SASE Popular Science Series – Understanding SD-WAN

SASE Popular Science Series – Understanding SD-WAN

February 1, 2022 | Jie Ji

SASE (Security Access Services Edge) is a SaaS service that integrates security and network (To learn about what the SASE is, read SASE, Born for Digital Age). It incorporates too many new concepts. To make it easier to understand, we decided to post the popular science series on SASE, which can simplify the concepts so that everyone can understand step by step.

According to Gartner, SD-WAN is an integral part of SASE. What exactly is SD-WAN? What role does it play in NSFOCUS SASE? We will explain in two phases.

What is SD-WAN

SD-WAN (Software Defined Wide Area Network) was born on a flyover. This flyover is called Overlay. Generally, we refer to traditional physical network as Underlay network. They are at the bottom of the network.” Virtual network, which is the Overlay network, can be superimposed on the physical network. Underlay and Overlay are opposite concepts, in other words, labels and tunnels can be nested in multiple layers, the relative position below is Underlay, and the one above is Overlay. The appearance of Overlay is mainly to shield the complexity of the underlying physical network and provide simpler and purer virtual channels for upper-level applications. Compared to physical network, the virtual network is way more direct and easier to access.

In fact, various traditional VPNs are also overlay networks. But why is SD-WAN more advanced? The key point here is that SD-WAN inherits the gene of SDN: separation of transfer and control. VPN is inflexible, if the quality of the underlying physical network is not good, the traditional VPN will be useless. The SD-WAN controller has a “God’s perspective”, it can dynamically adjust the upper network according to the real-time condition of the physical network, and select a better-quality Underlay network. In SD-WAN, the controller brain is very important, not only in optimizing the network quality, but also is the key to the deployment, operation and maintenance of the entire network. This “brain” gives SD-WAN features of zero configuration, automation, visualization, and cloud management, which are beyond the reach of traditional VPNs and dedicated lines.

Figure 1 Technological changes drive the birth of SD-WAN

Advantages of SD-WAN


When evaluating the deployment speed of SD-WAN, people will repeatedly mention “ZTP”, which is Zero Touch Provisioning, which is almost plug-and-play, and the configuration can be automatically obtained after the CPE is powered on. In addition, you can scan code configuration or email configuration. Take the email deployment method as an example, the IT engineer at the Q only needs to prepare the configuration data in advance, and then send the configuration to any employee in the branch by email, and the employee can complete the SD-WAN deployment of the device through the link. It is convenient and fast, you no longer need professional IT personnel to be on site.

Application acceleration

SD-WAN has automatic recognition and acceleration capabilities for business applications. Critical applications can intelligently switch to the optimal link to get better protection in transmission, while other applications are using low-cost Internet lines. SD-WAN also loads in balance, making full use of MPLS, Internet, LTE and other hybrid links, which can effectively solve the problem of insufficient bandwidth and enhance the reliability of the network.

Visual operation and maintenance

SD-WAN can also achieve centralized control, visualized intelligent operation and maintenance. SD-WAN has SDN genes, so it has advantages in network management. The SD-WAN management platform is graphically visualized. The administrator can clearly see the operation of SD-WAN through the network management interface and deal with problems in time. This greatly reduces the difficulty of maintenance and reduces the troubleshooting time.

At the same time, SD-WAN itself can also integrate IPS and other security capabilities to form a secure SD-WAN solution, for example, it can set up a security container on the CPE, which can detect threats and attack behaviors, and perform necessary interception and blocking. The SD-WAN can also be used to divert traffic to the security device. After the security protection is formed, the security device re-injects the traffic to the SD-WAN.

Figure 2 SD-WAN’s intelligent routing capability

What can we do with SD-WAN?

All these above have allowed SD-WAN in winning over VPN in terms of functions, flexibility, cost-effectiveness, opening speed, and transmission quality, and it is also challenging the status of traditional private lines and MPLS VPNs in the WAN. So what scenarios are SD-WAN suitable for? Basically, the original scenarios where VPNs and dedicated lines are applicable can all be replaced by SD-WAN. In the past, it was often said that SD-WAN was a smart VPN, and multiple SDNs could solve the connectivity problem, but today, SD-WAN has been added with a lot of derived advantages. The core three points have been described above.

Scenario 1 The most typical scenario: business networking

Using SD-WAN can quickly help the enterprise HQ and branches to build a star connection or a full mesh connection to meet the access requirements between “HQ to branch” and “branch to branch”. At the same time, it can also meet the cloud connection and inter-cloud interconnection. Nowadays, more and more enterprises are adopting hybrid cloud to connect local data centers and public clouds. At this time, SD-WAN can be a good substitute for dedicated lines and provide reliable, safe and fast lines for enterprises to go to the cloud.

Figure 3 SD-WAN service networking capabilities

Scenario 2: SaaS acceleration, especially overseas SaaS acceleration

Due to the cross-border bandwidth bottleneck, many overseas SaaS access experiences are not satisfactory, but this is often a rigid demand of many domestic enterprises. In the past, this part of business acceleration mainly relied on WOC (WLAN over CATV) products. Now SD-WAN can also carry it out.

Fast and cost-effective

SD-WAN is easy to use and cost saving. According to calculations, SD-WAN can save at least 30% of the annual cost investment compared with MPLS under the same ratio of bandwidth. Therefore, some people jokingly call SD-WAN “Save Dollars-WAN”. But it still has shortcomings. As a kind of Overlay network, if the Underlay network is terrible, no matter how perfect the SD-WAN protocol and the routing scheduling are, the application performance quality cannot be guaranteed.

In this post, we have a general understanding of the functions and usage scenarios of SD-WAN. So how to use SD-WAN in NSFOCUS SASE service? Let’s wait for the next post.