With companies looking to save money and provide for a high degree of WAN availability, they have started to use the internet and VPN technology to replace and/or enhance their MPLS circuits. SD-WAN is a technology which allows you to use multiple circuits regardless if they are internet, Cellular Wireless, or MPLS.
How it Works
Application traffic can be setup to require a minimum SLA and the link that matches the SLA will be used. For instance, VoIP needs low latency and low jitter. Best effort traffic that does not need any delay or jitter requirements can use the other links as appropriate. Any traffic can be steered based on the application as the customer desires with other links for failover. The links can be monitored for these characteristics and the traffic can be sent down the appropriate link. Internet traffic can be sent back to a central firewall or using the Direct Internet Access.
There are a couple of different flavors of SD-WAN, some providers use a cloud managed solution where the control plane and data plane are separated, and an SD-WAN Orchestration application is used for management. The second option is to use devices with SD-WAN capabilities with the Control and Data Plane are integrated as in Next Generation Firewalls. Either way there are great benefits going to an SD-WAN solution.
WHY YOU NEED SD-WAN
SD-WAN is a great way to reduce costs by taking advantage of lower cost internet circuits, having multiple paths available to choose from and Application steering using Policy Based Routing, and WAN redundancy instead of or in addition to expensive dedicated WAN circuits. Since many applications are going to the cloud as SaaS or IaaS you will now have the option of sending your traffic directly from the branch to the internet or keep routing through the central data center.
BENEFITS OF SD-WAN
Monitoring at the application layer gives great insight to traffic types and patterns.
Add redundancy with multiple lower cost circuits and Cellular Wireless
Send traffic directly to the internet reducing bandwidth needed to backhaul to central Firewall, this is called Split Tunneling.
Simpler management usually from a Cloud based Dashboard
Zero Touch provisioning is commonly available for simpler installation
ASK YOURSELF THIS:
Is using the internet for corporations secure?
Can I use my existing Firewall for SD-WAN?
How does SD-WAN work compared to SASE?