SD-WAN: benefits, guidance and perspectives
SD-WAN (Software-Defined Wide Area Network) is drastically transforming the way companies design, deploy and manage their wide-area network infrastructures. This technology is perfectly suited to replacing traditional rigid architectures with a programmable, automated, application-centric approach. It enables secure connection via an IT hybrid system, and optimizes the flow of data across different WAN links in real-time.
SD-WAN: what you need to know
Definition and how it works
An aged network is a major barrier to a company's development. SD-WAN is a major evolution in WAN technologies. Its architecture separates "network intelligence", i.e. the control plane, from the data plane, i.e. traffic routing.
Its virtualized approach, supported by centralized, fully programmable management of the WAN infrastructure, makes it a particularly flexible resource. It brings a software-based approach to WAN management. Where a conventional WAN solution involves individual configuration, SD-WAN relies on a centralized controller. It defines and applies routing, security and QoS policies to the entire network.
Continuous analysis of the status of available connections (Internet, MPLS, 4G or 5G mobile network), allocates traffic according to application needs and network quality, in real time.
SD-WAN addresses the current issues facing hosting providers like UltraEdge, with the implementation of Edge Data Centers. It reduces operating costs while improving resource utilization in multi-site deployments. Orchestration and virtualization are two of SD-WAN's operating principles, giving it unprecedented agility! While virtualization creates a logical, unified infrastructure, orchestration automates the configuration, deployment and management of network services via the virtualized infrastructure.
How does it differ from conventional networks?
The evolution of new technologies and the growing demand for connectivity, which implies increased data security, has led to a rapid, cloud-oriented evolution in data centers. This has accelerated the advent of SD-WAN, which is revolutionizing traditional WAN architectures. The approach in terms of architectures is totally different between a traditional network and SD-WAN.
Where a traditional WAN operates according to a hardware logic, where each piece of equipment (router, switch) has its own intelligence and requires manual configuration. This is static or rigid in most cases, and not very reactive to changing network conditions or fluctuating application needs.
The abstraction layer induced by SD-WAN decouples network intelligence from hardware.
Each policy is defined centrally and distributed to all equipment, guaranteeing global consistency that cannot be achieved with a distributed configuration. This makes it easier to automatically deploy sites or apply a change in data policy, for example.
Finally, application orientation is a key distinction. Whereas in a traditional network, packets are managed according to IP addresses and ports, SD-WAN will understand the nature of the applications that drive the traffic. Specific rules can be assigned to a videoconference, a file transfer or a sensitive transaction, optimizing the user experience for each type of usage. This contextual intelligence transforms the network into a true application services platform.
Architecture and key components
Three fundamental components form a consistent & flexible ecosystem. Here they are:
● The management plan.
Represented by a centralized controller (usually hosted in the cloud), it is the system's brain. A unified interface defines data or security policies, for example, visualizes network status, and orchestrates every configuration across the enterprise.
● SD-WAN equipement and devices.
These complement or even replace standard routers. They feature advanced functionalities such as WAN optimization, encrypted traffic or firewall capabilities.
● Analysis and orchestration tools.
For example, data collection at network level offers maximum perf visibility. And, in the process, pinpoint potential problems and automate the most relevant adjustments. Detailed reports are generated along with the programming of complex actions such as the coordinated deployment of new policies or software updates.
SD-WAN vs MPLS: what are the differences?
When comparing SD-WAN and MPLS (Multiprotocol Label Switching), we can see how the network approach has evolved from a technology with a reputation for rigidity (MPLS) to a much more agile technology with better QoS (SD-WAN).
MPLS, a technology that predates the 2000s, offers a connection that remains reliable, with good guarantees for overall performance: bandwidth, reduced latency...
But it does present some serious limitations.
First, cost. While an MPLS link remains significantly more expensive than standard Internet connections, with prices generally proportional to distance and bandwidth, SD-WAN intelligently integrates different link types, including Internet, to optimize the cost/performance ratio according to real needs.
Flexibility is a second major differentiator. Deploying a new MPLS link can take weeks or even months, involving physical interventions and rigid contracts. SD-WAN enables the integration of virtually any type of locally available connectivity, including temporary 4G/5G links, drastically reducing the time it takes to bring a new site into service. This agility is particularly valuable in situations of rapid growth or digital transformation.
