What are the advantages and disadvantages of SD WAN?
The main advantages are the ability to self manage, lower TCO, flexible public cloud access, path selection, reporting and consolidated Firewall security. The disadvantages surround lack of end to end QoS and use of lower quality Internet vs MPLS.
Perhaps the most difficult aspect when understanding the advantages and disadvantages of SD WAN is actually the marketing from service providers. In this article, we discuss how some of the output from our data analytics portal is clearly demonstrating that IT teams are looking to differentiate between each software WAN provider vs their own specific business requirements.
The simple fact is that understanding the differences at a glance represents valuable data in terms of positives and negatives. The result saves a huge amount of time and effort wasted on engaging sales within each prospective telco, vendor or provider.
Above. Using Netify to research UK, US & Global SD WAN vendors.
When conversing with prospects during workshop sessions, their initial comments are often based on hype from marketers keen to win business away from MPLS providers. In this article, I’ll attempt to discuss where the real advantages and disadvantages exist to help readers ensure their discussions are based on reality. Our advice is to use the technology which makes sense to meet your requirements.
You can compare the SD WAN market
Instantly compare SD WAN vendors & providers vs your high level requirements.
Netify tools are free from the start.
What are the key SD WAN advantage areas to consider?
1. Businesses are able to self manage their WAN using the GUI provided by software defined services such as Cisco Meraki.
2. Easy to read in-depth statistics provide a level of insight helping to make sense of user and application flow.
3. There is a possibility of cost savings but be wary of vendors suggesting Internet is a total replacement for MPLS.
4. SD WAN offers fast start / temporary connectivity by securing 3G/4G/5G cellular connectivity or Broadband.
5. With application flow and condition based technology, disaster recovery is easier to achieve, especially across cloud-based applications.
6. Security is often marketed as a simple aspect of SD WAN deployment but careful considerations should be made based on all areas of the business.
7. There are more advantages than disadvantages which is to be expected with a new disrupting technology.
SD WAN offers self-managed services
In many ways, the disadvantage of SD WAN revolves around the hype.There is no doubt, software services are enabling businesses to deploy a single capability to meet connectivity and security requirements. And while the configuration of devices such as Cisco Meraki is much simpler compared to previous generation technologies, there is still a level of expertise required. In order, for example, to secure your network, your team will need the knowledge of how applications and user profiles impact the risk vs access.
In other words, while the SD WAN device offers the advantage of simplified portal configuration access, your business is still required to understand the type of profiles to implement. The previous BSD (before Software Defined - I just made that up) deployment of technologies such as MPLS, VPLS and simple IPSec VPN were often outsourced. Your IT team would engage an MSP (Managed Service Provider) for provision of MPLS edge devices with Firewall security from Checkpoint or Cisco. The teams would consult and provide the expertise required to ensure your business was not vulnerable to attack.
SD WAN provides insights into your WAN statistics
Our previous generation networks often leveraged applications such as NetFlow to provide performance statistics across usage, latency, jitter and so forth. While these stats were comprehensive, the portals were often unused by IT teams with access. Why is this? In general, because the stats are sometimes confusing, the portals could answer basic questions about congestion or packet loss but actually reaching the level of detail to understand why was often frustrating. I appreciate these comments are very generalised and we are aware of bespoke NetFlow implementations where reporting is simplified to provide users with the required data.
In the new world of SDN, the portals not only map out connected devices but also allow access to reporting data in a much more logical and simplified manner. One of the most compelling reasons for SD WAN is the ability to relate statistics to the configuration. In the example below, we are able to view the custom performance statistics from a Meraki portal for HQ and branch offices. The level of detail shows everything from the basic information surrounding certain applications to Wifi access points. With this information, IT is better positioned to make changes easily via their software based device. The VPN data flow could be changed to prefer a different circuit if latency, jitter or packet loss exceeds a certain threshold.
