Software-defined networking, and more specifically SD-WAN, has changed the game by enabling new service chaining capabilities. A service chain virtually connects security and network services, like firewalls, intrusion prevention services (IPS), network address translation (NAT), etc. This allows multiple, virtual services to be delivered among multiple, diverse network circuits.
Dynamic WAN Resource Utilization
Traditional networks often backhaul Internet traffic through headquarters or a corporate data center, where robust security infrastructure resides. But this circuitous route is a rigid proposition. A better option for accommodating cloud connectivity and mobile users, would be a direct path over the Internet. While this is not easily accomplished with traditional networks, it is remarkably simple with SD-WAN, by controlling the network edge as a service, and defining policies that match network service chains with applications. The ability for SD-WAN to granularly manage diverse traffic types over any type of transport, redefines network services and their resource utilization.
Eliminate Device Bloat with Virtual Network Services
Service chains can be connected across a network through network function virtualization (NFV), where new services are instantiated as software, running on commodity hardware. And, because virtual network functions (VNFs) use virtualized transports, the connections can be set up and torn down on-demand through the SD-WAN orchestrator. Service chains can be deployed at the network edges, and leverage third-party cloud-based services, to lower costs, improve performance and security, and scale on-demand.
All this is not to say cloud-based network and security services cannot be accomplished with traditional networks. In fact, it can be done. But it’s very complex, with high costs, and long turn-arounds. It requires configuring tunnels at each site, applying rigorous failure processes and thorough testing. Let’s just say, it’s not for the faint of heart, and many enterprises simply choose to face the performance hit of backhauling traffic through their corporate data center, before sending traffic to the cloud.
A secure SD-WAN overlay is transport-independent, and can work across any combination of public or private circuits. It uses policies that are centrally managed, to determine which traffic should be directed to a service, based on network performance and reliability criteria. If a particular circuit has a problem, or has failed, the SD-WAN automatically handles it. Because today’s next generation SD-WANs are cloud-based, and use virtualized technology, they eliminate the need for single-function hardware appliances, as these services are now virtualized within the CPE. The era of the rigidity and high-cost of single-function hardware appliances is coming to an end, as more enterprises embrace the flexibility and simplicity of network services with SD-WAN.