Software-Defined

Wide Area Networks

June 19, 2017
Thomas Lam

5108 Fourth Ave thlam@csumb.edu

Marina CA 93933 sdwan.weebly.com
Executive Summary
Globalization, digitalization, convergence, mobility, and cloud services and applications are all
revolutionizing the workplace and how organizations connect and conduct business. Today, the critical
requirement IT teams have: support new technologies, maintain network security, performance and
reliability and lower costs have become priority number one for business success.

Software-Defined Wide Area Networks (SD-WANs) provide a secure, over-the-top VPN service
that addresses demands for efficient, agile and cost-effective networking solutions. SD-WAN provides
organizations with the tools to remove network complexity, reduce costs and focus on their core business.
SDWAN augments a traditional MPLS network with broadband by combining classic WAN
technologies with Software-Defined Network (SDN) features bringing more intelligence to the way all
traffic is transported across the network. This is enabled by intelligent appliances at branch locations and
a centralized service controller platform in the cloud.

SD-WAN products typically include:

Non-complex CPE SD-WAN software will be pre-installed on hardware

Zero-touch provisioning hardware can be deployed and self-configured (via a centralized
orchestration platform) at a branch without a truck roll and without local IT resources
Application-awareness to ensure the highest quality experience, routing decisions made at
the application level and are based on business policies defined by the consumer
Detailed WAN & app visibility performance reporting and overall solution health provided
via an online portal and at the application level
Policy-based, dynamic & intelligent traffic steering for multi-path/multi-homed solutions,
branch traffic can be load-balanced across multiple connectionsortraffic can be steered
across the most appropriate path based on business policies and network conditions
Centralized control/orchestration single, centralized platform for configuration
management, business policy definition and performance reporting across the entire SD-WAN
Transport agnostic & intuitive hybrid WAN support SD-WAN solutions can be deployed
over varying connectivity options (Ethernet, DSL, Cable, Fixed Wireless) and support hybrid
WAN scenarios in which a branch location may have both private and public network
connectivity

SD-WAN solutions are extremely flexible and allows enterprises to take advantage of all the
associated benefits within a multitude of networking environments. Networks can include a mix of public
and private network platforms as well as a mix of access types including Ethernet, broadband (DSL,
cable) and fixed wireless data. Whatever the network transport design, the SD-WAN creates a secure
overlay network that brings more intelligence to the way that traffic is transported across that network.
All of this is enabled via intelligent edge devices at your branch locations and via a centralized service
orchestration platform in the cloud.
Table of Contents
I. Introduction ................ Error! Bookmark not defined.
II. Next-Gen WAN Requirements ........................ Pg 7
III. Background ................ Error! Bookmark not defined.
IV. History ........................ Error! Bookmark not defined.
V. Problem....................... Error! Bookmark not defined.
VI. Solution Overview....... Error! Bookmark not defined.
VII. Connectivity ................ Error! Bookmark not defined.
VIII. Routing ..................... Error! Bookmark not defined.5
IX. Reliability .................... Error! Bookmark not defined.
X. Cost ............................. Error! Bookmark not defined.
XI. Management ............... Error! Bookmark not defined.
XII. Conclusion .................. Error! Bookmark not defined.
XIII. References................... Error! Bookmark not defined.
XIV. Appendix..................... Error! Bookmark not defined.
XV. P .................................. Error! Bookmark not defined.
XVI. Cited References ......... Error! Bookmark not defined.
XVII. Appendices ................. Error! Bookmark not defined.
I. Introduction

Organizations, businesses and other large entities rely on communication between their locations.

These locations vary in size based on its function and amount of staff based at the site. These locations for

an organization can be retail stores, branch offices, laboratories, headquarters or even data centers.

Regardless of their individual functions, these locations must be able to communicate with other locations

within its organization. They must be able to send data, exchange information and other communications

such as voice calls between each other in todays modern world to stay current. This interconnectivity

between locations is what is known as a wide area network (WAN). Today, many large organizations

including large companies such as Fortune 1000s to small-medium sized businesses are looking for

improvements for their WAN to help them reduce costs and lower complexity.

One of these companies that has published its case study as it transitioned from a standard,

traditional wide area network to a software-defined WAN is Agilent Technologies. Agilent is a research,

development and manufacturing company which specializes in solutions and products for the entire

laboratory environment such as software, chemicals and instruments. Their products are focused on the

entire lifecycle and ecosystem of laboratories. Agilent was founded as a spin-off from Hewlett-Packard in

1999 as a successful startup from within a larger multinational IT company of HP, the IPO (initial public

offering) of Agilent stock was the largest in the history of Silicon Valley at the time. To this day Agilent

continues to grow as in 2016 they exceeded $4 billion in annual revenue. Pascal Heger is the Global

Network Architect responsible for ensuring and enabling their 12,000 employees in their 120 sites spread

out over 30 countries to communicate with each other as one functional entity.

