We’ve been discussing using the Internet as part of your overall wide area network (WAN) strategy. One of the questions I get asked with some frequency is something along the lines of “Steve, how does a software-defined WAN (SD-WAN) differ from a hybrid WAN and how’s that different from what I’ve been doing until now?” Let me see if I can provide some context.
Businesses have typically connected their branch offices through private data services, such as MPLS and leased lines. Where the Internet has been used, it’s generally because either a private data service was:
• too expensive,
• unavailable, or
• important enough to warrant a backup connection.
Designing the network for the cloud
But increasingly IT executives are wondering whether that model continues to be effective. More enterprise applications have shifted to the cloud. It makes less sense to bring traffic back to a central hub and then send the traffic onto the Internet than it does to send the Internet-bound traffic directly onto the Internet. Yes, there are security implications, and those need to be addressed, but the principle remains true.
Enterprises are also fed up with the cost and provisioning delays of MPLS services. They look at the relatively low cost of Internet bandwidth as compared with MPLS bandwidth and the speed at which it takes to install a connection and, again, wonder why MPLS can’t be more like that.
At the same time, Internet performance has improved dramatically over the years, narrowing the performance gap with MPLS. In fact, when speaking with enterprises at the Open Networking User Group (ONUG) show in New York, there seemed to be a consensus that Internet performance was “good enough” for many business applications.
Security, Control & Visibility into the WAN
An SD-WAN gives enterprises the security, control and visibility to use the Internet. SD-WANs locate hardware or software nodes at each location and the cloud. These nodes form virtual overlays across underlying transport services. Traffic routing and path selection is not done at the IP layer, but by the SD-WAN based on user-defined policies. All SD-WANs today will operate across Internet connections, such as 4G, xDSL, and cable, most will also operates across private data services, such as MPLS.
At a minimum the SD-WAN nodes:
- Gather and share statistics regarding their locally attached services providing a map of the performance conditions across the virtual overlay
- Provide application intelligence within those nodes to identify the application traffic flows as they enter the SD-WAN
- Manage the customer defined policies to determine how to steer those application flows, defining the network conditions that will be used to identify the best path across the virtual overlay
- Perform traffic steering or dynamic path control to direct traffic to the best available path
SD-WAN or Hybrid WAN?
An SD-WAN should be independent of the underlying services, but that’s not always the case. A hybrid WAN describes the specific use of a mix of Internet and private data services, such as MPLS. Unlike many offices today that have an active MPLS connection and a passive Internet connection, hybrid WANs will typically utilize both connection. They’ll run active-active and rely on the SD-WAN’s intelligence to distribute the traffic.
Simple, right? SD-WANs and hybrid WANs make sense for many companies, but there are significant differences between implementations.