OPENGEAR BLOG

Stay up to date with the latest information on network security,
business continuity, and network availability.

With all the fanfare of a JJ Abrams reboot, cloud-managed SD-WAN is being heralded as the next generation of branch connectivity.  With human-friendly management tools and promising a reliable, warp-speed uplink at commodity internet prices, tried and tested technologies like MPLS and CLI-managed branch routers are starting to look as retro as 1960s sci-fi.

But beyond the hype, industry commentators and network engineers are questioning whether SD-WAN really is the universal, set and forget solution for branch networks.  While an SD-WAN overlay can deliver big savings and simple, flexible network policy control, enterprise networks also need guaranteed performance and availability.  So how bold should you be in adopting SD-WAN in your enterprise?

Preparing for launch

Starting on day one, cloud-managed SD-WAN differentiates itself with ease of install and initial setup.  No longer do you need specialised certifications or on-site expertise to get your WAN up and running.  Anyone who can plug in network and power cables is qualified.

This setup process, however, pre-supposes that your branch site has at least one operational underlying WAN link, e.g. an Internet connection from your ISP, and that the WAN router or modem is set up to auto-configure the SD-WAN appliance with DHCP and DNS settings.

It may seem like a minor point, but it’s compounded by another headline feature of SD-WAN – the freedom to choose any Internet provider and service on a per-site basis, rather than being contractually committed to a single carrier.  This heterogeneity has the side-effect of introducing complexity into your network, albeit nicely hidden beneath the SD-WAN overlay, in normal operation.

Practically speaking, it means although many of your per-site WAN uplinks may be appropriately configured there’s a risk some won’t be, and this must be audited site by site, or an alternative path put in place.  Without a known good connection to the cloud on day one, pain-free cloud provisioning is a non-starter.

It’s worse than that – it’s dead, Jim

A third feature of SD-WAN is the separation and centralisation of its control and management planes – this is what enables the data centre grade, Software Defined aspect of the technology.  However, unlike data centre networks where the control, management and data planes may run over separate or redundant networks, the traffic used to manage and control the SD-WAN itself is running over the in-band data path – the “production network” in data centre lingo.

Going back to our failure case, when the SD-WAN overlay is down, chances are you’ll have no way to reach the SD-WAN appliance to figure out what’s gone wrong, much less fix it.  You may find SD-WAN’s layered flexibility comes at the expense of accountability.  Is it an ISP, overlay, appliance or user error?  With no out-of-band remote access or trained staff on site to troubleshoot, you’re flying blind.

SD-WAN’s ease of bonding extra WAN circuits into the overlay can help mitigate this risk, provided the circuits are truly diverse.  Take care when choosing multiple ISPs which may for example share backhaul paths or other single points of failure.  In this context, consider utilising LTE as a secondary or tertiary WAN circuit.  It provides resilience from severed cables and perhaps enough bandwidth to sustain overlay comms during primary WAN circuit failure.  Plus, using a dedicated cellular appliance gives you a separate on-prem jumping off point for reachability, visibility and out-of-band management.

Is resistance futile?

Demand is booming, and analysts predict that the SD-WAN market will grow at around 70% year on year between now and 2021.  That said, enterprise is right to approach SD-WAN with caution.  As a technology it’s still “growing the beard” and its relative immaturity and complexity may give you cause to hesitate.  However, by carefully considering and mitigating the risks in the context of your business requirements, you may find yourself ready to engage now, or in the not so distant future.