Heger and Agilent Technologies use a product from their lone ISP (internet service provider)

called MPLS which allows sites with a MPLS circuit to establish a private connection back to their

particular service providers private cloud network. MPLS (Multi-Protocol Label Switching) appends

labels to identify each data IP packet on its destination and source to route it through the service

providers backbone network. This private cloud is secure and has no connectivity to the public internet

which secures traffic for the company by separating it from the internet where hackers and interceptions

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 3

may reside. MPLS also offers a higher-level of performance compared to other transport methods such as

broadband, wireless 4G LTE or DSL internet. The problem with these other modes of connection when

used for WAN access is that they suffer from congestion as they are shared with other customers. They

are impacted by frequent outages with no remedy whereas MPLS is built on diverse and redundant fiber

and backbone paths for maximum survivability. Service providers also include a SLA (service level

agreement) which guarantees a certain level of performance on that circuit such as committing to 99.99%

of uptime or low latency. Other metrics are also guaranteed at different levels such as jitter and packet

loss at low measurements. Packet loss is simply as it sounds, it is the loss of IP data packets when

transmitted over a wire. When packets are lost, it increases the sending and receiving time as the receiver

must notify the sender that they never received packet #4 and it must be re-sent. Jitter is the variation in

the delivery of data packets. If data comes in at highly unpredictable intervals, real-time applications such

as voice and video will experience choppy and delayed performance as certain words or images come in

too late for a response from the other party.

As reliable and high-performing MPLS connections are, they do come with drawbacks that are

now becoming more visible in organizations. MPLS circuits often require 120 to 150 calendar days to

provision. This leads to opening a new location to require months of lead time before it can be functional

and tied back to the rest of the WAN. MPLS often times becomes a bottleneck for organizations as

smaller branch offices to even access the general internet, have to route securely over MPLS to a location

such as a data center with firewalls and security solutions in place before ultimately allowed to enter the

internet. Even basic services such as social media or internet content is deemed by end-users to be too

slow. Pascal Heger confirms this slowdown to exist in his own network environment before transitioning

to SD-WAN, look[ing] at the MPLS footprint we tend to break out our internet traffic today in the

MPLS cloud within region and we run all our traffic through a full suite of security tools there. Business

partners and 3rd party suppliers are also unable to connect to their customers such as Agilents private

MPLS network due to security compliance as well as requiring each partner to maintain their own MPLS

circuits to at least one location for connectivity.

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 4

 MPLS is also considerably more expensive compared to internet circuits. Even an internet circuit

from a Tier 1 ISP such as Sprint, Level 3 and Verizon that comes with MPLS-like SLA guarantees are

significantly more expensive compared to lower tier offerings such as broadband and business internet.

100 megabit internet circuit for a residential user averages to around $80 a month whereas an enterprise-

grade internet connection can be $1500 a month. Heger notes this in his proof of concept findings that

they saw 85% to 90% cost savings when measuring cost per megabits for each location while drastically

improving their bandwidth capacity by being able to replace MPLS links with internet connections and

still achieve the same performance. For their Englewood Colorado location, they had an 8mb circuit

which cost them $1,836 a month and averaged out to $229.50 per megabit. They were able to replace that

8mb with a 50mb internet connection for only $1,013 which net out to only $20.26 per megabit. This was

an overall savings of 91.2%. This scenario was common as they noticed the same in their other locations

such as Boulder and Colorado Springs, Colorado where 20mb MPLS for $3293 was replaced for 50mb at

only $1,251. Colorado Springs achieved similar results with replacing a 615mb bandwidth circuit using

MPLS totaling at $47,363 to 200mb at only $1,560. This is over 85% in cost savings. Agilent

Technologies spends $720,000 a month on just MPLS bandwidth and connections. This does not include

the equipment, IT personnel or management to make this wide area network possible.

To further exacerbate this problem, mission-critical locations that must have 100% uptime such

as the headquarters or data centers will even need to order and provision two or three MPLS links to

further increase costs but MPLS circuits cannot be configured in an Active/Active manner to leverage

both circuits and its bandwidth simultaneously. In todays world, multiple circuits at one location can

only be deployed in an Active/Standby manner in which the standby circuit is never used unless the

primary is down. This leads to many companies having bandwidth and circuits standing by idle but still

costing them money in telecom expenses. Backup circuits become cost prohibitive and organizations must

debate internally whether a location is important enough and if they are financially able to protect them

from an IT stand point. Heger confirmed before SD-WAN, they were only able to provide fully diverse

and redundant circuits in 12 of their sites to achieve 100% uptime and reliability. Now that they are

transitioning to SD-WAN, they would like to increase it to at least 75% of their total 120 sites if not all.

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 5

II. Next-Gen WAN Requirements

To understand the limitations and evolution of the wide area network, it is important to start at the

beginning. It is critical to understand the drivers and mandates from leadership and architects such as

Pascal Heger on what is wrong with the WAN today and what their definition and requirements for a

next-generation WAN should be. These next-generation WAN requirements include zero touch

deployment of new sites, reduce cost, supporting transport agnostic solutions, enabling an application-

aware network, centralizing control management, increasing security, better support real-time

applications such as voice and video, provide access to public cloud computing services, prioritize

business critical applications and increase reliability.

