This post provides an overview of SD-WAN and takes stock of key features, the market and the players.
MPLS limitations
MPLS was the clear winner of the battle for private WAN networks against ATM in the 2000s. But it comes with some constraints, due to the structure of the service, managed by a telco for its clients :
- Migrating from low-speed copper DSL links (1 to 10Mbps) to high-speed optical links (10Mbps-1Gbps) is very expensive (telco pricing).
- Managing changes in the configuration of the network is complex, and requires to ask the telco for it, with the corresponding delays and uncertainties (process).
- Redunding up the link to a site is not easy; cost or bandwith, pick one (technology).
- Adding a new site is a long process, at least 6 or 8 weeks (process).
- Internet interconnexion is complex, with either local interconnexion points or a service offered by the MPLS service provider (technology).
- Deploying an MPLS network at an international scale is very expensive (market structure).
A potential alternative : IPSec VPN
MPLS has got a high level of market adoption and it remains a powerful technology. Finally, it only suffers from two major defects, the lack of a management layer accessible to the end user, and the rigidity of telcos when it comes to operate it for their clients.
The day by day operation of an enterprise network sometimes requires you to interconnect a site in less than the eight weeks or to modify the WAN routing plan in less than a week. Tired of being locked-in by telcos, their clients developped workarounds to interconnect sites quickly when they need it. Site-to-site IPSec VPN takes a more and more important role as an interconnexion technology. Any router is IPSec capable and, in many countries, Internet connexion is more or less commodity.
But Ipsec comes with its own constraints in the long run :
- Managing security configuration and credentials (certificates, crypto keys, public IPs) of VPN tunnels by hands is a nitty gritty and heavy process.
- IPSec is a point to point protocol. The network admins must manage the routing plan by their own.
- IPSec encapsulates IP into IP, and adds ciphering in the process, with the corresponding overheads.
- Aggregating DSL lines or optical lines into a coherent system with redundancy, QoS based routing, load-balancing, and redundancy requires to configure policy based routing on top of the IPSec layer.
IPSec is a good solution to interconnect a few sites, 3, 5, 10, maybe 20, but, unless you develop your own administration scripts, it becomes a headache when your network grows.
SD-WAN brings the features to keep things simple and manageable when you need to interconnect tens or hundreds of sites, with real-time monitoring, dynamic routing and a unified administration console.
SD-WAN key features
SD-WAN offers five key features which IPSEC misses to manage a large-scale WAN :
- ZTP, Zero Touch Provisionning, is a mechanism lets you add a new SD-Wan device transparently. It manages automatically provisionning, authentication, firmware update, configuration of SD-WAN routers connected to the network.
- The SD-WAN controller is a central server that manages the topology and the routing policy over the whole network between sites.
- The application engine is a service that classifies network flows that enter the WAN on the basis of business dependent criteria such as the application, the network protocol, the site. The classification feeds the dynamic routing protocol and the QoS system.
- The WAN link real-time monitoring service alerts the routing service to adapt routing policy to the prevailing conditions on the WAN, for instance to find an alternative route when QoS deteriorates on a link for instance.
- Adds-on to IP / IPSec implement the rules to operate the four services presented above.
These functionalities integrates into a unified administration interface with additionnal, optional configuration management, monitoring and reporting tools. Finally, most solutions offer additional services such as easy cloud configuration, flow compression, VPN-client configuration, and so on.
SD-WAN client promises
We identify four main promises :
- Scalability : you can add or remove a link from a local links group transparently, to adjust the bandwith, add redundancy or change telco.
- Responsiveness : you can add new sites to the network in one click, as long as the site is connected to the Internet.
- Simple configuration : updating the routing policy, changing traffic balance between links is simple and reversible through the administration interface.
- Woldwide connectivity : you can add any site in the world provided that Internet is available on site (and that the site is not in a country subject to export restrictions...).
SD-WAN market and major suppliers
In 2017, the size of the SD-WAN hardware and software market was around 400 million Dollars worldwide with between 500 and 2000 companies equipped.
Market grows at a x2 or x3 yearly rate.
In 2019, market was estimated between 800 million Dollars and more than one billion Dollars according to various sources (Gartner, etc...). The market leader, Silverpeak, recently bought by HPE, is considered to have an installed base of around 1500 customers.
The main suppliers we know are the following ones :
Cisco | Citrix | Fortinet | Riverbed | Silverpeak | VMWare |
Takeover of Viptela | Solution ?? | SD-WAN as an adds-on to their VPN and firewall solution | Takeover of OCEDO | Internal development | Takeover of Velocloud |
Two solutions, Meraki for small to medium business, and a rebranded Viptela solution for large corporations | Extension to their proxy and firewall service, Netscaler | SD-WAN features integrated in their firewall architecture | Integration of OCEDO in their application performance management and network optimization solution | Extension of their WAN optimization solution | Integration of Velocloud technology in VMWare NSX |
Network hardware manufacturer founded in 1984 | Incorporated in 1989, main business is remote access (terminal server like) | Firewall manufacturer founded in 2000 | Founded in 2002 to address network performance optimization | Founded in 2004 to offer WAN optimization services | Founded in 1999, virtualization expert |
Turnover : 48 billion Dollars | Turnover : around 3 billion Dollars | Between 500 million and 1 billion dollars of turnover | 24,000 customers of its historic solution, 1 billion dollars in annual turnover | 200 SD-WAN customers worldwide in 2016, 600 in 2017, 1,500 in 2019, SD-WAN leader according to Gartner | 7 billion Dollars of turnover |