Is SD-WAN dead? The answer is of course no

​At first glance, everyone must be shocked by this title. Just last year, this title was used to describe SDN, and SD-WAN was used as one of the evidences for the continuation of the SDN concept.

Once upon a time, we were still praising SD-WAN technology, expecting this new network darling to help us get rid of the constraints of traditional MPLS services, but just when we started to try to deploy SD-WAN, another newer, safer, and faster-to-deploy technology emerged - SASE. Will SD-WAN exist as a network technology abandoned and forgotten in the SASE world, or can it continue to play an important role? Let's find out.

SD-WAN: The Early Days

The birth of SD-WAN has taught enterprises how to move from the era of MPLS to a new network world. In the era of MPLS, users worked in offices and resources were in data centers. However, as time went by, MPLS gradually became out of step with this Internet world that needs to develop rapidly.

SD-WAN solves these problems, allowing enterprises to leverage Internet connections to overcome the limitations of MPLS. More specifically, this means:

• More capacity to improve application performance
• Lower costs, by using Internet access instead of expensive MPLS, reducing network costs
• Greater flexibility, by aggregating last-mile Internet connections to increase bandwidth flexibility
• Higher availability, improving the availability of the last mile
• Faster deployment, with connections available within days

SD-WAN: Early Deployment

But then the networking world changed again, resources moved to the cloud, the pandemic made the office less of a priority, and solving site-to-site communication challenges was no longer enough. Enterprises needed a way to get advanced security wherever resources were (in the cloud or private data centers) and wherever users worked (in the office, at home, or on the road), and to do it all without compromising performance. But all of these capabilities are outside the scope of SD-WAN, which makes many scenarios challenging:

Remote work

SD-WAN lacks support for remote access. However, due to the impact of the epidemic, secure remote access is an important pillar to ensure business continuity.

Cloud Ready

SD-WAN is limited in its cloud-readiness. As an appliance-based architecture, SD-WAN requires the management and integration of proprietary devices to connect to the cloud.

Global Performance

SD-WAN may perform well within a region, but the global Internet is too unpredictable for enterprises. That’s why all SD-WAN players encourage enterprises to use third-party backbones for global connectivity. But this approach increases deployment complexity and cost and doesn’t provide performance optimization.

Advanced Security

SD-WAN lacks the security needed to protect branch offices - next-generation firewalls (NGFWs), intrusion prevention systems (IPSs), secure web gateways (SWGs), anti-malware, etc. SD-WAN does not provide these components. The additional equipment and services required to provide these functions will increase the cost and complexity of SD-WAN deployment.

SD-WAN: Mid-term advancement

Therefore, SD-WAN is not perfect. However, you may wonder if I can just deploy a SWG or security service edge (SSE) solution. However, the result of doing so is that it is difficult to manage it in a unified manner on the network, which will lead to more other problems.

No real zero contact

SD-WAN claims to offer zero-touch provisioning, but the reality is quite different. Without the necessary security features, SD-WAN deployment becomes more complex, requiring additional evaluation, purchase, delivery, installation, and integration of security devices.

Difficult to achieve high availability

Since SD-WAN relies on Internet connectivity, high availability is a must, but it is difficult to achieve when managing multiple services at the same time. There is no automatic configuration of resilient connections between devices or services, nor is there any dynamic failover, which requires enterprises to install backup devices and require additional runtime to test failover scenarios.

Limited visibility

Segmenting data across multiple networks and security systems means users don’t have a comprehensive view of their network, making it difficult to spot new cyber threats. Troubleshooting is also more difficult when data is buried in multiple device logs.

Relying on SSE products or cloud security services doesn’t completely solve the problem. Deployment is still an issue because there is no automatic traffic routing and tunnel creation between SD-WAN devices and cloud security PoPs. The security infrastructure also cannot use and share security policies between SD-WAN and cloud security vendors. Operationally, SD-WAN devices and cloud services are still different, which makes troubleshooting more challenging.

SD-WAN: It's not dead, just part of a larger family

So, is SD-WAN dead? The answer is of course no. SD-WAN is still an important tool for building enterprise networks, but it also has limitations that need to be addressed, such as security and deployment restrictions.

SD-WAN uses a virtualized network overlay to connect and remotely manage branch offices. While SD-WAN can connect to the cloud, it is not built with the cloud in mind, with the focus on connecting those branches back to a central private network.

SASE puts the cloud at the center and focuses on connecting each endpoint (whether it is a branch office, individual user or single device) to a centralized cloud. Protecting and connecting the entire enterprise through a single network makes deployment easier, visibility improved, and security more consistent.

SASE is just the first step in the WAN transformation journey. The difference between SD-WAN and SASE lies in the infrastructure. SASE's infrastructure has edge data centers, PoP points, or clouds that act as endpoints, which is where all network, optimization, and security functions run and are controlled. These functions in SD-WAN run in boxes in branches and headquarters. For SD-WAN, SASE makes SD-WAN more secure and controllable, and for SASE, SD-WAN makes SASE's connections more reliable. The two complement each other and can only work together to achieve the best performance. ​