SD-Branch and SD-WAN are terms that we see frequently, but how do they relate to each other? How are they different? In this article we’ll explore what SD-WAN is, what SD-Branch is, and how these two are shaping up to transform the way we architect networks.
It’d be remiss to define Software-defined wide-area network, or SD-WAN, without first touching a bit on software defined networking (SDN). SDN set the stage a few years ago by decoupling the network control and forwarding functions, creating an architecture that is dynamic, manageable, cost-effective, and adaptable – ideal for the high-bandwidth, dynamic nature of today’s applications. SDN made it easier than ever to enable flexible deployment and usage-based solutions between high capacity sites.
SD-WAN takes a software defined approach to WAN, applying SDN technology to WAN connections such as broadband internet, 4G, LTE, or MPLS. It connects enterprise networks — including branch offices and data centers — over large geographic distances, helping optimize traffic flows for performance and cost at branch sites.
WAN connection typically require proprietary hardware, whereas SD-WAN allows vendors to leverage the internet or cloud-native private networks, shifting reliance away from the hardware. By decoupling the network from the management plane, SD-WAN is able to detach traffic management and monitoring functions from the hardware – allowing flexibility and dynamic changes to be made to the network policies.
SD-WAN relies on a few key components:
Virtualizing network functions so they can be remotely viewed and controlled is a true game changer for service providers and operators, who in the past were bogged down by the rigidity of hardware-centric network architecture. On top of additional flexibility, SD-WAN provides a greater level of transparency and visibility into the network, all the way down to the activity of individual applications. These benefits make it possible to automate control over where application data flows and how it gets to its destination.
However, SD-WAN does have some gaps, as it tends to fall short of reaching into the infrastructure of an enterprise’s branch location.
Enter SD-Branch…
SD-Branch compliments SD-WAN by extending the virtualization and intelligence of a software-defined WAN into the branch IT infrastructure. Building an SD-branch involves building on existing infrastructure, whether that’s SD-WAN, VLAN, software-defined security, etc. and integrating so that it can be viewed from a single pane of glass. A key benefit of SD-Branch is its ability to take a holistic view of a single branch business and providing centralization of management & visibility.
Essentially, SD-Branch evolves LANs as SD-WAN did with traditional WAN deployments – simplifying the management of devices in the LAN. This strategy makes it easier for network administrators to see what’s going on, set new policies, and manage the network remotely, all using software and automating policies for routine, time-consuming tasks.
SD-Branch augments SD-WAN, and when used in parallel, network operators have more visibility, flexibility, and control over their networks. Building a network using both SD-Branch and SD-WAN solutions can lead to the following benefits:
Virtualizing key functions, centralizing management, increasing versatility, and providing visibility into the network are all overlapping benefits of both SD-WAN and SD-Branch solutions. SD-WAN solutions reduce the complexity of traditional WAN management with virtualization that allows for less proprietary hardware, automation of routine tasks, and centralizing network management. SD-Branch solutions, on the other hand, simplify the complexity of a traditional branch network by making it easier to view and manage branch network activity.
Using these in-tandem can provide a much needed single-pane-of-glass view of the entire network – the whole SD-WAN and individual branches. Plus, this makes it easier for administrators to ensure that the network is performant and can help with root-cause identification. Since the SD-Branch solutions make it possible to apply policies and view network activity at a granular level, such as applications and devices, administrators can dynamically alter network access.
With SD-WAN, software is able to intelligently route traffic based on the quality of the network connections, meaning that the traffic path will avoid areas with performance degradation and be optimized while traveling between enterprise locations and the cloud.
SD-Branches makes it easier to understand what is happening within the network by adding intelligence and context to activity within a branch’s LAN. This allows automation for policies and network usage
Security is based on IPsec tunnels that connect branches to the headquarters or enterprise clouds and each of their respective firewalls. Branch data tends to be more vulnerable since usually there’s limited on-site cybersecurity, and as IoT devices have entered the stage, this complexity and vulnerability seems to increase.
With SD-Branch, next-generation firewalls (NGFWs) are added to the branch gateway, which serves as a control point that intelligently filters data that flows throughout the network and determines what connection type data travels through when leaving the branch. Plus, most SD-Branch vendors have network access control software as an additional degree of control and protection over network access.
With our SD-Egde platform, most of the capabilities of both SD-WAN and SD-Branch solutions come wrapped in one versatile, powerful code base. Whether you’re looking for a WAG, vBNG, or trying to build a network within a specific constraint like Venue or Stadium WiFi, Apartment Complexes, and more – we have you covered.