ICTShore.com

We re-branded, ictshore.com is now accelerates.it!

What is SD-WAN (Software-Defined WAN) in simple terms

What is SD-WAN (Software-Defined WAN in simple terms).

Share This Post

SDN is quickly becoming mainstream technology. In fact, it allows you to simplify networking. SDN is a whole new way of thinking about networking, and it has several branches. Software-Defined WAN is one of them, although not the most popular (the title goes to the data center). Sometimes, there is some confusion about SD-WAN, and not everyone knows what possibilities and limits it has. In this article, we will see what is SD-WAN, and what are its features.

A few words on “traditional” WAN

WAN is the acronym of Wide Area Network. It represents the cluster of technologies you use to connect different locations that are apart from each other. You may use Frame Relay (even if its very old), MPLS, or plain Internet. Nothing so fancy here: once you have the WAN ready, locations can talk to each other, and nothing else. Sometimes, a link will go down for a reason or another and the site will be isolated. Of course, you can add redundant links but no more than that.

WAN is a simple way to allow communication, a way that may be good for most of us. However, its simplicity has several limits that we will discover as we discuss the features of SD-WAN. If you want to learn more about traditional WAN, check out these WAN technologies.

What is SD-WAN

The Overlay

SD-WAN is a technology that runs on top of traditional WAN. Of course, WAN is a hardware connection and we cannot create a software connection without having some hardware under the hood. Thus, SD-WAN is a technology that controls multiple WAN technologies to achieve advanced features. This is possible by creating several overlays.

SD-WAN is based on the concept of overlay to create custom routing policies.
The SD-WAN Overlay virtualizes the physical network below it.

One overlay is a virtual network that runs on top of the physical network. Think of it as a set of IPSec VPNs that run on top of your private WAN. At first, it might look confusing or even unnecessary. However, once we dive deeper into this setup we will see the reasons for it.

Using multiple SD-WAN Overlays

If you run as ingle SD-WAN overlay there is no point in using SD-WAN. In fact, it cannot bring any improvement to your connection, as you will always end up on the same physical link. Instead, things start to get more interesting by combining multiple overlays.

Having multiple overlays means having multiple networks, that you can create and destroy at will. An enterprise is likely to have several sites, that can then connect using different overlays. Instead of having a flat network, you can shape a more complex design where only some sites talk with some others. You can create separate networks as well, each containing a few sites.

You can also mix things up, increasing flexibility. In a site, you are going to have many LANs, and you can propagate some to some sites, and some to others. Even better, you can achieve this level of granularity with no intervention from your provider.

Multiple overlays are at the foundation of SD-WAN
The more overlays you have, the more advanced the policies can be. Here the light-blue networks are seen by all sites, while the green networks do not reach C.

Besides the granularity of control and policies, SD-WAN brings another major benefit to the table. It abstracts the network so that devices in the LAN do not know any more about the physical WAN. They know about the SD-WAN overlays. As a result, you become independent of the underlying technology. Even better, SD-WAN can dynamically divert traffic to the most performing link.

SD-WAN with DMVPN

Okay, at this point we know the benefits of having multiple network overlays. But, how do we achieve it? Each vendor has its solution to have multiple SD-WAN overlays. However, Cisco is probably leading the way with its DMVPN: Dynamic Multipoint Virtual Private Network. We talked in detail about it when we covered WAN technologies.

DMVPN leverages Tunnel technologies like GRE and IPSec to create virtual point-to-point links between sites. In normal VPNs, the administrator prepares these tunnels statically. Instead, with DMVPN the network has a central hub accepting connections. All other routers in remote sites initially create a tunnel to the hub, forming a hub-and-spoke topology. At this point, they can reach all other sites through the central hub. However, as soon as they start making traffic, the hub informs the two communicating remote sites about the details of the other remote site. Then, they establish another tunnel directly between each other, without talking through the hub.

DMVPN is the way Cisco decides to implement SD-WAN to create dynamic overlays.
DMVPN allows the creation of dynamic tunnels.

In the end, we achieve a partial or even full mesh topology if needed. You can have one DMVPN hub for each overlay, and create as many DMVPN networks (overlays) as you’d like.

Conclusion

This brief article explained the potentialities of SD-WAN and the technology behind it. SD-WAN enables flexibility and granularity like never before, easing the management as well. However, it adds additional costs and network overhead (because of the tunnels).

Now, we have the tools to evaluate if an SD-WAN solution will suit our business, and define how we can integrate it. What do you think about SD-WAN? Let me know your opinions in the comments.

Picture of Alessandro Maggio

Alessandro Maggio

Project manager, critical-thinker, passionate about networking & coding. I believe that time is the most precious resource we have, and that technology can help us not to waste it. I founded ICTShore.com with the same principle: I share what I learn so that you get value from it faster than I did.
Picture of Alessandro Maggio

Alessandro Maggio

Project manager, critical-thinker, passionate about networking & coding. I believe that time is the most precious resource we have, and that technology can help us not to waste it. I founded ICTShore.com with the same principle: I share what I learn so that you get value from it faster than I did.

Join the Newsletter to Get Ahead

Revolutionary tips to get ahead with technology directly in your Inbox.

Alessandro Maggio

2019-01-03T16:30:28+00:00

Unspecified

Networking

Unspecified