- Customer Stories
- How to Buy
SD-WAN stands for software-defined wide area network (or networking). A WAN is a connection between local area networks (LANs) separated by a substantial distance—anything from a few miles to thousands of miles. The term software-defined implies the WAN is programmatically configured and managed. So, it can be easily adapted quickly to meet changing needs.
There are several characteristics that are generally attributed to SD-WANs. Let’s walk through them and learn more about the way SD-WAN works.
The primary means of control in an SD-WAN is centralized. It often resides in a SaaS application running on a public cloud. Control is decoupled from the hardware to simplify network management and improve the delivery of services. SD-WAN appliances (and virtual appliances) follow operational rules passed down from the central controller. This greatly reduces or eliminates the need to manage gateways and routers on an individual basis.
SD-WAN gateways support hybrid WAN, which implies that each gateway can have multiple connections using different transports—MPLS, broadband Internet, LTE, etc. A virtual private network (VPN) is typically set up across each WAN connection for security. Consequently, the SD-WAN can be an overlay spanning a diverse communications infrastructure.
Another feature of SD-WAN is dynamic path selection—the ability to automatically and selectively route traffic onto one WAN link or another depending on network conditions or traffic characteristics. Packets may be steered onto a particular link because another link is down or not working very well, or to balance network traffic across all available links. SD-WAN can also identify packets by application, user, source/destination, etc. and send them down one path or another based on those characteristics.
Policy is what determines where dynamic path selection will steer traffic and what level of priority (quality of service, or QoS) it is given. Business intentions can be implemented as policies via the central management console. New and updated policies are translated into operational rules and downloaded to all SD-WAN gateways and routers under control.
A policy may be created, for example, to ensure the best performance for VoIP and interactive web conferences by giving their packets transmission priority and routing them onto low-latency paths. Cost savings can be realized by sending file back-ups across a broadband Internet connection. WAN traffic that requires a high level of security can be restricted to private connections (e.g., MPLS) between sites and required to pass through a robust security stack when entering the enterprise.
An additional characteristic of SD-WAN is the ability chain it together with other network services. WAN optimization (acceleration) is often combined with SD-WAN to improve network and application performance. Internet traffic leaving and entering a branch office may be routed across a VPN to a cloud-base security service to strike a balance between performance, security, and cost.
Multiprotocol label switching (MPLS) has been the mainstay of WAN connectivity between enterprise sites for more than a decade. It delivers guaranteed bandwidth, predictable latency, and privacy. Unfortunately, MPLS is expensive and may not be obtainable in many geographic locations. MPLS is also not a practical means of cloud connectivity in most situations.
Broadband Internet, in contrast, costs much less than MPLS and is globally available. While Internet connectivity is not as reliable and latency can vary, the cost savings are compelling. Many organizations now use a hybrid-WAN blend of these transports in which the traffic of business-critical applications is sent via MPLS and all else is routed over broadband Internet.
Software-defined WAN makes it much easier to set up a hybrid-WAN and find the right balance between cost, reliability, and performance for a diverse mix of application traffic. This is due in large part to the capabilities of policy-based management and dynamic path selection that are inherent to SD-WAN.
The simplicity of management that SD-WAN brings to complex networks is arguably of even greater importance than MPLS cost savings.
Network complexity is increasing due to many factors including the use of hybrid WANs and a growing dependence on cloud-based applications. Traditional methods of managing WANs cannot scaled to meet this added complexity.
Configuring routers and gateways on an individual basis using scripts and command line interfaces (CLIs) is inefficient and error-prone. Productivity is reduced further when an expert must travel to set up new equipment at a remote site. A reliance on outdated methods and technologies has made it difficult for many network teams to keep up with business demands.
SD-WAN helps IT get control of complex networks and respond faster to changing business needs. It starts with the ability to design, deploy, and manage new equipment from a central location. The work of a network engineer is essentially complete after the design phase. A new SD-WAN gateway can be shipped to a remote site and plugged in by someone with no IT skills. The gateway will be discovered and brought online automatically with zero-touch provisioning—a workflow orchestrated by the central SD-WAN controller.
SD-WAN equipment can be managed using business-aligned policies written by a network engineer. Operational rules are automatically generated and downloaded to all SD-WAN devices under management when a policy is created or modified.
Performance uncertainty is an issue with dependence on the Internet and other public networks for WAN connectivity. The path that network traffic takes across the Internet can be different for every transmission between a pair of source and destination devices. Latency may vary significantly as a consequence.
Bottlenecks can also develop along the network path due to time-of-day congestion and random factors that constrain bandwidth. This problem is especially common on the “last mile” of the network when using an Internet service without guaranteed bandwidth. Many IT organizations set up redundant connections and services at each Internet breakout point to minimize the risk of a last-mile bandwidth bottleneck.
SD-WAN monitors the health of each WAN link and can use dynamic path selection to steer traffic down the best available path at each moment. It can also discriminate between the traffic of applications or users such that the best connection is reserved for the most important traffic—say, VoIP or applications that handle business transactions. Lower-priority traffic, like file backups, can be routed onto a connection that is less reliable.
SD-WAN makes it easier to move non-critical WAN traffic from private MPLS links onto lower-cost broadband Internet. Centralized, policy-based management lets a network engineer put more (or less) traffic on broadband links at any time without having to reconfigure routers and gateways on an individual basis.