It has become more common that CIOs want a new branch up and running in a few days. The

office should have been connected to the rest of the WAN yesterday. Circuits must be installed as soon as

possible. The interval to activate a new location on a wide area network is lengthy. Circuits to a new

construction site or existing office solely depend on the fiber and infrastructure currently available at the

premise. If it is a location that is a hub for technology such as Silicon Valley in San Jose CA or Singapore

then one can expect the infrastructure to be ready from day-one and be proposed a short interval for

installation. But what about cities that are not as well known? What about a town in Idaho? Or a city in

North Dakota? Or even on remote locations such as the islands of Fiji where internet services are not as

ubiquitous? Then an organization can expect high construction costs to lay out cable facilities and with it,

a long interval time for services to be ready. Broadband connectivity provides a faster turn-up. 4G

wireless LTE is often available near-instantaneously as long as the site is close to a cell tower and a

wireless modem device is on hand. Not only is the circuit lacking to complete deployment but local IT

resources must be present. These technical engineers and technicians are often flown and sent on

assignments to activate new branches which further elevates cost as well as dependency on a few select

individuals.

MPLS and dedicated internet is more reliable and better performing but obviously not cost-

effective. Organizations must conduct internal reviews on cost of ownership and return on investment for

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 6

business-grade connectivity. 100mb for home internet is $80 a month whereas enterprise-grade internet

will set one back $1500 a month. Many organizations run their MPLS network at some, if not all their

branch locations. As the MPLS links are being used to backhaul basic internet traffic, it creates a waste of

resources in MPLS bandwidth capacity. For a majority of organizations, much of the traffic is already

internet-bound due to increased cloud-usage. Therefore when backhauling internet traffic over an

expensive MPLS service it adds latency and puts additional utilization on the MPLS circuits which are

already limited due to capacity and cost.

Organizations need to be able to use WAN transport regardless of technology, so this includes the

support of both wired and wireless as well as public and private transport. So one can use broadband,

DSL, MPLS, fiber or even wireless 4G LTE, fixed wireless or satellite. These are access technologies but

the underlying transport may go to either the public cloud such as the internet or a private cloud such as

MPLS. SD-WAN solutions enable networks to be deployed over varying connectivity options and

support hybrid WAN scenarios in which a branch location may have both private and public network

connectivity.

The entire network must be application-aware. Applications should not take the route just because

it is available but the route that best meets the requirement of the application. Applications that are

sensitive to degradation such as jitter should prefer steering its routing over circuits such as MPLS links

as opposed to broadband to ensure optimal performance.

Management must also be centralized. Todays management is highly de-centralized as devices

must be configured separately and retain completely unique and different profiles. Businesses today

maintain a device terminal which has information on each router in its environment but it still requires

engineers to individually log in to each device to conduct changes. Organizations need a platform where

they can log in to as a single pane of glass management portal and conduct monitoring and updates from

it. This platform should be able to pull reports on the network and application performance in a real-time

manner. Updates and changes should be done on this platform so any configuration changes will be sent

to the devices that need it seamlessly.

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 7

 Why cant we solve these challenges today? The technology has simply been lacking for the past

decade. Organizations have grown comfortable with MPLS and other routing technologies. But routing

protocols today are not application aware. They only care for establishing connections and exchanging

routing information. Routing protocols do not have visibility on the circuits quality such as if packet loss

or jitter is severe or the very applications being sent over it. Circuits are unable to be operated in an

Active/Active manner today as it can cause routing loops and incorrect route messages being advertised

in the network. Therefore circuits are also unable to aggregate its total throughput amongst each other.

Two separate 10mb circuits should logically function as 20mb total but is not possible with todays

technology. Using cheaper or commercial-grade internet connections to replace MPLS is also not secure

and also suffers from lack of performance and reliability compared to MPLS and private connections.

III. Background

A network is a group of interconnected things, whether it be people or objects. To enable this

connectivity it requires complex technology in the form of data networking. This telecommunication

between two entities is as simple as three components. A sender device, a receiver device and of course

the medium which connects the two devices. This medium is often a physical cable such as fiber or

ethernet cable to enable data transmission over basic wiring. Network engineers and administrators

understand that when it comes to networks within an organization there are two different flavors and

environments: local area networks (LAN) and wide area networks (WAN).

A local area networks is named for its proximity in that the devices on that particular local area

network are usually under the same roof and building. A LAN for a computer network can be an office

building, university campus or even our own residence. The devices in a LAN can be printers, fax

machines, workstations, laptops, switches, routers and servers that all resides in the same location. One

can look internally at their own home as they realize they have a cable modem, tablets and even

televisions that are connected locally to each other in their own homes. To connect devices on a local area

network is fairly simple as many of us do it and manage it ourselves without even being aware. A few

years ago before the invention of wireless Wi-Fi, consumers had ethernet cable sprawling in their homes

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 8

to connect devices to each other. Wi-Fi has eased this burden and removed many of the wires from our

homes as physical restraints. Before the days of Wi-Fi, one had to deploy equipment such as switches and

hubs to enable local communications by acting as a centralized point to share how to route between each

other.

