SD-WAN

What is SD-WAN?

Unlike SD-WAN, the conventional router-centric model distributes the control function across all devices in the network and simply routes traffic based on TCP/IP addresses and ACLs. This traditional model is rigid, complex, inefficient, not cloud-friendly, and results in poor user experience. 

SD-WAN works by continuously evaluating the performance of all available network links and intelligently routing traffic based on real-time conditions and business policies. For example, it can prioritize a VoIP call over a low-priority software update or steer sensitive data through a secure MPLS link while routing bulk traffic over broadband. 

The key mechanisms include: 

• Application-aware routing: Identifies applications on the first packet and applies QoS (Quality of Service) rules to ensure performance and reliability. 
• Dynamic path selection: Chooses the optimal path for each application flow based on link metrics like latency, jitter, and packet loss. 
• Forward Error Correction: Enhances link quality by correcting packet loss and smoothing out performance issues over unreliable connections. 
• Tunnel bonding: Combines multiple WAN links into a single logical connection to improve throughput and resilience. 

SD-WAN can operate using encrypted tunnels, typically IPsec, or adopt a tunnel-free, session-based architecture. This offers confidentiality and integrity even over public networks. Advanced secure SD-WAN also supports segmentation of traffic based on user, application, or device roles to prevent lateral movement and maintain security boundaries.

Times have changed, and enterprises are using the cloud and subscribing to software-as-a-service (SaaS). While users traditionally connected back to the corporate data center to access business applications, they are now better served by using many of those same applications in the cloud. 

As a result, the traditional WAN is no longer suitable mainly because backhauling all traffic—including that destined to the cloud—from branch offices to the headquarters introduces latency and impairs application performance. SD-WAN provides WAN simplification, lower costs, bandwidth efficiency, and a seamless on-ramp to the cloud with significant application performance especially for critical applications—without sacrificing security and data privacy. Better application performance improves business productivity, customer satisfaction, and ultimately profitability. Consistent security reduces business risk.

• Improved performance: Routes applications via optimal paths and eliminates backhauling to the data center. 
• Enhanced security: Tightly integrates with SSE to form a SASE architecture, as many SD-WAN solutions include encryption, firewalls, and advanced security features. 
• Cloud-centric: Optimizes and secures cloud access from branch locations. 
• Cost savings: Reduces dependency on costly MPLS circuits by leveraging cheaper internet links. 
• Simplified management: Eases network configuration and monitoring with centralized control.

• Not all SD-WANs are created equal: Many SD-WAN solutions are basic SD-WAN solutions or "just good enough" solutions. These solutions lack the intelligence, security, performance, and scale needed to ensure a secure network experience and build a robust SASE architecture. And remember, without a fast, secure, and high performing network, enterprise digital transformation and cybersecurity initiatives can stall.

• Consistent Quality of Experience (QoEx). A key benefit of an advanced SD-WAN solution is the ability to actively use multiple forms of WAN transport simultaneously. A basic solution can direct traffic on an application basis down a single path, and if that path fails or is underperforming, it can dynamically redirect to a better performing link. However, with many basic solutions, failover times around outages are measured in tens of seconds or longer, often resulting in annoying application interruption. A business-driven SD-WAN intelligently monitors and manages all underlay transport services. It can overcome the challenges of packet loss, latency and jitter to deliver the highest levels of application performance and QoEx to users, even when WAN transport services are impaired. Unlike a basic SD-WAN, an advanced SD-WAN handles a total transport outage seamlessly and provides sub-second failover that averts interrupting business-critical applications such as voice and video communications. It continuously adapts to changes in the network, automatically adapting in real time to any changes that could impact application performance, including network congestion, brownouts and transport outage conditions.
• Built-in security. An advanced secure SD-WAN includes a next-generation firewall to efficiently secure branch locations. Key capabilities include intrusion detection and prevention (IDS/IPS) and end-to-end segmentation. Other advanced secure SD-WANs can protect organizations against DDoS attacks and provide URL filtering. The integration of a next-generation firewall enables organizations to easily replace legacy branch firewalls, reducing the hardware footprint. Additionally, security policies are centrally managed eliminating the need to have IT trained personnel locally and avoiding misconfigurations. Additionally, while basic SD-WANs provide the equivalent of a VPN service, an advanced secure SD-WAN offers more comprehensive, end-to-end role-based segmentation. By adding user and device identity and role-based policy, advanced secure SD-WANs are able to provide fine-grained segmentation and enforce zero trust. Based on the principle of least privilege access, it ensures that users and IoT devices only communicate with destinations consistent with their role in the business, while reducing unauthorized access and limiting the scope of incidents. 