It should be pointed out, however, that a hybrid with MPLS, with data routing to the most latency-sensitive applications where performance requires strong guarantees. In contrast, SD-WAN will optimize the use of this costly resource by integrating complementary links for other, less essential types of traffic.
Benefits for business
1. Dynamic optimization of network performance
One of the main benefits of SD-WAN is dynamic optimization of network performance. In a traditional architecture, routing is based on static configurations, whereas SD-WAN continually evaluates the state of the different available paths and adapts its real-time decisions accordingly.
This "smart routing" transforms the user experience and guarantees maximum performance, even in complex or even unstable networks or ecosystems.
Several sophisticated mechanisms are involved in this optimization. In particular, the following two:
● intelligent path selection measures key metrics such as latency or packet loss on each available link, and directs each app flow to the path best suited to its associated requirements.
● failure management is also facilitated with SD-WAN; it automatically switches traffic to alternative paths, often in a very short time and transparently for the user. For the most critical applications, traffic is then duplicated on several links simultaneously.
2. Cost reduction
The economic impact of the SD-WAN approach is clear. We distinguish between the three levers below:
Link diversification.
SD WAN permanently reduces costs. According to a report by the Fortinet security platform, for example, it offers potential savings of thousands of man-hours for staff, and a permanent reduction of 75% compared with WAN maintenance. This can be a very substantial gain in the medium term, especially for global or multi-site organizations.
Operational simplification.
Centralizing management and automating recurring tasks reduces the time spent on network administration. As a result, deploying new sites or proactively diagnosing problems is made simpler, without the need for specific expertise, and no operator dependency is required. According to the previous report, 95% operational savings are achieved with SD-WAN compared to MPLS. And, in fact, optimizes the reallocation of resources towards more structuring applications.
Extended device lifecycle.
A key area for financial optimization, network virtualization partially dissociates logical capacities from hardware limitations.
3. Agility in multi-site environments
Flexibility is a strategic asset of SD-WAN; the infrastructure can adapt flexibly to changes in the organization of each stakeholder.
For example, when a new location or office usually takes several weeks to set up WAN connectivity with an operational site, SD-WAN provides pre-configured equipment. This leverages the quality of every local connection in Edge Data centers. Solutions with "zero touch provisioning" functionality enable equipment, once plugged in, to automatically establish a secure connection with the central controller. Start-up only takes a few hours!
4. Integrated network security
SD-WAN features advanced security functionalities, which respond to the cybersecurity challenges posed by AI and IoT; and increasingly prevalent cyberattacks. In fact, SD-WAN transforms the network from a simple communication channel into a genuine shield, which supports the company's cybersecurity policy.
End-to-end encryption establishes VPN tunnels between the various locations and the host. These are based on protocols such as IPsec, to guarantee data confidentiality. While a traditional VPN is more difficult to deploy for global sites, the SD-WAN approach is native, centrally controlled, ensuring complete coverage with no configuration gaps.
SD-WAN's highly advanced segmentation creates one or more distinct security zones across the entire network, enabling traffic typologies to be isolated according to sensitive applications or their source. In the case of a high-tech industrial IoT terminal, for example, it can be confined to a separate network segment reserved for a specialized team. All propagation risks are significantly limited in the event of data breach. This dynamic micro-segmentation automatically adapts to the movement of users and resources, ensuring consistent security barriers regardless of physical location.
Cloud integration can complete this unified approach. Native interfacing with cloud security services such as CASBs (Cloud Access Security Brokers), secure web gateways or Zero Trust solutions extends the security perimeter to encompass a much more complex digital ecosystem.
SD-WAN features
SD-WAN is a software-based solution that dynamically and intelligently manages network traffic over multiple WAN links with edge data centers. Created to make WAN networks agile, SD-WAN offers several features:
Plug & Play: remote site simplification
The Plug & Play approach meets the challenges of globally distributed organizations, where technological consistency is an issue across multiple locations.
