Software-defined wide area networking (SD-WAN) is a very hot topic. For enterprises, SD-WAN offers a way to cut up-front costs, but it may leave them open to longer-term support costs as well as issues with service assurance. For service providers, SD-WAN represents a threat to their traditional managed virtual private network (VPN) offerings but it also represents an opportunity to extend their reach and provide more flexible enterprise networking solutions. So, is there a way for service providers to help enterprises cut costs while still offering them a dynamic managed service? Yes! Enter SD-WAN 2.0.

First, What Is SD-WAN?

SD-WAN is the industry name for a set of networking functions that are commonly grouped together to give end users the ability to create private overlay networks using low-cost broadband connections, sometimes augmented by traditional L3VPN/MPLS links. An example is shown below:

There are a variety of SD-WAN suppliers and solutions in the market today and they usually include the following functions.

A central controller for:

  • Administering the network topology
  • Setting and distributing policies for QoS and access
  • Reporting usage and performance

A set of access nodes that include many or most of the following:

  • Implementation as an appliance or as a virtual network function running on a server
  • A routing and tunneling engine
  • Hybrid WAN, including the ability to send traffic to more than one uplink (as shown in Branch 2 and Branch 4 in the previous illustration)
  • Firewall and security functions
  • QoS and access policy enforcement including application-level monitoring
  • Network loss and latency measurement
  • WAN optimization, including one or more of caching, compression, forward error correction, prioritization and load balancing

Why Is SD-WAN Hot?

Private networks are critical to the operation of most businesses. However, the traditional MPLS L3VPN supplied by service providers is very expensive and not agile (long provisioning and configuration cycles).  SD-WAN gives end users a way to deploy the private networks they need at a lower cost point. The apparent savings come from the lower cost broadband connections that can be used. The real savings come from giving up the 24x7 “end-to-end” support provided by a traditional operator.

Drawbacks of SD-WAN

Current SD-WAN solutions offer a good foundation in many cases, but they also have some drawbacks.

  • SD-WAN is monolithic. The current offerings tend to be monolithic in that they typically include several functional components all delivered as a single appliance or software VNF. Most of these functional components ― such as routing, firewall, traffic management, DPI, and security ― are tailored to address the core SD-WAN use cases. However, they typically do not address the full range of enterprise customer requirements for each standalone function.
  • SD-WAN is large. While features may be separately licensed and priced, they are all included. In other words, disabling features does not reduce the footprint of the software image or the compute power required.
  • SD-WAN is a pure overlay technology. It does not support true peering with an operator’s MPLS network.
  • SD-WAN is user-managed. This can create large hidden operational expenses as the burden of managing enterprise connectivity solution is now the responsibility of the enterprise itself.
  • SD-WAN is standalone. It does not easily integrate with other functions implemented as VNFs.

Evolution to SD-WAN 2.0

There is a better way. With SD-WAN 2.0, we can take the best attributes of SD-WAN and augment them with additional features to address the deficits of current SD-WAN solutions.

As with SD-WAN, SD-WAN 2.0 provides the ability to create a private network using standard broadband connections, wireless broadband connections, private line VPN connections or a hybrid WAN using any combination of the above. However, SD-WAN is a pure overlay, which does not interact with the underlying network. SD-WAN 2.0 can also peer with an operator’s MPLS network, as shown above at the PE router adjacent to Branch 1. Peering with the operator’s network would seem to be going backwards to the old high-cost model. Why would you implement peering when it appears to increase costs?

It turns out that much of the cost of a traditional L3VPN is for 24x7 support, which may not be necessary in every business case. SD-WAN 2.0 gives the operator the ability to provide a dynamic private network service, with a separate service offering to match the requirements and budget of the end user. SD-WAN 2.0 also offers the ability to support a customer portal, so the end user can customize their network and still have the benefit of a managed offering.

Another difference is that SD-WAN 2.0 provides the ability to measure loss and latency that is independent from the networking and WAN optimization components that are monolithically included in standard SD-WAN implementation. These independent measurements can then be used for both dynamic routing and optimization, as well as for SLA assurance.

Finally, SD-WAN 2.0 is delivered as a componentized and virtualized platform that enables hosting for additional virtual functions and services, as shown at Branch 3 and Branch 4 above. This architecture allows operators to build sophisticated services from best-of-breed VNF components hosted at the customer site or in the core. Functions might include DPI, security, storage, voice, and others that can be added as needed.

The table below summarizes how SD-WAN 2.0 compares to SD-WAN.



SD-WAN 2.0



Overlay or peered

Ownership and management


End user or operator with user portal



Constructed from micro-services

Performance assurance


Decoupled and available for SLAs

Value driver

Lowest cost

Platform for dynamic and flexible managed services


A Good Idea Gets Better

SD-WAN provides a good first step toward creating more dynamic and cost-effective private networks. SD-WAN 2.0 builds on the experience gained with current NFV, SDN and SD-WAN solutions to provide a more complete and flexible private networking solution, bringing together today’s MPLS backbones with leading edge NFV functionality, all to give the end user more control and choice.