Next Generation Networking: The Software-Defined Wide Area Network

Next Generation Networking: The Software-Defined Wide Area Network

Jump to TL;DR


The purpose of this post is to define the concepts of the Software-Defined Wide Area Network (SD-WAN), and some current architectures. This is a continuation of my previous Next Generation Networking post, in which I set the scene for the broader topic of Software Defined Networking. In that post, I left a lot of topics open and unanswered and said I would come back to this in later posts. So, in no particular, I'm going to do that... starting here.


In my previous Next Generation Networking post, I lead off talking about concepts, and the sea change in the industry. So it seems pertinent to start by trying to progress a little with those topics.

I should start by saying that I view everything that I consider a part of the SDN as in it's infancy. My view is that the sea change we are on the cusp of now will lead to a very different networking landscape in the short term. However, there is a very real possibility (and in fact I fully expect) this only be transitory, and the medium to long term landscape will be very different.

Whilst it may feel revolutionary right now, and in some ways it is, I am convinced it is very much an evolution. Some of that evolution has been going "unnoticed" for a number of years think of things like:

  • Centralised management/configuration of firewalls and load-balancers
  • Wireless LAN Controllers managing hundreds of Access-Points across a LAN/Campus
  • Cisco Nexus Programmability1 has been a feature for a number of years
  • Configuration via SNMP (!)
  • Overlay/tunneling networks: Q-in-Q, TRILL, VRFs, L2VPN (the list goes on...)

Whilst you wouldn't necessary categorise these as SDN, I'd argue they are recognizable features. Of course full blown SDN solutions (e.g, VMware vCNS2 (which is already EOA!), Cisco iWAN3, have been available for a number of years as well, albeit not as feature rich as they are becoming and consequently were readily dismissed.

The difference is that now the technology is improving and becoming mainstream, and the technology industry has vastly changed since the early days of compute virtualization, largely due the evolution (i.e. the hypervisor) it was responsible for. Small startups are capable of delivering highly disruptive products to market at real pace.

I'm digressing, but there was an interesting piece I read recently4, on an interview with John Chambers that is well worth a read. A small excerpt that fits my thesis:

I think the majority of big tech companies won't be relevant in five years. And that includes Cisco if we don't change. The thing we must do is to disrupt ourselves. Every company will either be a disrupter or you will get disrupted -- we have always chose to lead with disrupting ourselves and the market as opposed to someone else doing it to us.

The final point to make is that thinking of the networking as a pool of resource is what compute has been doing since the late 90s, so networking has a lot of catching up to do. The early disruption in the industry back then is very similar to the climate of the networking industry that is being created today as SDN matures.

So to the matter at hand, the Software-Defined WAN (SD-WAN). The WAN is (very often) a natural chokepoint. Private WAN solutions like MPLS have also been a notoriously expensive service for businesses. Whilst SLAs are a significant benefit, especially where the business has defined mission critical traffic, high cost means often the lowest possible bandwidth is purchased.

As we are all aware, internet access is an absolute necessity for the operation of modern businesses. Enterprise networks in the past (I am sure the model remains today) would backhaul remote office internet traffic back to a centrally managed secure breakout to the internet; perhaps in a head office or data centre. Not wishing to spend more money on dedicated internet circuits, and the associated cost of security infrastructure and subsequent support, this backhauling further exacerbates the issue of poor performance out to the WAN/Internet.

Software-Defined Wide Area Network

Whilst I briefly described it in my first post, I said it was a topic for a post on it's own. I'm going to go into some high-level technical detail shortly, but first why have I separated it?

I mentioned above that the WAN is a collection of network functions; and consequently has functionality that is attributed to this part of the network specifically such as:

  • WAN Optimisation and Acceleration
  • Some cleverly engineered dynamic routing with route-maps
  • Policy Based Routing (eek!)
  • Gateway Load-Balancing; Active/Active circuits
  • Security: ACLs, encryption, VPN

Following the theme of the first post, the diagram below splits the various elements out into their respective components.


I'm not sure if my view is contentious or not, but to my mind SD-WAN sits somewhere in between the definition of SDN and NFV and a mixture of the two concepts, and stands alone... for now.

