04 April 2023

Is SD-WAN the future of enterprise networking, or is it already old hat? Amy Saunders checks in with those in the know

“Software defined wide area network (SD-WAN) is the first real-world implementation of software defined networking (SDN), which emerged a decade ago,” says Marc Cohn, principal technology strategist, Spirent.

While it’s not exactly new, “it’s only in the last two years that SD-WAN has largely been considered the go-to technology for networking – and for good reason,” states Anthony Senter, CEO, SDWAN Solutions Limited (UK). “As applications move to the cloud, backhauling traffic to a data centre first (as with MPLS or VPNs) is counterproductive for offices and remote workers. Relying on a single connection for all traffic is also unwise, as is using static routes and being at the mercy of a network provider to make changes.”

Dave Greenfield, director of technology evangelism, Cato Networks, agrees, stating that SD-WAN addresses the high costs of MPLS compared to internet capacity while delivering enhanced agility: “an SD-WAN device can be deployed in minutes and getting an internet connection will take days and weeks. The provisioning of an MPLS connection can take months depending on location, if MPLS is available at all.”

Introducing dynamic networking

For the modern enterprise, SD-WAN can dynamically route traffic, per packet in best scenario, using all available bandwidths, and dependant on the specific application priority and requirements. Moreover, SD-WAN enables the WAN to be tailored to support applications independent of the underlying WAN connectivity technologies and provides a common management front-end to offer single-pane-of-glass operations.

SD-WAN can essentially combine different technologies such as broadband, WiFi and cellular connections as well as firewalls and security functionality, all managed by a SD-WAN central controller. “When you bring all that together, you’re not just getting the sum of all the components, you start to get a multiplying effect and achieve greater application performance,” says Martin Saunders, product director, Highlight.

While originally envisioned as a campus interconnection technology to virtualize the WAN, SD-WAN has evolved into the cloud connectivity option of choice. As the global workforce rapidly moved to working from home during the COVID-19 pandemic and is now settling into a hybrid model, “SD-WAN is evolving again as the means of providing secure, multi-cloud connectivity,” says Cohn. “Since cloud is here to stay, and typically will be deployed in the hybrid model, SD-WAN is a critical technology, especially as employees return to the campus for at least a portion of the workweek.”

SD-WAN vs VPNs and MPLS

SD-WAN, virtual private networks (VPNs) and multiprotocol label switching (MPLS) are common WAN technologies, but how do they compare?

“While MPLS and VPN provide relatively low-level connectivity, SD-WAN has evolved to provide policy-based, application-level connectivity in the multi-cloud environment,” explains Cohn.

MPLS continues to grow because of its ubiquity, ability to scale and bandwidth efficiency, asserts Cohn. While MPLS does not encrypt user traffic, the predominant use case is for private connectivity (which is fully isolated from the internet), which is inherently secure.

“Like SD-WAN, VPNs provide an overlay that may reside on top of distinct WAN connections. However, VPNs provide relatively low-level internet connectivity that is more complex to manage, less secure, and less flexible than SD-WAN, which can provide application layer connectivity over any VPN,” adds Cohn.

SD-WAN will replace VPNs and MPLS, agree Greenfield and Senter. “The only companies still promoting VPN and MPLS above SD-WAN technology are those that have either high MPLS revenues to protect or do not have the skillset and expertise to be able to offer true SD-WAN and SASE solutions,” asserts Senter.

“SD-WANs can configure themselves and aren’t faced with IPsec’s capacity limitations,” says Greenfield. “SD-WAN also allows you to build a mesh of tunnels that would normally be very difficult to provision and create with VPN alone, where the network becomes very brittle. If one ‘tunnel’ breaks, there’s no failover and no traffic control.”

VPN and MPLS are both 25+ years old technologies: “VPNs need constant handholding, can only use a single connection, give all or nothing access which goes against zero trust methodology. VPNs cause an average of 30 minutes a day downtime for 90% of WFH staff,” says Senter. “Similarly, MPLS performance can be replicated with a properly designed SD-WAN solution, while offering so many more business and productivity advantages. If you are currently running an MPLS only network, cost benefit alone should be enough to convince you to make the change.”

An incomplete picture

With dozens of product and managed services offerings, a variety of security features, and a wide range of management capabilities, SD-WAN solutions vary significantly.

“Each SD-WAN vendor technology offers different benefits and use-cases,” explains Senter. “From those that are SD-WAN in name only and offer basic failover functionality to those that provide superior technologies and benefits. Choosing the correct vendor solution for your business all comes down to the functionality you require, what your applications and users need and your budget.”

“Enterprises need to have a clear understanding of their specific network requirements,” agrees Saunders. “Many enterprises will not have this level of expertise inhouse and it is worth working with an organisation such as The Network Collective. They help companies to understand and document their network needs both now and in the future.”

However, SD-WAN alone is not enough to meet today’s networking challenges. “In the midst of the COVID-19 pandemic, SD-WAN vendors rapidly repositioned themselves as secure cloud connectivity suppliers based on the dramatic shift in the workforce,” says Cohn. “A glance at the market leaders reveals fewer references to SD-WAN. Instead, one will find secure access service edge (SASE), zero touch network access (ZTNA), among other security functions.”

A recent SD-WAN report from GigaOm reviewed 19 notable vendors and discussed the importance of considering SD-WAN as part of a broader SASE offering. As per Greenfield, SD-WAN was designed for an era where users and resources were predominantly located within offices.

“With hybrid work and the shift to the cloud, users and resources are no longer on premises. To access the cloud, SD-WAN devices need to be deployed in the cloud, which is not always feasible. Remote access is completely outside the scope of SD-WAN,” explains Greenfield. “It’s why Gartner and other analysts expect that in the future most SD-WAN purchases will be part of a much larger SASE strategy that pulls together sites, remote users, and cloud resources into one seamless network.”
SD-WAN does not consider what happens when applications move from the data centre to the cloud, nor the element of security. Greenfield believes that SD-WAN is going to become a part of SASE, and will also include security, native cloud connectivity, and remote access all seamlessly converged.

“MPLS and VPNs were for organisations 10 years ago; SD-WAN was for organisations four years ago, but SASE will be for organisations moving forward,” concludes Greenfield.