What are the Pros and Cons of SD-WAN?

SD-WAN offers cost savings, greater flexibility, security and integrations with cloud applications.

However there can be some issues with inconsistent QoS over public internet, variable vendor capabilities and higher equipment costs.

Table of Contents

First, the pros of SD WAN:

  • Public cloud adoption is growing fast, SD-WAN providers are well aligned to meet the demands of global Internet usage.
  • SDN based technology is providing granular application treatment including local QoS, security and statistics.
  • The marketing buzz suggests the software-based networking is cost effective compared to MPLS. If the price is your main concern then reducing networking spend is achievable but be wary of service providers leading from this angle.
  • Procure everything in one box from network appliance to stateful packet inspection security, DDOS (Distributed Denial of Service), remote access, VPN and content filtering.
  • Connectivity agnostic, a single device to terminate Internet and Private connections from layer 3 MPLS and layer 2 VPLS networks.

Second, the cons of SD WAN:

  • Depending on your vendor or service provider, on premise equipment may represent a high cost.
  • The majority of SD-WAN services are provisioned over the public Internet with no end to end QoS for traffic flow (Quality of Service).
  • SD-WAN is also a challenge for Global providers where multiple ISPs are often deployed to meet reach requirements.
  • Certain providers are predicting the ‘death of MPLS’ to suit their own stipulation to provision across Public IP connectivity (the Internet).
  • No true end to end QoS if using an Internet only SD-WAN provision.
  • Vendor capability is variable and often does not meet the original vision of software based networking (SDN).

The buzz around WAN technologies

If you’ve been working in the industry for a period of time, you’ll remember how MPLS was labeled (forgive the pun) as the savior of networking, replacing IPSec, Frame Relay and ATM networking.

On the subject of marketing hype, I’ll refrain from mentioning the service provider in question, but I recall a particular ‘large telco’ pushing MPLS as a serious alternative to their Frame and ATM network. Unfortunately, for their customers, the providers MPLS network consisted of nothing more than a single Provider Edge (PE) located in London.

The lesson? Forcing service provider transparency when dealing with hype was important back then as it is today.

Have a search on ‘death of MPLS’ for multiple examples of hype from certain providers pushing a single technology.

Is there confusion around the benefits of SD-WAN?

It looks very much as if the industry has forgotten the original vision of SD-WAN services. An application based technology with the ability to interface with whatever connection type is required for a given need. While there are SD-WAN providers pursuing the original vision, the majority are pushing SD-WAN as the Internet VPN version 2.

The main reason why the marketing of cost reduction is so prevalent surrounds the use of low-cost Internet connectivity. At a high level, the thought process encompasses leveraging the lowest cost Internet provider in any given area with SD-WAN technology sorting out any connectivity problems.

The laws of physics apply, and even with clever packet inspection and prioritization, traffic must still receive good latency and jitter in order to perform well for the long term.

The majority of Network Union clients operate hybrid networks; ensuring the right technology applies vs. specific requirements. The needs of most corporate WAN services do not meet one particular technology; many are made up of layer 3 MPLS, layer 2 VPLS / VLL, simple IPSec VPN and of course, SD-WAN.

True Software deployments can terminate ANY connectivity type.

How does QoS compare, SD-WAN vs. MPLS?

When deploying missing critical, delay sensitive services there is a need to offer your business peers the confidence that the said services will perform. SD-WAN services meet the need to service applications via granular identification of traffic (think packet inspection) with the ability to sense network conditions.

The SD-WAN traffic treatment feature set has evolved the capability of standard Layer 3 MPLS QoS which normally offers the following service provider configuration.

  • EF – Expedited Forwarding
  • AF – Assured Forwarding
  • Be – Best Effort

However, the fundamental benefit of private MPLS and VPLS remains: End to End QoS across tail circuit and network provider infrastructure.

And this is perhaps why most networks end up as a hybrid of WAN connectivity. Where core high performance office to office network connectivity is required, end to end QoS provided by MPLS is perhaps the optimum route. However, for smaller branch offices or remote users, SD-WAN offers up the ability to make the most of whatever connection is presented.

The QoS discussion is further complicated when dealing with the Global Enterprise. In many instances, Global connectivity is often on the borderline of the required latency for Voice and Video. Therefore, adopting a provider agnostic SD-WAN approach or even using a single public IP backbone may not provide the required infrastructure to confidently support delay sensitive traffic.

