SD -WAN is a prominent buzz word at the moment in the world of
corporate telecommunications. Literally, it is an acronym for Software
Defined Wide Area
Network(ing), but what does that mean in practice? In this article we
explore some of the capabilities of SD-WAN and what it might mean for
The Basics of Corporate Networks
Most corporate networks in Australia today are built on private MPLS
(MultiProtocol Label Switching) technology. These private networks are
distinct and separate from
the public Internet, and are only able to interact with it based on the
business’s security policies. These policies are enforced by a
firewall which separates and regulates
the flow of data between the public Internet and the private corporate
A different paradigm: SD-WAN
When people talk about SD-WAN in a corporate network setting, they are usually referring to an approach which uses CPE’s (Customer Premise Equipment) that run more advanced software to effectively build a virtual network over the top of any underlying network – public or private.
Each branch typically ends up having its own firewalled Internet link,
and the corporate network itself might even be run over the Internet
through secure VPN (Virtual Private Network)
What are the Pros and Cons?
MPLS and SD-WAN each has advantages and disadvantages which may be relevant depending on an organisation’s requirements. It can be optimal to combine elements of both approaches to deliver what is knowns as a Hybrid WAN solution. A comparison of the two approaches to some key areas follows.
To be secure, SD-WAN requires encrypted VPN tunnels between sites and relies on firewalls at each Internet connection point to secure your corporate data. These are proven technologies, but is a VPN (Virtual Private Network) over the Internet as secure as an ACTUAL private network that doesn’t run over the Internet at all? The answer to that is more complex than the scope of this article.
With proper configuration either a VPN or private MPLS approach can be
considered secure. An even more secure solution can be achieved via a
hybrid WAN configuration that uses encrypted VPN tunnels over private
The best approach depends on your organisation’s needs and budget.
Network Visibility and Orchestration
The more advanced software that runs on SD-WAN devices can give improved visibility and orchestration of network traffic. In practice OTW’s Advanced ESP firewall can provide similar network edge reporting for a private network.
The ultimate in network reporting and orchestration can be delivered
via an integrated solution between Advanced ESP and compatible SD-WAN
devices. Once again, the best approach
comes down to your organisation’s needs and budget.
Critical Traffic: Application Prioritisation vs QoS
Certain types of network traffic are affected by fluctuations in network performance much more than general traffic. Examples of sensitive traffic include voice, realtime video and terminal services. SD-WAN and private MPLS each have the capability to provide priority to critical traffic, but they use different approaches which can lead to different outcomes.
A private MPLS network provides priority to critical traffic such as voice using end-to-end QoS (Quality of Service). End-to-end QoS is the gold standard in traffic management, with every step in the data’s journey managing its priority and ensuring that it will be delivered promptly and in the same order it was sent. Assurance of voice quality can only be achieved with the benefit of end-to-end QoS.
An SD-WAN network cannot deliver end-to-end QoS over a public network like the Internet. Instead, SD-WAN can make decisions about which link to send traffic along depending on what application the data belongs to, and the current performance of the available links. This makes SD-WAN adept at optimising the utilisation and performance of multiple links to a single site, whether this is implemented as providing active/active load balancing between links, split tunnelling based on application, or low priority traffic being sent down cheaper low quality links, while high priority traffic is sent down the best available link at a point in time.
The flexibility of application prioritisation has many uses, but it
should be noted that application layer priority cannot provide the same
consistency and assurance of voice
quality as end-to-end QoS. For an SD-WAN solution to achieve that
standard, the underlying network layer still needs to be an appropriate
high quality private MPLS link that
supports QoS, effectively making it a hybrid WAN solution.
When a corporate network involves international locations, the cost and
logistics of deploying private MPLS connectivity to those locations can
be prohibitive. SD-WAN shines in
this situation, allowing an office to be connected to the network
simply by sending an SD-WAN device to the site and connecting it to an
easily available Internet link.
There is significant hype in the market about SD-WAN enabling organisations to cut the cost of their WAN. The SD-WAN vendors who promote this claim are mostly based in the USA where the wholesale network connectivity landscape is quite different – in Australia, private MPLS links are more affordable compared to commodity Internet links. As a result, the higher cost of SD-WAN endpoints typically offsets the gains from reduced tail costs, resulting in a similar Total Cost of Ownership.
At the end of the day, whether a network solution is based on SD-WAN,
private MPLS, or a Hybrid WAN approach, in most cases the only way to
materially cut networking costs is to
sacrifice link quality or network resilience.
The Right Solution for your Organisation
There is no “one solution fits all” when it comes to corporate networks. It takes professionals who understand the finer details of networks and business requirements to develop the best solution for your needs.
Over the Wire is uniquely positioned to design and deliver the style of network solution that makes sense for your organisation, whether it is based on private MPLS, SD-WAN or an integrated combination of both. Over the Wire’s years of experience in converged voice & data networks and managed security, combined with our status as a Fortinet Gold Partner, enables us to deliver a network solution which provides the standards of quality and security that you require.
Contact a member of the Over the Wire team today and speak to one of our experts to find out what solution suits your unique business needs.