SD WAN will save you money vs MPLS
The ‘savings conversation’ advantage is much more than the typical marketing pitch which, as mentioned earlier, revolves around removing MPLS. There is of course truth behind the outcome of cost savings achieved by removing MPLS with low-cost Internet connectivity. I cannot make myself any more clear here; SD WAN is not a new service aimed squarely at destroying the MPLS market place. In all cases, network design is about aligning requirements with capability. Where a robust SLA is required with an end to end traffic prioritisation capability, private data networking remains the only product to meet such a requirement.
However, there is the case to remove MPLS from branch sites where the SLA and support are perhaps not so critical. In order to consider the total cost of ownership (or ROI - Return on Investment), your business should consider the flexibility and time saving caused by implementing software-based services. In addition, vendors are offering single devices with much more capability vs the traditional world of legacy routers including security. The feature-set of WAN and security in one device offers consolidation but also savings from the perspective of IT input and resource.
There are selected sectors where the use of the Internet as the primary source of connectivity is simply not an option. The point to make is that SDN is an agnostic technology, there is no reason why the MPLS CE (Customer Edge) is not SD WAN based.
A disadvantage of the new world of software-defined networking is the hype based on suiting the needs of particular vendors. Our readers need to be mindful of the reason why certain SD WAN vendors are keen to remove MPLS. If a technology company earns revenue from hardware/managed services and they do not own or operate a core network, the less customers spend on technologies such as MPLS, the more they have to spend on hardware, licences or NFV. While SD WAN does position the Internet as an adequate delivery method, there is so much more to consider from fix times to everyday support.
Fast start with any connection
In some cases, your business may require fast start connectivity for last minute projects or where Ethernet delivery is protracted. As SD WAN is well placed to support multiple connectivity types with traffic routing decisions, the choice of 3G/4G/5G and Broadband becomes one of sending traffic where conditions make sense. There’s the ability to load balance or share depending on the best available connectivity.
Our clients often keep up to date cold standby SD WAN devices ready for requirements where connectivity is needed with almost no notice.
Disaster recovery and business continuity
With the dynamic nature of SD WAN, businesses are able to control traffic under certain conditions including complete outage scenarios. The nature of software control means we can invoke DR plans which prioritise applications and/or user types to ensure the business remains operational. If users have to leave a site, connectivity via SD WAN clients could be used with selected apps restricted depending on your IT security policy for users outside of the office.
A disaster or outage will often result in different plans from complete removal of an office location, perhaps a floor or the complete building to network issues creating intermittent problems. Unlike network deployments of the past, software WAN services offer policy configuration to meet fairly granular demands.
Granular security in one device
It is common today to witness traditional routers not receive an update for months on end. In some cases, the config version is out of date for more than a year meaning any security vulnerabilities will not have been patched. SD WAN providers offer more visibility into the network than ever before with granular easy to understand data on application and user behaviour. However, there is still a need for IT security staff to thoroughly understand the implications of making changes. In many ways, the security flexibility of SD WAN is perhaps a disadvantage if not managed correctly. With more power, there should be more responsibility to ensure whatever configuration is deployed, the potential ramifications are well considered.
If we revert back to marketing, vendors are pushing ‘zero-touch configuration’ across the Internet as a major benefit. What occurs is a generally hands-off approach to networking because ‘it just works’. It is also true that not every SD WAN service is equal with some offering simple packet inspection and others offering a more robust feature set. If you have the expertise internally to understand user profile and application flow, SD WAN offers tremendous deployment speed advantages. Whatever the case, security is one of the major discussion points at EVERY presales meeting we are involved in.
There are more advantages than disadvantages?
Absolutely. With any new technology, the services are designed to iterate and improve upon capability. In many ways, the disadvantage of SD-WAN revolves around the hype. With marketing suggesting a single device is able to perform everything required using almost no deployment involvement, there is a risk that IT teams become complacent believing there is no need to spend on MPLS or dedicated Firewall security.