What is SD-WAN? | SD-WAN Defined & How it Works

SD-WAN definition: What is SD-WAN?

SD-WAN, in a nutshell, is the application of software-defined networking (SDN) technology to wide area network (WAN) connections.

SD-WAN improves on traditional WAN by managing the networking hardware with a software based controller, which can be hosted in the cloud. This makes it simpler to manage and operate the network, as equipment can be controlled and configured from afar through software – without the need to send engineers onto the site.

It opens up the possibility for businesses to use low-cost Internet connectivity to partially – or entirely replace their existing MPLS connections.

Background: LANs, WANs and VPNs

To understand the context for the boom in SD-WAN, it’s helpful to provide a refresh on corporate networks and the technologies that underlie them.

Corporate networks are made up of local area networks (LANs) linking computers and servers inside buildings over dedicated wiring, and wide area networks (WANs) which connect different sites and offices across the “wide” area.

WANs usually involve telco or service provider (SP) infrastructure of some sort, as enterprises don’t generally own long-distance cables or radio networks. For many years, the fundamental building block was a “leased line” or “private circuit”, provided by telcos to corporate customers on a rented basis. Despite transiting the public network, these connections are still referred to as “private networks”, as the users own or control the network boxes that sit at the ends of WAN connection.

Virtual private networks (VPNs) are modern variants, that look as though they have dedicated links from place to place, but actually share the underlying Internet protocol (IP) infrastructure by “tunnelling” across it. VPNs can either transit the public Internet, or can be dedicated services provided by telcos/MSPs that use a shared core network, with local access links (“tail circuits”) that connect the VPN to each location. A technology called Multi-Protocol Layer Switching (MPLS) is a prominent form of VPN service offered by telcos.

Most larger businesses now use a mix of different WAN and VPN technologies depending on the requirements for each site of link.

For telcos, the WAN market has always been a good source of both revenue and profitability, even while it has attracted many new entrants intent on cherry-picking customers, by deploying fibre in business districts or long haul between key cities. The constant need for orders-of-magnitude more bandwidth has created its own ecosystem of vendors, standards and channels.

SD-WAN use-cases: what is SD-WAN for?

The are many different use-cases for SD-WAN. The relative importance of these varies hugely by organisation type and size, the applications used, and the extent to which those companies rely on telcos/SPs to manage the network, rather than relying on internal skills.

Some examples of SD-WAN use cases include:

  • Connecting major offices & HQs to each other, or central data-centres
  • Connecting data-centres to each other
  • Connecting branch sites to HQ or a data-centre
  • Connecting smaller regional or international offices into the corporate network
  • Connecting to the Internet, either via a central gateway, or with multiple connections into a number of sites
  • Direct connections to public cloud or hosted services
  • Direct connections to partners or industry-wide networks
  • Remote access for home-workers and mobile users
  • SD-WAN architecture: How SD-WAN works

While there are numerous approaches to SD-WAN, the over-riding characteristic is that it can connect sites using multiple connections from different providers or different types over the public Internet, as well as (or instead of) private connections like MPLS. This allows “dynamic traffic routing”, as shown in the diagram below:


SD-WAN Architecture How It Works

Customer premises equipment (CPE) deployed at each site is connected to a centralised control system, which enables management and provisioning via web portals, direct connections to major external cloud services, and analytics tools.

CPE provided as part of an SD-WAN solution varies widely in capability and sophistication. At a minimum, they are essentially hybrids of routers and WAN optimisers, with in-built VPN capability and some sort of policy management. They may be able to support multiple Internet connections, cellular or even satellite links. Some can host extra security or other applications – which may well be billed as “virtual network functions (VNFs)”, even though they might not conform to the telco world’s definitions and standards.

More information can be found in our report Flavours of SD-WAN: What’s on offer, and which work?

Business benefits of SD-WAN for enterprises: Why SD-WAN?

Enterprises throughout the world are rapidly digitising their operations. Increasingly, the digital strategies they are adopting include the transition of business tools, applications and processes to a ‘multicloud’ environment: involving a hybrid combination of applications and data hosted in one or more public clouds alongside the company’s own private data centres. Digital enterprises require secure access to their applications and data from any location, at any time, via any device and over any network.

