SD-WAN Strategy to Address Key Trends and Scalability

Fan Gu, VeloCloud Networks, Inc.

IEEE Softwarization, September 2017


A Software Defined Wide Area Network (SD-WAN) applies SDN architectural principles to a WAN network, with innovative extensions to focus on the practical realities of the “wide area” part of the network, such as minimizing delays over long distances between geographically dispersed nodes and guaranteeing predictable service quality over dissimilar and unpredictable links.

WAN Trends

The accelerating digital business transformation has rendered legacy WAN architectures suboptimal, and industry analysts have recently distilled several key trends that WAN architectural strategy must address.

  • The Cloud is The Network: An estimated 30-50% of large Enterprise traffic is shifting to the cloud to achieve easy and global any-to-any connectivity, radically disrupting traditional remote-office-to-data-center traffic flows.
  • Enterprise Applications Move to the Cloud: Analysts project that by 2030 80% of new applications will be deployed in the cloud, demanding that traffic and bandwidth planning must increasingly optimize cloud application access.
  • Bandwidth Requirements Rise: An explosion of IoT devices, applications moving from local to cloud hosting, and ever-increasing video and content services have become part of the daily application diet of branch office users.
  • Infrastructure Refresh is Coming: The pace of change in technology and traffic is accelerating, while costs and budgets remain limited or decline. Virtual and software-delivered services will allow enterprises to keep pace.
  • Bring Your Own Link: Bandwidth increases to support IoT and cloud applications require the use of flexible, cost-effective, easily available and easily upgradable aggregate access link strategies.
  • Security is Top-of-Mind: User mobility, BYOD, IoT devices, and increased use of Internet links to access cloud applications as an aggregate will increase the pressure on network security, while hackers and fraudulent events become ever more sophisticated and widespread.

A cloud-delivered SD-WAN architecture addresses these trends effectively through architectural components and key features:

  • Transport Independent: SD-WAN creates an overlay network connecting all enterprise branches via IPSec tunnels, regardless type and number of WAN links at the branches. For example, a branch can deploy MPLS private link, Internet link and LTE at the same time, and SD-WAN is able to aggregate all the link bandwidth to increase the total throughput for the branch.
  • Application Abstraction: SD-WAN integrates with deep packet recognition mechanisms and recognizes 2,500+ applications. Quality of Service (QoS) policies, network services and firewall rules can be customized and applied based on granular applications.
  • Dynamic Multi-Path Optimization (DMPO): SD-WAN delivers a resilient overlay network by taking into account real-time performance of WAN links - each physical link is monitored at the branches dynamically and scored based on link conditions, such as jitter, packet loss, delay, etc. Applications packets will be steered dynamically based on business priority and link conditions. In addition, in scenarios where it may not be possible to steer the traffic flow onto the better link, i.e., single link deployment, or multiple links having issues at the same time, error correction will be applied for the duration of the disruption.
  • Unified and Automated VPN: A Cloud-Delivered SD-WAN offers globally distributed cloud gateways which reside at the door steps of the major SaaS/IaaS/PaaS providers to provide an accelerated access for enterprise branches to the cloud. This simplifies overall deployments and configurations, as instead of creating a full mesh between branches and cloud providers, with cloud gateways, only one tunnel needs to be created from cloud gateways to each cloud provider which will be shared by all the branches. In addition, it reduces the network load for the regional hub by eliminating the backhaul traffic.
  • Flexible Service Insertion: SD-WAN normally has a built-in stateful firewall to meet requirements of smaller branches. Additional security can be achieved by service insertion via stitching UTM, Anti-Virus, URL filtering functions as VNF on the branch, or steering towards the cloud providers of choice.
  • Zero Touch Deployment: SD-WAN provides Zero Touch Deployment to simplify the deployment rollout and reduce IT costs. When branch edges are shipped to branches and connected to power/Internet, the branch edge receives IP address via DHCP and automatically calls home to the SD-WAN management plane in the cloud to receive configurations and start forwarding traffic.  
  • All-In-One Management: SD-WAN offers a single pane of glass management portal, which centralizes all the configurations, monitoring and troubleshooting for the entire SD-WAN network.

SD-WAN Scalability Requirements and how SD-WAN can address them

Large networks—generally classified as organizations comprised of more than 10,000 sites—exacerbate the challenges of smaller networks. Cloud-delivered SD-WAN architecture, technology and features are also uniquely able to satisfy the requirements of scale.

