Blog: What is SD-WAN?

By Michael Spalter
February 2022
blog sdwan

About the author

Michael Spalter

Michael Spalter

Michael Spalter has been a networking technician for over 30 years and has been the CEO of DrayTek in the UK since the company’s formation in 1997. He has written and lectured extensively on networking topics. If you’ve an idea for a blog or a topic you’d like explored, please get in touch with us.

What is SD WAN?

If you're an IT professional, working in or with SMEs, you've probably seen the terms Software Defined Networking (SDN) and Software Defined WAN (SD-WAN) being used and often touted as "the next big things".  Currently, however, unless you're working with larger organisations, you're probably not using either of these technologies.   In this article, we're covering the basics of SD-WAN - which is not the same as SDN.  SDN is, perhaps, the more generic term and SD-WAN is arguably a subset of it.

Like so many other IT buzzwords, the term SD-WAN doesn't have a universally accepted definition. It's used in different ways by both users and vendors. What a particular vendor might describe as their SD-WAN solution might not match your expectations or what another vendor describes.  So, whilst there are some fundamental properties that all vendors provide in their SD-WAN systems, there will also be material differences between the facilities of each vendor''s implementation and what they consider 'SD-WAN' (and possibly some marketing people get 'carried away' and use the term when the product doesn't support any reasonably accepted definition of SD-WAN).

Okay, so what is SD-WAN?

SD-WAN (Software Defined WAN) is a technology that redefines the logical and functional architecture of your WAN components. Okay, yes, I know, that sentence sounds like marketing nonsense and doesn't actually mean anything, right? When I first learnt about SD-WAN, I read that sort of sentence and I was, equally, none the wiser. Bear with me though - that sentence will make sense shortly, even though it's an awful description to start with.

Let's start with the 'WAN'. What is the WAN and how does it traditionally operate? The WAN is everything that your LAN can connect to beyond your own physical premises. If you're a home user or a small company, the WAN might be just 'the Internet' but in organisations, the WAN might include other offices, foreign branches, datacentres, supplier's networks, the public Internet and, importantly, the cloud.

In SD-WAN, there are two important terms to understand: The 'control plane' and the 'data plane'.


In a traditional network, a WAN-facing router will have two main logical parts to its function. The control plane is the "decision making, rule following" part and the data plane is the part that actually shifts the data around as instructed by the control plane. An analogy is traffic lights (control plane) and trucks (data plane). As both parts are within the traditional router, we've never really thought about them as separate functions previously, but this is where SD-WAN is different. In SD-WAN, the control plane is moved from the router to a software-based server. The routers are then left with one job - running the data plane, as directed by the, now external, control plane.

The benefit of this is that the company's WAN is now controlled as a single network. Instead of each remote site being considered and configured individually, the Sysadmins look at the WAN as a whole. They set the logical operation of the WAN and the software then automatically configures and instructs the remote devices (the data planes). You now only have to consider the concept of a site within your SD-WAN front end, not a 'router' or individual CPE.

This goes well beyond Central Management of CPE, or ACS-type systems because with SD-WAN, your central controller considers your WAN 'as a whole' rather than lots of isolated sites which may also be connected to each other.

Within an SD-WAN system, the Sysadmin will be able to design the WAN by firstly configuring how each site connects to each other. If a site is required to communicate with another, the SD-WAN control plane will automatically set up routing between them. If there's only a public Internet connection, a VPN will automatically be setup between the sites - you wouldn't have to set up LAN-to-LAN profiles, passwords, or keys yourself.

You may then also wish to set up rules, for example that video-based traffic goes over high-capacity links, business traffic goes over VPN or MPLS circuits, VoIP goes over low-latency circuits with QoS and general web browsing goes over direct Internet connections. Content filtering can be applied company-wide, blocking unsuitable or risky content but exceptions can still be applied.

SD-WAN CPE is still intelligent

It's important to note that SD-WAN doesn't make realtime decisions for the CPE. In an SD-WAN environment, the CPE are still intelligent devices that make the real-time logical application of the rules that they are set up with. It is a common misconception that in SD-WAN, the CPE become dumb devices, referring to the central controller for every decision - that is not correct. If it were, a loss of connection, downtime or some other interruption to the SD-WAN controller would cause WAN connectivity to fail across the company. In SD-WAN, the formation and distribution of the rules moves to the central controller; no CPE is individually configured by the Sysadmin.

