How does SD-WAN Work?

How does SD-WAN Work?

SD-WAN has quickly become the go-to technology for enterprises seeking to leverage the cloud and embrace digital transformation. Yet, much confusion still exists about what exactly is an SD-WAN, and how the technology works.

Just a few short years ago building a WAN was a rather difficult undertaking that relied on dedicated connections, proprietary hardware, and a significant amount of management and orchestration. Those traditional WAN deployments proved to be rigid, unforgiving, and very difficult to maintain and modify when enterprises started to leverage the cloud.

SD-WANs arrived on the scene to overcome the limitations of traditional WAN design. They addressed many of the networking challenges confronting enterprises. At the same time, they left behind numerous challenges when integrating cloud technologies, securing branch offices or dealing with mobile users.

What Exactly Is An SD-WAN?

SD-WAN abstracts network traffic management from the underlying physical infrastructure. In other words, SD-WAN technology transforms WANs from static, hardware-centric networks to nimble, software-defined services.

For a quick intro to what is SD-WAN, see this video:

The advantages offered by SD-WAN technology are numerous:

  • As a virtualized WAN architecture, SD-WANs allow enterprises to use numerous different transport mechanisms, including LTE, MPLS, and broadband Internet connections. Ultimately, SD-WANs can leverage all of those different connectivity methodologies to connect users to applications.
  • SD-WANs also introduce centralized management and orchestration, reducing much of the burden associated with managing and provisioning a WAN. That centralized orchestration allows network managers to define policies that can leverage the full power of the connectivity services used. Take for example link-load balancing. Here the SD-WAN policy can be defined to combine multiple internet connections in active/active to act as a larger transport pipe, increasing throughput.
  • The ability to load balance traffic across multiple pipes brings additional advantages, such as automatically incorporating redundancy into the WAN topology and supporting the concept of automatic failover. Simply put, if any one link fails, traffic will be routed over another link to maintain connectivity.

How Does an SD-WAN Work?

SD-WANs are formed by establishing encrypted tunnels (the “overlay”) between sites. Every site is equipped with an SD-WAN device. Once connected to the local networks, those devices automatically download custom-defined configuration and traffic policies and establish tunnels with one another or a point of presence (PoP), depending on the architecture.

Routing and traffic control is managed by the SD-WAN. Outbound traffic is routed along the optimum path based on application policies and real-time traffic conditions. Should one last mile connection fail, the SD-WAN device automatically fails over to the alternative connection, using pre-configured policies to manage the traffic load.

As such, policy-based management is obviously a key component of an SD-WAN. Policy is used to determine dynamic path selection and will steer traffic based upon the level of priority, such as quality of service (QoS) it is given. Numerous policies can be created to meet specific business needs, such as granting packet transmission priority for VoIP and other interactive services to improve performance.

Are There Any Shortcomings to SD-WAN?

While SD-WAN technology brings many benefits, there are still some concerns around the technology:

  • SD-WAN is poorly suited for today’s cloud- or mobile-centric enterprises. SD-WAN requires a device to be installed on each side of a connection but installing an SD-WAN device in or near a cloud-provider’s datacenter isn’t trivial. And no SD-WAN connects mobile users. All of which means that your much applications, data, and users will be poorly serviced or outright ignored by your SD-WAN. That’s a mistake.
  • What’s more SD-WAN’s lack integrated branch security. This presents an enormous challenge as branch offices all but require direct, secure Internet access. Enterprises are forced to integrate and maintain third-party firewalls, IPSs, and SWGs, significantly complicating and increasing the costs of SD-WAN deployments.
  • Finally, most SD-WAN solutions rely on the public Internet, exposing enterprise traffic to the irregularities and unpredictability of Internet routing. This becomes particularly important in global routes where the combination of long delays and poor routing dramatically reduces throughput. And nor does SD-WAN alone have the necessary WAN optimization technologies to overcome the effects of high latency and packet loss that enterprises traditionally used to improve global connection throughput.

