Kentik - Network Observability
Back to Blog

SD-WAN Best Practices

Phil Gervasi
Phil GervasiDirector of Tech Evangelism


SD-WAN is a reliable, fast, and secure WAN network. In this guide, you’ll learn some best practices for planning, monitoring, analyzing, and managing modern SD-WANs.

Having the right infrastructure is crucial for businesses going through a digital transformation. You need to make sure you have what you need to support your growth and expansion.

Organizations will encounter substantial challenges without well-defined strategies and effective solutions, including limited application accessibility, suboptimal performance, and interrupted connectivity to essential assets and resources.

Additionally, a robust infrastructure plays a crucial role in supporting the business continuity and disaster recovery (BCDR) strategy. It fortifies businesses against a number of crises, including natural disasters, infrastructure collapses, and economic downturns.

Today, businesses need integrated network solutions to more easily adapt, maintain a constant online presence, increase productivity, and reduce operational costs. One such integrated solution is software-defined wide area networks (SD-WAN), an innovative approach to WAN implementation that aims to strengthen the digital presence of businesses in every market, redefining the management of their daily operations and accelerating their evolution.

In this guide, you’ll learn more about SD-WAN and some best practices for planning, monitoring, analyzing, and managing modern SD-WANs.

What is SD-WAN?

A typical WAN often consists of a mix of private circuits, such as Multiprotocol Label Switching (MPLS) and point-to-point circuits, as well as public internet circuits spread across wide geographical locations.

Broadband requirements have increased thanks to the increasing popularity of cloud and software-as-a-service (SaaS) applications. However, each data packet is still routed without considering the conditions or congestion of other networks. As a result, multiple connections can remain inactive while others are overloaded with traffic.

In a traditional WAN setup, it’s common for data from remote locations to be routed to a central data center. This routing allows for security inspections to be performed before the data is sent to internet locations. Of course, not all data needs to go through this process, and some traffic can be directly sent to the internet without going through a data center. Routing and security inspection decisions depend on an organization’s specific needs and network setup.

In any case, this approach negatively impacts application performance and can be more expensive due to the higher costs of MPLS-based connections. When a company adds multiple branch offices or a large number of remote workers, these costs escalate while also impairing performance.

Additionally, a traditional WAN requires device-by-device configuration, management, and troubleshooting. This is both highly inefficient and error-prone and can lead to problems with configuration drift and security compliance issues. Instead, SD-WAN utilizes a central controller so that all WAN devices are managed more easily from a single UI with templates rather than individual box-by-box configuration.

Fortunately, SD-WAN provides a high-quality solution to these problems. It centrally manages all network connections and policies and offers an innovative approach to reducing network costs and optimizing bandwidth usage.

Traditional WAN vs. SD-WAN diagram

SD-WAN separates the control and data planes, allowing for smarter and more secure traffic routing across the WAN and to cloud services. It makes use of cost-effective internet connections, such as broadband, 4G, or 5G wireless, saving businesses money while enhancing cloud-based applications’ performance.

An SD-WAN makes dynamic path selections on a per flow or even per packet basis (depending on vendor) based on the quality of the local connection and sometimes the path between the source and destination. This way, an SD-WAN can ensure performance requirements for sensitive applications thereby improving and optimizing an end-user’s experience.

SD-WAN comes packed with security features to protect traffic intended for applications. Additionally, businesses can use SD-WAN to segment the network into distinct sections based on user identities or job roles, create secure connections by encrypting data, and tightly integrate with cloud security features.

Best practices for planning, monitoring, analyzing, and managing modern SD-WANs

Now that you know how SD-WAN works, it’s time to explore some best practices to help you get the most out of this technology.

Design your SD-WAN carefully

SD-WAN is undoubtedly an intelligent tool. However, given the increasing complexity of modern networks, simplifying things is challenging. Before implementing an SD-WAN solution, enterprises must invest significant effort in designing, carefully planning, and considering several crucial factors.

Consider your background and architecture

One aspect you need to consider is your organization’s background and architecture, including understanding the desired network topology. This entails examining the existing topology to clearly define the transition from point A to point B and defining the necessary components.

For instance, many organizations have a traditional hub-and-spoke environment but want to shift toward a full mesh network or a local breakout-style network. Understanding these requirements is vital to ensure that the architecture functions effectively in the end and throughout the transitional phase of the project.

