We've leveraged the power of virtualisation in compute for over a decade and its implementation has resulted in significant cost savings while delivering a new golden age of workload flexibility and provisioning. When discussing virtualisation compute is certainly the easiest to highlight, but the reality is virtualisation has impacted almost every part of the enterprise IT landscape. Within the datacentre we find that to some degree or other almost every network function has been virtualised. At layer 2 we have VLANS and at layer 3 we deliver OTV, VXLAN, VPLS and IPVPN to deliver a more software defined approach that allows us to realise the very same benefits we obtained from virtualising the compute layer: new flexibility, significant efficiencies and reduced time to provision.

If only the same could be said for the wide area network. Enterprise decision makers have traditionally been faced with a limited number of choices with respect to the WAN. The choice usually comes down to a multitude of site to site VPNs and/or a managed MPLS network to interconnect each of the organisations sites. Once the business requirement of WAN reliability is addressed, MPLS usually wins over an unreliable VPN connection unless there are budget constraints. The reality of the MPLS procurement would usually entail an expensive and inflexible 3-7 year contract that has its own implementation and operational drawbacks. The time to provision a new branch would frequently be significant and as for packet delivery; engineers mostly had to hope that under the hood the MPLS service was doing what they expected it to do, it'll be pretty easy to identify WAN blackouts however root cause analysis of 'blips' and retrospective analysis of brownouts have been a challenge.

This lack of insight into how the WAN is truly preforming has been a struggle for enterprise engineers who have frequently only been armed with local site bandwidth utilisation graphs and a phone number for the telco providers first line service desk that on calling would produce the automatic response of "looks fine to us, guv".

We've had the benefits of software defined function across the rest of the IT ecosystem so why have we not realised the advantages in the last mile of the WAN? Thankfully the arrival of SD-WAN has brought an end to this drought of innovation.

Based on recent customer engagements the majority of clients have either not heard of SD-WAN or they simply don't have the time to invest in researching what is beneath the fairly opaque vendor marketing. Let’s look at some of the benefits of SD-WAN in more depth than "Increased performance" and "Maximise ROI".

The first thing to understand about this technology is that it's not exactly new, some vendors have been delivering the fundamentals of this technology as far back as 2010. The second thing to understand is that although there are use cases where a company might decide to replace their entire MPLS with an SD-WAN solution it's not a direct competitor to MPLS in every situation and the combination of both is should be seen as network nirvana.

So lets' cut through the marketing and clarify what this product actually delivers. Each SD-WAN vendor has their own unique value proposition but they all deliver the same core services.

1. The aggregation/pooling of multiple connections public and private (DIA, DSL, FttC, LTE, P2P, MPLS etc.)

SD-WAN is an overlay, it is not physical connectivity. Let’s look at some example deployment patterns;

• 2 x Internet circuits from different providers
• 1 x Internet circuits and LTE (Internet)
• 1 x Internet circuits and 1 x MPLS
• Any combination of the above

In terms of enterprise connectivity the majority of SD-WAN conversations highlight the use of multiple internet circuits as opposed to an MPLS deployment. You'll usually find in the UK that the cost of a DIA circuit is around 40% of the cost of a managed MPLS tail of the same bandwidth. The financial benefit is marked; a customer could reduce spend or effectively double their WAN throughput with a gross saving of 20% across the wide area network.

Another attractive configuration is DIA+MPLS, due to the feature rich policy engine present in SD-WAN controllers customers who have an existing and perhaps saturated MPLS network can deploy a second cheaper DIA circuit and configure an intelligent traffic engineering policy to ensure only mission critical data is passed across the SLA backed MPLS circuit while low value facebook and youtube user traffic is send across the internet link.

2. Deep monitoring and analytic insight into the real-time data plane performance of those pooled links.

The insight delivered by SD-WAN is a stark contrast to the basic RRD generated bandwidth graph usually provided with your MPLS connection. The software overlay provides deep insight into WAN traffic displaying throughput, latency, jitter, protocol, user and application metrics.

3. The ability to dynamically route traffic across the most appropriate connection based on policy.

Uptime, utilisation, latency and jitter of each of the pooled connections are constantly monitored. In the event that one circuit is preforming better than another the quality of service policy will ensure that the most valuable traffic is routed across the best preforming link, for example you can rest assured that your VOIP traffic will route across the link with the lowest latency and jitter while offloading your TCP transfers to your higher latency, higher bandwidth circuits.

4. The ability to build dynamic tunnels between locations i.e. on demand full mesh branch office to branch office.

SD-WAN allows for auto creation of virtual circuits between sites, think DMVPN without the requirement of a complex IOS configuration under the hood.

5. Significantly improved security with all traffic encrypted and fully automated key exchange from the SDN controller.

If you've ever deployed any DMVPN solutions you'll understand the pain of key exchange. I've deployed a number of DMVPN/FLEXVPN solutions in my time and when it's came down to the configuration of certificates I've always decided not to bother even though I know it's the appropriate design choice for the solution. SD-WAN removes this pain as long as the controller is available certificates are auto-generated and updated based on a simple policy across the wide area network. In the event the controller goes offline the data plane continues to switch traffic as long as each site certificate has not expired.

6. Vastly simplified provisioning of devices with auto-configuration from SDN controller, in some cases zero-touch.

The removal of expensive routing hardware at the branch is a significant benefit of SD-WAN, alongside the additional cost you'll save sending an accredited engineer to the branch office location to configure the device. A large number of SD-WAN products have zero touch configuration meaning the device configuration is automatically propagated to new devices as they check into the controller. In 2015 - The Gap Inc decided to replace their entire MPLS network with SD-WAN over public internet and in the first phase alone the architecture included 1,200 sites, due to the auto-configuration feature of their SD-WAN solution the Gap is able to connect 25 or more of its stores per night.

As someone who's passionate about network connectivity - an area of technology where literally nothing has changed in the past 15-20 years the recent pace of innovation has been simply staggering. SD-WAN might be relatively new to the market however the dust is now beginning to settle. There can be no greater supporting indicator of this than Cisco’s recent purchase of Viptela for $610 million. Coming to the end of this blog post and taking a minute to think over the benefits of SD-WAN the application of this technology is a genuine paradigm shift in the way we architect the wide area network, the time to look at this technology is now.