Home / Commentary / Software Defined WAN: the Wide Area Network is getting a facelift

Software Defined WAN: the Wide Area Network is getting a facelift

The Networking world is being bombarded by so many “new” technologies that it is difficult to keep up with them all, from Software Defined Networking (SDN) to Network Function Virtualization (NFV) and now Software-Defined Wide Area Network (SD-WAN). At the center of all these technologies is a focus on software versus tightly-knit hardware/software combinations. In this article, we will be discussing SD-WAN and see if it is really something new or just hype around a repackaged product(s).

What is a WAN?

A simple definition of a Wide Area Network (WAN) is a collection of Local Area Networks (LANs) separated by geographical location. Even though when we talk about WANs, we usually refer to Private WANs wholly owned by organizations (i.e. under the same administrative domain), we also have Public WANs and the Internet can be considered as one big WAN.

In this article, we will be discussing concepts that mostly apply to Private WANs. For example, a bank with several branches across the country will normally have a WAN that connects its branches (remote sites) to its HQ or Data Center (hub site). Traditionally, remote sites connect to the hub through private links/leased circuits/MPLS even though other forms of connectivity like Internet may also be used for backup purposes.

Traditional WAN. Router Freak

What is SD-WAN?

There is really no standard definition for SD-WAN and whatever definition you get will be dependent on the vendor defining it. Generally speaking, looking at the various SD-WAN products/services available from different vendors, we can come up with certain characteristics of SD-WAN including:

  • Centralized Control
  • Multiple WAN Links
  • Path Optimization
  • Reduced Costs
  • Quick Provisioning
  • Unified Devices

Centralized Control

SD-WAN is an application of SDN whose main aim is to decouple the control and data planes of networking devices. Usually, this involves a centralized controller that has a bird-eye view of the network and can instruct forwarding devices on the best line of action to take for different types of traffic.

In the same way, SD-WAN aims to bring centralized control to the WAN edge through some form of controller or orchestrator that can route traffic intelligently. This will also reduce administrative burden at the branch/remote sites as management can be done from the HQ/Hub site, leading to the minimal or zero-touch configuration on remote devices – they just need to connect to the controller and automatically get the appropriate configuration.

Multiple WAN Links

Many SD-WAN products offer the ability to aggregate multiple WAN links of varying technologies like MPLS, Internet (broadband), 3G and so on, resulting in a type of Hybrid-WAN design. Therefore, we can say that SD-WAN is agnostic to the transport layer (i.e. type of connection) and usually builds some form of overlay network between the remote site and the hub.

While this type of design is not new to the WAN, it was usually done in an active/standby fashion where the private line/leased circuit/MPLS link was used as the primary link and the other link (e.g. Internet link with VPN) is only used for backup purposes. With SD-WAN, multiple links are used in an active/active fashion with policies defined (on the controller) to determine what type of traffic should use which link.

Path Optimization

With SD-WAN, there is real-time, dynamic path optimization of traffic. For example, the controller can monitor various things like delay, jitter, etc on a link and decide that certain traffic will be better forwarded through another link to maintain the necessary level of quality for that traffic. In some cases, these SD-WAN products can even use various techniques like Forward Error Correction in a bid to increase the reliability of data.

Reduced Costs

One of the main selling points of SD-WAN is the fact that you can replace (or supplement) your expensive MPLS WAN links with less expensive Internet links (with security e.g. VPN) and still get the same experience. These Internet links are usually 100 times less expensive than MPLS links and even though they do not provide the corresponding guaranteed Service Level Agreement (SLA) or Quality of Service (QoS), by using various techniques like aggregation and optimization, they will serve as a good enough replacement.

Author’s note: This particular point is not a reality in most parts of Africa (e.g. Nigeria) where the cost of an Internet link is usually more than that of corresponding leased circuit/MPLS.

Also, some SD-WAN vendors offer their products as virtual machines that can run on commodity hardware (e.g. x86 servers) thereby eliminating (or reducing) the cost of purchasing proprietary and usually expensive hardware.

Quick Provisioning

A corresponding characteristic of SD-WAN using Internet links is that it is usually easier and faster to get Internet links than it is to bring up MPLS links at remote sites. By leveraging on this fact, it means branch offices can be brought online faster than they would be using traditional MPLS links.

Unified Devices

Most of the characteristics of SD-WAN that we have described can be achieved with existing technologies (e.g. DMVPN, IPsec, NHRP, Policy-Based Routing (PBR), Routing protocols). However, many SD-WAN products provide all these features in one box usually with automated deployment, meaning that all the heavy lifting has already been done for you.

