From grassroots to the cloud: How SD-WAN can provide a solution

Air travel: what a gift to global business! Any executive from any country can leap onto a plane and, within a few hours, be busy in any overseas commercial centre or branch office. Only it is not quite like that.

The fact is that, for all the wonders of modern aviation’s high-speed links between major airports across the globe, the typical journey between a distant branch office and the nearest airport (at both ends) can be so tiresome and unpredictable that frustrating and unproductive hours can be wasted. Few faces light up at the prospect of a meeting overseas.

Today’s business networks are similar. Global service providers’ subsea and overland links have shrunk the world, delivering business class cloud connectivity to every major commercial, financial or government centre. It would be an absolute gift to any global enterprise – if only every sub office had equal and convenient access to those same cloud services. The reality is that cloud business applications are mostly accessed over the “best effort” Internet and not every office can depend on reliable QoS. Cloud computing, compared with on-premise solutions, can become as frustrating as that rush hour journey to the airport.

One solution to the nightmare car journey might be to take a train to the airport where possible. It reduces unpredictability but is less flexible and can be expensive. This is like paying for direct connection to the cloud via a private network: you get a better service, but lose some of the cost and flexibility advantages that make it worth migrating to the cloud.

So let us dream a little. If only road traffic could be perfectly managed in real time – with on-going traffic monitoring and flexible real-time re-routing and re-allocation of lanes and routes. Then car journeys would be faster, less frustrating, and a lot more predictable. Sending out truck roll teams to change the signs and re-route traffic would simply add more traffic to the chaos, so the solution would require a Traffic Control Plane separate from the actual Traffic. But, provided an intelligent central controller could monitor every junction and flip switches to optimise traffic flow in real time, the commuter benefits would be enormous.

Establishing such a road network would be very expensive and it would take years of installation and fine-tuning – but some say it will eventually be inevitable. This has, however, already been achieved on data networks. It is called Software-Defined Networking (SDN) and basically it means imposing a separate Control Plane on which data traffic in the network can be continuously monitored, analysed by a central controller and the flow optimised by controlling the network’s switches. SDN means that the configuration and policy of the network is dynamically programmable to respond rapidly to changes. SDN has revolutionised local area networks and data centre connectivity and is already extending to wider areas.


SD–WAN (Software-Defined Wide-Area Networks) applies SDN principles to the practical realities of the Wide Area Network – such as minimising delays over long distances between nodes, and providing predictable service quality over less predictable links.

When the network can extend across thousands of miles, the SD-WAN will make local forwarding decisions based on observed local conditions, such as link quality and throughput. The central controller implements software forwarding based not only on centralised policy objectives but also real-time network quality. The routing, priority and security for any application data flow is therefore independent of the actual network transport – whether wired Ethernet, MPLS, wireless, cellular, or a public Internet link. For a SD-WAN the SDN central controller concept is extended to allow continued operation with or without instructions from the controller – this ensures maximum uptime, optimized data delivery, and supports application service level guarantees.

There are other challenges that are addressed by SD-WANs, such as the implementation of Rest APIs to allow the controllers to interact with far-flung nodes and services. Above all, there is the challenge of less standardisation in the WAN space, so a lot of work is still being done to allow interoperability between different vendors’ equipment, and to allow the use of virtual machine hosting on common off-the-shelf hardware.

What does SD–WAN mean for business?

Scattered offices do not all enjoy equal access to the Internet. They often have to take advantage of whatever is available at relatively short notice. MPLS is nice, but more agile technologies such as Internet broadband, wireless and LTE may be quicker to install and often at much lower cost. SD-WAN can integrate any number of such links seamlessly to provide better bandwidth and reliability to the branch office, while maintaining required levels of security regardless of the underlying link structure.

This is a practical, cost-effective way to extend the full benefits of cloud computing to the very edges of an enterprise. It makes it quick and easy to integrate new network services, virtualize services, load-share over multiple different links, simplify configuration and policy management, and optimize application performance.

It is like the idealised national road network imagined earlier – except that it is becoming a reality and not just a dream. SD-WAN ensures reliable, high quality transport from the remotest or least well served branch office to the “airport”, where data streams connect to global long haul networks offering fast, reliable connectivity to and from cloud providers. Effectively, the SD-WAN assures application performance over the “last mile” transport, and the Service Provider network is then responsible for application performance over the long haul transport to the cloud service.

The traffic on a suitable service provider network can be classified according to the enterprise’s own business policies, then individual data streams can be split into sub-streams without duplication, so that the data sub-streams can be routed across diverse data paths in a similar way that mobile networks optimise communication.  Each sub-stream can be individually encrypted according to the service policy and routed to an independent data control node. These assignments are then dynamically shaped, in real-time, according to the service’s required QoE policies. The service provider gateway decrypts each sub-stream, re-assembles them into the full data stream and passes the data direct to the cloud provider.


IDC has predicted that 80% of new applications will be deployed in the cloud by 2030 and that public cloud will reach $141 billion by 2019. Many enterprises, however, find that their applications suffer poor or locally inconsistent performance when running in the cloud. Corporate IT needs an easier way to ensure control, security, performance and quality of experience for critical cloud applications, while allocating lower priority for merely recreational or non-business critical applications.

What is needed is an established system of distributed gateways at the front doorstep of all the major cloud service providers. It must offer the sort of optimised business service described above, and it should work with a company that offers corresponding SD–WAN optimisation of the last mile via – no matter what type of access is available to branch offices. A SD-WAN service provider should also be able to host their own multi-tenant and multi-segment gateways which dynamically enables their edge devices on the customer premises allow the customer to make or upgrade their own cloud connection at short notice, while being confident of excellent user experience, predictable performance, security and reliability. These service provider gateways should also federate with SD-WAN system of distributed gateways.

Extending the service provider’s capillary reach in this way, brings superb business services to every branch office. Straight from the cloud to grass roots users.