Slide 1 of 1
Kentik named a leader in the GigaOm Radar for Network Observability
READ THE REPORT
Kentik named a leader in the GigaOm Radar for Network Observability
READ THE REPORT
Kentik named a leader in the GigaOm Radar for Network Observability
READ THE REPORT
Kentik - Network Observability
Kentipedia

Software-Defined Wide Area Network (SD-WAN) Explained

Table of Contents
What is SD-WAN?Two Planes and Some SD-WAN TermsHow SD-WAN Works: Making ConnectionsHow do SD-WANs Ensure Connectivity?Benefits of SD-WANMeasuring SD-WAN performance: Trust but VerifySD-WAN Overlay and Underlay NetworksWhat is SD-WAN Underlay?What is SD-WAN Overlay?The Interaction of Overlay and Underlay Networks in SD-WANBenefits of Overlay and Underlay Networks in SD-WANWhat are the Differences Between WAN and SD-WAN?1. Control and Management2. Traffic Routing and Optimization3. Cost and Deployment4. Security5. Redundancy and FailoverConclusion

Businesses today require flexible, efficient, and cost-effective networking solutions. As a result, software-defined Wide Area Networks (SD-WAN) have emerged as a popular choice, offering numerous benefits and improvements over traditional WANs.

As organizations search for “What is SD-WAN,” they encounter numerous articles and videos explaining various vendor-specific SD-WAN solutions. However, few resources offer a detailed explanation of how SD-WANs actually work. This article aims to fill that gap, providing a comprehensive understanding of SD-WAN technology and its benefits.

What is SD-WAN?

Software-defined Wide Area Network (SD-WAN) is an innovative approach to implementing WAN connections, shifting the decision-making process from local edge routers to a centralized controller. In an SD-WAN environment, when a connection request reaches the edge router, it forwards the request to a controller. The controller then evaluates the connection and sends instructions to the edge router accordingly.

In SD-WAN, the traditional physical WAN connectivity is referred to as the underlay, while the logical understanding of the topology and its connectivity, comprising VPNs, is called the overlay. In simpler terms, the underlay represents the physical infrastructure that forms the network. At the same time, the overlay dictates the logical topology, which can be a full mesh, partial mesh, hub and spoke, or point-to-point configuration.

By leveraging SD-WAN, organizations can achieve better control, flexibility, and efficiency in their WAN connections, improving network performance and reliability while reducing operational complexity.

What is SD-WAN?

Two Planes and Some SD-WAN Terms

As stated above, connection requests are sent by the edge up to the controller to check policy. This is done over a secure connection called the control plane. Once the edge hears back from the controller, a connection is established. The end-user connections traverse the SD-WAN fabric over the data plane.

To summarize what has been covered to this point:

  • Edge: In traditional WANs, these are called edge routers and provide connectivity to the WAN fabric. They differ from routers because they send connection requests to the controller and make only a few connection decisions locally.
  • Traditional WANs: Edge routers connect to public internet or private WAN connections such as MPLS. Typically forwarding decisions are programmed locally into the router to choose the pathway. Configuration of local traditional routers is usually static, using local routing protocols like OSPF, BGP, etc.
  • SD-WAN: The control plane provides the programming and choices dynamically. Configuration is applied at the control plane and handed off to the local edge device for execution.
  • Controller: The controller is usually located in the cloud. It communicates with the edge devices via the distributed control plane over a secure connection. At the controller, NetOps configures traffic prioritization policy. This can be based on characteristics such as the top level domain where the traffic is headed. The controller is the central point of configuration for all edge devices. Redundant, fault-tolerant controllers can be configured to help ensure “five nines” of availability.
  • Underlay: The traditional physical infrastructure of the WAN.
  • Overlay: A series of VPNs making up the logical topology used to move traffic in the configurable direction between end systems.
  • Control plane: A secure connection between the edge devices and the functions provided by the controller.
  • Data plane: The fabric that carries the network connections.

The above terms are just the beginning when entering the world of SD-WAN. We try to stay generic here, but each vendor contributes significantly to this list of acronyms.

