By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
448,470 Members | 1,068 Online
Bytes IT Community
Submit an Article
Got Smarts?
Share your bits of IT knowledge by writing an article on Bytes.

The Many Meanings of SD-WAN

DaveGreenfield
P: 2
The tissue industry has Kleenex, and the bandage industry has Band-Aid. For the networking industry, SD-WAN has become the generic term for every new WAN development, be it Internet-based backbones or cloud-WAN integrations. SD-WAN is invariably “good” and “new,” but what exactly does it mean? Here are seven colloquial definitions:

1.Internet Backbone

This is the original SD-WAN. Businesses equip locations with one or more broadband or wireless Internet services. These services are aggregated by an SD-WAN appliance (or software) at the branch or data center and presented to users as a single pipe. On the WAN, these appliances build a mesh of tunnels across the Internet and gather latency and packet loss data about underlying Internet connections. This information, along with preconfigured application policies, is used to route incoming packets to the best available connection. Internet Backbones offer an affordable alternative to MPLS but are often unreliable across global WANs.

2. Hybrid WANs

These augment MPLS with direct Internet access. Companies add broadband or wireless Internet to MPLS-connected locations. The SD-WAN node selects the most appropriate connections (MPLS or Internet) based on predefined application policies and real-time conditions. Hybrid WANs are particularly attractive for migrating off MPLS or reducing MPLS costs, but without an SLA-backed alternative, customers remain bound to their MPLS provider.

3. MPLS Replacement

This eliminates MPLS from the WAN, replacing it with a low-cost, SLA-backed alternative. Internet performance is too unpredictable across global connections, however, particularly for real-time applications. As a result, many SD-WAN customers keep their MPLS services. With MPLS Replacement, providers lease inexpensive, SLA-backed capacity across Tier-1 backbones. This allows them to provide enterprises an affordable alternative to MPLS that also comes with service guarantees.

4. Secure Direct Internet Access

Also known as Internet breakout, this provides secured, remote access to the Internet. An encrypted tunnel connects a location to the cloud, where advanced security services – such as next-generation firewalls (NGFW), IDS/IPS, anti-malware, and URL filtering – are applied to all Internet traffic. This way, locations are protected without purchasing and maintaining a sprawl of security appliances for each site. Companies also avoid backhauling traffic to a datacenter and consuming valuable MPLS bandwidth or introducing latency through the “trombone” effect.

5.Secure WAN

This minimizes the spread of internal threats across the WAN. Like Secure Direct Internet Access, Secure WANs apply advanced security services to traffic. But in this case, the traffic is between locations. All site-to-site traffic on the Secure WAN can be inspected, preventing attackers from compromising a location and threatening the entire company.

6. SaaS Optimization

This uses SD-WANs to improve the performance of SaaS applications. Instead of routing SaaS traffic across the Internet, the SD-WAN directs SaaS traffic to the SD-WAN node closest to the SaaS vendor’s datacenter. SD-WAN’s optimized routing and packet loss elimination techniques create a faster path than relying on Internet peering. Though SaaS applications generally work fine across the Internet, optimization is particularly helpful in certain cases:

● Office 365 – With Office 365, Microsoft locates the company datastore closest to the location initially registered for the service. As such, out-of-region offices and remote users can find their traffic crossing many hops, incurring significant Internet latency.

● Large file transfers – As latency and packet loss increase, throughput decreases. Reducing latency caused by poor routing can significantly shorten file transfers.

● Salesforce.com – Some SaaS applications have features difficult to leverage on the Internet. Salesforce.com, for example, allows companies to restrict access to certain IP addresses, which is a very helpful security feature. But when users access the Internet directly through their ISP, IP addresses are assigned dynamically, making this feature unusable. By bringing mobile traffic back to the SD-WAN, even users outside the office can be given IP addresses within the designated range.

7. Multi-cloud and Hybrid Cloud Integration

These integrations allow users to access resources in one or more clouds, as they would with any resources on the WAN. Normally users must connect and reconnect to clouds to access corporate resources. With Multi-cloud Integration, the SD-WAN extends to multiple public clouds, such as AWS and Azure. Hybrid Cloud Integration means the SD-WAN extends to both a public cloud and a company cloud. Alone, SD-WANs link only locations, not necessarily cloud resources.

Dave Greenfield is a secure networking evangelist at Cato Networks
May 24 '17 #1
Share this Article
Share on Google+