SD-WAN Architecture

Learn about the differences between SD-WAN, MPLS and SASE and the benefits of an integrated, cloud-based architecture with a global PoP footprint versus standalone SD-WAN boxes.

What is the importance of Services PoPs in enabling an SD-WAN?

SD-WAN Architecture is ideally based on a cloud-edge services model that relies on what we term “Services PoPs.” These are sophisticated hardware platforms within the cloud that integrate not only routing and switching, but also compute and storage. This provides a foundation for the deployment of SD-WAN capabilities, different from branch-centric architecture that can’t effectively leverage cloud capabilities, or a less-sophisticated transport PoP architecture that is incapable of supporting the mix of networking and security services.

A Services PoP architecture for SD-WAN also offers a foundation for the deployment of SASE capabilities at the cloud-edge. Link


What is the difference between SD-WAN and MPLS?

One question that sometimes creates confusion is the difference between SD-WAN and MPLS, even if it isn’t really an apples-to-apples comparison. But one way to look at it is that SD-WAN is an architectural concept for network design that is just what the term implies, ‘software-defined,’ decoupling the networking and security hardware from its control mechanism. This contrasts to MPLS which at its core is a networking technology, now over two decades old and forming the foundation on top of which many enterprises ported their applications to an IP infrastructure. Also remember that SD-WAN is capable of leveraging multiple WAN technologies, including MPLS.

Is a connection-oriented technology, hence one which dictates a hub-and spoke network architecture that is ill-suited to accommodate the needs of cloud adoption. Can leverage connection-less transport technologies and traffic can be routed anywhere without backhauling.
Is a dedicated enterprise network with expensive bandwidth and high SLAs. Is one where multiple transport methods can be leveraged: DIA 5G, MPLS, and more.
Is one in which different enterprises’ traffic is separated but not encrypted. Brings fully encrypted tunnels from/to any enterprise site.
Offers high bandwidth cost and suboptimal routing to cloud-based resources. Offers lower costs due to policy-based routing which leverages cheaper transport for some applications.
Does not have built-in elasticity in bandwidth utilization. Can cause traffic bursts can be broken out into the Internet.
Is a CLI-based network operation. Focuses on automation and orchestration.
Can be costly and is slow to deploy, based on CLI-based network operation. MPLS-based networks cannot keep up with the agility of digital business models due to provisioning times. Is ideally based on automation and orchestration – but that promise isn’t always true. Many traditional SD-WAN approaches perpetuate the CLI model with complex policy definition.
MPLS’ hub-and-spoke nature also typically enforces a box-centric security model that cannot effectively secure cloud applications or support emerging hybrid workforce models. SASE ideally integrates a cloud-centric, zero-trust security model. However, this is not true with all SASE vendor models. A solid SD-WAN solution with the ability to deliver on enterprise-SLAs is still the foundation for successful SASE rollout.


How is SD-WAN different from SASE?

SD-WAN is a foundational element of a broader SASE architecture. It is designed to greatly simplify the management of an enterprise’s WAN, which has grown increasingly complex and cumbersome to manage over time as workloads and workforces have shifted dramatically. What is clear is that SASE without SD-WAN for connectivity is a hollow promise.

This connectivity, leveraging a solid and stable network, is what is required to deliver the application performance and productivity enterprises demand. Building on a Services PoP-centric SD-WAN service, enterprises can easily consume additional security capabilities at the cloud edge as they become available. This doesn’t all need to happen at once and can be phased in based on the enterprise’s unique requirements.

There is also confusion between SD-WAN, SASE and MPLS. It is not either-or. It is possible for all to be deployed within the same WAN architecture. MPLS is a transport option for SD-WAN, as is Dedicated Internet Access (DIA) or a private core like that which Aryaka offers and fits within an SD-WAN architecture. SD-WAN provides connectivity for SASE.

What are analysts saying about SD-WAN and SASE?

Depending on who you ask, the size and potential of the SD-WAN market can range from close to $5B by 2023 to an optimistic $40B and more by 2027. But everyone agrees this technology is part of a growing change in the networking environment. Expanding the discussion, when looking at the combined networking and security market, some vendors are beginning to forecast SASE deployments, of which SD-WAN is a component.

According to analyst firm Dell'Oro, SASE—which includes SD-WAN-based networking and SSE-based security components—is projected to expand annually through 2027. Dell'Oro expects revenue to increase from $6.3 B in 2022 to $13.2B in 2027, representing a 16% CAGR

Which enterprise architecture is right for you and your organization?

Does my enterprise need SD-WAN Security?

The real question is who doesn’t need SD-WAN Security. With cloud adoption and the increasing complexity of the WAN, traditional approaches to engineering the WAN no longer offer the flexibility required by enterprises. Enterprises also require service delivery, including security, to be deployed in the cloud where they consume IaaS/PaaS/SaaS. It is an approach that is applicable to any organization irrespective of size, location, or industry, as long as they have begun their journey to the cloud.

How will an SD-WAN solution benefit my enterprise?

SD-WAN delivers the benefits of the cloud consumption model, now applied to networking. In the same way that the cloud delivers scale, global reach, simplicity, scalability, and optimal TCO (Total Cost of Ownership?), freeing IT from just “keeping the lights on,” SD-WAN technology now brings these benefits to networking. It introduces the ease of deployment and consumption demanded by enterprises of all sizes.

SD-WAN benefits reduced operational expenses by lowering training costs and decreasing deployment times, especially when consumed as a managed service. It also helps to optimize sometimes expensive or inefficient WAN connectivity, both by facilitating migration from MPLS as well as by introducing optimization and application policy control that results in more effective bandwidth use.

SD-WAN naturally lends itself to a cloud-first approach for the WAN, enabling and optimizing multi-cloud connectivity – IaaS, PaaS, and SaaS – and depending upon the architecture, automating this connectivity across different geographies for peak application performance. This is a very different approach from previous approaches that relied on IPSEC tunnels and non-optimized MPLS topologies.

When integrated with a SASE deployment, the combination of SD-WAN and SASE bring the benefits of the cloud consumption model to both, spanning both networking and security.