Traditional WAN architecture models often do not provide the scale, flexibility or agility required to support this transition. Consequently, these businesses need to look for a new, simplified and automated approach to managing and transforming their WAN.

SD-WAN offers a range of benefits for enterprises that address this problem. In particular, it enables enterprises to:

SD-WAN Benefits

Other benefits of SD-WAN include:

  • Use cheap Internet access to work alongside private/MPLS WAN connections, typically for less- sensitive applications.
  • Get connectivity from multiple suppliers, using multiple physical connections, to remove single points of failure.
  • Short-circuit the path from branch sites to the Internet or public-cloud SaaS services, while maintaining good levels of security and scrutiny, reported centrally.
  • Prioritise certain applications, send them down different paths, monitor performance (e.g. voice-call MoS scores), apply differential security policies and so forth.
  • Monitor the quality / congestion of the various connections in real-time, and dynamically choose which path to select.
  • Send the same data down multiple connections to the far end, and then use the packets from whichever arrives first, to reduce average latency.
  • Allow load-balancing or bonding of private and public connections, either to give extra theoretical capacity, or to provide backup and resiliency.
  • Host security functions, either built-in or downloaded as “virtual appliances”.
  • Provision or modify connections in a “zero-touch” fashion.
  • Get new, remote or temporary sites up-and-running immediately using LTE, while waiting for MPLS or Internet to be provisioned.
  • Support future IoT connectivity requirements across the WAN, both on the device/industrial side, and on the IoT platform / cloud side.

Future of SD-WAN: Where next?

At STL Partners, we believe that SD-WAN under its current definition is not an end in itself. All indications are that enterprises are becoming increasingly cloud-centric, and we see no sign of this trend reversing. SD-WAN will no doubt be a key component of the multicloud ecosystem – but it will require an evolution beyond the confines of what is currently being packaged and sold.

In short, existing SD-WAN offerings are just the first step on a longer journey towards integrated, software-driven WAN operations and networking on a broader scale. Enterprises and vendors planning SD-WAN rollout would do well to consider how that evolution could unfold.

As with any new technology, there are multiple pathways that this evolution could follow – none of which are yet well-understood. STL Partners has identified three emerging evolution pathways, which we explain in detail below. The options are:

  1. SD-WAN used as the first step towards SD-Branch: SD-WAN is deployed as a stepping stone technology towards more advanced, integrated management of enterprises’ LANs and branches alongside the WAN.
  2. SD-WAN sold “as a Service”: SD-WAN starts to be offered as a more fully cloud-based software service, free from vendor or hardware-based constraints
  3. SD-WAN used as an enabling component of edge/IoT platforms: SD-WAN features and infrastructure are integrated with service providers’ edge computing and Internet of Things (IoT) platforms, with sales focus on enterprise automation and process optimisation, rather than the SD-WAN component itself

More information can be found in our recent report, Predicting the future: where next for SD-WAN?

Photo of Yesmean Luk

About Yesmean Luk

Senior Consultant

Yesmean has led and managed client projects with both operators and technology companies across a number of domains, including private networks, telco cloud, network slicing, edge computing and IoT. Before joining STL, she held various consulting roles at Deloitte and IBM. She holds a Global MSc in Management from the London School of Economics, specialising in strategy and international business.

Read more about Virtualisation, SD-WAN & NFV


NFV Deployment Tracker: North America update

The latest update to our NFV deployment tracker that monitors all commercial deployments globally. New deployments in N America are increasingly driven by 5G, with a striking role for open source and telco self-builds.

Published: June 2019

Read more


Virtualisation: Reaching tipping point

A webinar on NFV and SDN. What operators are deploying, what this means, and how 5G is likely to accelerate progress. Based on our unique data on NFV deployments

Live event: May 2019

Register now


Edge business models and how to execute them

A joint webinar with MobiledgeX and STL Partners exploring edge cloud business models and the value proposition for application developers in augmented reality

Read more