Simplification is boosted by zero-touch deployment. The setup of a new location systematically requires the intervention of an IT technician, for manual configuration of network equipment according to the specificities of the location.
SD-WAN sends out pre-configured equipment, which does not require expert technicians - all that is needed is power and connections. No need for specific local expertise!
The simplicity of Plug & Play eliminates the potential for human error and costly misconfigurations, a source of malfunction in a typically distributed network.
Finally, self-adaptation to local conditions completes this plug & play approach. And accelerates the ROI of new installations.
Integrated firewall and network segmentation
Advanced firewalls and segmentation integrated into SD-WAN solutions distribute optimum security to every network entry point. This guarantees a coherent security network, whatever the location topology.
Going far beyond simple filtering by port and IP address, they are natively equipped with deep packet inspection, application identification and even advanced threat detection capabilities. The result is intelligence that applies granular application-specific security policies in a given context.
With micro-segmentation, categories of users, devices or applications are isolated in distinct segments with security policies specifically adapted to their risk profile. This limits the scope of attacks and restricts their potential impact.
Encryption, VPN and security
Automated encryption is the ultimate defence against any intrusion attempt. Dynamic flow encryption, for example, depending on the critical applications impacted, optimizes the balance between performance and security.
Digital certificates benefit from advanced management, reinforcing security. A sophisticated inter-device correlated authentication mechanism eliminates the risks associated with identity theft or “man-in-the-middle” attacks. Certificates are automatically issued and managed by the central system. This simplifies complex tasks that are critical sources of vulnerability when entrusted to staff.
Last but not least, the integration of Public Key Infrastructures (PKI) completes the picture. An already consolidated corporate PKI can continue to be used during an SD-WAN deployment. This approach is particularly interesting in highly regulated sectors such as finance (FinTech, banking...) or healthcare.
QoS and data centers: how to prioritize traffic?
Combining SD-WAN's advanced Quality of Service (QoS) mechanisms enables traffic to be better managed and prioritized between hosted locations and data centers. The aim is to ensure that each critical application always benefits from adequate bandwidth and performance, regardless of network congestion.
SD-WAN makes it possible to apply tailored policies for each application: strict bandwidth guarantees for critical services, capping for non-urgent, voluminous transfers, or absolute priority for real-time communications.
SD-WAN network congestion management makes it possible to implement techniques such as weighted queueing, traffic shaping or selective packet fragmentation.
This maintains an optimal flow for the highest-priority applications, while avoiding edge effects on less critical services.
QoS orchestration, with dynamic switching between access paths - MPLS, Internet, direct links - makes it possible to meet specific needs while maintaining an optimal experience and boosting the efficiency of network investment.
Ethernet ports, sensors and terminals: how compatible are they?
SD-WAN offers a clear edge in terms of compatibility with various types of equipment and terminals. Flexibility is maximized because new technologies can be integrated gradually, without the need for a complete redesign of the devices used.
SD-WAN instances enable a multitude of interfaces, with Ethernet ports of different capacities (1 Gbps or 10 Gbps, for example) also coexisting with fiber interfaces for connection.
Integration with the IoT (Internet of Things) via sensors enables monitoring systems to generate data feeds with differentiated characteristics. In this regard, SD-WAN ensures that critical sensor data is processed by priority, and limits the significant impact of data transfers on interactive apps.
Interoperability with networks: 4G, 5G WiFi, fiber
SD-WAN fully integrates mobile network connections such as 4G or 5G into its connectivity strategy. As such, it enables optimal connectivity for sites that are temporarily or not at all accessible.
Capacity can also be temporarily boosted, or a redundant path set up in the case of failure of fixed links.
This flexibility is particularly effective in accelerated deployment phases, for example when wireline infrastructures are limited.
Business and consumer connections are harmonized. SD-WAN eliminates the boundaries between dedicated links (MPLS, leased lines) and standard connectivity (fiber, cable, ADSL).
Dynamic WiFi management, whether for employees or visitors, complements this interoperability. By differentiating and prioritizing flows by origin and final destination, high-stakes business applications remain high-performance, whether on a wireless network sharing less critical uses.
SD-WAN specific role in a data center
In a data center, SD-WAN plays a strategic and structuring role in ensuring more agile, secure, high-performance and cloud-native connectivity between sites, users and data centers.