How SD-WAN Works: Making Connections

Let’s say User A would like to make a connection to salesforce.com. First, the user may need to ARP for the DNS. The edge receives the ARP and resolves it as specified by the policies set in the controller.

This means the edge may resolve it locally, send it to a specified DNS or send it to the controller for resolution. This process is vendor-dependent.

Once User A has the MAC for the DNS, a request is sent to the DNS to resolve salesforce.com (for example) to an IP address. Again, the process is vendor dependent, but in most cases, the edge will send this request to the controller. The controller evaluates the request for salesforce.com and compares it to the configured policy list.

How SD-WANs work

Many policies are based on top-level domain (TLD). Here are a few examples:

  • If the request is for netflix.com (for example), deny it.
  • If the request is for facebook.com, allow it, but limit bandwidth to 250Kbits/s.
  • If the request is for salesforce.com, allow it with the highest priority.

These instructions are then sent back down to the edge for enforcement, and the edge replies to User A’s DNS query for facebook.com with the proper IP address. Keep in mind that if the end user’s web browser is configured to use DoH (DNS over HTTPS), this could cause problems for some SD-WAN solutions as the browser receives the IP address back from a different DNS instead of the controller.

User A then sends a SYN to the salesforce.com IP address to initiate the TCP handshake required to make an HTTPS connection. The edge provisions for the connection as instructed by the controller.

Sometimes, something happens like congestion, packet loss, latency, or a severed WAN connection. Then what happens? What will the SD-WAN environment do about it? The answer to this is generally a significant vendor differentiator.

How do SD-WANs Ensure Connectivity?

Some vendors build technology into the edge devices that will routinely ping high-priority destinations (like salesforce.com) to measure things like latency, packet loss, and jitter. Think of it as a type of synthetic monitor. When the edge detects a problem on a connection to a high-priority domain, it may balance the flows or packets to the target over multiple links. This is because most SD-WAN implementations support something called active/active, where there are no secondary links, rather, only additional load-carrying connections.

Benefits of SD-WAN

SD-WAN offers numerous advantages beyond cost savings by replacing expensive leased lines, such as MPLS, with VPNs over the internet. Here are some additional SD-WAN benefits:

  • Multiple Redundant Links: The best approach is to use active/active configurations across two or more links. These links can be private WAN, public internet, or LTE connections. In addition, redundant edge devices can be deployed in pairs, providing fault tolerance at local sites.

  • Fast Connection Failover: Some vendors claim failover times under one second. Traffic shaping allows connections to specified TLDs to receive a predetermined bandwidth and priority. Other TLDs can be blocked or assigned fixed bandwidth limits.

  • WAN Optimization: This feature is vendor-dependent but might be available on the edge device. It can reduce bandwidth consumption using compression techniques.

  • Firewall Integration: Some vendors include this feature on the edge devices. Packet loss compensation or packet duplication ensures that packets carrying content, such as voice, are replicated and used at the other end of a connection if packet loss occurs.

  • Redundant Controllers: To maintain five-nines of availability, multiple controllers can be deployed to ensure fault tolerance.

  • Advanced Router Features: Features like OSPF, EBGP, NetFlow, IPFIX, SNMP, Syslog, and more are supported.

Remember that many of these benefits are vendor-dependent and should be tested under load to ensure real-world operation.

Ultimately, the only SD-WAN features that matter are the ones that optimally support business-critical applications. Investing in additional features like sub-second convergence, mesh topologies, multitenancy, and multicast only makes sense if they enhance the user experience.

Measuring SD-WAN performance: Trust but Verify

Every SD-WAN vendor will tout how necessary their features are and how great their performance is. However, one of the areas that is sometimes overlooked during the sale is performance monitoring. After the SD-WAN deployment, most NetOps teams want insight into how the SD-WAN is performing.

Companies like Cisco, Silver Peak/HPE, and VMware export IPFIX, allowing network observability companies to provide performance insights into the SD-WAN fabric. Flow data is correlated with telemetry that is exported from the SD-WAN management platform. For example, the Kentik architecture can ingest vendor-specific fields, which are very important in the SD-WAN space (e.g., Viptela: VPN Identifier, and Silver Peak: Application, Business Intent Overlay).

