Comparison of popular technical SD-WAN service models

Two main SD-WAN service model options exist for users to choose from, but more could be on the way due to regulatory and industry development efforts. Find out what works for you in this comparison.

In part one of our two-part series on software-defined WAN and the future of virtualized networks, networking expert Tom Nolle, president of CIMI Corp., looked at SD-WAN from an outside-in network perspective. He addressed how SD-WAN can benefit more than the outer service layer by enhancing service management and by working deeper inside the network to improve network infrastructure efficiency.

In part two below, Nolle looks at SD-WAN service models from the inside out to explain the two primary technical SD-WAN options -- described as passive and synergistic -- compare their common features and differences, and discuss two additional market drivers that could cause a third SD-WAN model to emerge.

Those who follow network technology probably know by now that SD-WAN is hot. All vendors seem to be offering SD-WAN options, and many enterprise customers and service providers seem to be adopting SD-WAN. But let's look at what it really is.

SD-WAN is a new kind of wrapper for network services. Once inside that package, however, not all SD-WAN product and service options are the same. The differences are important to buyers and to the future evolution of the technology.

The two existing SD-WAN service model options are based on what's inside the service package. In the first -- which we characterize as the passive model -- the SD-WAN service looks like ordinary network user traffic, which means the SD-WAN element itself uses the underlying network. As a result, all SD-WAN features are packed into the vendor's SD-WAN physical or virtual device. In the passive model, an SD-WAN service would also inherit whatever network features are standard for an internet connection.

The passive SD-WAN model option can be used in service provider SD-WAN offerings, but it can also be used by third-party managed service providers and even directly by end users. This means the network operator has no special technical edge over the competition.

The second SD-WAN service model -- which we characterize as synergistic -- works in conjunction with a network operator's infrastructure. It exploits additional network features that only a network operator could expose. The synergistic SD-WAN model gives service providers an edge by offering a link between the SD-WAN service layer and the underlying network infrastructure.

Any network feature could be exposed via SD-WAN by the provider in the synergistic model, but it's likely quality of service (QoS) would be the primary one. Other internal features, like acceleration, firewalls and security, could be hosted inside the network using network functions virtualization, rather than in customer premises equipment.

Passive and synergistic SD-WAN comparision

The differences between these two SD-WAN models are subtle now, but they are likely to expand over time.

SD-WAN service models
How the passive and synergistic SD-WAN models compare

Both passive and synergistic SD-WAN service models offer some in-box features, however. Many products will include the ability to classify traffic on entry and prioritize it based on enterprise policy. This can help separate real-time video and voice from lower-priority file transfer and web traffic, for example. Application acceleration through information compression may also be an option. Encryption is another popular security feature.

These features focus on the port side, or the site connection, to SD-WAN. While their operations may vary depending on the trunk side, or the network connection, these features will be substantially the same across all SD-WAN products.

How the network connections are handled is the common point where the standard in-box features and the features of the passive or synergistic SD-WAN models meet.

SD-WAN products in both models will support the internet, MPLS virtual private networks (VPNs), Ethernet virtual LANs and possibly SDN, Carrier Ethernet VLANs or Virtual Extensible LAN. It's typical to find one internet connection and one other connection type, but some products support two different internet connections -- including connections from two different internet service providers (ISPs) for path diversity.

If a synergistic SD-WAN service is purchased, however, SD-WAN can be connected to the provider's network just like any user device, whether physical or virtual.

Lights at the end of the SD-WAN tunnels

Building SD-WANs over a diverse set of connectivity options will typically create some form of tunnel. The technology used to create the tunnel varies, as does the protocol overhead that's associated with the tunneling.

A tunnel network is virtually built over all of the connection types, though a given site may support only one connection type. Each site where a user wants to have connectivity must have its own tunnel and must also tunnel over one WAN connection. The resulting tunnel network touches every site in the network, regardless of available WAN connectivity services. This is one of the key SD-WAN value propositions.

