What is SD-WAN. How it works?

To understand the concept of SD-WAN and its working, let's create a base first with an example.

AIM (example): Connecting one or multiple branch offices to head office or Data Center.
An Enterprise generally has multiple branch offices that connect to its Central site/Head Office. The branch offices would generally use a WAN connectivity to connect to their head office.
Each branch office would require the following resources:

  • A dedicated WAN router (Vendor Cisco/Juniper etc) with single or multiple links (if WAN redundancy is required).
  • L1/L2 Leased line circuit from a provider, Or an MPLS circuit from a provider, or an Internet broadband link (with IPsec for protection).
  • 1st time Manual configuration of WAN router/Modem with all the policies that would require dedicated MAN hours.
  • Time to Time Software/HW up-gradation, config changes that would again require dedicated MAN hours.
  • Risk of HW/Software Failure at any time.
SD-WAN would be providing the same WAN connectivity to Enterprise customers but in a more agile, flexible, and intelligent way. SD-WAN uses the concept of SDN technology (separating control plane from data plane) to provide these required services.

Don't forget our ultimate aim of connecting a branch office to the head office or data center.
Using SD-WAN the resources we would require.

A commodity HW based dedicated device, that will be running as a router, switch, Firewall, Load balancer, Traffic optimizer on a single Hardware (x86 server) also called uCPE (universal Customer Premise Equipment). This uCPE will be capable of running multiple VNFs to provide various network functions like routing, switching, security, traffic prioritization, etc.

This uCPE will be connected to its Head office again using an MPLS link (Primary),  Internet Broadband Link (secondary), or any other tertiary link (LTE-4G) to be used in case primary or secondary links fail.

There will be a central server (cloud-hosted over the internet or Hosted by MPLS service provider) that will be centrally controlling and managing the uCPE. This centralized server would again be deployed over commodity HW (x86 servers). There can be one or more components under this centralized server having multiple functions (configuration and management, control, monitor, authentication & accounting). This centrally controlled server will be used for the following purposes:

  • For pushing initial configuration on uCPE with all the routing, switching, security, QoS, etc Policies.
  • Used for monitoring the working of uCPE through the collection of various analytic reports.
  • Pushing any specific config/policy changes in the future.
  • Switching to a secondary link based on agile policies. For example, intermittent packet drops, High RTD/Jitter experience, frequent flaps observed on a primary link, etc. and dynamically switching back to secondary link when the primary link is stable.
  • Benefit on cost-saving (expensive routers/switches/firewalls etc.), decreasing complexity and increasing overall network performance.
Overall, The uCPE will handle the Data plane/Forwarding and the Centralized server will handle the control plane for multiple uCPEs of an enterprise customer).

Conclusion: SD-WAN is providing us the WAN connectivity to our head office using the same WAN technologies (Underlay) but in a more flexible and intelligent way. SD-WAN enables enterprises to dynamically route traffic across a hybrid WAN based on the current network status.

Examples of SD-WAN providers:

SD-WAN providers can be divided into 2 categories. Vendor based and Managed Network Service provider based.

1. Vendor Based Providers:
  • Cisco Systems:  Intelligent WAN
  • Juniper: Contrail
  • Riverbed: Steelconnect
  • Viptela (now a Cisco company), etc.
2. Managed Network Service Provider based : 
  • AT&T
  • Orange Business Services
  • British Telecom
  • Singtel
  • Sprint
  • Telefonica etc.
SD-WAN concept explained as implemented by Vendor Viptela (source Viptela):

Viptela SDWAN Components:


Viptela Control Plane components that will be located at a centralized location (cloud or internet). These are given below:

  • vSmart Controller: vSmart controllers are the brains of the overlay network. They establish secure SSL connections to all other components in the network and run an Overlay Management Protocol (OMP) to exchange routing, security and policy information. The centralized policy engine in vSmart provides policy constructs to manipulate routing information, access control, segmentation, extranets and service chaining.
  • vManage: The vManage is a centralized dashboard that enables automatic configuration, management and monitoring of the Viptela overlay network.  Users login to vManage to centrally manage all aspects of the network life cycle from initial deployment, on-going monitoring, and troubleshooting to change control and software upgrades.
  • vBond Orchestrator: The vBond orchestrator facilitates the initial bring-up by performing initial authentication and authorization of all elements into the network. vBond provides information on how each of the components connects to other components.  It plays an important role in enabling Viptela devices that sit behind the NAT to communicate with the network.

Viptela Data Plane component that will act like a uCPE is given below:

  • vEdge Routers: The vEdge routers are full-featured IP routers that perform standard functions such as BGP, OSPF, ACLs, Qos and various routing policies in addition to the overlay communication. Each vEdge router establishes secure connectivity to all of the control components and also establishes IPSec sessions with other vEdge routers in the WAN network. The routing, switching, security functions will be executed by various VNFs configured on the vEdge routers. Viptela vEdge Routers specifications.