Unlike the world of wireless mobile data, the wired WAN has remained stagnant for the last 15+

years with little to no improvements. The evolution of cellular services have started from 1G which

includes AMPS, NMT and TACS but only supported analog voice as traffic. The next evolution became

2G which used D-AMPS, GSM/GPRS and cdmaOne. 2G allowed both voice and data to be transmitted at

0.5 Mbps speeds. End users and the industry sought to improve which led to the creation of 3G

technology based on CDMA2000, EV-DO, WCDMA and HSPA+. 3G has seen 63+ Mbps bandwidth

speeds and was capable of supporting mobile broadband applications such as streaming media in the form

of audio and video as well as images. It was only a few years later that 4G LTE was launched in which

most people use today due to the capabilities of smart phones. Speeds up to 300+ Mbps were available

which delivered richer content. Previous video media was now capable of being delivered to end users in

full high definition in the form of 1080p. Clear audio and music was sent down to mobile devices in the

palm of our hands. All while this evolution in mobile connectivity grew and evolved in this 15 year span,

the wired side of data services in the wide area network remained untouched

IV. History

The field of data networking has seen dramatic change over its short history. The first technology

to be adopted in a large deployment manner was ATM, Asynchronous Transfer Mode in the 1980s. ATM

was a game-changer in WAN networking. It supported various multimedia traffic such as voice, video

and data or even a combination of other services over a single transmission. It was capable of even

supporting high speed throughput in Mbps and possibly reach Gigabits per second speeds. But ultimately

it had flaws that led to engineers and the industry looking for a better alternative. These flaws included

the inability for its data connections to establish and maintain quality of service (QoS) which allows

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 9

certain applications to be prioritized over other programs that are not deemed as mission-critical such as

prioritizing video applications over less important email traffic to avoid video buffering delays.

In 1992, a new Wide Area Networking (WAN) technology was introduced in the form of Frame

Relay. Frame Relay was cheaper to deploy compared to ATM and was capable of supporting protocol

independence by supporting various applications regardless of its underlying protocol. It also supports

automatic re-routing in the event of a virtual circuit suffering an outage without human input or

administration. But Frame Relay had major disadvantages as well such as bandwidth speeds and

connectivity topology. It was only able to support Time-Division Multiplexing (TDM) speeds such as a

T-1 of 1.5 Mbps and DS-3 which was maxed out at 45 Mbps. Frame Relays biggest weakness resided in

how it created its routing topology. It restricted nodes on a network to a hub-and-spoke topology. A hub-

and-spoke topology is similar to what we see today in airports around the world. While larger airports are

considered international airports due to its size as a hub location such as San Francisco (SFO), Los

Angeles (LAX), and Chicago (ORD). These larger airports often act as hubs for smaller airports in its

region. For example, Los Angeles international will serve as the hub for its surrounding smaller airports

such as Santa Ana, Van Nuys or Torrance airports. These smaller airports have to reroute and send their

flights often to a larger, hub location before the flight can reach its final destination. In Frame Relay and

data networking, this is also true as smaller offices that may house a smaller amount of employees and

staff ranging from 10 to 50 employees will have to send its traffic to a larger hub location such as the

companys headquarters or a data center before it can acquire its routing information to reach its final

destination. Requiring locations to reach a hub before reaching its end destination is seen as ineffective as

it increases delay in sending the traffic as well as not using the bandwidth at the hub locations effectively.

The circuits at the hub locations are then utilized twice to accommodate both the incoming and outgoing

traffic for its smaller branch offices. Network engineers wanted a solution that would bypass hub

locations and even allowed offices to connect to any other office on its network directly without notifying

a hub.

In 2004, this solution came in the form of MPLS (Multiprotocol Label Switching). MPLS was

created in response to business and organizational needs for any-to-any connectivity, especially for voice

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 10

applications as it reduced the delay in receiving voice data packets by no longer requiring transport over a

middle-man location first. As its name implies, MPLS simply adds labels to each data IP packet similar to

what shipping companies such as UPS and FedEx do to accomplish sending its packages to the correct

location. MPLS enables all locations within an organization to be bridged under one fully meshed

environment in a service providers private cloud. The service provider is then able to inform every

location how to reach any other location within that organizations network. MPLS is still the leading

WAN technology today and many major companies continue to use it. MPLS was able to address the

faults that ATM and Frame Relay could not by offering end-to-end (QoS) from site to site in the form of

CoS (Class of Service). It even supports a vast range of bandwidth options ranging from 1 megabit all the

way to 10 gigabit speeds which Frame Relay and ATM lacked.

