SD-WAN Architectures
Vendors deliver SD-WAN either as edge appliances or as a service. In both cases, the SD-WAN forms a mesh of tunnels (a “virtual overlay”) across underlying data services. The SD-WAN uses policy-based routing to dynamically steer traffic into the optimum tunnel based on application requirements, business priorities, and real-time network conditions.
Edge Appliances: 1-Part Optimization
Physical or virtual edge appliances sit at every location, connecting to the local MPLS network and Internet access line. The edge appliances establish the virtual overlay end-to-end. Custom policies created at a management platform are pushed out by a controller to the edge appliances. The edge appliances use these policies to route application traffic based on the real-time traffic conditions of the underlying data services. Edge appliances may be deployed directly by the enterprise or, like any other networking appliances, delivered as part of a managed service by a service provider.
SD-WAN edge appliances form an overlay between locations.
SD-WAN as a Service: 3-Part Optimization
With SD-WAN as a service, the virtual overlay is formed among the points of presence (PoP[3] [4] s) in the network core. The PoPs connect to one another across a privately managed backbone. Endpoints connect to the nearest PoP through encrypted tunnels. Should one tunnel or PoP fail, endpoints automatically connect to the next closest PoP.
Endpoints may be simple physical or virtual edge appliances, existing firewalls or VPN devices, or mobile clients. Policy enforcement is generally done in the PoPs and the endpoints, though specific capabilities will obviously vary with the type of endpoint. The endpoints need only select between a few tunnels to the PoP (instead of the full mesh of tunnels maintained by edge appliances). Once traffic reaches the PoP, it applies a range of network optimizations and advanced security analysis and then sends the packets to the destination PoP, selecting the optimum tunnel across the backbone. The destination PoP in turn selects the optimum tunnel to the endpoint.
SD-WAN as a service connects endpoints to an overlay in the network core.
Free Download
How to connect and secure your Data Center?
Practical approaches to minimizing latency and packet loss across the Internet. What are the strengths and weaknesses of four architectures when connecting to and securing the cloud.
