What is SD-WAN: Software Defined WAN

SD-WAN, Software Defined Wide Area Network is a form of networking technology where the networking hardware is decoupled from its control mechanism


Data Networking Fundamentals Includes:
Networking fundamentals     Local area networks     Wide area networks    

See also: Software defined networks     Network functions virtualisation     SD-WAN    


SD-WAN stands for Software Defined Wide Area Network, and it is a networking technology which is finding more popularity and use within the telecommunications industry.

SD-WAN is a virtual WAN technology that allows enterprises to utilise and combine a variety of different transport services including MPLS, broadband services, mobile communications including 4G LTE and 5G, etc. This is achieved within a secure environment that allows users to connect to their applications.

The concept of SD-WAN uses centralised control to enable the data traffic to be routed across the wide area network intelligently and securely. This increases the efficiency and performance, improves the user experience, and also reduces cost for a given level of performance.

Software-defined WAN technology gives a software approach to managing wide-area networks. It brings some significant benefits to many operations because SD-WAN offers ease of deployment, central manageability and all of this while reducing costs and it can also improve connectivity to branch offices and the cloud.

Reason for SD-WAN

In recent years there have been many significant changes in wide-area networks . One of the major changes is the development and introduction of software-defined WAN or SD-WAN. This is changing the use and optimisation that is as varied as Multiprotocol Label Switching (MPLS), frame relay and even DSL.

A huge amount of data networking these days involves Cloud technology: Cloud storage, Cloud computing, and the like. This means that any wide area network technology needs to operate in a fashion that can interface easily to the cloud. It needs to be agile and yet still offer the basic requirements of effective data communications and very high levels of security.

Traditional WANs that are based on technology using traditional routers do not easily lend themselves to Cloud usage as the system needs to be particularly flexible dependent upon the way of working, the application and the like.

Additionally, much of today's working requires multiple destination points, and this also cannot be accommodated so easily with traditional network topologies.

Traditional approaches often require all traffic, including that destined for the Cloud or anywhere for that matter to be routed via a hub where security inspection, etc can be undertaken. This introduces delays and network bottlenecks, etc.

It is far more efficient to use a flexible software defined WAN approach as this is able to provide the security and other features required as well as supporting Cloud working. SD-WAN can support applications hosted in on-premise data centres, public or private clouds and SaaS solutions.

How does SD-WAN work?

As the name software defined WAN, or SD-WAN indicates, it uses software to control the connectivity, management and services between data centres and remote branches or cloud instances. Like its software-defined networking, SDN, SD-WAN decouples the control plane from the data plane.

By decoupling the control plane from the data plane within the SD-WAN, it is possible to achieve efficient routing of the data dependent upon the destinations, applications and the like.

The deployment of a software defined WAN can incorporate existing equipment and this means that its introduction does not require a completely new network. SD-WAN can include, existing routers and switches or virtualised customer premises equipment, vCPE. These will all run some version of software that handles policy, security, networking functions and other management tools, depending on vendor and customer configuration.

A software defined WAN uses a centralised control capability to intelligently steer data across the network. This is based upon a variety of criteria including: priority, quality of service and security.

This compares with the established router-centric approach that distributes the control function across all devices in the network. The routers stored the destination addresses and route the traffic based on TCP/IP addresses and ACLs, Access Control Lists.

In other words, rather than incorporating a hub through which the data in the wide area network passes, the SD-WAN decouples the networking hardware from the control, so that efficient routing of the data can take place dependent upon the destinations, applications and the like.

In this way, one of the main features of software defined WAN is its ability to manage multiple connections from MPLS to broadband, mobile communications and the like. Another important aspect is the ability to segment, partition and secure the traffic traversing the WAN. This is a significant advantage for companies that probably have several sites connected to their wide area network. It also simplifies the addition of new segments and this flexibility also enables the links to be used more effectively for the different types of data: data, voice, video, etc. This can provide a significant cost saving.

The SD-WAN uses a centralised control capability to intelligently steer data across the network. This is based upon a variety of criteria including: priority, quality of service and security.

This compares with the established router-centric approach that distributes the control function across all devices in the network. The routers stored the destination addresses and route the traffic based on TCP/IP addresses and ACLs, Access Control Lists.

SD-WAN vs SDN

There are many similarities between SD-WAN and SDN, but the two technologies are very different. The table below summaries the differences between the two.

SD-WAN SDN
SD-WAN is deployed in branch offices as well as in data centres. SDN is deployed in data centres.
The control and data forwarding planes are separated. The control and data forwarding planes are separated.
Off-the-shelf x86 appliances – physical, virtual, cloud. Specialised switching hardware is required.
Centralised control and orchestration but also has zero touch provisioning. Centralised control and orchestration.
New technology but being rapidly adopted. The technology has taken time to mature and be fully introduced.

SD-WAN security

In any network these days whether a local area network, wide area network, or whatever, security is of paramount importance. Accordingly, security os a key issue for software defined WANs.

With many organisations using a variety of Cloud based applications as well as having access tot e Interent and many other items, there are many areas in which unprotected networks could be accessed. SD-WAN provides very high levels of security that enable large organisations to run their operations with confidence.

Software defined WAN allows secure regional zones or whatever the customer needs to be set up. It also enables traffic to be directed to where it needs to be delivered based on internal security policies.

By using a software defined WAN, it is possible to partition the most business critical traffic and assets so that they can be protected against vulnerabilities that may be present in other parts of the organisation and wide area network.

Using SD-WAN, it is possible to protect application traffic from threats both from within the organisation and wide area network as well as from outside by utilising a the security solutions included in SD-WAN such as next-gen firewalls, IPS, URL filtering, malware protection, and cloud security.


SD-WAN is now widely deployed and used in many large scale organisations where the agility and flexibility it provides combined with the cost savings make it a particularly attractive proposition.

Ian Poole   Written by Ian Poole .
  Experienced electronics engineer and author.




Wireless & Wired Connectivity Topics:
Mobile Communications basics     2G GSM     3G UMTS     4G LTE     5G     Wi-Fi     Bluetooth     IEEE 802.15.4     DECT cordless phones     Networking fundamentals     What is the Cloud     Ethernet     Serial data     USB     LoRa     VoIP     SDN     NFV     SD-WAN
    Return to Wireless & Wired Connectivity