Emphasize collaboration

Collaboration among stakeholders is another critical factor to consider while designing your SD-WAN. Because SD-WAN impacts several teams, including networking, security, and application teams, you must ensure everyone is on the same page.

Consider third-party involvement

The next area of focus has to do with third-party involvement. Organizations increasingly rely on third-party connections (internet service providers, cloud service providers, SD-WAN vendors, etc.), which raises connectivity and security concerns. It’s important to define what third-party connections are needed and their underlying functionality beforehand.

Take into account your long-term goals

Finally, the overall strategy and vision of your business must be considered. While designing a network to meet current needs is critical, it’s also essential to understand the company’s long-term strategic direction. This prevents you from having to do a complete network redesign in a short time.

Understanding the strategic direction ensures the design is future-proof and meets current and future needs.

Keep a close eye on network performance

A network’s performance significantly impacts user experience, productivity, and overall business operations. SD-WAN technology provides a massive opportunity for businesses to improve network performance and reliability. However, you need to thoroughly monitor your SD-WAN to guarantee optimal network performance, security, and the best application experience possible for your users.

In fact, a major part of designing an SD-WAN is understanding and planning for what the traffic will mostly consist of. Applications with specific thresholds for jitter and latency, for example, should be part of an SD-WAN design to ensure the proper path selection policies are implemented.

Some organizations may face network visibility and performance monitoring challenges because they can’t monitor their SD-WAN networks effectively. Often this is because SD-WAN vendors don’t have much visibility into the underlay network, which in the case of SD-WAN is the public internet itself.

Despite the high claims made by SD-WAN vendors regarding their features and performance, there are still various issues affecting SD-WAN networks that these vendors can’t detect using their native monitoring features. SD-WAN native monitoring capabilities often lack the depth required for comprehensive network monitoring and troubleshooting. Consequently, when performance issues arise, there may be some gray area since it’s unclear where the problem originated, who needs to fix it, or how it can be fixed.

Thankfully, by implementing an appropriate SD-WAN monitoring solution such as Kentik, businesses can proactively identify and address any issues that may arise, ensuring optimal network performance.

This means that businesses using SD-WAN, with the assistance and implementation of a high-quality network observability company, can monitor every network connection from an end-user perspective. This helps companies assess whether the performance of their SD-WAN service meets expectations.

Pay special attention to security

As you implement an SD-WAN solution, there are several actions you’ll undertake. These include enabling direct internet access for branch offices and providing home workers with the same capability. However, these actions pose a number of vulnerabilities within your organization.

In the past, with more traditional networks, safeguarding your network was relatively straightforward, involving the use of firewalls, intrusion prevention systems, and a demilitarized zone network (DMZ) as the sole entrance and exit point for network access.

With SD-WAN, you face a much greater number of potential entry points. That’s why it’s critical to pay special attention to security.

To begin, you need to know your organization’s intended security posture. You also need to decide where security measures will be implemented. For instance, will you implement security locally or on each branch level or offload it to the cloud?

Moreover, you need to address compliance and regulatory needs. Regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), which require the security of sensitive information, customer data, and employee data, already impact many organizations. You need to determine the scope of this criteria, including aspects of visibility, such as the information that can be accessed, stored, and retained, as well as the duration of storage.

Additionally, encryption is essential for data transfer and storage. For instance, you must understand your organization’s encryption process during data transmission and storage. When it comes to edge technology, the level of encryption used can have a considerable impact on performance and delivery.

Finally, you must consider any additional security services. With expanding threats and increased possibility of breaches, security is complex. Kentik allows you to establish and maintain a robust security posture but also utilizes managed services that help you monitor and detect security threats and solve them promptly.

Test and update your SD-WAN regularly

Another critical best practice is regularly testing and making appropriate updates to your SD-WAN deployment. This guarantees that your network functions properly and fulfills your organization’s requirements.

The simplest and most efficient way to do this is for your network team to design a monitoring strategy that covers a variety of topics, including event management, active path testing, and network topology. These components are critical for effective troubleshooting and guaranteeing that your SD-WAN solution operates effectively.

It’s also important to test the functionality of the features provided by your SD-WAN solution. Many systems offer capabilities, such as traffic optimization, bandwidth management, and advanced encryption, that improve network efficiency and security. Evaluating these functionalities is critical to ensure they deliver the stated advantages.

