The WAN is evolving after years of stagnation, and SD-WAN is all the rage. What is the promise driving SD-WAN? In short, SD-WAN aims to remove the constraints of legacy connectivity technologies, namely MPLS and the unmanaged public Internet, ushering a new age of flexible, resilient and secure networks.
For years, organizations had to choose between a private, predictable, yet rigid and expensive MPLS service, or the inexpensive and unpredictable, yet affordable, Internet service. Layered on top of that tough tradeoff, are considerations like availability and capacity. Many enterprises eventually used a mix of both technologies: MPLS links for production with Internet standby at each location, or a mixed network where some locations are connected via MPLS and others connect through public Internet site-to-site VPNs. None of this was easy to manage and generations of network professionals had to manually configure and reconfigure routers and WAN optimizers to manage this complex environment.
Enter SD-WAN. The SD-WAN edge router can dynamically route traffic over multiple transports, such as MPLS, cable, xDSL, 4G/LTE, based on the type of traffic (voice, video, cloud and “recreational”) and the quality of the transport (as measured by latency, packet loss, and jitter). SD-WAN edge routers let organizations boost overall capacity available for production (no more wasteful “standby” capacity) and it automates application traffic routing based on real-time monitoring of changing conditions. Instead of crude command line interfaces that were error prone and slowed deployments, SD-WAN leverages zero-touch provisioning, policies, and other technologies to automate once time-consuming, manual configuration..
The SD-WAN promise of improved capacity and availability is a great first step in the WAN transformation. But it is important to recognize where SD-WAN falls short.
Continued Dependency on MPLS Minimizes Cost Avoidance
The SD-WAN edge architecture contains an underlying assumption that there is a predictable transport, like MPLS, to carry latency-sensitive traffic. The Internet is too unpredictable to deliver enterprise-grade, latency-sensitive applications on a predictable basis particularly between Internet regions. While edge SD-WAN can fallback to an alternate path if MPLS is unavailable, and users may be willing to experience fluctuations in service during a short outage, it is important to recognize edge SD-WAN persists the reliance on MPLS. As such, SD-WAN’s impact on the substantial ongoing IT investment in MPLS is limited.
Lack of Integrated Security Increases Network Security Costs
The SD-WAN edge architecture opens up the organization to the Internet, and supports the overall migration to cloud services. However, this creates a new attack surface for the organization that must be secured. Edge SD-WAN does not address security requirements. Organizations need to extend their security architecture to support SD-WAN projects using edge firewalls, cloud-based security services or backhauling and service chaining into their existing security infrastructure. So, as SD-WAN edge creates flexibility and opportunity in the network area it could, and often does, increase cost and complexity from a security perspective.
SD-WAN and Cloud Connectivity
The SD-WAN edge isn’t in a position to support cloud resources and mobile users. Since it was designed to solve a branch office problem, the SD-WAN edge had to be stretched to the cloud as an afterthought while mobile users do not benefit at all from the new network capabilities. SD-WAN, the “all new” WAN architecture, is solving the problems of the past with little focus on the new ways business gets done.
Cato Networks converges the entire scope discussed above into a single cloud-based service. The Cato Cloud delivers advanced SD-WAN capabilities, including multi transport support, last mile optimization and policy-based routing.
But Cato also thought through the full set of implications and requirements that are needed for a full WAN transformation. The SLA-backed global backbone at the core of Cato Cloud is a credible and affordable MPLS alternative. An enterprise-grade network security stack built into the backbone extends security everywhere without the need to deploy additional security products. And the tunnel overlay architecture connects all resources to the service in the same way: physical locations, cloud resources and mobile users.
Watch Cato SD-WAN in action…
original post from Cato Networks