With the above said, many Enterprises are adopting single Internet providers with the confidence that the ISP network is well scaled and engineered. We would keep an open mind, every design is different and should be based on transparency of provider infrastructure performance.

The Pros and Cons of SD-WAN Security

The lines are becoming a little blurred on this subject of SD-WAN vs. any connectivity type or services due to the necessity to support both public and private Cloud infrastructure on public and private networks.

Security is becoming the most discussed topic at almost all of our workshops and customer meetings regardless of WAN type. The reason is fairly straight forward, cybercrime is here and growing in sophistication thus creating a serious potential impact on businesses.

DDOS (Distributed Denial of Service) is becoming ever more sophisticated with IP enabled devices high jacked due to their low onboard security.

Where once MPLS was deamed private and therefore no added security was required, today we’re seeing the deployment of devices such as Meraki (with an SD-WAN feature set) to terminate the edge of both public and private connections.

Overall, private WAN services clearly offer an edge when discussing security as the network is ‘virtually private’ but today there is almost no secure network. Our advice is to budget for both security advice and the best possible feature set to protect your enterprise against threats.

The major pro for SD-WAN is in the sophistication of the single deployment security platform which offers up variable protection vs. connection type and location. As an example, a user working abroad from a coffee shop via their BYoD(Bring Your own Device) will adhere to policies which are more stringent vs. the user based in the office location.

SD-WAN in a Virtualised world?

Direct access to cloud connectivity isn’t quite supported by every vendor.. just yet.

However, we are approaching a world where software feature sets are available as virtualised instances. It is almost the default option to move services to cloud infrastructure but today we are still in the mode of providing hardware-based devices for HQ and large branch office infrastructure. Perhaps in 10 or 20 years, we’ll see a global wireless network where companies no longer wait for physical 100Mbps or 1Gbps Ethernet but simply consume as required.

One of the pros for SD-WAN is the ‘software based’ element which is very much in line with both current and future thinking. There are vendors offering cloud based virtualised networking services accessible via an application – there’s not only a clear cost benefit but the approach is right in line with the original SDN (Software Defined Networking)

I cannot underestimate the pros of SD-WAN virtual instances. Of course, cost and management are up there in terms of benefits but so is provider migration. The majority of customer frustration and dissatisfaction with their service provider surrounds managed services.

How does SD-WAN help?

If your connectivity is based on public Internet there is no need to change your service provider, you simply move your virtualised SD-WAN instance to the new software WAN provider of choice. No longer do you need to migrate your MPLS circuit away with your managed service, your business is positioned to only remove the element which isn’t working.

One of the reasons why companies choose not to move service provider is directly attributed to the issue of moving physical circuits and hardware. SD-WAN removes the majority of these provider migration issues.

The ability to achieve ease of migration is dependent on using public Internet connectivity. 

To conclude.. Evolution of the WAN

The Pros of SD-WAN are very much in the arena of single device or cloud instance to support whatever connectivity your business requires. Whether users are location at the HQ or staff are working from home / wireless coffee shop, SD-WAN will support from a security perspective and has the capability to identify your connectivity performance. The result, where possible, provides an operating environment for even the lowliest service.

Further Pros include granular local QoS together with networking feature sets that are growing in sophistication driven by software based production and design methodologies.

The cost savings are driven by largely by leveraging low cost ISP connectivity on a UK or Global basis. The recommendation (at least our thought process demands this) is to use a single ISP backbone for key HQ and branch office connectivity to ensure the best possible latency and jitter resulting in acceptable data performance.

Where single ISP reach isn’t possible, multiple backbones are clearly the second choice but careful examination of SLA performance is critical.

As with every networking technology, SD-WAN does have Pros and Cons. The service should form a component of your WAN depending on specific requirements. In most instances, networking is rarely one single solution. With this said, SD-WAN looks to be attempting a take-over to become the key component of hybrid networking.

There is no doubt, Cloud, Unified Comms (think SIP and VoIP), Security, Remote Access, BYoD all demand careful consideration. To further compound the challenge, IT teams are being asked to save money at the same time as delivering automated, on-demand application delivery.

