How does SD-WAN work?

SD-WAN has quickly become the go-to technology for enterprises seeking to leverage the cloud and embrace digital transformation. Yet, much confusion still exists about what exactly is an SD-WAN, and how the technology works.

Just a few short years ago building a WAN was a rather difficult undertaking that relied on dedicated connections, proprietary hardware, and a significant amount of management and orchestration. Those traditional WAN deployments proved to be rigid, unforgiving, and very difficult to maintain and modify when enterprises started to leverage the cloud.

SD-WANs arrived on the scene to overcome the limitations of traditional WAN design. They addressed many of the networking challenges confronting enterprises. At the same time, they left behind numerous challenges when integrating cloud technologies, securing branch offices or dealing with mobile users.

What Exactly Is An SD-WAN?

SD-WAN abstracts network traffic management from the underlying physical infrastructure. In other words, SD-WAN technology transforms WANs from static, hardware-centric networks to nimble, software-defined services.

For a quick intro to what is SD-WAN, see this video:

The advantages offered by SD-WAN technology are numerous:

As a virtualized WAN architecture, SD-WANs allow enterprises to use numerous different transport mechanisms, including LTE, MPLS, and broadband Internet connections. Ultimately, SD-WANs can leverage all of those different connectivity methodologies to connect users to applications.
SD-WANs also introduce centralized management and orchestration, reducing much of the burden associated with managing and provisioning a WAN. That centralized orchestration allows network managers to define policies that can leverage the full power of the connectivity services used. Take for example link-load balancing. Here the SD-WAN policy can be defined to combine multiple internet connections in active/active to act as a larger transport pipe, increasing throughput.
The ability to load balance traffic across multiple pipes brings additional advantages, such as automatically incorporating redundancy into the WAN topology and supporting the concept of automatic failover. Simply put, if any one link fails, traffic will be routed over another link to maintain connectivity.

How Does an SD-WAN Work?

SD-WANs are formed by establishing encrypted tunnels (the “overlay”) between sites. Every site is equipped with an SD-WAN device. Once connected to the local networks, those devices automatically download custom-defined configuration and traffic policies and establish tunnels with one another or a point of presence (PoP), depending on the architecture.

Routing and traffic control is managed by the SD-WAN. Outbound traffic is routed along the optimum path based on application policies and real-time traffic conditions. Should one last mile connection fail, the SD-WAN device automatically fails over to the alternative connection, using pre-configured policies to manage the traffic load.

As such, policy-based management is obviously a key component of an SD-WAN. Policy is used to determine dynamic path selection and will steer traffic based upon the level of priority, such as quality of service (QoS) it is given. Numerous policies can be created to meet specific business needs, such as granting packet transmission priority for VoIP and other interactive services to improve performance.

Are There Any Shortcomings to SD-WAN?

While SD-WAN technology brings many benefits, there are still some concerns around the technology:

SD-WAN is poorly suited for today’s cloud- or mobile-centric enterprises. SD-WAN requires a device to be installed on each side of a connection but installing an SD-WAN device in or near a cloud-provider’s datacenter isn’t trivial. And no SD-WAN connects mobile users. All of which means that your much applications, data, and users will be poorly serviced or outright ignored by your SD-WAN. That’s a mistake.
What’s more SD-WAN’s lack integrated branch security. This presents an enormous challenge as branch offices all but require direct, secure Internet access. Enterprises are forced to integrate and maintain third-party firewalls, IPSs, and SWGs, significantly complicating and increasing the costs of SD-WAN deployments.
Finally, most SD-WAN solutions rely on the public Internet, exposing enterprise traffic to the irregularities and unpredictability of Internet routing. This becomes particularly important in global routes where the combination of long delays and poor routing dramatically reduces throughput. And nor does SD-WAN alone have the necessary WAN optimization technologies to overcome the effects of high latency and packet loss that enterprises traditionally used to improve global connection throughput.

Cloud-native Platform: A Better Way to Deliver SD-WAN

Enterprises can address those shortcomings by selecting the right SD-WAN architecture. New secure access service edge (SASE) platform converges the functions of network and security point solutions into a unified, global cloud-native service.