SD-WAN. Router Freak

Examples of SD-WAN Products

There are several vendors in the SD-WAN space, both newcomers (e.g. VeloCloud) and industry titans (e.g. Cisco). The list here is not exhaustive and only provides a handful of SD-WAN products that have flooded the market.

Silver Peak

Silver Peak Unity EdgeConnect SD-WAN Solution consists of three products:

  • Unity EdgeConnect which is like a WAN router that can be deployed as a physical appliance or a virtual appliance
  • Unity Orchestrator (the controller)
  • Unity Boost (optional WAN optimization)

They have a video here showing their dynamic path control for various types of traffic over both MPLS and Internet links.


Cisco Intelligent WAN (IWAN) basically uses existing Cisco infrastructure (Cisco Integrated Service Routers) along with well-known technologies like:

  • Dynamic Multipoint Virtual Private Network (DMVPN) to build overlay
  • Cisco Performance Routing (PfR) for intelligent path control
  • Cisco Application Visibility and Control (AVC) and Cisco Wide Area Application Services (WAAS) for application optimization, and
  • Cisco IOS Firewall/IPS for Secure connectivity

Management platforms for Cisco IWAN include the IWAN Application for the Cisco Application Policy Infrastructure Controller – Enterprise Module (APIC-EM) and LiveAction LiveNX.

Note: The general consensus is that Cisco IWAN is complicated and difficult to set up because of the many technologies that you have to configure.

Cisco also recently acquired Viptela to boost its SD-WAN offering. Time will tell if they will completely replace their Cisco IWAN with Viptela.

If you are interested, there are several Cisco IWAN demos available for those with (free) Cisco.com accounts. Some demos here: demo1, demo2 and demo3.


VeloCloud SD-WAN Solution consists of the VeloCloud Edge which sits at the branch like a router, the VeloCloud Orchestrator (i.e. the controller) and a distributed network of VeloCloud Gateways to provide optimized data paths.

They have a video here showing how easy it is to set up the VeloCloud Edge in a branch.

Challenges of SD-WAN

As with any technology, especially a new technology like SD-WAN, there are a couple of challenges including:

  • Security: By using Internet links, those remote sites become more susceptible to attacks like Denial of Service (DoS) attacks unlike on private MPLS links.
  • Reliability: Generally speaking, Internet links are usually delivered as “best effort” service – there is no guarantee that your data will get to its destination. Also, if the link goes down, there is only so much you can do because SLAs are not guaranteed. This can be a problem for mission-critical applications. One way to reduce the risk of this issue is to use multiple ISPs.
  • Vendor Lock-in: One of the aims of SDN is to reduce vendor lock-in. However, with many of the various SD-WAN products using proprietary technology for various aspects (e.g. overlay, path control), vendor lock-in is probably inevitable.
  • Support: When something goes wrong with IPsec, you can troubleshoot and probably find the problem because it is a documented standard with many years of deployment. In the case of SD-WAN with many vendors using proprietary technology, support may be a nightmare if something ever goes wrong.
  • Interoperability: While it may be easy to install an SD-WAN device in a new branch (as long as the device supports the terminating connection method e.g. Ethernet), deploying SD-WAN in existing locations may be more difficult because of interoperability issues with the devices already in use at those locations.


SD-WAN offers some really cool benefits especially for people with a large number of remote sites and not as many staff to administer those sites. The administrative burden is reduced and in some cases, nothing needs to be done at the remote site except to plug in the device. It also offers cost savings (in some cases) as Internet service is usually less expensive than private MPLS links.

However, SD-WAN is not without its challenges including those of security, reliability, and interoperability and before going for an SD-WAN solution, you may want to consider how they solve these issues.

Some SD-WAN products discussed in this article include Silver Peak, Cisco IWAN, and VeloCloud.

About Adeolu Owokade

Adeolu Owokade is a technology lover who has always been intrigued by Security. He has multiple years of experience in the design, implementation and support of network and security technologies. He's a CCIE (Security) with a new found love for writing and teaching. He is currently working on a startup that teaches kids practical technology skills such as coding and robotics.

Check Also

7 reasons to date a network engineer

7 Reasons Why You Should Date A Network Engineer

Should you date a Network Engineer? They are often considered as ‘nerds’, and people outside …

One comment

  1. Charles Oluwole Ayodele

    Well delivered and straight to the point.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.