Software-Defined WAN: A Primer

Enterprise WANs are costly and complex to manage. SD-WAN technology can help by automating the configuration of WAN edge routers.

Ethan Banks

September 9, 2014

7 Min Read
Network Computing logo

In the world of software-defined networking, the focus has been on the data center. SDN in the data center has enabled integration with automated systems, allowing enterprises to build virtual networks, provide micro-segmentation, and integrate service chaining. That functionality has demonstrated SDN's value and brings networking a step closer to the automated world enjoyed by virtualization professionals for many years.

However, the data center is not the only part of IT that could use a software-defined hand. Enterprise wide area networks are sources of cost and complexity. Stitching together remote offices via a provider's MPLS network is highly functional -- with L2 or L3 connectivity options and guaranteed privacy and quality of service -- but also expensive. Broadband options lack the rich functionality of a provider's MPLS cloud, but they grant much more bandwidth for the money spent.

Learn more about the software-defined WAN at Interop New York, where Greg Ferro will discuss "How the Software-Defined WAN Changes Everything for the Better." Register now for Interop, Sept. 29 to Oct. 3 in New York City.

Ideally, an organization would be able to use broadband connectivity for most interoffice network traffic while putting only mission-critical or quality-sensitive traffic over private MPLS links. Though it's possible to configure routers to do this sort of hybrid WAN manually using technologies like Dynamic Multipoint VPN, Cisco Performance Routing (PfR), and real-time quality measurements, the resulting configuration is complex. Even with such a WAN implementation, it's unlikely that the initial deployment will be the final one. As application profiles change, WAN router configurations need to be changed to accommodate the current traffic mix.

Here's where software-defined WAN products can help. SD-WAN addresses these challenges by automating the ongoing configuration of WAN edge routers, running traffic over a hybrid of public broadband, private MPLS links, and other WAN links such as LTE. The end result should be an enterprise network edge with these three attributes:

1. Lower cost
With a software-defined WAN, an enterprise should be able to rely more on broadband and less on private links. Broadband won't provide quality guarantees, so the SD-WAN will take active measurements between endpoints to know whether the broadband link is capable of carrying, say, voice or video traffic reliably. As Skype users know, it's entirely possible to run voice and video over the public Internet.

That said, SD-WAN can handle those occasions where broadband quality is inferior and shunt traffic over the private link with guaranteed quality only as needed. As a result, organizations should be able invest in larger, cheaper broadband links and minimize the size of their expensive private links.

2. Reduced complexity
Configuring a hybrid WAN by hand is a challenge. Routing protocols, unless influenced by an outside source, choose a single best path to get between two sites and stick with it. Routing protocols don't react to changing network circumstances such as packet loss, excessive jitter, or congested links; routing protocol metrics simply don't include that sort of information in their best path calculations. Measurement techniques like IP SLA or PfR can artificially change metrics or otherwise override the normal behavior of a routing protocol, but these are tricky tools to configure.

SD-WAN handles this work for an organization in an automated way, routing and rerouting traffic dynamically based on the current state of the network. The IT team tells the SD-WAN application how certain traffic should be treated, and the solution takes care of the rest. To be more precise, the complexity doesn't actually go away -- it's simply hidden by the SD-WAN application doing all of the heavy lifting.

3. Increased flexibility
SD-WAN technology enables the hybrid WAN to react to changing network conditions automatically. That, by itself, means the WAN is flexible in a way that it likely wasn't before. But in addition to that flexibility, an organization gains back time for its IT staff, as well as budget in the form of reduced capex for new circuits and opex for the WAN infrastructure.

Software-defined WAN caveats
Perhaps the greatest challenge when evaluating SD-WAN technologies is the ROI calculation. The capex and opex of the SD-WAN solution will need to be compared to the overall cost of the WAN itself. The idea is that a hybrid WAN that makes heavier use of cheap broadband should allow for smaller private links; some offices might not require private links at all.

