There has been a lot of hype in the past couple of years around SD-WAN. Most people talk about it as being the “new WAN”.
While SD-WAN is great, it’s not necessarily the right solution for everyone. If we are not careful when it comes to analysing all the network requirements, we might find the dream SD-WAN solution turn into a nightmare.
If we look at a traditional WAN that utilises MPLS, the key point of difference is it’s a completely private network. And because it’s private, it’s much more predictable and reliable. We know exactly how the traffic will get from A to B because we can control it. We can also define rules to prioritise some types of traffic over others (such as real-time voice traffic over internet browsing). A private network is also more secure in the sense that the data is not going across the internet.
Traditional WAN can still access the internet but usually via a centralised access through a firewall. That means all sites will use a single “exit point” to the internet. There are pros and cons to that. The pros are that we can utilise the internet resource better by having a pool of bandwidth that everyone shares. The main con is that if that centralised internet gateway has a problem then all sites lose internet connectivity (unless a secondary internet service is in place).
SD-WAN on the other hand will either use internet only services or a mix of internet and private links. In this scenario, all sites have direct access to the internet. The communication between sites is established using virtual connections over the internet (VPNs). The main issue here is that the internet is inherently a ‘best-efforts’ service. Once the traffic is on the internet there are no guarantees. That can become a problem for real-time traffic or highly sensitive data.
As I mentioned before, in some cases a mix of internet and MPLS is used. That way sensitive traffic can still be sent via the private link and all other less important/sensitive traffic uses local internet access. This setup is very popular in places were MPLS is still a lot more expensive than internet, like in Europe. By using this architecture, you can buy a small amount of more expensive MPLS capacity for the critical traffic and buy cheap internet capacity for everything else. In New Zealand, however, MPLS and internet services don’t differ in price a lot which makes the use case above irrelevant.
So why would someone move to SD-WAN? Well, there are also a lot of advantages in the SD-WAN solution. One of the main ones is visibility. SD-WAN provides unmatched visibility to the network and application traffic using a very user-friendly portal. Users will have granular information about types of applications being used and how much bandwidth is being consumed by each application. Because of the level of visibility provided, it is also quite simple to perform some high-level troubleshooting to identify potential issues on the network.
The management of all devices on the network is also done via the portal. That is particularly helpful if the network changes constantly. Instead of having to remote connect to every single device to change its configuration (like on the MPLS solution), with SD-WAN the network administrator has access to all devices and can even push changes to several devices at the same time.
Another main differentiator is ease of scale. With SD-WAN we can create configuration templates and apply that configuration to the device using the portal even before the device has physically arrived. Once on the device, all that is required is to plug the device into the internet service and it will download the configuration automatically.
With all these variables, how do we choose between the two?
If you are considering a move to SD-WAN, ask yourself:
- Where are your applications hosted? On-premise, cloud or hybrid?
- Are there any real-time applications that might suffer from the ‘best-efforts’ characteristics of the internet? For example, those where low latency is critical.
- Is there any highly sensitive information that you are not comfortable sending over the internet?
- Do you have in-house resources that will be able to take advantage of the visibility and control that SD-WAN offers?
The most obvious fit for SD-WAN is companies that host all applications in the cloud. These applications are usually built specifically to work with internet limitations.SD-WAN can also be a good fit for a hybrid environment where most applications are in the cloud and the on-premise applications would have acceptable performance over the internet.
Some reasons NOT to move to SD-WAN:
- Most/all applications are on-premise, and you don’t have a cloud strategy/roadmap
- You want to save money by moving to SD-WAN. While internet services are still slightly cheaper than MPLS, the SD-WAN hardware and licencing is usually more expensive. At the end monthly expenditure will be about the same.
- You want to move to SD-WAN because it is a new technology and should perform better than MPLS.As discussed above, in most cases MPLS will perform better even although it’s a much older technology.
If you still aren’t sure whether SD-WAN is right for your business, my advice is simple: ask an expert.