What is a Software-Defined-Wide-Area-Network (SD-WAN)

3min. read

Software-defined wide area network (or Software-Defined WAN or SD-WAN) is a virtualized service that connects and extends enterprise networks over large geographic distances.

What Is Software-Defined Wide Area Network?

A software-defined wide area network, or SD-WAN, is a virtualized service that connects and extends enterprise networks over large geographical distances. WANs use links such as multiprotocol label switching (MPLS), wireless, broadband, virtual private networks (VPNs) and the internet to give users in remote offices access to corporate applications, services and resources, allowing them to carry out daily functions regardless of location. SD-WAN monitors the performance of WAN connections and manages traffic in an effort to maintain strong speeds as well as optimize connectivity.

How Does SD-WAN Work?

Traditional WANs rely on physical routers to connect remote or branch users to applications hosted on data centers. Each router has a data plane, which holds the information, and a control plane, which tells the data where to go. Where data flows is typically determined by a network engineer or administrator who writes rules and policies, often manually, for each router on the network – a process that can be time-consuming and prone to errors.

SD-WAN separates the control and management processes from the underlying networking hardware, making them available as software that can be easily configured and deployed. A centralized control pane means network administrators can write new rules and policies, and then configure and deploy them across an entire network at once.

SD-WAN makes it easier to manage and direct traffic across a network. With traditional networking approaches like MPLS, traffic created in the branch is returned, or “backhauled,” to a centralized internet security point in a headquarters data center. Backhauling traffic can lower application performance, which leads to reduced productivity and poor user experience. Because MPLS networks are private networks built for one given organization, they are considered reliable and secure, but they are expensive. Moreover, MPLS is not designed to handle the high volumes of WAN traffic that result from software-as-a-service, or SaaS, applications and cloud adoption.

Compared to traditional WANs, SD-WANs can manage multiple types of connections, including MPLS, broadband, LTE and others, as well as support applications hosted in data centers, public and private clouds, and SaaS services. SD-WAN can route application traffic over the best path in real time. In the case of cloud, SD-WAN can forward internet- and cloud-bound traffic to directly out the branch without backhauling.

Benefits of SD-WAN

SD-WAN offers many benefits to geographically distributed organizations, including:

  • Simplicity: Because each device is centrally managed, with routing based on application policies, WAN managers can create and update security rules in real time as network requirements change. In addition, combining SD-WAN with zero-touch provisioning – a feature that helps automate the deployment and configuration processes – organizations can further reduce the complexity, resources and opex required to turn up new sites.

  • Improved performance: By allowing efficient access to cloud-based resources without the need to backhaul traffic to centralized locations, organizations can provide better user experience.

  • Reduced costs: Network administrators can supplement or substitute expensive MPLS with broadband connectivity options.


Related Resources


What is an Intrusion Prevention System?

An Intrusion Prevention System (IPS) is a network security prevention technology that examines network traffic flow to detect and prevent vulnerability exploits


What is an IT Security Policy?

An IT Security Policy identifies the rules and procedures for all individuals accessing and using an organization's IT assets and resources.