WAN Optimization in the SD-WAN Era

WAN optimization has been with us for a long time. Born alongside the expensive MPLS data service, WAN optimization appliances allowed organizations to squeeze more bandwidth out of thin pipes through compression and deduplication, as well as prioritizing traffic of loss-sensitive applications such as remote desktops.

The dramatic changes in network traffic patterns, from inwards towards the data center to outwards towards the cloud, is challenging the base premise for dedicated WAN optimization appliances.

First, the growth in Internet- and cloud-bound traffic is accelerating the introduction of direct secure Internet access at branch locations. These links have a higher capacity at a lower cost, making bandwidth expansion easier and more affordable. Second, the use of public cloud applications is incompatible with using a WAN optimizer at both edges of the link, as enterprises can’t control traffic going to cloud applications.

Rohit Mehra, Vice President of Network Infrastructure at IDC and co-author of a short, but useful guide “Benefits of a Fully Featured SD-WAN”, comments on the effect cloud services has had on the WAN.  

“Traditional WANs were not architected for the cloud and are also poorly suited to the security requirements associated with distributed and cloud-based applications. And, while hybrid WAN emerged to meet some of these next-generation connectivity challenges, SD-WAN builds on hybrid WAN to offer a more complete solution.”

SD-WAN Edge Challenges

A typical SD-WAN solution includes SD-WAN edge appliances which enable organizations to use multiple transports (MPLS and Internet) in branch locations. However, they are often totally dependent on MPLS to ensure that loss sensitive applications perform in a consistent manner.  Because standard SD-WAN solutions don’t provide an SLA-backed transport, organizations are obligated to rely on MPLS. An SLA-backed backbone can provide consistent performance particularly for sites where Internet performance may not be satisfactory.

Integrated Network Security

SD-WAN edge solutions can provide direct Internet access at the branch. However, they typically do not include a full network security stack and require customers either to deploy additional security solutions at every location, backhaul traffic to a datacenter, or use cloud-based security services.

Supported Edges

SD-WAN edge solutions were designed with physical locations in mind. Typical WAN architectures treat cloud datacenters and mobile users as an afterthought, resulting in limited support for cloud infrastructure and mobile users.

Cato Networks SD-WAN Solution

In contrast, Cato has built a global, SLA-backed backbone that runs an integrated networking and security software stack. Cato has 39 PoPs worldwide, and they are fully meshed over multiple tier-1 IP transit providers with SLA-backed latency and packet loss. Cato provides consistent and predictable global connectivity at an affordable price, which allows customers to use high quality Internet last mile and the Cato Cloud to replace MPLS.

Network security is built into the Cato Cloud. Cato provides a full network security stack, including a next generation firewall, secure web gateway, anti-malware and IPS built into the SLA-backed backbone. There is no need to deploy branch security appliances, backhaul traffic, or introduce new security services. All policies are managed within Cato’s management application.

Cato was built to seamlessly connect all enterprise network elements including physical locations, cloud infrastructure, and mobile users. With Cato, SD-WAN and network security is available globally and for all traffic.

Multi-Segment Optimization

Cato’s solution provides optimization at several segments of the WAN.

Last Mile:

Multiple Transports


Application QoS

Policy-Based Routing (PBR)

Forward Error Correction (FEC)

Bandwidth Throttling


Optimal Egress

Shared Network / Datacenter Footprint

Middle Mile:

Global SLA-backed backbone

Optimal Routing on Multiple Carriers

Throughput Maximization (TCP Proxy)

Forward Error Correction (FEC)


Industry experts, like Ivan Pepelnjak, have seen first-hand the benefits of SD-WAN.  Pepelnjak has been in the business of designing and implementing large-scale networks as well as teaching and writing books on the topic for almost three decades. He comments in his blog about why businesses would move to SD-WAN:

“There’s a huge business case that SD-WAN products are aiming to solve: replacing traditional MPLS/VPN networks with encrypted transport over public Internet….Internet access is often orders of magnitude cheaper than traditional circuits. Replacing MPLS/VPN circuits with IPsec-over-Internet (or something similar) can drastically reduce your WAN costs. Trust me – I’ve seen dozens of customers make the move and save money.”

Find out more about SD-WAN as a service with integrated security and optimization and more, by subscribing to Cato Network’s blog.

Related Articles