Another area of cost savings is administration—especially network service and ongoing maintenance. Network experts need not travel to remote locations for SD-WAN deployments and they can get more done back in the office by using centralized, policy-based management.
Find out more about SD-WAN cost savings in our white paper, Measuring the ROI (Return on Investment) of SD-WAN >
Business is moving at a faster pace today than ever before. IT teams are being asked to roll out new services to support business initiatives on aggressive schedules. Fortunately, SD-WAN gives network engineers the agility to respond quickly to requests for new WAN services and make changes to existing services. Many tasks that formerly took hours or days to accomplish require only minutes to do with SD-WAN.
A second kind of agility that SD-WAN provides is real-time traffic management. SD-WAN gateways continuously monitor the health of each WAN link connected to them. Traffic is quickly rerouted when a link fails or becomes congested.
Monitoring link health and redirecting traffic as needed improves application availability and performance in a broad sense. SD-WAN can also improve (or reduce) performance on a selective, application-by-application basis.
Deep packet inspection is used to identify the applications associated with WAN traffic. Business-aligned policies implemented by the network engineer determine which applications are given higher priority (QoS) and which paths their packets will flow onto. For example, policies can be implemented to send video traffic over the highest-capacity circuits; send software updates over Internet broadband circuits; or send all business traffic over secure VPNs.
Another way that SD-WAN improves performance for cloud-based applications is by making it easier to set up Internet break-outs at remote offices. Eliminating the need to backhaul traffic through a central point of Internet access can reduce latency and improve the user experience for SaaS and other cloud-based applications.
Setting up network equipment at a new branch office is much easier with SD-WAN than with traditional routers and gateways. A network engineer designs the node at a central management console. Then an SD-WAN appliance is then shipped to the branch office and plugged in by someone with little or no IT skills. On power-up, the appliance joins the network and connects to the central SD-WAN controller, which provisions and configures the new equipment and then brings it online.
That’s it! SD-WAN with zero-touch provisioning—an automated workflow executed by the central controller—eliminates the need for an expert to travel to the branch site or set it up remotely via a command line interface.
Yes, SD-WAN significantly increases ROI by improving IT agility, performance and efficiency. Your ROI should be in double digits and you should expect to break even within a few months of completing your deployment. Make sure to plan your roadmap with your SD-WAN vendor and confirm that they can quantify ROI for your custom use-cases.
The price tag shouldn’t be the main consideration with SD-WAN. If you focus solely on the initial investment, you’ll lose sight of the bigger picture, which is the ROI you should experience within a year of implementation.
SD-WAN can increase your network security with encrypted network traffic, network segmentation, the use of a central provisioning system, increased visibility into the WAN, and optimized performance overall. Segmenting your network limits any attack damage to a manageable area. A central provisioning system provides a piece of software that controls all of the separate nodes interdependently which gives better communication and connection between your network, very different from the traditional WAN setup.
Find out how to solve your cloud and branch SD-WAN security challenges >
The vendor selection process will show you that many vendors have not been able to quickly evolve to produce more effective software-defined platforms. Small vendors do not offer a holistic platform for WAN management and rarely have the necessary years of experience in the WAN market. An ideal vendor will recognize and resolve your specific pain-points as well as be a leader in the WAN market. This ensures that they will have the capability to meet your current and future requirements for the entirety of your SD-WAN project.
Learn what to look for in an SD-WAN vendor with our guide How to Create an RFP for SD-WAN Solutions >
Riverbed SteelConnect delivers all of the SD-WAN functions and benefits discussed on this web page. SteelConnect also provides capabilities that set it apart from other SD-WAN products.
Riverbed SteelConnect makes connecting branch offices to the Cloud easy with secure, one-click connectivity to AWS and Microsoft Azure. You have the ability to create a VPN across the Internet as well as the AWS Direct Connect, Microsoft Azure ExpressRoute, and Microsoft Azure Virtual WAN services.
Riverbed also offers cloud-native, SD-WAN gateways that run on AWS and Microsoft Azure. Our SteelConnect gateways can be found in the AWS and Azure marketplaces.
We give you the ability build a centrally-managed, unified fabric that connects clouds, data centers and branch offices with:
Policies written in the SteelConnect Manager console can be applied globally across clouds, data centers, WAN, wired & wireless LAN to ensure consistency. You can also limit the scope application for any policy to just one or a few sites.
Network management policies are written in intuitive language that refers to applications, devices, users, groups, locations, and more. This use of natural language in SteelConnect Manager not only speeds the creation of policies but also makes them easy to understand when revisited at a later date.
Many SD-WAN vendors can offer only limited, network-focused monitoring tools. Riverbed SteelCentral gives you real-time performance visibility all the way from Edge sites and data centers into the Cloud.
Our DEM (Digital Experience Management) tools present integrated, real-time data from user devices, networks, other infrastructure, and applications in a single pane of glass. This give you the ability to proactively identify a performance issue, quickly troubleshoot the cause, and take action to ensure that application users stay productive.
Riverbed gives you to option to seamlessly combine SD-WAN with WAN optimization. SD-WAN uses dynamic path selection to steer network traffic onto the WAN links that perform best. But that won’t help if all links are bandwidth-constrained or exhibit high latency. WAN optimization can dramatically reduce bandwidth requirements and mitigate the effects of latency. With a blend of SD-WAN and WAN optimization, you can do much to assure the performance of networks and applications.