One thing is for sure, SD-WAN accomplishes business objectives by bundling capability into a single device or virtualised instance. The technology is fundamentally designed to offer a complete end to end solution for the WAN.

As new applications are deployed, the centralized policies which exist are designed to provide not only the appropriate traffic treatment (QoS) but also security and user profile restrictions. The overall benefit is to reduce network complexity in a world where applications are actually becoming ever more sophisticated.

The Internet is perhaps the main ‘discussed topic’ when considering SD-WAN services as we’re all conditioned to expect variable performance.

However, to re-iterate again, using a single ISP backbone is a vastly different proposition compared to multiple ISP connectivity. With this in mind, readers are advised to consider providers offering single backbone infrastructure.

Although public Cloud is a driver behind SD-WAN, private technologies such as layer 3 MPLS and layer 2 VPLS are meeting the challenge by creating on-net connectivity interconnects with companies such as AWS (Amazon Web Services), Microsoft Azure and Salesforce cloud.

The WAN is evolving fast, SD-WAN should be technology (circuit) agnostic. In other words, an Enterprise should not be forced to choose between public Internet and private infrastructure. The net gain of any technology is to solve business requirements which requires aligning your own company specific requirements with the product set of any given provider.

We’ve created an SD-WAN Mindmap to help readers achieve their goals. If you’ve made it this far through our article, scroll back up and click the WAN services pack –  we’ll send you the very latest version.

Further technical knowledge:

What follows is a number of definitions and links to help explain some of the Multi Protocol Label Switching protocol terminology.

  • Private MPLS (Multi-Protocol Label Switching)
  • Private VPLS (Virtual Private LAN Service)
  • IPSec Encryption
  • VLL (Virtual Leased Line)
  • Fiber leased line – 100Mbps or 1Gbps standard
  • GEA – Generic Ethernet Access
  • Broadband FTTC – Fiber to the Cabinet
  • Broadband FTTP – Fiber to the Premises
  • ADLS2 – Copper based connectivity
  • Satellite
  • EFM – Ethernet First Mile
  • BGP – Border Gateway Protocol Packet Forwarding – A packet is used when describing
  • Packet Forwarding – A packet is used when describing a unit of data at layer 3.QoS control (Quality of Service) – Used to control PHB forwarding (Per Hop Behavior). Other technology descriptions include DiffServ (Differentiated Services).QoS control (Quality of Service) – Used to control PHB forwarding (Per Hop Behavior). Other technology descriptions include DiffServ (Differentiated Services).
  • QoS control (Quality of Service) – Used to control PHB forwarding (Per Hop Behavior). Other technology descriptions include DiffServ (Differentiated Services).
  • Quality of Service (QoS) has been detailed earlier on within this content. PHB (Per Hop Behavior) is a component of QoS used to define the properties of IP Precedence. IP Precedence controls the priority of the data packets.
  • IP Routers – The traditional Cisco router was designed to perform one job, to forward packets from LAN (Local Area Networks). Today, routers from vendors such as Cisco offer greater functionality to from terminating remote users and small networks through to the very fabric of large scale data center connectivity.
  • The CE (Customer Edge) is essentially the hardware which resides on your office site. No Multiprotocol label switching is performed at the CE level.
  • The PE LSR resides at the edge of the providers network and represents the first point of entry into a Multiprotocol label switched network. Labels are examined.
  • Routing Protocols – (Including OSPF, BGP, IGRP, EIGRP)
    FEC (Forwarding Equivalence Class). A FEC is a class (Group) of packets which are forwarded using the same profile, across a path with the same treatment. A FEC may be configured to such parameters as destination IP address or a class which an LSR (Label Switched Router) is configured to treat with importance.
  • Switching is used in Local Area Networks allowing fast access to data. Switching at layer 2 is very efficient since there are no modifications to the data packet. A layer 2 switch is used to break up collision domains.
  • Traffic Shaping – Packets treated with (QoS – WRR, RED, WRED)
  • ISP – (Internet Service Provider). Offering services to the Internet.
  • VPNs – (Virtual Private Networks)
  • Frame Relay & ATM (Asynchronous Transfer Mode)
  • Security – A great article from Cisco on network security
  • MPLS Network Fundamentals

The MPLS Header. (Confusing? Don’t worry, it’s not too important in the context of networking procurement).