The Current Market Status of SD-WAN

Today, SD-WAN is already a widespread phenomenon due to the paradigm shifts driven by economic and technological incentives. Indeed, SD-WAN provides IT management an abstract layer to manage and control enterprise VPN (virtual private network) status, which is far more cost-effective than the use of proprietary equipment and vendor-defined software. On the other hand, SD-WAN can save the cost and reliance on MPLS layers.

Looking at the functionality aspect, most of the zero-provisioning or hybridized SD-WANarchitectures in the field runs on a vCPE server with multiple VNFs (virtual network functions) implemented to run several networking services covering routing, firewalls, load-balancing and WAN optimization, each of which was conventionally functioned by dedicated, proprietary physical equipments. This has saved tremendous amount of expenses.

Vulnerability of Today’s SD-WAN

However, enterprises expect more now. To strengthen competitiveness, enterprises have expanded their public and private clouds by developing SaaS (Software as a Service), PaaS (Platform as a Service), and IaaS (infrastructure as a Service), and they expect to integrate these cloud services into their global SD-WAN architecture.

In the mean time, since these cloud services are accessed from users all over the world, security vulnerabilities are exposed because all the deployed cloud nodes could be exploited by hackers to intrude with malicious malware or even evolved cyber attacks. In short, SD-WANwith all the services in one architecture has exposed security loopholes.

Here comes SD-WAN 2.0

The new generation of SD-WAN 2.0 is initiated to promote the universal use of vCPE. Because, in the 1.0 stage, there have been numerous ways to deploy SD-WAN architectures:

  • Proprietary approach – both hardware and software are supplied by proprietary solution vendors. This approach makes SD-WAN standalone and incompatible with third party VMs (virtual machines).
  • The use of Intel x86 Platform – the building of SD-WAN architecture is based on an Intel x86 hardware device to run virtualized VMs. In this stage, enterprises adopt bundled SD-WAN solutions, where the Intel x86 hardware and the VMs are bundled by SD-WANvendors.
  • Open Source – in this stage, zero-provisioning has been introduced. Not only Intel x86 hardware appliances are deployed, but also the compatibility of third-party of VNF (virtualized network functions) has been introduced. Enterprises can adopt a single Intel x86 white box server to run multiple open-source software VNFs.

To address drawbacks of the earlier generation, SD-WAN 2.0 is introduced to further elevate the “open source” model discussed previously. Configuration of VMs can be performed in a zero-provisioning approach. Besides, SD-WAN 2.0 addresses an entirely end-to-end, distributed architecture that provides advanced visibility to IT management personnel, allowing them to monitor the traffic type and pattern from where the packets are originated and where the packets reach their destinations.

Due to the end-to-end visibility, IT management can develop security policies across all the network channels and clouds. The security is software-defined, and thus “software-defined security” (also known as SD-Security) is practically in place. The SD version of WAN security is driven by software, and thus can be configured as automated for all the access nodes. Alerts are automatically generated and sent to the IT management.

In addition, SD-WAN 2.0 introduces micro-segmentation for IT management, who can implement specific third-party, virtualized security policies and functions to address each segment of the network infrastructures, covering Email server, WAN, website, VoIP and public/private clouds.

In short, SD-WAN 2.0 addresses the 3 advantages over the earlier orchestration model:

  • End-to-end visibility
  • Policy implementation by micro-segmentation
  • Software-defined security in an automated mechanism

Recommended Hardware

To meet the SD-WAN 2.0 architecture, it is recommended to adopt high-performance Intel x86 white box hardware to effectively and compatibly run multiple open source, third-party VNFs. For example, NCA-4020 from Lanner, is powered by Intel® Xeon® D-2100 processor, also named Intel® Xeon® Scalable platform to offer optimal performance, scalability, and virtualization capability in SD-WAN 2.0 architecture. For hardware design, NCA-4020 offers NIC module expansion, advanced LAN bypass, and hardware-assisted cryptographic acceleration to function as the SD-WAN 2.0 hardware server.

Featured Product


NCA-4020

Next-gen vCPE/uCPE Platform for Accelerated SD-WAN Deployment

CPU Intel® Xeon® D2100 4~16 Cores
Chipset None

Read more