SD-WAN - it's not just marketing BS or a "view from the engine room"
“Oh no!!” you’re thinking … yet another contrived posting by the marketing department of some outfit or other trying to convince you that SD-WAN is the solution to your problems; This may, or may not be the case, fundamentally this is up to you.
It could be argued that “SD-WAN is just a re-hashing of existing technologies” I hear you say … and I would have to say “Yes to a certain extent”, but from my point of view, being a bit of a techie at heart, there is some interesting other stuff going on underneath, or more specifically “over the top” depending on your point of view as we move away from the device command-line.
SD-WAN service chaining is one such example. Although not entirely a new idea, the ability for network administrators to deploy a centralized and/or distributed virtualized security suite, and then via policy from a central point, steer end user traffic from entire remote sites down to a single user application via this security infrastructure is something SD-WAN empowers. Putting aside some of the interoperability constraints for the present; the concept of being able to monitor and subject the use of a single application to a corporate security policy (for example personal cloud storage providers and data loss prevention), regardless of network ingress and egress, without necessitating the deployment of security infrastructure at every breakout point is very neat.
I know from experience that designing and deploying resilient networks leveraging IPSLA, RPM, flow-redirects, source and/or policy-based routing et al, whilst managing desired QoS/CoS profiles can be a joyous intellectual activity. However, I also know, based on experience, these can become complicated very quickly even in modest deployments, and onerous to administer in a dynamic environment.
SD-WAN solutions, by abstracting the underlay network into the “software defined world”, can take some of this management headache away from administrators. Through automatic bandwidth discovery of the underlay network, continuous and adaptive bi-directional path monitoring, consistent quality of service policies and dynamic application steering, network administrators can leverage all network bandwidth, maintain optimal application response, and provide a reliable user experience from a single management pane of glass.
From my point of view SD-WAN, by pushing configuration and management operations into a software overlay, has powerful features and technologies, and can address some of the technical challenges in designing, provisioning, and managing networks. However, this does not mean networking is becoming a commodity, fundamentally you still need to know what is happening “under the software-defined hood” so to speak, but perhaps this is the element I like best.
Understanding how the underlay behaves becomes even more prescient when we consider the evolution, some would posit revolution, of the software-defined world. SD-WAN with its innovations, is only one of the foundations of Secure Access Service Edge (SASE), which is being projected to be the transformational technology in the security infrastructure environment. Perhaps this will be the case, and on this point I will keep you posted, … but for now all the more technology to play with.