Cloud-native Platform: A Better Way to Deliver SD-WAN

Enterprises can address those shortcomings by selecting the right SD-WAN architecture. New secure access service edge (SASE) platform converges the functions of network and security point solutions into a unified, global cloud-native service.

Cato Cloud is first such platform. Our cloud-native architecture converges SD-WAN, a global private backbone, and a complete network security stack. Next-generation firewall-as-a-Service (FWaaS), secure web gateway with URL filtering (SWG), standard and next-generation anti-malware (NGAV), and a managed IPS-as-a-Service (IPS) all run in the 50+ PoPs comprising our global, private backbone.  And that means companies can replace the headaches of managing branch security. “We hadn’t even subscribed to Cato’s security services, but we were alerted to potential malware on our users’ machines,” says Paul Burns, IT Director at Humphreys. “That’s something that none of our other network providers can offer.”

What’s more, since Cato has its own private backbone, we avoid the unpredictability of the Internet and with our built-in optimization techniques, we overcome packet loss the effects of latency. Finally, moving the “heavy lifting” to the cloud has another benefit – we’re able to connect not only sites but also mobile users and cloud resources into Cato Cloud.

For more information on how SD-WAN technology can benefit an enterprise, please read the following article on MPLS to SD-WAN migration. We also offer a demo of our SD-WAN technology over here.


  • What is SD-WAN?

    Software-defined Wide Area Network (SD-WAN) devices sit in company locations and form an encrypted overlay between themselves across any underlying transport service including MPLS, LTE, and broadband Internet services.

  • What are the benefits of SD-WAN?

    Reduced Bandwidth Costs: MPLS bandwidth is expensive. On a “dollar per bit” basis, MPLS is significantly higher than public Internet bandwidth. Exactly how much more expensive will depend on a number of variables, not the least of which is location. However, the costs of MPLS aren’t just a result of significantly higher bandwidth charges. Provisioning an MPLS link often takes weeks or months, while a comparable SD-WAN deployment can often be completed in days. In business, time is money, and removing the WAN as a bottleneck can be a huge competitive advantage.
    Reliable Network Across the Unreliable Internet: The ability to connect locations with multiple data services running in active/active configurations. Sub-second network failover allows sessions to move to new transports in the event of downtime without disrupting the application.
    Secure Communications: Encrypted connectivity secures traffic in transit across any transport.
    Bandwidth on Demand: The capability to immediately scale bandwidth up or down, so you can ensure that critical applications receive the bandwidth they need when they need it.
    Immediate Site Activation: Bring up a new office in minutes, instead of weeks and months that it takes with MPLS. SD-WAN nodes configure themselves and can use 4G/LTE for instant deployment.

  • What are the key trends driving SD-WAN adoption?

    Enterprises built their networks using legacy carrier services, such a managed MPLS service. These services are expensive, require weeks to months to activate sits, and require waiting for the service provider to make even the simplest of changes.
    SD-WAN offers an escape from that bringing agility and cost efficiencies to IT networking. The SD-WAN connects locations with several Internet connections, aggregating them together with an encrypted overlay. Policies, application-aware routing, and dynamic link assessment in the overlay allow for the optimum use of the underlying Internet connections.
    Ultimately, SD-WAN delivers the right performance and uptime characteristics by taking advantage of the inexpensive public Internet with the security and availability needed by the enterprise.

  • What are the limitations of SD-WAN?

    Lack of a global backbone: SD-WAN appliances sit atop the underlying network infrastructure. This means the need for a performant and reliable network backbone is left unaddressed by SD-WAN appliances alone.
    Lack of advanced security features: SD-WAN appliances help address many modern networking use cases, but don’t help with security requirements. As a result, enterprises often need to manage a patchwork of security and networking appliances from different vendors (Like CASBs) to meet their needs. This in turn leads to increased network cost and complexity as each appliance must be sourced, provisioned, and managed by in-house IT or an MSP.
    No support for the mobile workforce: By design, SD-WAN appliances are built for site-to-site connectivity. Securely connecting mobile users is left unaddressed by SD-WAN appliances.