Frequently Asked Questions

Rate this content:
0 of 5 - 0 votes
Thank you for rating this article.

This question (really two questions) has been popping up quite a bit lately.  Let me see if I can explain.

Screen Shot 2015 10 06 at 2.45.00 PM

First, let's define what SD-WAN is.  SD-WAN leverages the SDN concept of separating the control plane from the data plane and creating a controller running software that can enact control and policies on the network.  However, in the SD-WAN implementation, the controller never actually receives nor forwards any network traffic.  The controller contains software and policy databases, along side a communication protocols to interface to network devices.  In this implementation what really happens is the controller can query the network devices, even decode packet flows and streams.  It can then instruct the end nodes to tunnel and encrypt traffic usually using IPsec inside VxLAN.

In the diagram on the right we see everything in black and green being part of the Enterprise Network and the Blue being the Service Provider network.

The key here is the controller and it's ability to provision tunnels on interfaces of the enterprise nodes in such a way to leverage either/or the MPLS, Internet or other network interfaces that may be available to meet enterprise application goals.

The object of this service is to simplify provisioning as the network manager in the enterprise no longer is configuring routers and switches (as much anyway), and the Controller function can provide traffic analysis and best path selection out of the available interfaces.  I have heard that this new product replaces the router, and that sound byte has resonated in the industry.  While this is potentially possible over time, it is not likely in the short term.

Nonetheless, this new set of tools we call SD-WAN is a major step forward for network managers as we use software to control the networks.  The security vulnerability, of course, is the controller. These devices will need to be very secure, not Linux based honey holes for the hackers. Although the companies making these solutions say their nodes keep operating if the controller is wiped out, more or less frozen in place.  At least the network stays up.

The node boxes technically can be anything, but most of the players offer x86 based systems as their nodes.  The entrants into the market boast "open" design, but they truly are closed with "open" API's.  Seems these days, if you have an API you are "open".

Now for the second question - does this replace MPLS?  Perhaps in the enterprise networks, if the encryption and encapsulation can operate at the breakneck speeds required of forwarding.  That said, SD-WAN is not likely to replace MPLS if the blue box above is a Service Provider network.  The MPLS services there are seen by the enterprise nodes as interfaces, end of story.  None of this addresses MPLS' sweet spot called Traffic Engineering.  Furthermore, no one has explained how the enterprise and the service provider interface for SD-WAN, like many of the issues (MTU and Fragmentation management, IPv6 support, etc.) much of this is to be determined as of this writing.

It is early days for SD-WAN and we may see a lot more development and functionality in the coming months.

We hope this helps answer the question(s).

Comments powered by CComment

Did you learn something?
Did I save you time? 

Buy me a coffeeBuy me a coffee!

Find by Tag

4G Networks 5G Networks 6LoWLAN 6LoWPAN 802.11 802.11ah 802.11ax 802.11ay 802.11az ACL Addressing Analysis Ansible Architecture ARP Assessment AToM Backup Bandwidth BGP Biography Bloom's Taxonomy Briefings CBRS CellStream Cellular Central Office Cheat Sheet Chrome Cisco Clock Cloud Computer Consulting CPI Data Center Data Networking Decryption DHCPv4 DHCPv6 Display Filter DNS Documentation dumpcap ECMP EIGRP Ethernet Ethics Flipping the Certification Model Follow Me Fragmentation Git GNS3 Google GQUIC Hands-On History Home Network HTTPS ICMP ICMPv6 IEEE 802.11p IEEE 802.15.4 In A Day Internet IOS Classic IoT IPv4 IPv6 IS-IS L2 Switch L2VPN L3VPN LDP Linux LLN Logging LoL M-BGP MAC MAC OSx Macro Microsoft mininet Monitoring Monitor Mode MPLS Multicast Name Resolution Netflow NetMon netsh Networking Network Science nmap Npcap nslookup Online Learning Online School OpenFlow OSPF OSPFv2 OSPFv3 OSX Parrot PIM Ping Policy POTS POTS to Pipes PPP Profile Profiles Programming Project Management PW3E Python QoS QUIC Requirements RIP Routing RPL RSVP Rural SAS SDN Security Self Certification Service Provider Services Sharepoint Small Business Smartport SONET Speed SSH SSL Subnetting T-Shark TCP TCP/IP Telco Telecom 101 Telecommunications Telephone Telnet Terminal TLS Tools Traceroute Traffic Analysis Traffic Engineering Training Travel Tunnel Utility Video Virtualbox Virtualization VoIP VRF VXLAN Webex Wi-Fi Wi-Fi 6 Wi-Fi 6/6E Windows Wireless Wireless 5G Wireshark Wireshark Tip WLAN ZigBee Zoom

Twitter Feed