Connectivity between sites and data centers
With the implementation of Edge data centers, UltraEdge makes a strategic contribution to the flexibility of inter-site interconnection management. We can identify two distinct advantages:
Path optimization
The classic pattern is for communications between locations to pass by default via the hub data center, using "hub and spoke" routes, which are not necessarily efficient.
SD-WAN establishes direct inter-site communication and, when relevant, maintains centralized routing regardless of the applications hosted in the data center.
Resilience between multiple data centers
It smartly manages traffic between local site infrastructures. In the event of an incident at an IX data center, flows can be redirected to secondary locations, usually within seconds, and with complete transparency for users.
In this way, a high-availability architecture benefits from the business continuity strategy made possible by SD-WAN.
Intelligent routing to hosted resources
SD-WAN enables access paths to be optimized according to resources and their location. So, for example, an application hosted by a data center in France, like UltraEdge, will be accessible via the fastest path for users in that country. Granularity in routing has a positive effect on response times and user experience.
Supervision of inter-center flows
Easy supervision of flows between data centers is a significant argument in favor of SD-WAN. Advanced analysis enables in-depth mapping of data exchanges. And, to identify traffic anomalies very fast!
In the event of workload migrations or incident recovery operations, this transparency and real-time KPIs such as latency or bandwidth consumption between critical applications continuously optimize performance. Contextual alerting can be implemented by correlating various indicators to isolate and anticipate major disruptions, before they have an impact on the service side.
Deploying and managing an SD-WAN network
Structured deployment: the key stages
SD-WAN deployment can be outlined in these five key stages:
● In-depth needs and existing infrastructure assessment
Precise mapping of the most critical applications, bandwidth requirements, maximum sensitivity to latency and user types.
● Definition of network policies
In short, you need to translate your business priorities onto paper, giving clear principles that can be questioned.
● Configuring the central orchestrator
An often tricky technical step, it must be integrated into a highly available environment, ideally distributed over multiple locations.
● Training internal teams
More practice-oriented sessions get administrators more involved in the early phases of the project.
● Deploying the pilot site & other locations
Start integrating the main site and gradually roll out to other entities, taking care to document this well.
Tip: a gradual deployment, site by site, minimizes potential risks and allows you to fine-tune the configuration when relevant.
Management tools and centralized supervision
The SD-WAN approach enables unprecedented monitoring of the entire network, with highly intuitive dashboards. Every performance anomaly is identified in real time, with the possibility of proactive intervention. AI-based predictive analysis helps anticipate critical incidents before they affect users.
Robust SD-WAN: what steps should be taken?
A strong SD-WAN is based on a structured approach and respect for the fundamentals.
First, diversify connectivity technologies. The combination of fiber, 4G and 5G mobile networks and other links available in UltraEdge data centers enables companies to avoid targeted failures. This link redundancy guarantees continuity of service even in the event of major incidents affecting one type of connection
The implementation of a high-availability architecture for control equipment represents a second essential step. The use of geographically distributed clusters protects against localized failures and natural disasters. This approach can be backed up by a regularly tested disaster recovery plan.
What are the trends?
Cloud connectivity and easy access
SD-WAN integrates seamlessly with all major cloud providers. Pre-configured connectors such as AWS or Google Cloud drastically simplify access to resources. Opt for a hybrid approach, which enables you to respond to multi-cloud issues and the associated strategy.
Controlling automation via AI
The "disruptive" impact of AI is changing the way SD-WAN networks are managed. Traffic patterns are analyzed using machine-learning algorithms to continuously improve resource routing. The resolution of even complex incidents, with no intervention from qualified personnel, reduces downtime and maximizes productivity.
Convergence with SASE (Secure Access Service Edge)
The integration of SASE with SD-WAN is one of the biggest factors driving network evolution. This convergent, unified approach maximizes the benefits of SD-WAN, along with cloud security services, offering a complete ecosystem of protection for application access, regardless of user location. The spread of hybrid working, and the new security challenges posed by AI and IoT, mean that we need to work in parallel on performance and security, which are key issues for UltraEdge.