• Multi-cloud networking. Advanced SD-WANs can be deployed in a public cloud such as AWS, Azure and Google Cloud to optimize connections between branch locations and the cloud using all the SD-WAN benefits. If a brownout or blackout occurs, the remaining link(s) continue to carry traffic so that users don’t notice any disruption to voice calls, audio and video conferences, or any other application. Ruggedized first mile between the branch and the public cloud delivers better network performance, reliability, and quality. 
• AI-Driven Advanced SD-WANs include AI capabilities to improve visibility into connected users and devices. AI also gives organizations insights into network traffic and security to proactively troubleshoot activities and diagnose network issues. AI-driven SD-WAN is designed to listen, understand, and respond to natural language queries, making it easier for IT teams to get the insights they need.

The HPE Networking SD-WAN offering is a comprehensive portfolio of access deployment options to connect enterprise organizations across locations, data centers, cloud, and SaaS. The solution includes various deployment models, or "on-ramps," to the SD-WAN fabric. This delivers seamless, secure, high-performance network connectivity from headquarters, data center, campus, branch, small office, work-from-home, and mobile users to reach applications, data, and services anywhere. 

• HPE Aruba Networking EdgeConnect SD-WAN allows IT Admins to architect an advanced secure SD-WAN edge that continuously learns and adapts to changing business needs and delivers advanced security features with a built-in next-generation firewall.
• HPE Aruba Networking EdgeConnect SD-Branch allows IT Admins to consolidate branch networking components for maximum integration across WLAN, LAN, and SD-WAN with integrated security and onboard LTE support with centralized cloud management. 
• HPE Aruba Networking EdgeConnect Microbranch uses a range of HPE Aruba Networking remote access points (RAPs) to enable secure WAN connectivity to the corporate enterprise network and is ideal for small office or work-from-home sites.
• HPE Juniper Networking Session Smart Router provides a session-centric approach, with granular session-level performance. Its unique tunnel-free architecture provides a direct path for sessions, which not only enhances application performance and reduces latency, but also simplifies network operations.

HPE Networking SD-WANs offer a comprehensive solution that addresses modern connectivity and security challenges across distributed enterprises. It enhances performance and reduces costs through tunnel bonding, Business Intent Overlays, path conditioning, and WAN optimization techniques. These features ensure reliable, high-quality application performance over hybrid WAN links like MPLS, broadband, and 5G.  

For cloud-driven environments, it intelligently routes application traffic directly to cloud providers such as Amazon Web Services, Microsoft Azure, Oracle Cloud, and Google Cloud, improving efficiency and user experience.  

Security is built-in, with next-generation firewall capabilities, IDS/IPS, Adaptive DDoS protection, and role-based segmentation—all centrally managed. The integration of Secure Web Gateway (SWG) extends protection against web-based threats to unmanaged devices without requiring agents. IoT security is also strengthened through HPE Aruba Networking ClearPass integration, enabling dynamic segmentation based on identity and role.  

As a foundation for SASE, the solution tightly integrates with HPE Aruba Networking SSE, a cloud-native SSE solution that supports ZTNA, SWG, CASB and other security features, or integrates with multiple third-party SSE to integrate into existing security ecosystems.

Finally, AIOps enhances network intelligence by automating configuration and troubleshooting activities. AIOps significantly improves resolution times using natural language queries, by leveraging generative AI and large language models (LLMs), through actionable recommendations, ensuring that the network continues to work at peak levels.