How does SD-WAN Work?
SD-WAN has quickly become the go-to technology for enterprises seeking to leverage the cloud and embrace digital transformation. Yet, much confusion still exists about what exactly is an SD-WAN, and how the technology works.
Just a few short years ago building a WAN was a rather difficult undertaking that relied on dedicated connections, proprietary hardware, and a significant amount of management and orchestration. Those traditional WAN deployments proved to be rigid, unforgiving, and very difficult to maintain and modify when enterprises started to leverage the cloud.
SD-WANs arrived on the scene to overcome the limitations of traditional WAN design. They addressed many of the networking challenges confronting enterprises. At the same time, they left behind numerous challenges when integrating cloud technologies, securing branch offices or dealing with mobile users.
What Exactly Is An SD-WAN?
SD-WAN abstracts network traffic management from the underlying physical infrastructure. In other words, SD-WAN technology transforms WANs from static, hardware-centric networks to nimble, software-defined services.
For a quick intro to what is SD-WAN, see this video:
The advantages offered by SD-WAN technology are numerous:
- As a virtualized WAN architecture, SD-WANs allow enterprises to use numerous different transport mechanisms, including LTE, MPLS, and broadband Internet connections. Ultimately, SD-WANs can leverage all of those different connectivity methodologies to connect users to applications.
- SD-WANs also introduce centralized management and orchestration, reducing much of the burden associated with managing and provisioning a WAN. That centralized orchestration allows network managers to define policies that can leverage the full power of the connectivity services used. Take for example link-load balancing. Here the SD-WAN policy can be defined to combine multiple internet connections in active/active to act as a larger transport pipe, increasing throughput.
- The ability to load balance traffic across multiple pipes brings additional advantages, such as automatically incorporating redundancy into the WAN topology and supporting the concept of automatic failover. Simply put, if any one link fails, traffic will be routed over another link to maintain connectivity.
How Does an SD-WAN Work?
SD-WANs are formed by establishing encrypted tunnels (the “overlay”) between sites. Every site is equipped with an SD-WAN device. Once connected to the local networks, those devices automatically download custom-defined configuration and traffic policies and establish tunnels with one another or a point of presence (PoP), depending on the architecture.
Routing and traffic control is managed by the SD-WAN. Outbound traffic is routed along the optimum path based on application policies and real-time traffic conditions. Should one last mile connection fail, the SD-WAN device automatically fails over to the alternative connection, using pre-configured policies to manage the traffic load.
As such, policy-based management is obviously a key component of an SD-WAN. Policy is used to determine dynamic path selection and will steer traffic based upon the level of priority, such as quality of service (QoS) it is given. Numerous policies can be created to meet specific business needs, such as granting packet transmission priority for VoIP and other interactive services to improve performance.
Are There Any Shortcomings to SD-WAN?
While SD-WAN technology brings many benefits, there are still some concerns around the technology:
- SD-WAN is poorly suited for today’s cloud- or mobile-centric enterprises. SD-WAN requires a device to be installed on each side of a connection but installing an SD-WAN device in or near a cloud-provider’s datacenter isn’t trivial. And no SD-WAN connects mobile users. All of which means that your much applications, data, and users will be poorly serviced or outright ignored by your SD-WAN. That’s a mistake.
- What’s more SD-WAN’s lack integrated branch security. This presents an enormous challenge as branch offices all but require direct, secure Internet access. Enterprises are forced to integrate and maintain third-party firewalls, IPSs, and SWGs, significantly complicating and increasing the costs of SD-WAN deployments.
- Finally, most SD-WAN solutions rely on the public Internet, exposing enterprise traffic to the irregularities and unpredictability of Internet routing. This becomes particularly important in global routes where the combination of long delays and poor routing dramatically reduces throughput. And nor does SD-WAN alone have the necessary WAN optimization technologies to overcome the effects of high latency and packet loss that enterprises traditionally used to improve global connection throughput.
Cloud-native Platform: A Better Way to Deliver SD-WAN
Enterprises can address those shortcomings by selecting the right SD-WAN architecture. New secure access service edge (SASE) platform converges the functions of network and security point solutions into a unified, global cloud-native service.
Cato Cloud is first such platform. Our cloud-native architecture converges SD-WAN, a global private backbone, and a complete network security stack. Next-generation firewall-as-a-Service (FWaaS), secure web gateway with URL filtering (SWG), standard and next-generation anti-malware (NGAV), and a managed IPS-as-a-Service (IPS) all run in the 50+ PoPs comprising our global, private backbone. And that means companies can replace the headaches of managing branch security. “We hadn’t even subscribed to Cato’s security services, but we were alerted to potential malware on our users’ machines,” says Paul Burns, IT Director at Humphreys. “That’s something that none of our other network providers can offer.”
What’s more, since Cato has its own private backbone, we avoid the unpredictability of the Internet and with our built-in optimization techniques, we overcome packet loss the effects of latency. Finally, moving the “heavy lifting” to the cloud has another benefit – we’re able to connect not only sites but also mobile users and cloud resources into Cato Cloud.