March 2018 • Reading Time: 13 mins
This article kicks off a special three-part series diving deep into the reality, evolution, and implementation of SD-WAN in enterprise networks. In this post, we focus on architecture types, overlay models, and the rapid transformation of WAN hardware in the face of software-defined expectations. The follow-up entries will explore real-world design/deployment strategies and troubleshooting insights.
Software-defined WAN (SD-WAN) continues to disrupt traditional enterprise WAN models by decoupling the control and data planes and enabling intelligent path selection across heterogeneous transport networks. As enterprises demand agility, performance, and cloud optimization, SD-WAN architectures must evolve to meet complex overlay design needs and hardware realities.
Why This Series, Why Now?
In 2018 SD-WAN is no longer hype. It's deployment-critical. Many organizations are grappling with the architectural choices and trade-offs that weren't part of their MPLS WAN planning just a few years ago. Cloud access demands, SaaS growth, and hybrid work models are accelerating SD-WAN adoption.
Understanding the Evolution of WAN Requirements
Legacy WANs were designed around MPLS-based architectures where central hubs controlled traffic flow, and all internet-bound or cloud traffic was backhauled to a secure location. As applications moved to the cloud and users became more mobile, this model introduced latency, cost inefficiencies, and rigidity in path control.
SD-WAN addresses these issues by abstracting the WAN layer and enabling the use of broadband, LTE, and MPLS simultaneously. This shift necessitates rethinking how overlay models are constructed and what roles hardware still plays in branch deployments.
Overlay Models: Hub-and-Spoke, Full Mesh, and Cloud-First
There are three primary overlay models in SD-WAN design: hub-and-spoke, full mesh, and cloud-first (or hybrid).
Hub-and-Spoke Overlays
This model resembles traditional WAN topologies but adds intelligence in routing. SD-WAN controllers direct branch traffic to regional hubs or cloud on-ramps based on application awareness. It simplifies policy control but may still introduce regional chokepoints.
Full Mesh Overlays
Full mesh topologies allow all branches to communicate directly, ideal for collaborative applications like video conferencing or real-time data replication. However, it may overwhelm underpowered devices or generate excessive routing state in large deployments.
Cloud-First/Hybrid Models
Modern SD-WAN deployments increasingly favor hybrid overlays with direct internet access (DIA) for cloud-bound traffic and selective backhauling for sensitive applications. This model prioritizes SaaS performance while maintaining compliance.
Hardware Footprints: Appliance vs uCPE vs Virtualized Edge
Enterprises must decide between purpose-built SD-WAN appliances, universal CPE (uCPE) that hosts multiple VNFs, or software-only solutions deployed on x86 platforms.
- Appliance-based SD-WAN: Integrated routing, firewall, and DPI; vendor-controlled stack with optimized performance.
- uCPE: Flexibility to run third-party VNFs, such as firewall or WAN acceleration, ideal for service providers offering managed SD-WAN.
- Virtualized Edge: Deployed as a VM or container on general-purpose hardware; offers agility but depends on the underlying host’s reliability and performance.
Transport Independence and Link Bonding Techniques
Transport independence is a cornerstone of SD-WAN, allowing the use of diverse circuits (broadband, LTE, MPLS). Key technologies include:
- Dynamic Path Selection (DPS): Real-time traffic steering based on application policy and link health.
- Forward Error Correction (FEC): Improves performance over lossy links by sending redundant packets.
- Packet Duplication: Simultaneously sends packets across multiple paths for zero-packet-loss experience.
Integration with Security Functions
SD-WAN often converges with next-generation firewall (NGFW), intrusion prevention, DNS filtering, and zero trust network access (ZTNA). Vendors increasingly bundle security features at the edge or redirect traffic to SASE platforms.
Cloud On-Ramps and SaaS Optimization
Direct access to cloud applications is optimized through partnerships with cloud providers (AWS, Azure, Google Cloud). SD-WAN edge nodes integrate cloud on-ramps and dynamic DNS/IP mapping to reduce latency and jitter.
Operational Models and Controller Architectures
SD-WAN orchestration relies on centralized controllers for policy distribution, visibility, and analytics. These may be cloud-hosted or on-premises. Enterprises must assess controller availability, failover behavior, and multi-tenancy support in MSP scenarios.
Challenges in Large-Scale SD-WAN Deployments
Key challenges include:
- Scalability of routing overlays and tunnels
- QoS enforcement across heterogeneous circuits
- Operational complexity in hybrid models
- Managing legacy VPN coexistence during transition phases
Future Directions: AI, SASE, and Intent-Based Networking
We expect AI-powered analytics, intent-based networking, and deeper integration with SASE platforms to define the next generation of SD-WAN. Enterprises are demanding automated remediation, application-centric SLAs, and richer telemetry for network assurance.
Next in This Series
In Part 2, we explore SD-WAN routing design, QoS, intelligent path selection, application breakout, and how failover works in multi-provider environments.
Part 3 wraps up with deep troubleshooting strategies, security layering, and lessons from large-scale SD-WAN deployments.