What is SD-WAN (Software Defined – Wide Area Network)?

· >

In this article we will learn about what is SD-WAN, how it is different from MPLS / legacy WAN, Why we need SD-WAN & what are differences & similarities in SD-WAN & SDN. So lets get started.

A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that permits enterprises to leverage any combination of transport services – including MPLS, LTE and broadband internet services – to securely connect users to applications.


An SD-WAN uses a centralized control function to securely and intelligently route traffic across the WAN. This enhances application performance and provides a high quality user experience, resulting in increased business productivity, agility and lessened costs for IT.

How SD-WAN different from Traditional WAN?

Traditional WANs based on conventional routers were never designed for the cloud. They typically require backhauling all traffic – including cloud- destined traffic – from branch offices / spokes to a hub or headquarters data center where advanced security inspection services can be applied. The delay caused by backhaul affects application performance resulting in a poor user experience and less productivity.

Unlike the traditional router-centric WAN architecture, the SD-WAN model is designed to fully support applications hosted in on premises data centers, public or private clouds and SaaS services such as Salesforce.com, Workday, Office 365 and Dropbox, while delivering the highest levels of application performance.

Why do we need SD-WAN?

Software-Defined Network enables enterprises to optimize their use of connectivity. Delivering a dynamic path among transportation options — FTTH, MPLS, 4G/5G, or broadband, it intelligently routes traffic across the WAN allowing users to connect to any application from the data center to the cloud, no matter where it resides.

SD-WAN provides multiple rich features

  1. Remotely configure / provision devices from anywhere in WAN which reduces costs while increasing productivity, in legacy WAN manual provision is required. Most basic SD-WAN offerings provide some level of zero-touch provisioning. However, basic SD-WAN solutions do not always provide full end-to-end orchestration of all WAN edge functions such as routing, security services including service chaining to advanced third-party security services and WAN optimization. When enterprises deploy new applications or when a QoS or security policy change is required, a business-driven SD-WAN supports centralized configuration, enabling the required changes to be deployed in a few minutes instead of weeks or months.
  2. Multi Links Load balancing on multiple ISP links without need of redundant external router / switches. A key benefit of an SD-WAN solution is the ability to actively use multiple forms of WAN transport. A basic solution can direct traffic on an application basis down a single path, and if that path fails or is underperforming, it can dynamically redirect to a better performing link. However, with many basic solutions, failover times around outages are measured in tens of seconds or longer, often resulting in annoying application interruption. A business-driven SD-WAN intelligently monitors and manages all underlay transport services. It can overcome the challenges of packet loss, latency and jitter to deliver the highest levels of application performance and QoEX to users, even when WAN transport services are impaired. Unlike a basic SD-WAN, a business-driven SD-WAN handles a total transport outage seamlessly and provides, sub-second failover that don’t interrupt business-critical applications such as voice and video communications.
  3. Intelligent Routing: Prioritize network traffic based on performance indicators for best class of experience.
  4. Centralized Management: Manage multiple branch offices connectivity from a single pane of management console with increased control & visibility
  5. Security: SD-WAN Supports state of the art security features (p2p tunnels, Access Control, IPS, botnet prevention, VPN, network Anti-virus etc.) that safeguards critical infrastructure.
  6. Scalability:  Can grow according to needs with horizontally & vertically scaling.
  7. Continuous Self-Healing: A basic SD-WAN solution steers traffic according to pre-defined rules, usually programmed via templates. A business-driven SD-WAN, delivers optimal application performance under any network condition or changes including congestion and when impairments occur. Through continuous monitoring and self-learning, a business-driven SD-WAN responds automatically in real-time to any changes in the state of the network. A business-driven SD-WAN continuously adapts to changes in the network, automatically adapting in real time to any changes that could impact application performance, including network congestion, brownout and blackout conditions, allowing users to always connect to application without manual IT intervention. For example, should a WAN transport service or cloud security service experience a performance impairment, the network automatically adapts to keep traffic flowing while maintaining compliance with business policies.

How is SD-WAN different from VPN?

While basic SD-WANs provide the equivalent of a VPN service, a business-driven SD-WAN provides more comprehensive, end-to-end security capabilities. In addition to supporting a stateful zone-based firewall, the SD-WAN platform should orchestrate and enforce end-to-end micro-segmentation spanning the LAN-WAN-Data center and the LAN-WAN-Cloud. Centrally configured security policies are far more consistent due to fewer human errors than with a device-centric WAN model or a basic SD-WAN model that often require configuring policies on a device-by-device basis. If a policy requires a change, it is programmed centrally with a business-driven SD-WAN and pushed to 1000s of nodes across the network, providing a significant increase in operational efficiency while reducing the overall attack surface and avoiding any security breaches.


What is the difference between SDWAN and SDN?

Primary difference between SDWAN and SDN is the way they are used but there are other parameters difference tabulated below.

Deployed in branch offices and data centersMainly used in data centers
Centralized orchestration, control and zero-touch provisioningCentralized orchestration and control
Off-the-shelf x86 appliances – physical, virtual, cloudVariations of commodity and specialized switching hardware
Savings come from leveraging lower WAN transport and infrastructure costs and improved operational efficienciesSavings come from improved operational efficiencies

Both SDN and SD-WAN are based on the same methodology of separating the control plane from the data plane to make networking more intelligent. Architecturally they are similar in many ways:

  • Centralized management or orchestration – the control plane
  • Distributed data forwarding function – the data plane
  • Application-driven traffic routing policies

In this article we have learnt about what is SD-WAN, how it is different from MPLS / legacy WAN, Why we need SD-WAN & what are differences & similarities in SD-WAN & SDN. Hope this has been informative for you, If you liked the article, like our facebook page.

Notify of
Inline Feedbacks
View all comments