The WAN, to my mind at least, is a collection of dedicated Network Functions (which may or may not be virtualized. It is a very significant part of most enterprise networks almost in their entirety in terms of cost and business impact in some cases.

Thinking of traditional high street businesses for example, whilst there will be a data centre/cloud component a lot of the time, the WAN is where it really matters to the business from a cost and customer perspective. The same can be applied to businesses with perhaps numerous office locations, government buildings, ticket kiosks, the list goes on.

In the diagram above we can see the Software-Defined Data Centre (SDDC), which as I described in the last post is where the SDN is. The SDDC does of course transition into SD-WAN, we can think of the router (virtual in this case) that provides this function as the boundary between the SDN and the SD-WAN.

This is mostly semantic of course; in the end, everything falls under the Software-Defined Network heading, but I find that creating this taxonomy helps with my understanding.

As we would expect, the SD-WAN is orchestrated centrally. This is a key part of what the business derives value from, when moving to the SD-WAN. It allows for rapid deployment, a single pane of glass view of the status of the network, real time intelligent path selection and more.

Furthermore, when deploying an SD-WAN solution, the underlying networks begin to become abstracted. A business can choose to move to a hybrid solution of private circuits, as well as an internet based WAN, and with a centrally managed security policy allow all end points to have the direct access to the internet that it so often needs.

I'll touch on the overlay, and providing secure/private connectivity to SaaS/Cloud services briefly next, but I'll have to leave discussion of specific deployment options and solutions for another post. I'm allowing myself to get carried away here, and this post is going to get very unwieldy.


We know from the previous post that Network Virtualization provides the abstraction layer, or move conventionally overlay network, that operates on top of the existing traditional WAN. Creating a homogeneous WAN for all endpoints may not actually be a requirement, but it helps to think in these terms to illustrate the capabilities, and keep it relatively simple.

An example of a WAN overlay is DMVPN5; I use this as it is relatively well known and is integral to Cisco's IWAN offering. Other vendors offer their own variations on secure overlays, but in essence the value proposition is the same:

  • Internet circuits are vastly cheaper than private MPLS alternatives
  • Use any service provider
  • Provide secure connectivity to your Cloud/SaaS services

With that said, those of us that have built and worked on large DMVPN WANs, with multiple service providers will know that there is (a lot) more to it than first meets the eye. Still in most cases


Finally, Network Function Virtualization. As described previously, this is essentially the virtualization of what would traditionally have been hardware infrastructure.

It is not quite as simple as replacing a Cisco router with a VM of course; in the case of SDx, the shift is also towards more "built in" intelligence. What previously would have required a complex well engineered configurations is carried out automagically.

Other functionality such as WAN Optimization may be consolidated onto the SD-WAN platform of choice, as a virtualized function. You could argue that vendors in this WAN optimization industry, such as Gartner magic quadrant leaders Riverbed and Silver Peak, are in fact in a very good position to capitalize on the trend to Software-Defined.

Key Features

So, why should we be thinking about moving to an "SD-WAN" solution? Whilst I am becoming more of an SDx evangelist by the day, for balance I want to add some nagging drawbacks that I have in the back of my mind...


  • Lower costs: This is mostly to do with migrating away from MPLS/leased lines, and onto the Internet as the primary WAN transport for corporate as well as standard internet bound traffic
  • Intelligent path selection: Hybrid topologies, and generally better utilisation of available bandwidth, but balancing traffic based on higher layer (application/presentation) information
  • Operational analytics/ Management: Configuration and management of SD-WAN solutions is significantly easier, via management portals, orchestration tools etc.
  • Speed and simplicity of deployment: Zero touch installations (think, landing an WAP as a good analogy) and policy pushes/updates
  • Ubiquity: The move to the internet means those remote locations that you've never been able to get an MPLS circuit deployed to are a thing of the past!
  • Security: Moving your SaaS solutions inside your private SD-WAN overlay for example


  • Still new/emerging: Will your vendor be around in 5 years!? How quickly will the technology have moved on? With traditional networks, we've all heard those stories of decade old switches have never been rebooted. How relevant with your new SD-WAN solution be in a few years time?
  • Vendor selection support: There are of course big players in this market (though to be fair, that isn't necessary a good thing!), but will some of the (large number of) smaller players be able to provide the help you need, when something goes wrong?