Applications of SD-WAN 

Understanding SD-WAN is made easier by seeing the real-world applications of SD-WAN:

(1) Remote Connectivity

The modern enterprise WAN consists of links between offices, datacentres, and the cloud over various media (Public Internet connections, LTE (4G/5G) and MPLS links). The SD-WAN controller is configured to understand the required interconnection topology and the media available to each. The SD-WAN controller will then determine the appropriate routing rules, decide where VPN links are necessary and then push the right configurations out to all of the CPE. For the VPNs, the Sysadmin will not have to manually set up VPNs, create certificates etc.   Instead of having to define individual links, an SD-WAN system will allow automatically connect all sites within a logical WAN to each other in your chosen topology (mesh or hub and spoke).  For a large Enterprise, that could save a huge amount of time and avoid errors.

(2) QoS Management


Different applications in use by a company, for example VoIP, video, Internet browsing, backup etc. may all have different requirements or priorities for bandwidth, reduced latency/jitter or packet loss. For example, remote backups or replication may have large volumes of data but will not be sensitive to latency or packet loss; those can all be mitigated for without any effect on overall performance. VoIP, on the other hand, uses relatively little data volume jitter, latency and packet loss to have an unacceptable effect on performance. By configuring the SD-WAN controller to understand the properties of each link and also the QoS demands of each application, it can ensure that routing rules are set up to best allocate the available links and the best secondary links to failover to, in the case of an outage.

(3) MOS Reporting

MOS (Mean Opinion Score) is a measure of the quality of connectivity that a service is receiving. It is normally quoted as a decimal number between 0-5 (5 being a perfect connection).  By measuring latency, jitter and packet loss across a link, an MOS can be calculated and the SD-WAN controller can report whether the MOS achieves is on-target or whether another link might provide a better match. MOS can be measured and reported for every VoIP call, each link and different data types. By having visibility between all WAN connections, the SD-WAN controller can determine MOS factors far more reliably than considering a single site in isolation.  An SD-WAN system will record scores over time so that you can see if performance drops at different times or in a day or a week and have a baseline comparison.

Does SD-WAN replace MPLS?

Many SD-WAN explainers and vendor marketing imply that SD-WAN removes the need for, or even 'replaces' expensive MPLS circuits. This really isn't true and even in context it's only partially true. Of course, you can replace MPLS with anything, but let's assume that you still want to retain adequate performance and security which are the benefit of MPLS circuits and what you're paying so much money for. An MPLS circuit is inherently secure as it runs over a private circuit to your service provider. MPLS is also has guaranteed latency, quality of service and uptime. You get none of that on a regular Internet connection. You can address the security aspect by using robust VPN technologies but the QoS aspect really depends on what type of service you have from your ISP. Further, an MPLS connection cannot be subject to a DoS attack. A VPN connection will never be as secure as an MPLS connection. The encryption methods are robust but by being on public facing interfaces, there's always an attack surface and the risk of human error, including social engineering hacks.

In balancing VPNs and MPLS, one has to also consider the cost of MPLS (considerable) and also whether, in a age where company traffic is more likely to be office-to-cloud rather than office-to-office or office-to-HQ, using MPLS can be very inefficient, adding chokepoints into the flow of data. Therefore, a good Internet connection (one with QoS and uptime guarantees) using robust security protocols, properly configured, and maintained, with a secured SD-WAN system should be acceptable. An SD-WAN can combine VPNs, MPLS and LTE circuits and larger companies may choose to retain MPLS for some functions; SD-WAN makes it easy to define priorities and rules.


So, that's a basic introduction to SD-WAN - please share your comments below on any suggestions for improvement or your own experiences or requirements.   It's still a relatively new concept and mostly being adopted by larger enterprises where huge WAN estates can most benefit from this type of central planning, but more vendors with SME bases (such as DrayTek!) now have SD-WAN support on their products and central management solutions.


Software-Defined WAN