A recent development in the market is the use of SD-WAN technology as a gateway between an organization's mobile devices and a VPN. This SD-WAN gateway application, pioneered by Cradlepoint Inc., has the potential to use the cloud as an on-ramp for mobile users and internet-of-things applications.

Examples of synergistic SD-WAN models

One example of the synergistic model comes from MEF, formerly the Metro Ethernet Forum -- an industry association that previously worked to standardize Carrier Ethernet. MEF has created an end-to-end service strategy called the Third Network approach that creates an SD-WAN overlay combining the best of the internet and Carrier Ethernet.

The MEF model uses SD-WAN tunnels and internal gateways between networks to create a cooperative service that allows operators to combine IP and Ethernet networks in various ways. MEF is working on its own specifications for SD-WAN applications in the Third Network, which could be of special interest to Carrier Ethernet suppliers and users.

Software-defined networking services offer another synergistic SD-WAN model. Since SD-WAN is based on tunnels, SDN could create the tunnels and provide the connectivity. That would allow SD-WAN to offer IP or Ethernet services based partly or totally on SDN connectivity, giving operators a way to transition from legacy networks to software-defined networks. Nokia's Nuage Networks offers this kind of technology and is arguably the current market leader, although customer data is difficult to obtain.

SD-WAN model evolution

The use of passive and synergistic models to describe what's inside an SD-WAN service may seem like more than enough, but a third model may be waiting in the wings. With two totally different drivers that could make it happen, there's a good chance both factors will come into play in the near future.

Here's how another SD-WAN service model could emerge. One disadvantage of SD-WAN is tunnel networking gets more complicated as the number of network sites increases. SD-WAN tunnels normally mesh the endpoints. As the number of endpoints grows, the complexity of any-to-any connectivity grows at the scale of the endpoints.

In-transit router driver. A better answer for complex tunnel networking could be in-transit routing, which sends traffic from groups of endpoints to a master router instance for forwarding. This would simplify the connectivity. In theory, some endpoints could be designated to do transit routing, which means other endpoints could be connected to them to build something that looks like a router network.

As discussed above, MEF's SD-WAN model has gateway elements that link different networks. MEF could provide gateways between different underlying networks, and in theory, these internal gateways could also do transit routing. If a network operator offered hosted router instances as a service, then synergistic SD-WAN could also use them as transit routers.

So, it is possible to create a gateway at the network edge, rather than inside the SD-WAN, as MEF proposes. A gateway at the network edge could collect traffic from other endpoints and forward it accurately. This would simplify the forwarding tables in those secondary sites, but it would increase the risk that a failure of a single master site could disconnect a large part of the SD-WAN network. Still, the use of gateways at the network edge is an option that seems likely to emerge as SD-WAN's popularity grows.

Net-neutrality driver. A second development that could affect SD-WAN service models is possible revisions in net-neutrality regulations. These revisions could allow ISPs to prioritize traffic, which would mean control over QoS via the internet in the broadest sense for the first time. If QoS became an internet feature, then all SD-WANs using the internet would be able to use QoS as an existing internet feature. If the synergistic model links an SD-WAN to specific operator features, then a semi-synergistic model links SD-WAN to what used to be available only as a special feature, but is now generally available.

This semi-synergistic model would have a special network feature like QoS that could be used in SD-WAN products in conjunction with the typical prioritization options available in the SD-WAN device. If these net-neutrality revisions are adopted by the Federal Communications Commission, the result could accelerate SD-WAN replacement of traditional MPLS VPNs and greatly increase the rate of SD-WAN adoption and deployment.

SD-WAN may be the most important development in virtual networking, even without these new factors, and everything seems aligned to make it even more important for the future. VPN users of any sort need to take a hard look at SD-WAN technology opotions. It might save a lot of money and improve communications overall.

Next Steps

Get started with this SD-WAN primer

How SD-WAN and MPLS work together

Prepare for SD-WAN with these four steps

Dig Deeper on SD-WAN

Unified Communications
Mobile Computing
Data Center