Software-Defined Networks FundamentalApril 23, 2018Categories: News.
Software-Defined WAN (SD-WAN) is a technology that distributes network traffic across wide area networks (WAN) that uses software-defined networking (SDN) concepts to automatically determine the most effective way to route traffic to and from branch offices and data center sites.
The SDN Architecture is:
- DIRECTLY PROGRAMMABLE
Network control is directly programmable because it is decoupled from forwarding functions.
Abstracting control from forwarding lets administrators dynamically adjust network-wide traffic flow to meet changing needs.
- CENTRALLY MANAGED
Network intelligence is (logically) centralized in software-based SDN controllers that maintain a global view of the network, which appears to applications and policy engines as a single, logical switch.
- PROGRAMMATICALLY CONFIGURED
SDN lets network managers configure, manage, secure, and optimize network resources very quickly via dynamic, automated SDN programs, which they can write themselves because the programs do not depend on proprietary software.
- OPEN STANDARDS-BASED AND VENDOR-NEUTRAL
When implemented through open standards, SDN simplifies network design and operation because instructions are provided by SDN controllers instead of multiple, vendor-specific devices and protocols.
Most forms of Software-Defined WAN technology create a virtual overlay that is transport-agnostic — it abstracts underlying private or public WAN connections, like MPLS, internet broadband, fiber, wireless or Long Term Evolution (LTE). Enterprises can keep their existing WAN links, while overlay Software-Defined WAN uses the multiple tunnels to optimize bandwidth by directing WAN traffic along the best route to and from branch offices and data center sites. Software-Defined WAN technology centralizes network control and enables agile, real-time traffic management over these links.
Software-Defined WAN is managed by a centralized controller. The software enables IT staff to remotely program edge devices and reduce provisioning times, thus minimizing or eliminating the need to manually configure traditional routers in branch locations.
Software-Defined WAN security
Segmentation is an essential component of Software-Defined WAN security. This method enables enterprises to isolate, prioritize and assign network traffic. If traffic from an unknown device requests access to the network, IT can assign network policies to automatically route that traffic through a firewall first. Also, IT staff can prioritize high-priority traffic so it always travels on a specific link. Most Software-Defined WAN services also incorporate IPsec into their services to authenticate network traffic.
Software-Defined WAN services include a management console or interface to manage traffic, assign policies, and configure devices and sites. This interface also helps increase end-to-end network visibility.
Additionally, many Software-Defined WAN vendors partner with security companies to integrate those security services with Software-Defined WAN technology.
Software-Defined WAN benefits
Software-Defined WAN improves application performance through a combination of WAN optimization techniques and its ability to dynamically shift traffic to links with bandwidth sufficient enough to accommodate each application’s requirements.
Software-Defined WAN uses automatic failover, so if one link fails or is congested, traffic is automatically redirected to another link. This, in turn, further boosts application performance and reduces latency.
Software-Defined WAN architecture enables administrators to reduce or eliminate reliance on expensive leased MPLS circuits by sending lower priority, less-sensitive data over cheaper public internet connections, reserving private links for mission-critical or latency-sensitive traffic, like VoIP. The flexible nature of Software-Defined WAN also reduces the need for over-provisioning, reducing overall WAN expenses.
Ideally, Software-Defined WAN simplifies the network by automating site deployments, configurations and operations.
Differences between Software-Defined WAN and MPLS
Software-Defined WAN’s ability to route traffic across multiple links has led some enterprises to re-evaluate their use of MPLS, the most popular WAN transmission technology.
MPLS provides guaranteed performance with quality of service (QoS) policies that govern throughput, delay and jitter.
But MPLS is expensive, and it can take months for an MPLS connection to be provisioned and put into operation. Because internet broadband is less costly and easier to provision, organizations are combining multiple links to provide enough bandwidth to transmit their applications and services. These links do not offer the QoS or throughput guarantees of MPLS, but do give organizations additional maneuverability in how they design their WANs.