Do SD-WANs Offer More Than A Pipe Dream?

Andy Powell

Are SD-WANs a real benefit for businesses?

Ten years ago, WANs based on MPLS were sold on the basis of saving customers from the complexity of Internet VPNs. Network providers promised simplicity, security, agility, and efficiency. Today, WANs based on Software-Defined Networking techniques (SD-WANs) are being promoted as being able to solve the inherent complexity in MPLS networks. SD-WANs offer simplicity, security, agility, and efficiency.

What makes the sales pitch today any different from that of a decade ago? Are SD-WANs a real benefit for business, or do they offer more for the provider selling them than the companies adopting them?

What are SD-WANs?

SD-WAN stands for: Software Defined Wide Area Network. This usually takes the form of a Virtual Private Network with the device(s) being installed at the endpoint. This can aggregate capacity and connectivity using multiple different connection technologies (fibre, FTTC, xDSL, 4G – et al) and then manage the resulting network centrally.

SD-WAN devices have an added level of intelligence compared to routers in that they can make decisions at a packet level to send traffic over the best connection available. SD-WANs will provide essential features, such as:

  • Routing
  • Forwarding
  • Security
  • Encryption
  • Quality of Service (QoS)
  • Policy
  • Management

For sites that have a primary and secondary line, this maximises the bandwidth use of each line, potentially giving better value for money.

Do SD-WANs offer more than a "pipe dream"?
Do SD-WANs offer more than a “pipe dream”?

Do SD-WANs deliver a reduction in overall WAN costs?

With the separation of logical functionality and physical circuits, comes a subscription-based model for the more advanced software features. The greater the logical complexity, the more expensive the licence.

Subscriptions for network features are on a yearly or multi-year basis and separately cover the edge devices and the central core. The cost of the “SD-WAN Controller” licence can be 5 times that of the cost of a single edge device. Each edge device has a licence as well as the central core also needing a licence. The licence provides the software management, maintenance and support as well as dictating the bandwidth allotted. An edge device could have a 20Mbps and the central break out (core) could have a 1Gbps licence, for example.

However, many WANs currently use single connections to the Internet. Retail networks, in particular, accept a 1% risk of monthly circuit outage to avoid the costs of a second connection, and with the advent of FTTC and other higher capacity, low-cost connections, there’s no real capacity problem to solve. As such, SD-WAN subscriptions become an expensive overlay/add-on. The single circuit limits the functionality and so the SD-WAN cannot add value. An old-fashioned Internet-based IPSEC VPN would be a cost-effective solution to roll out in this scenario.

Promises of SD-WAN offering up to 40% reduction in WAN costs are hilariously misleading in the absence of understanding that customers have already been optimising WAN costs through careful selection of circuit type and number.

Using SD-WANs in an MPLS environment may be sensible

SD-WAN starts to look like a better option when used in an MPLS environment where each end location has multiple connections and where suppliers have already artificially inflated the market pricing for MPLS connections, even though they are built on the same circuit technology as Internet VPNs.

MPLS networks have a rigid setup process and making ongoing changes to multiple endpoints can be time-consuming without management tools. With SD-WANs, the tools are there for a configuration change to be rolled out to multiple endpoints instantly.

This is achieved by having a template based network hierarchy. Each level of the network is defined in the template. An endpoint can have single or multiple Internet connections, VLANs for voice and data, and wifi settings if required. On top of this QoS, IP address schemas and security settings are all pre-defined.

This is held centrally and then rolled out to all the endpoints at the same time. Only one configuration file needs to be maintained. Setting up new endpoints can now be completed in minutes rather than sending out engineers to site to install and configure the hardware or risking a remote re-configuration and reboot.

Does the reduced cost of engineering and configuration time outweigh the cost of the SD-WAN device and associated licencing? A VPN or MPLS network would need to be constantly changing for this to make financial sense. Of course, it makes sense for SD-WAN providers that manage the networks; they can reduce their management costs, and the customer pays for the technology – increasing their margins for WAN technology.

How frequently are you reconfiguring your edge devices?


The cost of SD-WAN endpoint licences minus (-) engineering time for site adds/moves/changes and installs equals (=) a compelling reason to have SD-WAN.

The bandwidth costs per site are going to remain the same whether you have VPN, MPLS or SD-WAN because SD-WAN is constrained by the same physical connectivity types available to other VPN techniques – 4G mobile, FTTC, EFM, xDSL, and fibre Ethernet. The more WAN connections an endpoint has, the better value for money those connections become with SD-WAN, but the overall price doesn’t come down.

SD-WANs – No More than a “Pipe Dream”?

SD-WAN could be a good fit for some companies that have sprawling MPLS networks that have underutilised bandwidth where they waste time and money with constant configuration changes. Multi-site WANs with many sites connected with single circuits with little adds/moves/changes will see very little return on investment or network speed efficiencies.

Before opting for SD-WAN, make sure you are clear what you want your network to do for you. You might find it can do it already.

activereach provides a range of LAN and WAN solutions for SMBs. Please see our LAN and WAN pages to find out more.