As a result, this ROI calculation could reveal that an SD-WAN purchase will pay for itself or even save money. The catch in downsizing or eliminating private circuits is that most carriers lock their enterprise customers in with a multi-year contract. Thus, penalties for early termination or service-level changes could further impact ROI.

Another consideration when evaluating SD-WAN technology is that of vendor lock-in. There are several SD-WAN products, and they are all different and incompatible. Some layer on to a WAN; some replace WAN hardware with their own. An evaluation process should carefully consider the long-term commitment to the vendor.

Closely tied to this is the notion that an SD-WAN solution must be integrated into an organization's WAN. If the product requires hardware replacement, has that hardware already been depreciated? This could be a hidden cost that needs to be considered, beyond the practical operational costs of implementing a new IT solution.

Next: Software-defined WAN products

Several companies have entered the software-defined WAN space. Not all of these companies do the exact same thing, so it's worth investigating each to determine how each company's niche maps to your organization's needs.

  • Cisco Intelligent WAN (IWAN) aims to allow customers to build a WAN fabric across whatever transport they happen to be using such as LTE, the Internet, and private MPLS. Then applications should be delivered with LAN-like performance across that WAN fabric. This lofty goal is achieved in part through a partnership with Akamai, which is adding global caching to the IWAN solution.

Figure 1:

  • CloudGenix is a startup still in early stages but will offer an SD-WAN product that supports dynamic, hybrid WAN, as well as centralization of services that often would normally be placed directly in the branch.

  • Glue Networks Gluware Orchestration Engine is an SD-WAN product integrated with Cisco-based WAN infrastructures. Gluware handles the WAN from beginning to end, including policy management, zero-touch provisioning of network hardware, and real-time management of the WAN infrastructure. For example, Gluware can leverage Cisco PfR, saving IT staff from having to configure and manage PfR manually.

Figure 2:

  • Netsocket is focused on WAN for managed service providers. Though this is somewhat different from the typical enterprise SD-WAN use case, Netsocket's architecture could be mapped to certain enterprise models. Netsocket provides a central controller and a small x86 box, which is a network switch, router, and security device that can also host an MSP's application. The idea is to ship the x86 device to a remote site; it will come online and automatically "phone home," having been preconfigured to do so. Once connected to the controller, it will receive policy and be able to route across a hybrid WAN infrastructure with the added benefit of delivering local services.

  • Viptela, a well-funded startup, recently emerged from stealth mode with its Secure Extensible Network platform. Viptela's SEN supports hybrid WAN (or "transport agnostic WAN" in Viptela parlance), highly scalable encryption featuring Viptela's own technology, service chaining, and network segmentation that extends beyond the data center. This is all accomplished through an overlay network managed by a centralized controller and implemented through Viptela's vEdge routers.

Another company to keep an eye on in the software-defined WAN space is Riverbed. Its technology acquisitions has vaulted it from being merely a WAN optimization company to a company that can make any remote location perform like a local one for network, storage, and other services. Though Riverbed hasn't made a specific SD-WAN announcement, the emerging SD-WAN market matches up well with its product set. As Riverbed makes its location-independent technologies more easily consumable through APIs and virtual containers, I suspect there will be some alliances formed.

Learn more about the software-defined WAN at Interop New York, where Greg Ferro will discuss "How the Software-Defined WAN Changes Everything for the Better." Register now for Interop, Sept. 29 to Oct. 3 in New York City.

About the Author(s)

Ethan Banks

Senior Network ArchitectEthan Banks, CCIE #20655, is a hands-on networking practitioner who has designed, built and maintained networks for higher education, state government, financial institutions, and technology corporations. Ethan is also a host of the Packet Pushers Podcast. The technical program covers practical network design, as well as cutting edge topics like virtualization, OpenFlow, software defined networking, and overlay protocols. The podcast has more than one million unique downloads, and today reaches a global audience of more than 10,000 listeners. Also a writer, Ethan covers network engineering and the networking industry for a variety of IT publications and is editor for the independent community of bloggers at

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
More Insights