V. Problem

As widely adopted as MPLS is today and how it has become the industry standard in terms of a

WAN technology, it still can be improved upon in the eyes of developers who seek to continue the wide

area network evolution. The sheer amount of technological advancement in regards to cloud computing,

mobility, voice, video and convergence has to the creation of Internet of Things (IoT). As more and more

devices need IP addresses so they are reachable on the public internet such as refrigerators, cars and other

smart devices, it becomes evident that our network backbones must change to accommodate this growing

space.

The current WAN environment is a complex one due to newer technologies. While MPLS is

secure and reliable in that it keeps traffic and routing on a private network, it does not have on-ramp for

organizations to reach cloud services that are hosted on the public internet from their private MPLS cloud.

This in turn leads to hub-and-spoke designs similar to previous Frame Relay iterations as large data

centers now become the on-ramp for remote offices to reach. An alternative solution is that each branch

office of a company will have to create its own virtual private tunnel to reach cloud services and providers

such as Amazon Web Services or Microsoft Office 365. This creates more administration tasks for

network engineers as well as add complexity.

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 11

 Redundant designs are also more expensive and difficult to maintain as one location may have a

MPLS circuit and a broadband internet circuit. While the MPLS circuit is the best performing connection

as it has SLAs (Service Level Agreements) in which the circuit provider guarantees a certain level of

performance as opposed to cheaper broadband internet circuits which are only best-effort, it is still

difficult to configure the two circuits at a location to failover or share bandwidth between each other.

Todays router technology allows only an Active/Standby configuration in which only one of the circuits

can be used as the primary and in the event the primary link is down, then may the secondary connection

be failed over to and used. This leads to expensive designs as the backup link cannot be used in the

preferred Active/Active design for simultaneous load sharing of traffic.

Applications in todays WAN also do not have the level of visibility developers and engineers

would like to see. The way IP packets are routed today is based on IP addresses and subnets. Routers

route purely based on source and destination. This address information is captured in the header

information section of an IP packet but it is the only sole information used to make routing decisions. In

an ideal world, organizations would like to monitor each application and how it performs on the network.

Organizations also want to be able to use their applications with any wide area connection whether it be

DSL, MPLS or broadband.

VI. Solution Overview

Every WAN transition starting from the early days of basic private lines to ATM to Frame Relay

to even todays current MPLS has been driven by the organizational and business needs to achieve

scalability, simplicity and cost savings. Technology evolves constantly. We see this in more well-known

and common fields of technology such as in the realm of media and data storage devices like VHS, DVDs

and Blu-Rays. As the advancement of technology evolves, it always leaves behind its predecessor such as

Blu-Rays replacing DVDs which in turn replaced VHS. The field of networking is seeing the exact same

evolution as obsolete products and services are relegated to museums in the same way floppy disks are no

longer recognizable by children today.

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 12

 This next evolution of WAN architecture is now available as Software-Defined WAN (SD-

WAN). The ability of SD-WAN to integrate software into networking is an advancement that has not

been done before. SD-WAN has added unprecedented visibility, agility and flexibility into the way

networks are viewed, built, managed and monitored. SD-WAN is changing the operational and

organizational job functions of network engineers. SD-WAN is leading to many organizations to rethink

their network architecture and design as to how they can capitalize on this new cutting edge technology

for their environment. SD-WAN can replace private cloud technologies such as MPLs entirely or

augment those private cloud services by adding broadband to bring more intelligence to the way all traffic

is transported across the network. This is service is enabled by intelligent edge devices at customer branch

locations and a centralized service controller platform that is hosted in the cloud.

According to Gartner Research, Inc. which is the leading advisory boards for IT which many

CIOs, IT leaders and decision makers consult with, they have come to a conclusion that for a product or

solution to be considered SD-WAN it must meet four criterias. Firstly, they must support multiple

connection types such as MPLS, internet, LTE. Second, it must be able to support dynamic path selection

to allow load sharing across multiple WAN connections. Third, it must provide a simple interface for

managing the WAN and include zero-touch provisioning and be as easy to setup as a home Wi-Fi. Lastly

it must support VPNs (Virtual Private Networks) to ensure the solution offers the same levels of security

as well as support 3rd-party services such as WAN Optimization, firewalls, web gateways and other

services.

VII. Connectivity

The wide area network to the end user of an enterprise sized organization is viewed as simplistic.

They see the WAN architecture as basic pipes in and out of an office. They understand it connects to a

data center and there may be internet connections but that is as far as most end users will understand of a

network design which in reality is far more complicated. The reality of a real-world deployment of a large

scale WAN to an experienced network engineer is much more complex. Those experienced in networking

understand that there is a vast amount of components within that diagram of a single, lone cloud. There

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 13

are firewalls, routers, acceleration appliances, Wi-Fi access points, load balancers, probes, monitoring

equipment and many more items that make the magic of world-wide instant communication possible. It

therefore becomes difficult to make changes and updates to a network as frequently as engineers would

prefer. Changes that were needed to be made must go through complicated bureaucracy with other IT

personnel and departments for approval. Updates to software and patches needed to be cleared with

security and compliance beforehand. Organizations need a simplified process and method to deploy and

manage their WAN. Thus SD-WAN was born out of this necessity.

