The major difference between using the Internet vs private WAN services such as MPLS is the removal of end to end Quality of Service. Our professional services group have access to 10’s of service provides enabling us to position the lowest cost connectivity vs your location. However, we would caution against WAN procurement where the key driver is saving money. While we fully understand the budget is important, there is a clear need to align your WAN to your specific business requirements. This isn't to say SD WAN cannot save you money, the technology is an enabler to sophisticated features and cost reduction where required.
With any good WAN design, a hybrid of network services is necessary depending on any given statement of requirements. The SD WAN marketplace offers almost every architecture to meet the demands of every business from three site SME networks to large Global Enterprise implementations.
Low-cost Internet connectivity vs public IP.
SD WAN technology offers the next level of application treatment both from the perspective of prioritisation (QoS - Quality of Service) and policies to sense traffic conditions. With every provider, marketing and opinion will sell the SD WAN dream based on features and benefits.
Just as a car manufacturer may sell traction control as a feature, you wouldn’t necessarily drive the same way in winter conditions as you would in the summer. And just as an SD WAN provider will tell you not to worry about your applications, as the technology will sort everything, your goal should always be to create the best possible underlying connectivity to support your business regardless of features.
The majority of SD WAN 'cost saving marketing hype' is created by using the Internet as the underlying platform to deliver VPN connectivity. There’s nothing necessarily wrong with this approach by the way, I’m just pointing out the facts. One of the drivers behind SD WAN growth is the need to access public Cloud services together with location independence. In order to deliver SD WAN access to remote workers, connectivity is often achieved via 3G/4G wireless Internet or fixed WiFI from wherever the user is situated.
Where the users' connectivity is not a constant, SD WAN technology offers a significant capability to ensure a consistent level of service. In this respect, a software-based WAN is the right choice to meet the demands of unknown Internet connections. Without diverting from the topic of this article, an SD WAN client or device will make the best use of any given connection from the most terrible of throttled hotel WiFI ISP connections to weak 3G/4G in the corner of your garden. However, for your main data centre, HQ to branch and branch to branch connections, relying on the lowest in country or per location ISP service is a risky strategy.
The risk is generated from a number of factors:
- As traffic transitions from ISP to ISP, additional latency and jitter is added which, depending on the application, could cause poor user performance.
- The route taken across multiple ISPs is often unknown, issues and problems that routinely occur (for various reasons) will be difficult to troubleshoot.
- The service provider of SD WAN services (or your team if self-managed) will need to support multiple ISP relationships.
What about using a single public Internet backbone?
Public IP (i.e. using a single ISP) offers predictable traffic performance. In many ways, Internet backbones today are comparable to private MPLS VPRn (Virtual Private Routed Network). MPLS is, in fact, a traffic engineering protocol used both on the Internet and Private based VPN solutions (MPLS, VPLS, VLL). The major difference between using the Internet vs private WAN services such as MPLS is the removal of end to end Quality of Service. However, if bandwidth is good, latency and jitter are acceptable, QoS is not needed. With SD WAN, we need to remember that while end to end QoS may not exist, the actual local traffic prioritisation is much more granular.
With significant control of user and application attributes, the user environment is sensed and improved upon using application acceleration or simple traffic prioritisation. As a further benefit, security policies are also set to the same detail level to further meet the demands of today's data networks. In short, a single ISP backbone for data centre, HQ and branch sites offers similar everyday performance to MPLS with the flexibility to access Cloud applications. And, the equivalent public connection is generally cheaper vs MPLS.
What about SD WAN over MPLS?
While SD WAN is marketed as version 2 of the IPSec Internet VPN, the technology is designed to be agnostic. In other words, the connectivity type (Internet, private short-haul circuit etc) is supported via a single SD WAN device. If we recall the beginning of this article, good WAN architecture should be a hybrid. There are selected providers offering an SD WAN connection with the ability to access private and public VPN from every circuit. And this perhaps takes us back to the conversation about cost savings. An SD WAN VPN with the capability/feature to access private and public WAN together with the major benefits of software WAN such as reporting, security and so forth results in higher costs.
However, these providers offer lower cost options for remote and branch users meaning the hybrid design offers lower costs where appropriate allowing your business to budget more for mission-critical sites.
Latency and Jitter performance across single ISP backbones is generally good as the Internet becomes more mature. In addition, service providers offer an SLA (Service Level Agreement) Fig 1 shows this in more detail.
SD WAN offers client and low-cost CE (Customer Edge) devices. Software WAN intelligence is (or should be) located within a centralised management server. The result of locating intelligence outside of the device is that hardware design is simplified. With less complexity, comes less expense. If we then align using lower cost public IP (single ISP backbone where possible), the result should be cost savings across your WAN. SD WAN for single, remote users, is serviced via a secure client.
The SD WAN client is, of course, low-cost infrastructure meaning further cost savings. While technology such as MPLS offers remote access, MPLS VPN does not offer the same traffic sensing treatment. The result of SD WAN remote capability is that software clients are often used to increase user productivity as applications become more accessible with higher performance. The net result means work is easier causing the business to be more productive which is again better for the Enterprise bottom line.