There have been significant changes in wide-area networks over the past few years, none more important than software-defined WAN or SD-WAN, which is changing how network pros think about optimizing the use of connectivity that is as varied as Multiprotocol Label Switching (MPLS), frame relay and even DSL.
What is SD-WAN?
As the name states, software-defined wide-area networks use software to control the connectivity, management and services between data centers and remote branches or cloud instances. Like its bigger technology brother, software-defined networking, SD-WAN decouples the control plane from the data plane.
An SD-WAN deployment can include, existing routers and switches or virtualized customer premises equipment (vCPE) all running some version of software that handles policy, security, networking functions and other management tools, depending on vendor and customer configuration.
One of SD-WAN’s chief features is the ability to manage multiple connections from MPLS to broadband to LTE. Another important piece is the ability to segment, partition and secure the traffic traversing the WAN.
SD-WAN’s driving principle is to simplify the way big companies turn up new links to branch offices, better manage the way those links are utilized – for data, voice or video – and potentially save money in the process.
As a recent Gartner report said, SD-WAN and vCPE are key technologies to help enterprises transform their networks from “fragile to agile.”
“We believe that emerging SD-WAN solutions and vCPE platforms will best address enterprise requirements for the next five years, as they provide the best mix of performance, price and flexibility compared to alternative hardware-centric approaches,” Gartner stated. “Specifically, we predict that by 2023, more than 90% of WAN edge infrastructure refresh initiatives will be based on vCPE or SD-WAN appliances versus traditional routers (up from less than 40% today).”
With all of its advanced features making it an attractive choice for customers, the market has also attracted a number of choices with more than 60 vendors – including Cisco, VMware, Silver Peak, Riverbed, Aryaka, Fortinet, Nokia and Versa – that compete in the SD-WAN market; many with very specialized offerings, Gartner says. IDC says that SD-WAN technology will grow at a 30.8% compound annual growth rate from 2018 to 2023 to reach $5.25 billion.
From its VNI study, Cisco says that globally, SD-WAN traffic was 9 percent of business IP WAN traffic in 2017 and will be 29 percent of business IP WAN traffic by 2022. In addition, SD-WAN traffic will grow five-fold from 2017 to 2022, a compound annual growth rate of 37 percent.
“SD-WAN continues to be one of the fastest-growing segments of the network infrastructure market, driven by a variety of factors. First, traditional enterprise WANs are increasingly not meeting the needs of today’s modern digital businesses, especially as it relates to supporting SaaS apps and multi- and hybrid-cloud usage. Second, enterprises are interested in easier management of multiple connection types across their WAN to improve application performance and end-user experience,” said Rohit Mehra, IDC vice president, Network Infrastructure. “Combined with the rapid embrace of SD-WAN by leading communications service providers globally, these trends continue to drive deployments of SD-WAN, providing enterprises with dynamic management of hybrid WAN connections and the ability to guarantee high levels of quality of service on a per-application basis.”
How does SD-WAN help network security?
One of the bigger areas SD-WAN impacts is network security.
The tipping point for a lot of customers was the advent of applications like the cloud-based Office 365 and Amazon Web Services (AWS) applications that require secure remote access. said Neil Anderson practice director, network solutions at World Wide Technology, a technology service provider. “SD-WAN lets customers set up secure regional zones or whatever the customer needs and lets them securely direct that traffic to where it needs to go based on internal security policies. SD-WAN is about architecting and incorporating security for apps like AWS and Office 365 into your connectivity fabric. It’s a big motivator to move toward SD-WAN.”
“With SD-WAN, mission-critical traffic and assets can be partitioned and protected against vulnerabilities in other parts of the enterprise. This use case appears to be especially popular in verticals such as retail, healthcare, and financial,” IDC wrote. “SD-WAN can also protect application traffic from threats within the enterprise and from outside by leveraging a full stack of security solutions included in SD-WAN such as next-gen firewalls, IPS, URL filtering, malware protection, and cloud security.”
What does SD-WAN mean for MPLS?
One of the hotter SD-WAN debates is what the software technology would do to the use of MPLS, the packet-forwarding technology that uses labels in order to make data forwarding decisions. The most common use cases are branch offices, campus networks, metro Ethernet services and enterprises that need quality of service (QoS) for real-time applications.
For the most part, networking vendors believe MPLS will be around for a long time and that SD-WAN won’t totally eliminate the need for it. The major slaps against MPLS are how traditionally expensive the service is and how complicated it is to set up.
A recent report from Avant Communications, a cloud services provider that specializes in SD-WAN, found that 83% of enterprises that use or are familiar with MPLS plan to increase their MPLS network infrastructure this year, and 40% say they will “significantly increase” their use of it.
How that shakes out remains an unknown, but it seems both technologies will have role in near future enterprises anyway.
“For us, MPLS is just another option. We have never said that SD-WAN versus MPLS so that MPLS is going to get killed off or it needs to get killed off,” said Sanjay Uppal, vice president and general manager of VMware’s VeloCloud Business Unit.
Uppal said with MPLS, VMware at least is not finding that customers are turning off their MPLS in droves. “They are capping it in several instances. They are continuing to buy some more. Maybe not as much as they probably had in the past but it’s really opening up applications to use more [of the the underlying network responsible for delivery of packets]. All kinds of underlay are being purchased. MPLS is being purchased, more of broadband, direct internet access,” he said.
Gartner says its clients hope to fund their WAN expansion/update by replacing or augmenting expensive MPLS connections with internet-based VPNs, often from alternate providers. However, suitability of internet connections varies widely by geography, and service providers mixing connections from multiple providers increases complexity. SD-WAN has dramatically simplified this approach for a number of reasons, Gartner says, including:
- Due to the simpler operational environment and the ability to use multiple circuits from multiple carriers, enterprises can abstract the transport layer from the logical layer and be less dependent on their service providers.
- This decoupling of layers is enabling new MSPs to emerge to take advantage of the above for customers that still want to outsource their WANs.
- Traditional service providers are responding with Network Function Virtualization (NFV)-based offerings that combine and orchestrate services (SD-WAN, security, WAN optimization) from multiple popular vendors. NFV enables virtualized network functions including routing mobility and security.
There are other reasons customers will use MPLS in the SD-WAN world, experts said. “There is a concern about how customers will back up systems when there are outages,” Anderson said. “MPLS and other technologies have a role there.”