adam's notes

Software-Defined WAN (SD-WAN)

Software-defined WAN (SD-WAN) is a service that uses software-defined mechanisms and routing policies to implement virtual tunnels and overlay networks over multiple types of transport network.

  • enables organizations to connect their branch offices, datacenters, and cloud infrastructure over a wide area network (WAN)
  • efficient, secure, connectivity to corporate clouds
  • replaces hub-and-spoke designs
    • hub and branch office design with on-premises datacenters has a number of performance and reliability drawbacks
    • mitigate some of the issues by:
      • Shifting services to dedicated datacenters in the cloud
        • service availability and integrity is separated from site accessibility considerations
    • access to datacenter or cloud would be routed and authorized via the hub office
  • is a type of overlay network that:
    • provisions a corporate WAN across multiple locations
    • facilitate secure access to the cloud directly from a branch office or other remote location
  • uses automation and orchestration to provision links dynamically based on application requirements and network congestion
    • uses IPSec to ensure that traffic is tunneled through the underlying transport networks securely
  • benefits:
    • provide enhanced security features
      • can apply encryption
      • can segment traffic based on priority ratings
        • ensures critical data is fully protected
      • can intelligently route traffic based on application
      • tightly integrates with firewalls
      • centralizes management of network security policies
  • should apply:
    • microsegmentation
    • zero-trust policies
    • to ensure all requests and responses are authenticated and authorized
  • managed by a controller and management software
    • located in a corporate datacenter or public cloud
  • each site has an SD-WAN capable:
    • router
    • gateway
    • or VPN app
  • SDN controller orchestrates connections to networks and clouds enrolled in the SD-WAN
    • uses any available IP underlay network to provision the fastest or most reliable available transport to networks and clouds enrolled in the SD-WAN
      • e.g., broadband Internet, 4G/5G cellular, or private Multiprotocol Label Switching (MPLS) VPNs
    • ensures each access request is authenticated and authorized

Graph View

Backlinks