End users do not see the underlying technology used to physically connect their digital services.

This physical connectivity is often deployed in the form of fiber, ethernet, TDM or private leased lines,

wireless 4G LTE or coax. SD-WAN appliances and products must support all methods of access type and

integrate them seamlessly. Some businesses such as construction or retail need to activate new or

temporary sites quickly and within a few days notice. In these scenarios, it is not realistic to wait three to

four months for a MPLS line to be delivered or even a few days to schedule a local ISP to dispatch a

technician to turn-up internet services. This is especially true for temporary locations where service

providers may require a minimum of 1 year of service for their connections. Should an organization

disconnect and terminate the service before their commitment is met then the provider can enforce early

termination penalties on them. As this is not ideal from a financial ramifications perspective,

organizations will wish to pursue leveraging wireless modems and devices often with USB ports to

connect to SD-WAN appliances to bring up new locations instantly.

VIII. Routing

In todays networking world, routing protocols are used to establish sessions and neighbors for

data transmission. These routing protocols are a standard for how routers communicate with each other to

share information on how to select the path between any two nodes on a network whether it be a large

global company or for residential consumers to reach their favorite website.

The standardized routing protocols used today are not application aware nor path quality aware.

Routing protocols such as BGP, RIP, OSPF and IS-IS establish their routing information through

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 14

discovery. The routers must discover other routers on the network and then manage all the routes within

its routing table to use and then sort and prioritize certain routers for best path determination to ensure the

optimal path is used. IP addresses are used by routers to share within their routing tables they hold in their

storage memory. Routers do their best to understand and make determinations on the best path. This value

that is used by routers to make routing decisions is known as metrics. Metrics are based on various factors

such as the amount of hops to get from point A to point B. Bandwidth on the circuit and considering any

administrator values to manually alter its preference. Therefore routers are not aware of the actual

application being sent over it. Service providers and network administrators can make intelligent guesses

on the content their users are browsing based on the destination IP address but not to the actual

application being encapsulated inside the data packets. On the same concept, IP addresses themselves also

do not help a router determine if a route is of good or bad quality. Routing technology today builds route

based learned IP addresses in the network. If a route is learned properly but the circuit for that very

connection degrades at a certain time, the router will still attempt to send traffic over the route as it

believes it is a usable path. If the circuit on this path is in an unstable condition in that it is bouncing up

and down, the routers do not see this as an issue and will send traffic as if no issue is on the line. This

scenario is known as a brownout scenario and is difficult for routers to remediate and have visibility to.

Blackout conditions are supported today by routers as they are hard down statuses and routers have an

easier time in seeing this behavior and then marking that path as now unavailable.

When it comes to SD-WAN, it is critical for one to understand that there are two layers of the

network. SD-WANs goal is to add an overlay network over the existing WAN network. This separates

the control and data plane from each other so routing and change management are on separate layers. SD-

WAN solutions effectively divide and separate itself as an underlay routing. This underlay is todays

traditional routing topology where routers learn each others routes through circuits and announcements.

An overlay is the intelligence brought by SD-WAN. An overlay is simply adding routing features on top

of the underlay. The overlay effectively makes the entire WAN appear to be on giant router where each

location has its own interface to get out and send information to as opposed to operating as multiple,

separate routers.

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 15

IX. Reliability

SD-WAN solutions are also capable of offering continuous link monitoring by polling each

circuit constantly in a sub-second manner. The interval differs based on SD-WAN vendor but the typical

tests are done in the range of 100 milliseconds to 500 milliseconds. When a degradation to a circuit is

noticed in the monitoring, the appliances automatically enable remediation techniques depending on the

circuit issue. In the event of significant packet loss on a circuit, forward error correction can be enabled

for this specific event which will cause data packets to be duplicated and sent out multiple times on the

circuit in a redundant manner so the device on the other end of this transmission session will receive

multiple instances of an IP packet. The receiving device is then able to identify through the marking of IP

packet headers whether it has already received packet #50 for example. If it already has received this

particular data packet, it will ignore and discard and move on to the next. This remediation ability can

overcome large amounts of packet loss but obviously this is not a feature that should be enabled

permanently as it can cause additional utilization and queuing due to duplicate packets being sent out.

While forward error correction is used for brownout scenarios where the circuit degrades but is not in a

full outage (blackout), software also enables applications and data to link steer by using an alternate

circuit. When the polling of a circuit fails and shows it is hard down, it is intelligent enough to redirect

traffic to a backup circuit if available.

