What is a SD-WAN?

Michael Patterson : Advanced NetFlow Traffic Analysis
Michael Patterson
Founder and Product manager for Plixer's Scrutinizer NetFlow and sFlow Analyzer as well as Flow Analytics.

What is a SD-WAN?

In a nut shell, SD-WAN is monitoring platform used to automate traffic routing over redundant paths based on predefined performance thresholds.  I’m sure many vendors would take issue with such a short definition.  I’ll elaborate a bit for those who need to understand a bit more about it. 


First of all, SD-WAN is a technology that leverages the strategies defined in Software Defined Networking (SDN).   In this short video titled: What is a Software Defined Network? the narrator @ 4:45 says “why aren’t companies rushing to deploy SDNs?  The answer: when applications request it.

SDN is an architecture, where as SD-WAN is a technology you can buy,

Andrew Lerner – Research VP, Gartner

The problem is that software developers don’t request high priority for their application and if they did, hardware would ignore it because then all applications would request high priority.  Imagine facebook, linkedin and twitter all requesting high priority.  Yeah, that just wouldn’t work.  As a result, SD-WAN manufacturers have to be smart and identify the application behind the traffic. 


SD-WAN devices use Deep Packet Inspection (DPI) or similar technology to identify applications (E.g. salesforce, VoIP, video, data backups, etc.) and then give business applications bandwidth priority over non critical ones to help ensure that the end user experience within an application is optimized.  In real time, the traffic for a given flow could be moved from an MPLS connection for example to a 4G LTE connection.  SD-WANs support multiple connection types – dynamically!


In theory, all the user has to do is assign the priorities to the applications in one interface and then the SD-WAN controller will do the rest.  Policies are pushed out to all the sites participating in the SD-WAN and beyond that, it’s magic.  Well, not really.  Consumers need a way to keep the SD-WAN vendors honest and some SD-WAN vendors are more open about what is happening than others.  Generally, the bigger SD-WAN vendors (e.g. Cisco & VMware) are more open than the smaller ones.   


Short comings that I am finding in some SD-WAN vendors:


  1. Some lack support for IPv6.  This is really hard to believe considering how long IPv6 has been active on the Internet. My fear is that if they couldn’t build in support for IPv6 upfront, they may have given the security architecture and other important features the same priority.  Possibly because they are focused on trying to be acquired.
  2. Many solutions require that the customer keep the existing router at each site. This seems sort of silly doesn’t it? Most companies are trying to reduce the amount of remote site equipment. As SD-WAN technologies evolve, this will likely change because as Gartner pointed out, “SD-WAN will replace routers”.
  3. Lack of rich flow export details.  Whether it is IPFIX or JSON, the SD-WAN technology needs to provide a way to be monitored by third parties.  Contextual details should include application name (e.g. salesforce, facebook, VoIP, etc.) as well as latency, jitter and packet loss metrics.  Without the ability to verify the inner SD-WAN operations with standards based 3rd party solutions, I assume the vendor is trying to hide something or they are resource strapped and will struggle to compete in the market. 


Nearly all companies with connections to remote offices have or will be deploying SD-WANs.  This is as sure as finding a refrigerator in every home.  It’s just going to happen.  Make sure your company understands the need for SD-WAN and traffic monitoring.  


Featured Events