WAN plans and deployments. While more than 89 percent of respondents who had already deployed an SD-WAN indicated that cost savings played an important priority in deploying SD-WAN, only 41 percent reported reducing WAN costs. Here’s why.

Can’t Eliminate MPLS

All too often, the cost savings of SD-WAN stem from the expectation of eliminating a carrier’s costly MPLS service. But there’s an excellent chance that most SD-WAN’s will not eliminate your MPLS service. In part, this has to do with reasons of regulatory or standards compliance. Many security professionals still do not trust SD-WAN across the the open Internet to meet requirements.

In other cases, SD-WAN, over the open Internet, lack the consistent loss and jitter characteristics needed to run high-quality, enterprise voice and other loss- and latency-sensitive applications. This is particularly true between Internet regions, where the long-distances and lack of routes make finding alternate paths with right networking characteristic particularly difficult.

More than Basic Internet

Preliminary SD-WAN calculations alo often compare MPLS against the most basic Internet services. But all too often these services are insufficient, forcing companies to invest in not only business-grade internet, but services with redundant links to meet uptime expectations. All of which increases last-mile costs.

Service provider management, an inherent part of any MPLS service, must be assumed by the enterprise with SD-WAN — another cost center. Then there are also the additional security costs that often need to be calculated into the equation.

As a rule, SD-WAN appliance do not provide advanced security. They encrypt traffic, like any other VPN, but lack the advanced security services necessary for defending against advanced persistent threats, malware penetration, and more. As a result, while SD-WAN can use the Internet to establish VPNs to locations, alone they must still backhaul traffic to the company’s secured Internet portal, maintaining the same performance problems for cloud and internet traffic experienced with MPLS. Delivering DIA locally will force the deployment of IPS, malware protection, next generation firewall (NGFW) and other advanced security services at each site or, more likely, in regional hubs, increasing the SD-WAN-related costs.

Cost Savings You Will See

But clearly SD-WAN deployments do realize cost savings in many cases, 41 percent in our survey. Where do those savings savings come from?

Depending on the SD-WAN, cost savings, or more specifically cost avoidance, comes from not having to replace end-of-life routers. Bandwidth costs, even with redundant fiber pairs, will reduce somewhat when replacing MPLS in well-developed Internet regions. MPLS can be eliminated, but the SD-WAN needs to include a low-cost, SLA-backed backbone, MPLS alternative. Security costs can also be reduced when if the provider integrates advanced security services into the SD-WAN.

Operational costs will also decline because the SD-WAN uses centralized configuration and management. In general, SD-WAN help wide area networking move closer to becoming plug-and-play, but deployment is rarely out right simple. You still need to understand routing, policy configuration, network performance and more.

Bottom Line

The bottom line is that SD-WAN can help your bottom line. It’s partially a matter of setting proper expectations and part about finding an SD-WAN with the right security and performance characteristics to make DIA and MPLS alternative possible. Do that and you too can join the happy 41 percent.

Dave Greenfield

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.