WAN vs SD-WAN: What are the Pros and Cons of Each?
Wide Area Network (WAN) technology has been, until recently, the only choice for connecting networks. With software-defined WAN (SD-WAN), companies now can experience additional efficiency and significant cost savings. This is particularly true for organizations experiencing massive growth or that need more flexibility in how their WAN traffic is routed.
The advent of cloud computing is upending many traditional technologies. SD-WAN is an innovative cloud-based solution that many companies are implementing. In this blog post, we discuss how SD-WAN technology is different from conventional WAN technology.
What is WAN?
A Wide Area Network (WAN) refers to site-to-site connectivity or connectivity between sites. This is opposed to a Local Area Network (LAN), which encompasses network traffic within a site.
One of the best examples of a WAN is the internet. All of your traffic destined from the internet leaves the LAN and traverses a WAN. Through the network of WAN connections, you ultimately reach your destination. The internet is considered a public WAN.
Many companies that wish to privately router traffic from site to site use a Private WAN. Some of these technologies are Multiprotocol Label Switching (MPLS), Point to Point connections, or Virtual Private LAN Service (VPLS). The benefit to a private WAN is that carriers tend to provide a Service Level Agreement (SLA) for latency and performance, whereas the internet generally has no such SLA.
What are the Pros of Private WAN?
WANs allow you to centralize or regionalize equipment. For businesses that have many branch offices, servers and infrastructure can be housed in a datacenter. Using a WAN will enable them to connect to business-critical applications with guaranteed performance. This avoids the need for each site having its own file servers, print servers, and application servers.
Because these connections are private, they have increased privacy being dedicated to your organization. You are also easily able to encrypt your traffic over these connections for increased security. WAN routers and their throughput are typically much higher than trying to use a device to encrypt packets over the internet via a VPN tunnel. Encrypting data over a VPN tunnel is CPU expensive and requires beefier appliances to do that. IT pros supporting remote workforces (like during a pandemic) are well versed in the challenges of managing VPNs.
What are the Cons of Private WAN?
WANs do have some downsides. The leased lines used with them are typically more expensive than the internet. These private circuits generally are more costly due to the SLAs for downtime, which are typically 99.9% uptime or higher. It can be expensive for carriers to maintain that kind of SLA, so they pass along that cost.
In scenarios where WAN is the only access a remote or branch site has, all internet traffic traverses that expensive WAN connection. This backhauling can be relatively expensive for non-business-critical applications. This is because you may need to increase WAN connectivity to accommodate internet traffic.
Traditionally managing a WAN requires some experience with dynamic routing protocols such as Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP). In other cases, static routes can be used, but that requires manual routes to be added to many locations once a subnet is brought online.
In this scenario, the bulk of security is set up at the datacenter because all traffic is expected to pass through it. Sometimes, but not always, the higher end devices needed to detect security anomalies at the DC for all of the sites can be more expensive than smaller, edge appliances at the branch. Clearly, developing practical wireless networking skills is essential.
What is SD-WAN?
SD-WAN is a new paradigm in thinking about route traffic between offices, Data centers, and branches. It can intelligently route traffic over both Private WAN links and the internet. You can easily manage regulatory compliance and security needs with policies instead of manually determining if traffic needs to be encrypted over path X but not necessarily for path Y.
An easy way to think of SD-WAN is to think of it as an overlay. This is a network on top of another network. SD-WAN can secure your data in transit with minimal thought or management.
There are a few ways to procure SD-WAN capabilities. You can go directly to a vendor — or through a value-added reseller (VAR) — and purchase their hardware. Another way is to work with your primary carriers. They often have a solution they certify and can help you manage that works well with their environment.
A technologically-advanced grocery store is a great example that could benefit from SD-WAN. The cash registers likely need to connect to the Point-of-Sale app in the cloud. SD-WAN could allow that to primarily connect over a leased line due to latency requirements. There could be a failover connection to a VPN that provides connectivity to persist when that leased line is down. In this use case, store management may need to access some business apps in a non-critical manner. This non-critical business app access could be pushed out to the local internet or over the VPN to free up bandwidth for the cash registers.
What are the Pros of SD-WAN?
There are quite a few pros to SD-WAN. With public cloud adoption significantly increasing, having the ability to dynamically scale into the cloud from many remote locations at the push of a few buttons is hugely beneficial. Remote offices can easily be deployed via temporary internet until leased lines come up.
SD-WAN allows enterprise-level policies to be created so that traffic management and routing is straightforward. Many solutions include templating that can be easily duplicated as sites spin up. The idea is to focus on policy and business needs instead of the technical requirements to carry out those business needs.
Next-Generation Firewalls (NGFWs) — like Cisco, Juniper, or Palo Alto — is a topic that tends to surround SD-WAN. It's often a case of the chicken and the egg in terms of which came first during a deployment. Many NGFWs vendors have been doing some sort of SD-WAN from the beginning, primarily with VPN tunnels, so they have this functionality, and an existing firewall of yours may already have it.
On the other hand, for some of the features of SD-WAN like local internet or DIA at each branch, it typically uses an NGFW, so SD-WAN vendors had to implement one or license one to bundle with their products.
While some may view this as the industry being disorganized, it can be seen as the industry aiming to adopt and move in the SD-WAN direction from many angles. NGFWs tend to go hand in hand with SD-WAN, and that's a terrific pro to have that level of stateful packet filtering and packet routing flexibility in them.
What are the Cons of SD-WAN?
Some of the cons to SD-WAN are the adoption of it. It is just becoming popular. Skilled staff to help implement and manage it may be lacking or challenging to find or more expensive than your budget allows. If existing staff cannot pick up the technology and learn it, a 3rd-party may need to be involved in helping implement, support, and manage.
Sometimes the initial cost to implement can give companies a bit of sticker-shock. This is because traditionally, you would scrap your existing edge routers and replace them with those from the SD-WAN vendor you've selected. Budgetary concerns may force you to DIY (Do It Yourself).
Since SD-WAN typically lives at the edge of the branch and datacenter, there aren't always good ways to deal with on-site security at each location. Standards and methods of doing this are just starting to emerge. Shifting some level of security to each site may be a difficult transition. In a traditional WAN topology, this is all pushed back to the hub.
We've set some context for WAN versus SD-WAN. With that context, we have outlined quite a few pros and cons. Each company has unique needs, budget constraints, and skill levels of its staff. While every company should investigate whether SD-WAN can help them meet their goals, it may not always make it to their IT roadmap. This is understandable.
For newer companies that are just starting to build out, it will make a lot of sense. Companies with more of a "legacy" environment but a smaller budget probably won't make as much sense unless they can do some creative financing or are due for a refresh. For more information on networking, check out our Ultimate Networking Cert Guide.