For voice traffic, a different technique is used in the method of jitter buffering. Voice traffic is

real time and cannot suffer from delay. If a voice packet takes too long to reach a location, the end-users

are often left with a voice call that is choppy and broken. Most people can identify with this problem from

personal experience as we find ourselves asking the individual on the other end to repeat what they had

just said. Therefore when jitter, also known as packet delay variation (PDV) is introduced to a circuit

during a voice call, it can create that choppy call experience. SD-WAN can remedy this issue by enabling

jitter buffering. When the packet arrival is not static and varies drastically, it can space out the receiving

and processing of these voice packets so it smooths out a voice call. It may appear that the person is

speaking slower but this improves the end-users experience when using the application. This is achieved

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 16

by reordering the packets in a proper manner to reassembling the packets in an understandable flow. SD-

WAN through the use of intelligent software can identify the instances where these circuits will degrade

and only enable the features during these periods and in return, disable them when the circuit becomes

stable once more.

Certain vendors in the Software-Defined WAN space are able offer even better protection against

link degradation through the use of intelligent link and traffic steering. Traffic sessions in todays

networking is based and built only per-flow technology. This means that once a transmission session

such as a voice call or a file transmission is conducted, it builds a logical connection between the two

endpoints but pins that session on one physical circuit such as a DSL circuit. Should this DSL circuit

being used fails by having an outage, then all sessions including the voice call will be dropped and

disconnected. A new SD-WAN feature is to establish connections using per-packet steering. As

opposed to restricting a session to route over one circuit, packets can dynamically and automatically steer

to a 2nd available link as the session is built end-to-end on appliances that belong to a particular vendor.

This interoperability enables both appliances to know both endpoints and the circuit paths available to

them and if either side suffers a degrading or outage on the circuit, to steer packets away the bad

connection. This enables session persistency and retains the call without the users experiencing an outage

situation by having to reestablish the call.

X. Cost

SD-WAN is not necessarily cheap when compared to existing products for networking such as

routers and other appliances but its advancement in leveraging new and existing technologies helps user

achieve cost savings. This is done by lowering the bandwidth on more expensive MPLS circuits or simply

replacing MPLS circuits entirely with cheaper internet circuits. Organizations often times will see 50-60%

savings on their telecommunications bill. Organizations can also use MPLS for routing private traffic

such as corporate applications and sensitive data such as customer information but leverage the bandwidth

on cheaper broadband connections for non-critical traffic such as email, web surfing or as a back-up to the

primary link. As SD-WAN appliances are also more reliable due to its reliance on actual software to make

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 17

routing and processing decisions as opposed to sheer CPU power in legacy routers, it is less prone to

failure and will require less maintenance over its lifespan compared to routers today.

XI. Management

The appliances or devices that must be deployed at the sites should be lightweight with preferably

configuration through a graphic user interface (GUI) compared to configurations done in a command-line

interface (CLI). Command line has been traditionally the method for technicians, engineers and

administrators to log in to devices and make changes to it but they require extensive knowledge of the

programming language beforehand while simultaneously demanding that personnel to also know how to

make the changes they need into the platform. A GUI method allows engineers who may know the

routing techniques but may lack the knowledge to use a new system to make the changes they need

without spending hours in manuals looking for the right commands.

The configuration on active routers today are also static and local to the device unless backed up

via storage options such as physical drives or cloud storage. Should they be backed up, they also must be

manually pulled from the device. SD-WAN stresses a centralized model in which a centralized platform

that acts as the overlay controller retains all configuration information and automates the extraction of

these logs to a cloud storage facility therefore if a device is broken or files are corrupted, a new device

can be shipped to the site and the last configuration applied seamlessly without loss. Therefore all

configurations live in the cloud as they are hosted in the internet as opposed to being persistent and only

local to the one device at the site.

SD-WAN solutions often have a controller or orchestrator platform hosted in the internet with

redundant clusters to ensure if one platform fails, there are multiple versions with mirror images to ensure

constant uptime. A cloud-provisioned network SD-WAN appliance allows new and existing locations to

download configurations and push changes down to the device itself. IT staff can also build new profiles

and configurations for a location in the controller and assign that location a profile. Once the device is

shipped and installed at the branch office. The device will use its internet connection to call home to the

cloud-based orchestration platform to pull its configuration. This is known as zero-touch provisioning and

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 18

reduces the need for a IT truck roll to deploy new locations and also requires less if any, technical IT

resource at the premise to activate a new office.

Management tasks will also be streamlined such as in the form of self-learning abilities built into

the appliance. The appliances should be able to conduct bandwidth tests on new circuits that are plugged

into the device. This will help the device learn how much bandwidth is possible for use. It can conduct

bandwidth tests on both download and upload in the scenario that the circuit is not symmetrical in

bandwidth but instead is asymmetrical and has different download and upload speeds. This is commonly

seen in broadband, DSL and even residential home internet services where ISPs only advertise the

download speed but will severely limit the upload speed. The service provider on a circuit can also be

automatically discovered by conducting a reverse IP address lookup against internet databases to extract

the provider and add this information to the management portal.

