SD-WAN (software defined WAN) is a topic that is much discussed in the last couple of years but one that is also the least understood. One of the reasons for this is that there are different implementations of SD-WAN leading to misunderstandings in how SD-WAN is used.
So what is SD-WAN?
It’s an overlay technology that provides amongst other features:
- wan link management and control
- bandwidth management
- application steering
- security policy enforcement
- link failover
The following abstract from TechTarget puts SD-WAN in perspective:
The technology centralizes network control by abstracting and automating the tasks traditionally programmed manually on each edge device. SD-WAN architecture creates a network overlay that enables IT to remotely configure, manage, monitor and secure most aspects of the WAN, including edge devices and traffic flows. By abstracting the transport layer from hardware to software, SD-WAN facilitates traffic prioritization, enabling IT to use lower-cost public and private links such as broadband and wireless alongside more expensive Multiprotocol Label Switching (MPLS) connections. The automation, centralization and flexibility afforded by SD-WAN result in a more agile WAN environment for midsize to large businesses.
In simple terms, SD-WAN allows one to make use of existing physical/virtual network links (public, private, VPN, MPLS, LTE, etc.) to create virtual links through which traffic can be steered according to your requirements. An example may be that you have 2 fibre links (with VPN tunnels) and 1 LTE link with the following configuration:
- internet over fibre links 1 and 2 with fallback to LTE
- voip over fibre link 1 with fall back to LTE
- AWS and Azure cloud services over fibre link 2
- VPN traffic to HQ over fibre link1/vpn1 with fall back to fibre link2/vpn2
By utilising multiple links and link types, once can optimise routing of traffic over those links using SD-WAN.
Benefits
There are many benefits to be had from using SD-WAN including:
- cost reductions due to use of low quality or cost links
- guarantee consistent and reliable performance
- replace expensive link types (eg. MPLS) but provide the same functions
- unified security
- centralised policy management
- local breakout for cloud applications
- link quality monitoring and management
FortiGate SD-WAN
Fortinet implements device-based SD-WAN with centralised management via FortiManager. Some of the features of the FortiGate-specific implementation include:
- no-cost built-in feature in all FortiGate firewalls
- integrated security – all existing FortiGate security features map directly onto SD-WAN
- application steering via FortiGate’s Application Control and/or Internet Services Database
- policy-based bandwidth control
- number of interface selection strategies
- link quality monitoring and SLA with packet loss, latency and jitter
- Site-to-Site ADVPN
- Cloud on-ramp via Public Cloud transit, direct or VPC connectivity
- centralised orchestration via FortiManager
All these features combine to allow optimal use of WAN links, providing seamless and secure network access for most use cases. By integrating the solution into your existing FortiGate device at no additional cost, Fortinet provides a compelling cost-effective solution to making the best use of multiple wan links.