For example, the Silver Peak-Kentik integration features provide the inclusion of application name dimension and business intent overlay (BIO) into interface traffic metadata source.

Sankey showing the relationship between overlay networks and applications

The above screen capture from Kentik shows which subnets are speaking with each other. The user can also see the relationship between overlay networks and applications. These combined data sets allow NetOps to discover what applications are running between sites, the internet, and the data center. They can be used to better understand service providers, link utilizations, and traffic patterns. These details help NetOps fine-tune policies at the SD-WAN controller.

Kentik didn’t leave any SD-WAN vendors out. We provide overlay, underlay, and application traffic visibility to Silver Peak, Cisco, VMware and all other major open SD-WAN solutions.

SD-WAN terms

SD-WAN Overlay and Underlay Networks

Understanding the core concepts of overlay and underlay networks is essential when designing, implementing, and managing an SD-WAN infrastructure. These two layers work together to create a flexible, efficient, and scalable networking solution. By understanding the roles and interactions of overlay and underlay networks in SD-WAN, businesses can better design, implement, and manage their network infrastructures to meet their unique requirements and demands while maximizing performance, security, and cost-efficiency.

What is SD-WAN Underlay?

SD-WAN underlay networks represent the physical infrastructure of the WAN, including the routers, switches, and cables that create the underlying foundation for data transmission. In a traditional WAN, underlay networks consist of leased lines such as MPLS or other dedicated connections, which can be costly and inflexible.

Underlay networks typically leverage more cost-effective internet connections and VPNs to create secure and reliable communication links between various locations in an SD-WAN environment. This allows organizations to reduce their reliance on expensive leased lines while maintaining the required performance, security, and stability.

What is SD-WAN Overlay?

SD-WAN overlay networks represent the logical topology that dictates how data is transmitted over the underlying physical infrastructure. Overlay networks are created using virtual connections, often through VPNs, which enable secure and efficient communication between various locations.

In an SD-WAN environment, overlay networks allow greater flexibility and control over the network’s topology. This includes the ability to create full mesh, partial mesh, hub and spoke, or point-to-point configurations, depending on the organization’s needs and requirements.

By abstracting the overlay from the underlay, SD-WAN provides a way to manage and optimize network resources without being constrained by the physical infrastructure’s limitations. This allows businesses to adapt their networks to meet evolving demands, such as increasing bandwidth requirements, adding new locations, or adjusting network policies.

The Interaction of Overlay and Underlay Networks in SD-WAN

In an SD-WAN infrastructure, the interaction between the overlay and underlay networks is critical for optimal performance and efficient resource utilization. The centralized controller in SD-WAN manages and controls the overlay networks, making intelligent decisions about how to route and optimize traffic based on real-time network conditions and configured policies.

The underlay network, in turn, provides the physical foundation for these virtual connections, ensuring that data can be transmitted securely and reliably between locations. By monitoring and managing both the overlay and underlay networks, SD-WAN can dynamically adjust traffic flows to provide the best possible performance and user experience, even during times of network congestion or instability.

Benefits of Overlay and Underlay Networks in SD-WAN

The separation of overlay and underlay networks in SD-WAN offers several key benefits for businesses, including:

  • Flexibility and Scalability: By decoupling the logical topology from the physical infrastructure, SD-WAN allows organizations to adapt their networks to meet changing demands without needing costly and time-consuming hardware upgrades.
  • Cost Savings: By leveraging cost-effective internet connections and VPNs for underlay networks, SD-WAN can reduce organizations’ reliance on expensive leased lines and help lower overall networking costs.
  • Improved Performance and Reliability: SD-WAN’s centralized controller can monitor and optimize both the overlay and underlay networks in real-time, ensuring consistent application performance and user experience even during periods of network congestion or instability.
  • Simplified Management: The centralized control and management of overlay networks in SD-WAN simplify the deployment and modification of network policies, reducing the complexity and expertise required for effective network management.