SD-WAN devices therefore must be able to function as a Swiss-army like device in the

networking world. These devices should be easy to configure as a home router. As a router-like device,

they are capable of being swapped in lieu of existing routers today or capable of co-existing within

existing LAN environments behind a designated WAN router to make routing decisions before handing

off the WAN router. As a possible router replacement, it must therefore have interfaces on the device

such as standardized ports such as Gigabit Ethernet interfaces to support common terminations such as

RJ45 copper cables or include SFPs, also known as small form-factor pluggable transceiver which are

capable of accepting fiber cable connections. Similar to residential home routers and modems, it must

also have multiple switched ports to connect local area network devices such as computers, phones and

other networking devices onto it as a central hub device.

XII. Conclusion

Software-Defined Wide Area Network products bring simplicity, efficiency and in most cases

will cut costs to the entire network oversight. SD-WAN as a service has demonstrated success in these

recent years as it helps organizations manage complexity and network costs while simultaneously

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 19

providing increased agility and security. Migrating to SD-WAN enables companies and businesses to

simplify network management and improve performance. As an overlay solution, SD-WAN accelerates

deployment and management of an enterprises WAN from a central location. As companies continue to

develop and advance their SD-WAN offerings to enable more features and abilities, organizations will be

able to rapidly deploy this new emerging technologies.

Technology is changing the way businesses conduct business and connect employees, customers

and partners. Businesses must evolve over time to remain competitive and relevant in their markets.

Now, more than ever, businesses are dependent on their network to stay connected and competitive.

Software-Defined Wide Area Networks will help organizations drive ground-breaking flexibility,

efficiency and performance across the network, helping them easily maneuver through the complexities

of a network that must support distributed sites, a growing mobile workforce, and accelerating use of

business applications in the cloud.

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 20

XIII. References

Agilent, Detailed Results on SD-WAN Production Pilot (ONUG 2016). (n.d.). Retrieved June 13, 2017,
from http://viptela.com/resources/viptela-luncheon-speaker-series-agilent/

Bloomberg, J. (2017, March 20). SD-WAN: Entry Point For Software-Defined Everything. Retrieved
June 13, 2017, from https://www.forbes.com/sites/jasonbloomberg/2017/03/20/sd-wan-entry-point-for-
software-defined-everything/#3c668d3446ee

Butler, B. (2017, June 12). SD-WAN: What it is and why you'll use it one day. Retrieved June 13, 2017,
from http://www.networkworld.com/article/3031279/software-defined-networking/sd-wan-what-it-is-and-
why-you-ll-use-it-one-day.html

Gartner: SD-WAN providers to disrupt edge router market. (n.d.). Retrieved June 13, 2017, from
http://searchsdn.techtarget.com/news/450403303/Gartner-SD-WAN-providers-to-disrupt-edge-router-
market

Greenfield, S. G. (2016, November 16). Gartner predicts: SD-WANs to replace routers, but which SD-
WAN is the question. Retrieved June 13, 2017, from http://www.networkworld.com/article/3142053/lan-
wan/gartner-predicts-sd-wans-to-replace-routers-but-which-sd-wan-is-the-question.html

Market Guide for WAN Edge Infrastructure. (n.d.). Retrieved June 13, 2017, from
https://www.gartner.com/doc/reprints?id=1-3X6W6KF&ct=170404&st=sb

Mitchell, B. (n.d.). Top 5 network routing protocols demystified. Retrieved June 16, 2017, from
https://www.lifewire.com/top-network-routing-protocols-explained-817965

Tkatchuk, R. (2017, June 06). The rise of SD-WAN: what does it mean for your company? Retrieved
June 15, 2017, from http://www.networkworld.com/article/3199789/mobile-wireless/the-rise-of-sd-wan-
what-does-it-mean-for-your-company.html#tk.drr_mlt

Software-Defined WAN For Dummies. (n.d.). Retrieved June 16, 2017, from
http://www.velocloud.com/sd-wan-resources/white-papers/software-defined-wan-for-dummies

T. (2012, June 26). Retrieved June 16, 2017, from

https://www.youtube.com/watch?feature=player_detailpage&v=eXsCQdshMr4&t=168

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 21

Meraki, I. (n.d.). Meraki SD-WAN. Retrieved June 16, 2017, from https://meraki.cisco.com/solutions/sd-
wan

SD-WAN Architecture For Industry Solutions | Versa Networks. (n.d.). Retrieved June 16, 2017, from
http://www.versa-networks.com/enterprise/sd-wan/

Software Defined WAN (SD WAN). (n.d.). Retrieved June 16, 2017, from http://viptela.com/sd-wan/

Intelligent WAN - Software Defined SD-WAN. (2016, December 16). Retrieved June 16, 2017, from
http://www.cisco.com/c/en/us/solutions/enterprise-networks/intelligent-wan/index.html

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 22

XIV. Appendix

Benefits of SD-WAN from Traditional to SD-WAN:

Requirements and mandates for the next-generation of Wide Area Networks:

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 23

Hybrid WAN process:

Costs for SD-WAN according to Gartner, Inc.:

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 24

Traffic Steering over multiple WAN connections:

SOFTWARE-DEFINED WIDE AREA NETWORKS - JUNE 19, 2017 25