A software-defined wide-area network (SD-WAN) is a type of network topology in which smaller local-area networks (LANs) living in distributed locations are linked together. This enables users and devices in different regions to communicate and exchange data — connecting users to applications hosted within remote datacenters more easily, securely, and reliably at any scale. 

WAN previously relied on Multiprotocol Label Switching (MPLS) circuits, but this technology lacked cloud awareness and was designed to support private, on-premises enterprise networks. This approach later became untenable in a virtualized world defined by mixed deployments across private clouds, public clouds, and hybrid clouds. A centralized, software-driven control plane was needed to monitor and manage distributed networking infrastructure components. This offers more flexibility while allowing organizations to mix and match physical networking components — such as routers and switches. 

SD-WAN falls under the software-defined networking (SDN) umbrella. It relies on the existence of a shared control plane (or control layer), plus connected applications, controllers, networking components (both hardware and software), and third-party tooling to transmit data back and forth across the data plane

While SD-WAN was eventually born from the early networking technologies of the 1980s, the term itself wasn't officially coined until 2014 during the ONUG conference. This conference also spurred the formation of the ONUG SD-WAN Working Group to outline use cases, risks, and potential costs. The first SD-WAN use case involved connecting an organization's branch locations to the corporate network located at its headquarters.

How does SD-WAN work?

Connectivity is virtualized in an SD-WAN context — meaning that traffic routing is enabled and managed across multiple connection types, hardware types, and networking methods. While it's possible to continue using MPLS for routing, virtual private networks (VPNs) have steadily risen in popularity as a cheaper, scalable tunneling alternative. It helps keep traffic flowing while bridging the gap between private home networks, public networks, telecommunications networks (such those supplying LTE/5G), and others across the internet. 

The software component of SD-WAN grants administrators vastly-improved infrastructure visibility across these networks. Administrators can also enforce shared networking policies, security policies, settings, and configurations for an array of components. 

SD-WAN controls also help organizations define the most efficient — and often simplest — traffic flows across regions while lowering latency. Administrators can identify the most reliable pathways using the control plane, and do so dynamically as patterns and conditions shift. 

Thus, SD-WAN typically relies on the following components: 

  • Controller – A centralized software component responsible for managing network traffic, setting network policies, enforcing security rules, and maintaining infrastructure visibility

  • Edge network – The point or virtual location where a local (or private) network and the SD-WAN converge, thus allowing the controller to distribute new networking policies while adding security controls — such as a WAF 

  • Orchestrator – A portion of the SD-WAN responsible for pushing policies to compatible network components while enabling centralized management of the distributed network. This is typically done through a web interface. 

While a widespread and diverse network topology may seem challenging to manage, the relative simplicity of the SD-WAN can help immensely. Because you're not limited to a restrictive subset of networking components, a well-executed SD-WAN setup can hasten modernization within your environment without demanding too much of your organization's time, mindshare, and money. 

Despite providing these critical functions, not every SD-WAN is fully transparent in its operation. Some vendor solutions work like "magic boxes" that do what you need, yet keep those technical inner-workings mysterious. In other words, that means you could have a limited ability to troubleshoot when issues arise. Others may implement proprietary solutions that — they claim — execute tasks better than longstanding internet technologies such as BGP or SNMP. 

Many organizations are happy to make these tradeoffs when vendor support is swift and SLAs are met — but some aren't. Your choice of SD-WAN tooling will thus depend on your organization's goals (as with any technology).

What are the benefits of SD-WAN?

SD-WAN solutions make complex, distributed network management easier by offering the following benefits: 

  • They're flexible and compatible with numerous networking technologies, both hardware and software. 

  • They boost efficiency through centralization and offer an improved user experience vs. command-line or strictly code-driven solutions. 

  • They add technical features not often found in traditional networking components, such as packet-based load balancing or forward error correction (FEC).

  • They're cost-efficient through tooling consolidation, bandwidth consumption optimization, and deeper control — negating the need for extra tools. Regular internet connections are also cheaper to manage at scale than MPLS connections or direct internet access (DIA). 

  • They can incorporate additional, standard security measures such as a firewall, while supporting secure access service edge (SASE) implementations. 

  • They can help optimize bandwidth usage, connection efficiency, latency, and therefore overall performance. 

  • They're cloud-inclusive (if not agnostic) and can work effectively in internet of things (IoT) environments. 

  • They offer deeper observability and easier issue remediation, delivering high availability.

You’ve mastered one topic, but why stop there?

Our blog delivers the expert insights, industry analysis, and helpful tips you need to build resilient, high-performance services.

By clicking "Get new posts first" above, you confirm your agreement for HAProxy to store and processes your personal data in accordance with its updated Privacy Policy, which we encourage you to review.

Thank you! Your submission was successful.

Does HAProxy support SD-WAN?

Yes! HAProxy One can provide secure high availability across internal and external components while delivering crucial performance optimizations across the greater network. HAProxy One also adds supplemental load balancing functionality for improved scalability and can monitor health across global DNS zones. 

To learn more about HAProxy and SD-WAN, check out Nokia's HAProxyConf 2021 presentation, Enabling SD-WAN Operations Using HAProxy.