Cato Cloud is first such platform. Our cloud-native architecture converges SD-WAN, a global private backbone, and a complete network security stack. Next-generation firewall-as-a-Service (FWaaS), secure web gateway with URL filtering (SWG), standard and next-generation anti-malware (NGAV), and a managed IPS-as-a-Service (IPS) all run in the 50+ PoPs comprising our global, private backbone. And that means companies can replace the headaches of managing branch security. “We hadn’t even subscribed to Cato’s security services, but we were alerted to potential malware on our users’ machines,” says Paul Burns, IT Director at Humphreys. “That’s something that none of our other network providers can offer.”

What’s more, since Cato has its own private backbone, we avoid the unpredictability of the Internet and with our built-in optimization techniques, we overcome packet loss the effects of latency. Finally, moving the “heavy lifting” to the cloud has another benefit – we’re able to connect not only sites but also mobile users and cloud resources into Cato Cloud.

For more information on how SD-WAN technology can benefit an enterprise, get our free SASE for Dumbies e-book or book a Discovery Session today.

Have time for a coffee?

Face to face or over Zoom, we are here to help you.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

You might also be interested in...

Gartner Report 2021 Strategic Roadmap for SASE Convergence

Digitalization, work-from-anywhere, and cloud computing have accelerated SASE offerings to address the need for secure and optimized access, anytime, anywhere, and on any device.

Industry 4.0 – Talking About a Revolution

Industry 4.0 represents the next phase of innovation in production processes, merging traditional systems with new digital technologies (IoT, AI, big data, AR, robotics, M2M, real-time analytics, and so on), facilitating automation, agility, and efficiency to create a world of smart manufacturing.

SASE vs. SD-WAN: Achieving Cloud-Native WAN Security

For several years now, the network evolution spotlight has been on SD-WAN, and rightfully so. SD-WAN provides big advancements in connecting branch locations into central data centers in a cost-effective manner. It is the networking equivalent of a killer application that allows companies to use a variety of transport mechanisms besides MPLS and to steer traffic according to business priorities.

Why Remote Work and Legacy Security Architectures Don’t Mix

Last week, Cato Networks announced the results of the 5th annual IT survey, The Future of Enterprise Networking and Security: Are You Ready for the Next Leap. It was a massive undertaking that saw 2,376 participants from across the globe provide detailed insights into how their organizations responded to the COVID-19 crisis, their plans for 2021, and what they think about secure access service edge (SASE).

SD-WAN or SASE: Choose a platform rather than a product

As enterprises set out to modernize their networks, SD-WAN has become a key networking technology for connecting offices. But with COVID-19, users transitioned to work at home, not in the office.

Thought SD-WAN Was What You Needed to Transform your Network? Think Again.

Since its premier over a decade ago, SD-WAN was adopted by enterprises as the go-to-technology for preparing their network for the digital transformation.

Rethinking Enterprise Remote Access VPN Solutions: Designing Scalable VPN Connectivity

The global pandemic has forced many organizations around the world to send their workers home to support social distancing mandates. The process happened suddenly – almost overnight – giving companies little time to prepare for so many people to work remotely. To keep business functioning as best as possible, enterprises need to provide secure remote connectivity to the corporate network and cloud-based resources for their remote workers.

Secure Remote Work: Deploying Zero Trust Access

The global pandemic has forced knowledge workers to move out of their offices en masse to the isolated environment of their homes. Most will return to the office at some point, even if only part-time, as companies adjust to social distancing measures meant to keep employees safe.

How much does SD-WAN cost?

Calculating the cost of SD-WAN can be complicated, especially when it comes to CAPEX vs OPEX and ambiguous ROIs. With so many vendors promising massive savings over MPLS internet connections, SD-WAN is currently been touted as one of the hottest categories in networking today. Take a closer look at the costs, considerations, potential savings and leverage the SD-WAN calculator to estimate your organisations SD-WAN cost.

Considerations for a branch office firewall

Organisations looking for a branch office firewall upgrade, refresh or deploying firewalls to new sites, need to consider multiple different elements. Let's walk through all of the major factors to consider for a branch firewall and why organisations should consider SD-WAN, and more recently Secure Access Service Edge (SASE) as part of their next-generation of branch network security.