  • Thousands of sites: Everything becomes massive and complex when multiplied by thousands. SD-WAN delivers automation, centralized control with visual dashboards, auto-discovery and zero-touch procedures.
  • Variety of transports: A plethora of carriers, technologies, costs, contracts, and inscrutable routing increases network complexity. SD-WAN technology offers a transport-independent overlay with flawless, enterprise-grade quality of experience (QoE) delivered by continuous link monitoring, bandwidth measurement and discovery, per-packet steering around outages, and automatic link remediation.
  • Many Data Centers including the cloud: Complex management becomes the norm in an environment of multiple legacy and cloud data centers, security, traffic backhauling, and a tangle of regulatory demands. SD-WAN technology provides virtualized, scalable, auto-load-balanced hub clusters for the data center access over any link type, hosted gateways to SaaS/IaaS, hub-less designs for legacy data centers, and multi-source inbound QoS.
  • Legacy sites and equipment: Varying equipment profiles, significant prior investment, and long-term carrier contracts. SD-WAN technology offers an overlay for new traffic and services, flexible last-mile/access into the private mid-mile network, and multi-link, multi-transport integration.
  • Services delivery: Increasing cloud-based services, complex service deployment, policy coordination, and service delivery to branches. SD-WAN technology delivers simplified, distributed security insertion, on virtualized, scalable platforms, easy integration, and guaranteed performance with cloud-based services.
  • Scalable security: Segmentation, VPN meshes, complexity to secure IaaS integration. SD-WAN technology delivers the scalability and security of PKI, with the ease of centralized, integrated orchestration, an integrated CA, dynamic and automatic VPN tunnels including branch-to-branch, enterprise-scale network segmentation, multi-tenancy, and service chain firewalling.
  • Global locations: Varying levels of transport quality and reliability per region, limited regional IT support, region-specific regulations and compliance requirements, and diverse cloud sources. SD-WAN technology delivers a hybrid “regional WAN” topology, flexibility in service insertion, “regionalized” cloud access, and coordination of policies.

In summary, a cloud-delivered SD-WAN is a practical, compelling, cost-effective technology for enterprises and service providers—based on standards-based software defined networking (SDN) concepts—to replace or augment customer edge equipment at remote sites, integrate new network services, virtualize services, load-share over multiple links of any type, provide dramatically simplified configuration and policy management, and optimize real-time application performance.



Fan GuFan Gu is a Product Manager at VeloCloud Networks, Inc., leading the design of key technologies and architecture of the Cloud-Delivered Software-Defined WAN solution for Service Providers and Enterprises. Before joining VeloCloud, Fan designed and implemented cutting edge technologies at Cisco Systems, Inc. in the Data Center, Cloud, Collaboration and Mobility groups. Fan holds two Cisco Certified Internet Expert (CCIE) for Routing & Switching and Service Provider. Fan has a Masters Degree in ECE from Cornell University.



Elio SalvadoriDr. Elio Salvadori is the Director of CREATE-NET Research Center within Fondazione Bruno Kessler (FBK); he is responsible for managing, organizing, executing and monitoring of the activities of the Center.

He joined CREATE-NET in 2005 and since then he has served different roles within the organization: from 2007 to 2012 he has been leading the Engineering and Fast Prototyping (ENGINE) area. From 2012 to 2014 he has been acting as SDN Senior Advisor while holding a position as CEO in Trentino NGN Srl. He then moved fully back to CREATE-NET acting as Research Director and then as Managing Director until the incorporation within FBK at the end of 2016.

Prior to CREATE-NET, Dr. Salvadori has developed a mixed industrial and academical background: he graduated in 1997 at Politecnico di Milano through an internship pursued at CoreCom, a research lab funded by Politecnico and Pirelli Optical Systems (now Cisco Photonics). Afterward he has worked as systems engineer at Nokia Networks in Milan and then at Lucent Technologies in Rome. In 2001 he won a research grant at the University of Trento to pursue his PhD on Information and Communication Technologies. He received his PhD degree in March 2005 with a thesis on traffic engineering for optical networks.

During his research career, he has been involved in several national and European projects on SDN and optical networking technologies as well as on Future Internet testbeds.

His current research interests include software-defined networking (network virtualization and distributed controller architectures), Network Functions Virtualization (NFV) and next generation transport networks. He has published in more than 100 International refereed journals and conferences. He is a member of IEEE and ACM.



Subscribe to IEEE Softwarization

Join our free SDN Technical Community and receive IEEE Softwarization.

Subscribe Now


Article Contributions Welcomed

Download IEEE Softwarization Editorial Guidelines for Authors (PDF, 122 KB)

If you wish to have an article considered for publication, please contact the Managing Editor at


Past Issues

November 2018

March 2018

January 2018

December 2017

September 2017

July 2017

May 2017

March 2017

January 2017

November 2016

September 2016

July 2016

May 2016

March 2016

January 2016

November 2015

IEEE Softwarization Editorial Board

Laurent Ciavaglia, Editor-in-Chief
Mohamed Faten Zhani, Managing Editor
TBD, Deputy Managing Editor
Syed Hassan Ahmed
Dr. J. Amudhavel
Francesco Benedetto
Korhan Cengiz
Noel Crespi
Neil Davies
Eliezer Dekel
Eileen Healy
Chris Hrivnak
Atta ur Rehman Khan
Marie-Paule Odini
Shashikant Patil
Kostas Pentikousis
Luca Prete
Muhammad Maaz Rehan
Mubashir Rehmani
Stefano Salsano
Elio Salvadori
Nadir Shah
Alexandros Stavdas
Jose Verger