The 3 Categories of SD-WAN by Bigleaf

SD-WAN Defined: SD-WAN stands for Software Defined Wide Area Networking. It’s a combination of Software Defined Networking (SDN), which was created for use in cloud datacenters, and Wide Area Networking (WAN) which is the network outside of your office (e.g. the Internet, or site-to-site networks like MPLS and Metro Ethernet).

Writen by Joel Mulkey On February 8, 2016

1. Cloud Managed Routers and Firewalls

How do you make 15-year old router and firewall technology look appealing? Add a cloud-based web management interface and market it as SD-WAN! That’s essentially what you’re getting with this category. You buy a network appliance to connect your ISP circuits into, and instead of logging into an interface on the actual device to configure it, you now log into the vendor’s shiny new cloud-hosted management dashboard.

Common Labels

• Load Balancer, Aggregator, Firewall, Bonding Appliance, Link Balancer, Failover Router, Dual-WAN
• Cloud Managed, Cloud Provisioning, Cloud Based
• Centralized Management, Single Pane of Glass, Dashboard

Pros

• Low Cost
• Familiar Vendor

Cons

• 15-year old technology at the core
• No real-time adaptation to ISP performance issues for cloud traffic
• Ineffective (upload-only, fixed rate) QoS
• Generally have access to all your private LAN data (see note on security in category below)

2. VPN Services and Devices

Most “real” SD-WAN offerings fall in to this category. They are meant as a lower cost tool to displace MPLS for site-to-site connections. At their core, these devices and services provide site-to-site VPNs, just like standard firewalls or routers.

So the question becomes: what’s the difference between these SD-WAN solutions and standard network edge devices like firewalls? Well, there’s nothing significant at first glance. They boast of cloud-based management (as noted above), plus other existing networking hardware features like application or user based security and routing policies, or WAN-optimization features like compression or TCP optimization.

But there is a major differentiator, and that is awareness of and adaptation to quality issues on the network paths between sites. Traditional firewalls and routers don’t monitor for or adapt to issues like 3% packet loss or 70ms jitter. These performance issues that affect real-time applications can now be identified and resolved through SD-WAN. Buyer beware: how this detection and adaptation works differs greatly by vendor, with varying results.

One big factor you’ll want to consider when looking at this category is that you’re now trusting your network security to your SD-WAN vendor. Since they’re providing the site-to-site VPNs, all of your private traffic is now touching their equipment, un-encrypted. That brings up some questions:

• If someone hacks their cloud-based management can they access your private data? Are you sure?
• Is their system and/or company PCI, HIPAA, or [insert your compliance need here] compliant?
• How do their security practices and implementations compare with the security offered by major brands like Palo Alto, Watchguard, Checkpoint, Cisco, and others that spend huge resources on this?

If you choose one of these devices or services, be sure you feel good about the answers to those questions.

Common Labels

• SD-WAN, Cloud WAN, Intelligent WAN, MPLS replacement, Hybrid MPLS, Cloud Networking, Overlay WAN
• Real-time, Adaptive, Dynamic, Variable
• Cloud-Managed, Orchestrated, Controller, Control Plane, Forwarding Plane
• Security Policy, Application Aware, Application SLA

Pros

• Usually lower cost than MPLS
• Adapts site-to-site traffic to changing network performance (but generally not public cloud applications)
• Strong QoS for site-to-site (not cloud) traffic, as long as network bandwidth is 100% stable (generally only SLA-backed fiber or T1s)
• All-in-one box for firewalling, VPNs, DHCP, NAT and other network edge needs

Cons

• Ineffective QoS for cloud traffic like VoIP, VDI/DaaS, and SaaS
• Non-seamless or no network performance adaptation for real-time public cloud traffic
• Many solutions are very expensive hardware, plus yearly maintenance/support fees
• Typically highly complex, requiring lots of configuration and fine-tuning
• Generally require ripping out your existing firewall, or disabling many of its features
• Often trusting your security to a younger company focused on fast growth

3. Internet and Cloud Optimization

Bigleaf is the leader in this category, providing optimization for access to the cloud, and for remote access to on-site resources. Public-cloud and other Internet-based applications are the most difficult to optimize connectivity for, because traditionally there is so little visibility and control to the public cloud. Unlike site-to-site VPNs, which are relatively simple to set up and monitor, connections to cloud services like VoIP and SaaS involve a lot more complexity.

To optimize Internet-based applications like Cloud, you first need visibility. Bigleaf monitors each Internet connection from your office to the core of the Internet 10 times per second, across the exact same paths that all of your data travels. This end-to-end monitoring typically covers over 98% of the path from your office to your Cloud applications.

You then need control. Bigleaf routes all of your traffic via our redundant Gateway Clusters in the core of the Internet. We collocate these in datacenters called “Carrier Hotels”. These locations are the major Internet peering points in each region, ensuring you have the lowest possible latency. Because we route all your traffic through these Gateway Clusters we have 100% control of the routing and QoS prioritization of your traffic. This dedicated network architecture is core to our success in optimizing Cloud-based applications.

Of course you also need the best possible network security. There are many vendors that have spent hundreds of millions of dollars building advanced network security offerings, and you’re probably already using them. With Bigleaf, you can keep using your best-of-breed securitysolutions, and still get cutting-edge SD-WAN benefits for your traffic! Bigleaf drops-in between your firewall and your ISP connections, optimizing traffic while your firewall handles security and VPNs. Bigleaf creates a stable, reliable, and adaptive foundation for both cloud-based applications and site-to-site VPN traffic.

Common Labels

• Internet Optimization, Cloud Optimization, Cloud Acceleration
• Distributed Architecture, Split Architecture, Cloud Routing
• Seamless Failover, Same-IP Failover, No-Drop Failover
• Intelligent Load Balancing, Mid-Stream Adaptation
• Cloud-Managed, Automated, Seamless, Simple, Plug-n-Play
• Dynamic QoS, Cloud QoS, QoS over Broadband, VoIP QoS, SIP QoS

Bigleaf Pros

• Automatically adapts both site-to-site VPN and public-cloud traffic to changing network performance
• Strong bi-directional QoS for both site-to-site VPNs and public-cloud traffic that adapts to changing network bandwidth (great for cable and wireless)
• Compliments existing firewall/security
• Doesn’t touch private network data
• Usually lower cost than SLA-backed circuits (plus Bigleaf adds a service SLA even when circuits don’t have one)
• Easy to use with no complex configuration

Bigleaf Cons

• Not an all-in-one network-edge box with advanced security functions
• Typically small increase in baseline latency
• Overlay tunnels add slight throughput overhead

Which SD-WAN option is right for you?

While there can be many considerations to end up at the right vendor, the decision of which category is pretty simple. Here’s an infographic with some basic questions to help you choose: