Building an Enterprise-grade SD-WAN

There are several advanced features that make up an enterprise-level software-defined wide area network (SD-WAN), including load balancing, optimization, and real-time visibility. If there’s a common thread in these features it’s that they provide some additional measure of network control, often to compensate for the use of what would otherwise be less reliable network connections.

SD-WAN is different than traditional WAN because enterprises will rely, often for the first time, on connections other than MPLS connections. These connections might be cable broadband, DSL, cellular or —as is increasingly recommended — some combination thereof. Going through best-effort connections can be less expensive, yet it is possible to achieve the equivalent or even better performance across those connections, provided adequate measures are taken.

For enterprise customers especially, this entails paying more attention to service level agreements (SLAs), the adoption of advanced management techniques, and making sure mature routing capabilities and robust security protocols are still in place.

Service-level Agreements

SLAs are already standard operating procedure for enterprise WAN customers. However, they become more important, said Jim Duffy, senior analyst for networking at 451 Research, because an enterprise is going to “want the broadband link to have the same performance as the MPLS link it’s either augmenting or replacing.”

Advanced Features

According to Cliff Grossner, senior research director for IHS Markit’s Cloud & Data Center Research, there are four characteristics of an up-to-date, enterprise-level SD-WAN:

Some of the SD-WAN startups had these functionalities on day one, Grossner noted, while other vendors added them later. But by now all the leading vendors provide these features, he said.

Automated load balancing is something Grossner considers critical for an enterprise SD-WAN.  With load-balancing, the SD-WAN is able to distribute traffic taking into account the dynamic performance characteristics of each connection (MPLS, fixed broadband or wireless), which can vary daily, hourly, or even minute-by-minute.

“What makes an SD-WAN is automated load balancing of application packets across multiple WAN links,” Grossner said. “Especially if it’s being done on a very dynamic basis, perhaps even a packet-by-packet basis, along with real-time measurement of the performance the application is getting. Without that, a solution isn’t what an enterprise would consider SD-WAN.”

Of course, it’s important to cover the basics. What a company was able to accomplish with a WAN it is also going to want to be able to do with an SD-WAN, such as WAN optimization.  WAN optimization is particularly important around caching and protocol conversions. “There are issues with chatty protocols. All of those things we did with traditional WAN, enterprises want to see that as services on top of SD-WAN,” he said.

Understandably, business continuity is also critical to enterprises, and that means they want an SD-WAN that offers automated failover from one link to another to create redundancy.

Specifically, an enterprise is going to look for as much redundancy in its configurations as possible, not only in terms of transport channels, but also in customer premise equipment (CPE). Redundancy extends to the number of instantiations of virtual network functions (VNFs) that are not only dedicated, but which can be spun up in various network locations if needed.

For SD-WAN vendors, differentiation is key so offering customers the best toolkit available is a necessity. That’s where advanced features like real-time analytics and monitoring are important. “Many of the better SD-WAN solutions have portals where the administrator can go in and get a real-time feed on what’s happening on the different WAN uplinks and monitor the WAN application performance being experienced by the end users,” Grossner said.


Different SD-WAN vendors are taking wildly different approaches to security. Duffy said that some companies are bypassing border gateway protocol (BGP) to provide a simplified SD-WAN. Instead, the might do IPsec tunneling through a cable modem, for example.  “You do want mature protocols,” Duffy said. “It’s mission-critical. Anything not mature is security risk.”

A recent survey that IHS Markit conducted reveals that security has become the top priority of enterprise customers when selecting an SD-WAN vendor because they are increasingly using the SD-WAN for mission-critical communications. “SD-WAN if managed remotely could be open to attack through additional attack surfaces,” the report said.