However, SD-WAN testing extends beyond only functionality validation. It’s also vital to focus on the quality of service (QoS), availability, and failover. We know that there is no actual QoS on the internet with regard to buffers, queues, and so on, so what SD-WANs do is monitor links moment by moment to choose the best path to take for a given flow or packet. This improves the overall performance of an application being delivered over the internet.

Additionally, organizations must evaluate the scalability of their SD-WAN solution to ensure it can accommodate evolving needs.

Regular testing is also vital so that SD-WAN deployments can meet service level agreements (SLAs) and provide the necessary network performance and reliability. Testing should occur during and after the deployment process. It should take place regularly and continuously to adapt to expanding IT infrastructure and evolving business requirements.

It’s crucial to approach testing and updating in a controlled manner, with proper planning and consideration for potential impacts on production environments. You need to regularly review and test the process and then take action and apply the lessons you learn. This way, organizations can ensure that their SD-WAN deployment remains optimized and aligned with their needs.

Optimize traffic routing using analytics

SD-WAN offers significant advantages regarding network performance. One key strength lies in its ability to prioritize and route traffic through optimal paths, thus optimizing network resources.

You can optimize traffic routing using monitoring tools to continuously analyze network components for patterns and trends. Leveraging analytics and data, you can decide how to prioritize traffic and optimize routing policies to maximize bandwidth use.

Implementing an analytics solution can help you understand your network traffic and effectively identify bottlenecks. By leveraging analytics data, you can evaluate various network paths and components. This evaluation ensures efficient routing decisions based on metrics such as latency, jitter, throughput, and available bandwidth.

Additionally, organizations should try to estimate future network traffic demands and capacity requirements by examining old data and patterns. This proactive strategy anticipates traffic increases, simplifies scalability design, and allows for early adjustments to routing policies and network resources.

Analytics can also be used to discover irregularities in network traffic patterns. Unexpected bandwidth spikes or unexpected application activity can suggest potential security issues. When you identify these issues via analytics, you can take the necessary steps, such as adopting security policies or routing suspect traffic for additional examination.

Distribute your traffic in multiple tunnels to ensure redundancy and reliability

To ensure redundancy and reliability in your SD-WAN deployment, you need to distribute your traffic across multiple virtual tunnels (e.g., IPsec). Traffic distribution provides numerous solutions to mitigate potential failures and minimize downtime. By having more than one request-handling portal, the system becomes failproof and capable of handling multiple requests simultaneously. This parallel processing of requests increases redundancy by dividing the workload and improving overall performance.

With SD-WAN, you can create a failover for your organization through multiple connections, which leads to increased redundancy. This means you can stay connected even if one of your connections fails. The failover mechanism helps your users develop a sense of trust and dependability while maintaining session traffic and security.

Additionally, using multiple paths and auto-failover mechanisms, SD-WAN can significantly improve delivery time. SD-WAN redirects traffic around bottlenecks and poorly performing WAN connections, ensuring that critical data reaches its destination without delays.

SD-WAN enables accurate resource allocation and appropriate delivery of services. SD-WAN optimizes network resource utilization by effectively distributing traffic across multiple tunnels, resulting in improved reliability and overall system performance.


SD-WAN is a pioneering network architecture that offers an innovative, reliable, secure, and performance-optimized WAN network. This modern technology provides you with uninterrupted connectivity and centralized management of your network and allows you to intelligently manage your entire network, saving time and reducing costs.

It’s crucial to adhere to a set of best practices in planning, monitoring, analyzing, and managing to make the most of SD-WAN. Carefully designing your SD-WAN, closely monitoring network performance, and giving special attention to security are excellent starting points. Additionally, regularly testing and updating your SD-WAN, optimizing traffic routing using analytics, and distributing your traffic across multiple tunnels help ensure optimal performance.

The Kentik network observability solution is a valuable tool for ensuring the success of your SD-WAN implementation. With Kentik, you gain the necessary operational oversight to effectively monitor, manage, and plan your SD-WAN environment.

To explore the capabilities of Kentik and see how it can specifically support your SD-WAN needs, request a personalized demo.

Explore more from Kentik

We use cookies to deliver our services.
By using our website, you agree to the use of cookies as described in our Privacy Policy.