An introduction to SD-WAN Network Providers selection. On offer in this article: SDN Mindmap checklist of each area your Enterprise needs to consider, a list of software defined networking vendors and optional free workshop at your office.

Does SD-WAN over the Internet replace MPLS or compliment private based services? Is the Internet mature enough to support SD-WAN? With the huge expansion of cloud services and the need to drive down costs, we believe the technology is an essential component of your WAN strategy.

In the second of many future SDN network themed articles, we discuss some of the risks and pitfalls associated with SD-WAN supplier selection.

And, in order to assist you with your WAN learning, we’ve created an SD-WAN providers starter kit, simply select what you need. The resource includes an at a glance Mindmap: SD-WAN vs MPLS, free on-site workshop and a search of the market place via our list.

Access our free SD-WAN Provider Resources


There are a couple of main challenges when IT teams look to procure SD-WAN services. The first surrounds gaining clarity on which IP network providers are suited to your specific branch office locations. The second is understanding which vendor / SD-WAN service providers can layer on managed services or supply hardware for wires only deployment. A data network architecture should be flexible and include ALL WAN connectivity offerings as options without increasing the complexity of the overall design.

What is driving the interest in SD-WAN service providers?

Without wanting to make sweeping statements based on no conclusive research, I would probably say that cost is a significant driver creating the buzz surrounding SDN services. However, in addition to pricing, some important business drivers cannot be ignored.

We see the cloud as representing the biggest force behind software-based networking. If you consider the majority of leading cloud providers, their services are accessed by public based networks (i.e.The Internet). There are of course exceptions, cloud services are also made available via private data center interconnects but the majority of growth surrounds public based access. The reasons are fairly obvious with huge growth in remote access, BYOD (bring your device) and collaboration with outside entities. In the majority of cases, smartphones are becoming a natural way of communicating across 3G and 4G networks on an almost permanent basis. In this sense, the business case for using the Internet as a platform for your WAN combined with software-driven functionality which allows greater flexibility to control user access, branch and remote user security, performance and more makes perfect sense.


Public IP Internet vs Private IP MPLS / VPLS

The Internet of today is maturing and developing faster than ever before. If we think back to connectivity just a decade ago, the difference in performance is startling. With the past in mind, MPLS Layer 3 routed networks grew out of the need to provide predictable performance without the complexity and overhead of security with encryption. The internet of the 2000’s simply was not up to the task of providing a consistent experience. Also, the technology of today (tablets, phones etc) did not exist, therefore the reliance on a 'permanently on' internet connection was not a requirement. If you’re phone looses connectivity for an hour in 2016, you soon realise the productivity decline. In 2006, you would be lucky to have connectivity. A huge step change.

The Internet is now a viable platform to deliver mission critical data applications including voice and video. As a home or business user, the Internet is regularly leveraged, and for the most part, the experience is positive. In many cases, access to a private data network is a restrictive experience unless setup correctly.

An SD-WAN Internet deployment represents a lower cost vs. MPLS private networks; availability is everywhere, in the main, and the platform just gets better and better. At this stage, you would be forgiven for not reading any further with the belief that SD-WAN is leading the way. However, your organisation must carefully consider your locations and requirements vs. using a private or public based network. There are still use cases for both scenarios.

We are Global. SD-WAN is a challenge.

The Global Enterprise is significantly challenging vs. a national counterpart. Let’s look at the problem.


To leverage the best possible cost savings from an SD-WAN deployment, the best practice would be to put in place in country connectivity based on the best provider for the given location. As an example, an Enterprise might select BT in the UK, Verizon in the US and so on. In order to really maximise savings, we would recommend further granularity by selecting in-country, per state providers.

To better explain the challenges, we'll use a scenario.

The Global Widget Company

TGWC is an expanding business with 60 branch offices across the globe, some of which only contain a few people and remote users. The challenge for TGWC surrounds a few key areas:

  • The branch offices, although not significant, include users requiring video and voice conferencing with users traveling across the globe using multiple Internet providers.

An Enterprise organisation deploying voice and video would, as I mentioned earlier, typically look to MPLS or VPLS due to the traffic prioritisation across the network via QoS. However, the Internet as a platform is maturing, bandwidth is becoming cheaper, and our devices (e.g. Cisco iWAN) are using Software Defined Networking to ensure application performance is met. The laws of physics always apply regardless which platform you select. This is highlighted by the fact (as an example) the UK and Australia are some distance away from each other which means packets have to travel thousands of miles regardless of technology. In other words, you cannot fix distance. With this in mind, any SD-WAN circuit providers must be transparent with regards to their real world latency performance in order that your business is able to get a handle on how your voice or video will perform. Also, the tail circuit must also be factored - i.e. the distance between your office and the provider's edge network (PE). Once you’ve done the basics, SD-WAN (we know Cisco in-depth so your mileage may vary) will dynamically consider any connected services by monitoring latency, jitter and packet loss. This awareness enables load balancing and failover options on a dynamic real time basis thus maximising network uptime. This not only has a positive impact to head office and branch locations but also to remote users as they traverse the globe. Regardless of where they are, the connectivity type they are using, SD-WAN will sense how well applications may perform.