Gartner produced an excellent guide to the market6 (you can get hold of it free of charge by submitting your email address at various places; Silver Peak is one example), carrying our an thought provoking analysis of the market. I encourage you to get hold of a copy, but I'd link to some of the Vendors they evaluate, with a very brief summary.


Consider IWAN for large and/or bandwidth-constrained branches, and those that require integrated computing, voice or WAN optimization resources.


Organizations looking for WAN optimization or dynamic path selection capabilities should consider this vendor, especially when Citrix applications are also present.


Enterprises that have sophisticated application control requirements, such as a combination of cloud, SaaS and data center applications, should consider this vendor for SD-WAN, while ensuring channel partners' geographical capabilities and experience.

FatPipe Networks

Midmarket enterprises seeking an SD-WAN solution with strong WAN path capabilities and WAN optimization should consider FatPipe Networks.

Nuage Networks

Large enterprises seeking an SD-WAN solution with a very high degree of branch office network flexibility, as well as the ability to integrate network service delivery end to end, should consider Nuage Networks.


Large distributed organizations with Ethernet-connected branches in the Asia/Pacific region and the EMEA should consider this vendor for SD-WAN, particularly if they are looking for embedded security, consolidated switching and access point management, or for AWS hosting.

Silver Peak

A key vendor differentiator is the ability to monitor leading SaaS applications and dynamically feed that information back into the enterprise WAN to ensure optimal routing. While the vendor's WAN optimization and storage replication products are widely deployed, we estimate that it has between 50 and 100 paying SD-WAN customers. Enterprises with Ethernet-connected branches seeking an SD-WAN solution with the option for strong WAN optimization should consider Silver Peak.


Global enterprises seeking an experienced hybrid WAN solution with an SD-WAN strategy should consider Talari.


Midmarket and large enterprises with distributed branch offices that need on-premises devices as well as flexible connectivity to cloud services at operating expenditure pricing should consider VeloCloud. However, enterprises should ensure that latency-sensitive applications are hosted within 25 ms (which usually equates to 1,500 to 2,000 km) of a VeloCloud gateway.

Versa Networks

Enterprises seeking an SD-WAN solution with a high degree of integrated branch office network functionality should consider Versa Networks.


Enterprises with a large number of Ethernet-connected branches should consider this vendor for SD-WAN, particularly if intrabranch segmentation or multitenancy is desired.

Looking Forward

Where is all this leading? Undoubtedly this industry is at an inflection point, products are beginning to mature, but I believe there will be a few twists in the story as the market starts to move towards particular product sets. There will likely be a few disruptors that come in to take a share of the traditional network vendor incumbents customers.

The trend will be for the enterprise to move to the SD-WAN model, with Service Providers pushing solutions with partner vendors. As the market and products mature, we'll see orchestration right across the WAN, Data Centre, Cloud, Enterprise begin to unify. A DevOps style approach to "IT as a Service" will unify technology meaning skillsets will change. Whilst specialisations will continue to exist the way we deliver services to the business will change significantly.


These are very exciting times, if you embrace the change. SD-WAN is going to be at the forefront of the move to a software-defined business, and consequently I am going to focus on this for the next few posts. The market is going to move rapidly, and I'll try to analyse a few of the key products, solutions and architectures that I think will be blazing the trail.

If there is anything you'd like to read about next time, disagree with here or would generally like to add your thoughts on, please drop me a line on Twitter/LinkedIn or in the comments section; contact details are at the top of the page.


  • Network Virtualization (NV) is a logical network overlay; a common example of which is DMVPN.
  • Network Function Virtualization (NFV) is appliance virtualization; virtual routers, WAN optimizers etc.
  • Software-Defined Wide Area Network (SD-WAN) has the same characteristics as SDN, but accomplishes the more specific task of optimizing routing to (and across) a WAN.