What is SD WAN?

SD -WAN is a prominent buzz word at the moment in the world of corporate telecommunications. Literally, it is an acronym for Software Defined Wide Area Network(ing), but what does that mean in practice? In this article we explore some of the capabilities of SD-WAN and what it might mean for your organisation.

The Basics of Corporate Networks

Most corporate networks in Australia today are built on private MPLS (MultiProtocol Label Switching) technology. These private networks are distinct and separate from the public Internet, and are only able to interact with it based on the business’s security policies. These policies are enforced by a firewall which separates and regulates the flow of data between the public Internet and the private corporate network.

A different paradigm: SD-WAN

When people talk about SD-WAN in a corporate network setting, they are usually referring to an approach which uses CPE’s (Customer Premise Equipment) that run more advanced software to effectively build a virtual network over the top of any underlying network – public or private.

Each branch typically ends up having its own firewalled Internet link, and the corporate network itself might even be run over the Internet through secure VPN (Virtual Private Network) tunnels.

What are the Pros and Cons?

MPLS and SD-WAN each has advantages and disadvantages which may be relevant depending on an organisation’s requirements. It can be optimal to combine elements of both approaches to deliver what is knowns as a Hybrid WAN solution. A comparison of the two approaches to some key areas follows.


To be secure, SD-WAN requires encrypted VPN tunnels between sites and relies on firewalls at each Internet connection point to secure your corporate data. These are proven technologies, but is a VPN (Virtual Private Network) over the Internet as secure as an ACTUAL private network that doesn’t run over the Internet at all? The answer to that is more complex than the scope of this article.

With proper configuration either a VPN or private MPLS approach can be considered secure. An even more secure solution can be achieved via a hybrid WAN configuration that uses encrypted VPN tunnels over private MPLS links. The best approach depends on your organisation’s needs and budget.

Network Visibility and Orchestration

The more advanced software that runs on SD-WAN devices can give improved visibility and orchestration of network traffic. In practice OTW’s Advanced ESP firewall can provide similar network edge reporting for a private network.

The ultimate in network reporting and orchestration can be delivered via an integrated solution between Advanced ESP and compatible SD-WAN devices. Once again, the best approach comes down to your organisation’s needs and budget.

Critical Traffic: Application Prioritisation vs QoS

Certain types of network traffic are affected by fluctuations in network performance much more than general traffic. Examples of sensitive traffic include voice, realtime video and terminal services. SD-WAN and private MPLS each have the capability to provide priority to critical traffic, but they use different approaches which can lead to different outcomes.

A private MPLS network provides priority to critical traffic such as voice using end-to-end QoS (Quality of Service). End-to-end QoS is the gold standard in traffic management, with every step in the data’s journey managing its priority and ensuring that it will be delivered promptly and in the same order it was sent. Assurance of voice quality can only be achieved with the benefit of end-to-end QoS.

An SD-WAN network cannot deliver end-to-end QoS over a public network like the Internet. Instead, SD-WAN can make decisions about which link to send traffic along depending on what application the data belongs to, and the current performance of the available links. This makes SD-WAN adept at optimising the utilisation and performance of multiple links to a single site, whether this is implemented as providing active/active load balancing between links, split tunnelling based on application, or low priority traffic being sent down cheaper low quality links, while high priority traffic is sent down the best available link at a point in time.

The flexibility of application prioritisation has many uses, but it should be noted that application layer priority cannot provide the same consistency and assurance of voice quality as end-to-end QoS. For an SD-WAN solution to achieve that standard, the underlying network layer still needs to be an appropriate high quality private MPLS link that supports QoS, effectively making it a hybrid WAN solution.


When a corporate network involves international locations, the cost and logistics of deploying private MPLS connectivity to those locations can be prohibitive. SD-WAN shines in this situation, allowing an office to be connected to the network simply by sending an SD-WAN device to the site and connecting it to an easily available Internet link.


There is significant hype in the market about SD-WAN enabling organisations to cut the cost of their WAN. The SD-WAN vendors who promote this claim are mostly based in the USA where the wholesale network connectivity landscape is quite different – in Australia, private MPLS links are more affordable compared to commodity Internet links. As a result, the higher cost of SD-WAN endpoints typically offsets the gains from reduced tail costs, resulting in a similar Total Cost of Ownership.

At the end of the day, whether a network solution is based on SD-WAN, private MPLS, or a Hybrid WAN approach, in most cases the only way to materially cut networking costs is to sacrifice link quality or network resilience.

The Right Solution for your Organisation

There is no “one solution fits all” when it comes to corporate networks. It takes professionals who understand the finer details of networks and business requirements to develop the best solution for your needs.

Over the Wire is uniquely positioned to design and deliver the style of network solution that makes sense for your organisation, whether it is based on private MPLS, SD-WAN or an integrated combination of both. Over the Wire’s years of experience in converged voice & data networks and managed security, combined with our status as a Fortinet Gold Partner, enables us to deliver a network solution which provides the standards of quality and security that you require.

Contact a member of the Over the Wire team today and speak to one of our experts to find out what solution suits your unique business needs.

Contact Us

You can reach us by phone on 1300 689 689, or mail our sales team using the form below.