Application optimisation and control (AVC in Cisco terms) combined with WAAS (Cisco WAN acceleration) offers deep packet inspection. At a high level, this allows the software to perform tuning on the actual application. As an example, your organisation may decide that a particular app is critically important to the user. In this scenario, the tuning could provide priority onto the wire vs other traffic such as the Internet. The use of applications using well-known ports (e.g. HTTP port 80) is increasing meaning that deep packet inspection is necessary to ensure applications are correctly picked up for prioritisation.

  • Budget is of concern; the business is on a cost driving exercise.

We’ve kind of covered this earlier but perhaps budget is one of the biggest SD-WAN providers selling points. The cost of ownership is typically lower as you’re able to source Internet connectivity on a global basis vs. the required SLA. As an example, and at the risk of selling, our WAN procurement team can search almost all Global Internet providers via our portal. The data returned shows exactly which provider is available and the associated costs. The overall cost for iWAN is competitive based on the amount of features available as standard. In short, average savings of 30% are typically available vs. managed MPLS. However, we have seen even stronger results, but the results are dependent on region.

  • Having researched the market, they know there is not an option for a single MPLS or VPLS providers.

This scenario occurs for a couple of reasons. The first is more obvious - your business is simply in locations where no single provider can offer end to end connectivity. The result is normally an NNI (Network to Network Interconnect) connection which is delivered via a 3rd party telco, usually withing a data centre environment. With SD-WAN and Internet, this scenario is rarely a problem since the whole connectivity market is available to your organisation. The issue then becomes one of checking latency and performance.

The second is acquisition, where two network providers are involved as each company is using connectivity from different providers. Where this scenario occurs, an interconnect is required to join the two networks which are often problematic as MPLS VPRn is a private technology. The SD-WAN network provider proposition would essentially deliver the managed hardware remaining agnostic regarding the installed connectivity. This again highlights the flexibility of Internet-based WAN services.

  • There is growing interest in using public IP networks (Internet). The business is growing rapidly with new cloud application resources arriving on a constant basis, more users with more devices and so on.

Any WAN today must support remote and BYoD (Bring your device) users together with static branch office locations. An MPLS network supports only private based connectivity with private Cloud. Of course, it is possible to route traffic via an Internet breakout but, architectural speaking, there are disadvantages vs. SD-WAN deployments. Using the Internet is growing regardless of whether your core sites are connected via private WAN based technology.

With the growth of the organisation, management of data application security is a concern as each user requires a different level of access. Software based deployments are, by their nature, very flexible regarding capability to control security. In much the same way as the ‘software’ detects granular network conditions, it is also possible for the device to become very ‘granular’ when allowing access. This kind of functionality would normally require dedicated Firewall appliances to achieve.


The challenge - which SD-WAN providers are suitable?

SD-WAN is currently offered by some vendors providing some choice with regards to cost and capability. However, connectivity procurement is clearly a large part of the decision regardless of whether you have selected a vendor. There are certain WAN providers who are offering SD-WAN as part of their overall offering, but the capability is often only a tiny subset of SDN capability. The potential issue is one of change control. As an example, the promise of SDN revolves around flexibility and agility. However, if a cumbersome and bureaucratic service provider offers a five-day turn around on charge requests, it doesn't matter how flexible your new software driven WAN is if you’re still at the mercy of your provider. It makes sense to ensure your prospective WAN services are well aligned.

To conclude - MPLS vs. SD-WAN networking

As we alluded to earlier, Internet connectivity is growing exponentially. It is a common misconception that an MPLS network is somehow different in technology to public IP. In fact, core network engineers working on both private and public networks use MPLS as a traffic management technology. The difference covers three distinct areas:

  • A private VPRn (Virtual Private Routed Network) does not require encryption.
  • MPLS technology across private networks offers traffic prioritisation via QoS (Quality of Service).
  • Core data network engineers are often able to better predict growth on private networks vs. public networks.

To conclude, the Internet is a much more robust and well-scaled platform today vs the past. Software Defined Networking has developed some different use mechanisms to meet with the lack of application data QoS which in many ways is much more flexible than QoS. We’ll be covering these features in more depth over the next few months. The encryption created by devices such as Cisco iWAN is also highly secure which, is always a concern with Internet-based services and when coupled with deep packet inspection, the risks of a network intrusion are minimal. It would, in fact, be easier for a hacker to gain physical entrance to your premises.

Further reading on Software Defined Networking

An further article on SDN networking

Wiki article on SDN service


The SD-WAN Workshop

Out workshops have been attended by several small to large Enterprise businesses. These include HMV, British Legion, Endava, CDC and more.

The sessions are free and held at your office. Learn about the art of WAN procurement including what to consider when buying SDN solutions.

The workshop ratings have been excellent and include cloud networking considerations, migration, diversity, application peformance and so on.

As Featured In