What is STaaS?

Storage as a service (STaaS) is a managed service model for purchasing data storage based on consumption, where a company only pays for what they use, typically on a per-GB per-month basis.

What is SD-WAN?

Software-Defined WAN (SD-WAN) is a networking technology that seamlessly connects branch offices, HQs cloud and data centers over broadband internet rather than MPLS leased lines.

SD-WAN vs. VPN comparison

Internet-based VPN vs MPLS was the debate for some time, WAN technology has evolved in recent years. During that time, SD-WAN has emerged as an enterprise WAN connectivity solution that provides a combination of cost efficiency, agility, and cloud-friendliness that neither MPLS nor Internet-based VPN can match.

SD-WAN vs. MPLS vs. broadband public internet

To meet the needs of a global enterprise, our network architectures need to evolve as well. Which architectural approach will best serve your needs — MPLS, public internet or cloud networks?

SD-WAN vs. MPLS: Choose the best WAN solution for you

You've probably heard about SD-WAN and its promise to transform enterprise networking as we know it. And, by enterprise networking we mean the use of MPLS at the core of enterprise networks. So, to SD-WAN or to MPLS? Here is what you need to consider.

Alternatives to MPLS internet

SD-WAN is looking to address the challenges of MPLS like cost, capacity, rigidity, and manageability.

Challenges of SD-WAN security

A good starting point in explaining why cloud-native SD-WAN is so compelling from a security perspective is the shortcomings of two older WAN solutions: MPLS and appliance-based SD-WAN.

WAN Optimization in the SD-WAN Era

WAN optimization has been with us for a long time. Born alongside expensive and capacity constrained WAN connectivity, such as MPLS, WAN optimization appliances allowed organizations to squeeze more bandwidth out of thin pipes through compression, and prioritize traffic of loss-sensitive applications such as remote desktops.

History of SD-WAN

Let's take a look at the history of WAN and as we journey from Point-to-Point, T1/T3, Frame Relay, to MPLS, and finally arrive at SD-WAN.

How to load balance multiple internet connections?

Internet load balancing or fail-over for multiple internet connections can seem like a tight rope walk, but it doesn't have to be. There are multiple ways to accomplish it, from point products to routers and firewalls. Let's take a look at the options and alternatives.

WAN Optimization vs. SD-WAN

With the rising popularity of SD-WAN, there is a growing debate that WAN optimization is becoming obsolete. SD-WAN is gaining acceptance and for good reason. It creates an intelligent overlay of multiple transports on your WAN to efficiently and automatically route traffic over the most optimal path.

How to connect multiple branch offices?

How do you connect multiple offices rapidly and affordably without sacrificing performance?

Last mile constraints for SD-WAN

From pairing MPLS with a backup internet connection, to link-bonding for aggregate last-mile, SD-WAN introduces new ways to handle old problems, with policy-based routing, active/active links, packet loss mitigation, and quality of service (QoS).

Affordable MPLS Alternatives

After decades of use, enterprises are looking for MPLS alternatives. To be considered a viable alternative, a network must match MPLS’ service levels for predictability and consistency, while avoiding its pitfalls of cost, rigidity and capacity constraints.

SD-WAN vs. MPLS redundancy

How can SD-WAN deliver the same reliability and redundancy as MPLS when it uses the public Internet?

How does SD-WAN benefit digital transformation?

Digital transformation is all about agility. SD-WAN enables organisations to be more agile in multiple different ways. Such as the ability to rapidly stand-up a new site with secure internet and inter-office connectivity, without the need for additional security appliances, make policy changes across multiple sites on-the-fly, gain real-time visibility of users and connections, on-board new VPN users for remote work without worries license or connection limits.

Evolution of SD-WAN

SD-WAN has become more than just a network for connecting locations. The rise of cloud, mobile, and business agility demands has required SD-WAN to become smarter by providing security, optimization, intelligence, and better reach. These changes in SD-WAN can be broken down into three phases, reflecting the ways that SD-WAN technologies have adapted over time to the demands of business requirements.