What are the Differences Between WAN and SD-WAN?

While Software-Defined Wide Area Networks (SD-WAN) are a subset of Wide Area Networks (WAN), the two have distinct differences. Understanding these differences can help organizations make better decisions when designing and implementing their network infrastructures. Here are the primary differences between traditional WAN and SD-WAN.

1. Control and Management

In a traditional WAN, control and management are typically done by manually configuring edge routers using routing protocols like OSPF, BGP, and static routes. This requires extensive knowledge of networking protocols and can be time-consuming, especially in large networks.

SD-WAN, on the other hand, centralizes control and management through a controller. This simplifies network management and allows for flexibility and agility when deploying and modifying network policies. In addition, the controller can make intelligent decisions based on network conditions and user requirements, allowing for better control and optimization of network resources.

2. Traffic Routing and Optimization

Traditional WANs rely on pre-configured static routes or routing protocols to determine the best path for data transmission. Unfortunately, this can lead to inefficient use of network resources and suboptimal performance, especially when network conditions change.

SD-WAN uses a more dynamic approach to traffic routing and optimization. It can monitor network conditions in real time and adjust traffic flows accordingly to provide optimal performance. This helps ensure consistent application performance and user experience, even during network congestion or instability.

3. Cost and Deployment

WAN connections often rely on leased lines, such as MPLS, which can be expensive and inflexible. Deploying traditional WANs can also be complex, requiring significant upfront investment in hardware, software, and expertise.

SD-WAN leverages more cost-effective internet connections and VPNs to create secure, reliable connections between locations. This reduces the reliance on expensive leased lines and allows for more flexible, scalable deployments. SD-WAN also simplifies the deployment process, enabling organizations to roll out new locations or change existing ones more quickly and easily.

4. Security

In traditional WANs, security is typically implemented through standalone security appliances, such as firewalls, intrusion prevention systems, and secure web gateways. These devices often need to be managed and maintained separately from the WAN infrastructure, adding complexity and potential points of failure.

SD-WAN integrates security features directly into the edge devices and the controller, providing a more unified security approach. In addition, some SD-WAN solutions offer built-in firewalls, intrusion prevention, and other security features, simplifying management and reducing the attack surface.

5. Redundancy and Failover

Traditional WANs typically use a primary and secondary link for redundancy, with the secondary link only becoming active when the primary link fails. This can lead to underutilization of resources and increased costs.

SD-WAN supports active/active configurations, where multiple links can be used simultaneously to balance traffic and provide redundancy. This helps maximize network resource utilization and ensures fast, seamless failover in the event of link failure.

SD-WAN offers a more modern, flexible, and efficient approach to wide-area networking than traditional WANs. By centralizing control and management, optimizing traffic routing, reducing costs, enhancing security, and improving redundancy and failover, SD-WAN can significantly benefit organizations looking to optimize their network infrastructure.

Conclusion

SD-WAN is a powerful network architecture and technology that helps on multiple fronts. SD-WAN can improve performance, increase security, and lower costs all at the same time. However, like any networking technology, SD-WAN delivers more benefits when it is properly managed. Auditing application traffic policies, understanding the SD-WAN traffic paths taken, and link utilization are critical maintenance functions. The ability to troubleshoot, plan capacity, and optimize costs is also important. Network observability solutions like Kentik can help you perform the operational oversight needed to make SD-WAN successful.

To learn more about how Kentik’s network observability solution can help with SD-WAN monitoring, management, and planning, request a personalized demo of Kentik.

The Consolidation of Networking Tasks in Engineering
Blog Post
EMA Radar Report: Network Performance Management
Analyst Report
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Analyst Report
See all resources
Kentik is the network observability company.
Get a Demo
844-356-3278

Products

Use Cases

Cloud and Container

Learn

New and Notable

Company

Kentik now offers synthetic network monitoring — try it today.
Copyright © 2023 Kentik. All rights reserved.
We use cookies to deliver our services.
By using our website, you agree to the use of cookies as described in our Privacy Policy.