SD-WAN – architecture, functions and benefits
P. Segeč*, M. Moravčík*, J. Uramová*, J. Papán*, O. Yeremenko**
* Faculty of Management Science and Informatics, University of Zilina, Univerzitna 8215/1, 010 26 Zilina
** Kharkiv National University of Radio Electronics, Ukraine, Kharkiv
* e-mail: {pavel.segec, marek.moravcik, jana.uramova, jozef.papan}@fri.uniza.sk
** e-mail: oleksandra.yeremenko.ua@ieee.org
Abstract—SD-WAN is currently considered as a technology
that has the potential to revolutionize the use of WAN
services. It supports a new concept known as Application-
driven networking, where the network is expected to meet
the needs of applications, services and customers. In short,
SD-WAN is a centralized management of WAN networks,
usually with a close connection to Cloud computing and
security. This way, customers can easily manage their
networks regardless of the connectivity provider. SD-WAN
is currently one of the most current topics with a real
impact on CC services and WAN environments. SD-WAN
influences thinking about how we have used network
services so far. More importantly, it has great potential to
change the way we use communication services in the
future. There are several industries that are interesting in
terms of SD-WAN deployment. Based on our analyzes, we
can include the education sector among them.
Keywords—SD-WAN, architecture, entities, functions,
benefits.
I. INTRODUCTION
The direction of today’s digital world can be described
by term „cloud-based everything“. From application to
network communication, Cloud Computing (CC) pushes
out traditional solutions at a fast pace. Of particular
interest is how CC transforms the WAN environment with
the emergence of an approach known as Software-Defined
WAN (SD-WAN). SD-WAN is directly characterized by
the application of so-called "Cloud-centric" access to the
network area, making strong use of the principles defined
for Software Defined Networks (SDN). SD-WAN is today
one of the most current topics with a real impact on CC
and WAN services. And thus also their users, to which we
can currently include the public sector and education [1].
SD-WAN is nowadays considered as technology that
has potential to revolutionize WAN service usage. It
support new concept known as Application-driven
MPLS WAN
PE PE
CE CE
Traditional WAN
Figure 1 WAN vs. SD-WAN
networking, where it is expected, that network will
accommodate needs of applications, services and
customers [2]. This concept allows to SD-WAN service to
replace traditional WAN services provided over costly
MPLS (MultiProtocol Label Switching) VPN (Virtual
Private Networks) technology and to reduce costs on
network administration with application of centralized and
automated administration elements. These arguments may
be more suitable at enterprise deployment, SD-WAN
service can be, on the other hand, operated over more
different WAN connections, including affordable public
broadband connections (Figure 1). SD-WAN offers to this
segment of customers access to newer and better services
resulting from SD-WAN technology features. And it is
just for a fraction of the cost of the MPLS VPN services
offered. SD-WAN service with balanced offer of
interesting features and offered over broadband access has
potential to address customer segment, for which was
private MPLS VPN service unaffordable or otherwise
unavailable (unavailability of access technology, etc.) [3].
Based on the knowledge of the education sector and the
availability of information on various infrastructure
projects, we believe that the education sector could be an
interesting customer of managed SD-WAN services.
However, not individually, but rather in the form of
centrally solved informatization infrastructure projects
under the auspices of the Ministry of Education, Science,
Research and Sports of the Slovak Republic, which would
help primary and secondary schools solve network
management problems and increased network security
requirements. SD-WAN can offer a centralized and easy-
to-use way to manage and install communication services
in schools with virtualization support, security assurance
and security policy enforcement in this environment.
However, SD-WAN can also be interesting for
university environments. For example, the well-known
university and higher education sector in Slovakia uses
a distributed telepresence infrastructure called NTI
SD-WAN
controller
MPLS
Broadband
access
SD-WAN CPE
SD-WAN CPE
3G/4G
SD-WAN = More network types + controller
(national telepresence infrastructure), Office 365 is
deployed in terms of SaaS services and is characterized by
high mobility and teleworker activities of its staff and
students with access to internal university services. Here,
SD-WAN can offer greater comfort and stability of the
offered communication services with the integration and
use of CC services while guaranteeing a high level of
security.
Knowledge of SD-WAN technology is such a current
trend with a real impact on thinking, as we have used
network services so far. More importantly, however, it has
great potential to change the way we use communication
services in the future. In this article, we will therefore
focus on the introduction of SD-WAN technology, its
architecture, entities and offered functions.
The paper is organized as follows. After the
introduction provided in chapter I. Chapter II introduces
technologies related to SD-WAN, the SDN and NFV
(Network function virtualization). Chapter III is devoted
and provides a description of the SD-WAN architecture.
Next two chapters provide deeper technical related
descriptions. Chapter IV describes SD-WAN APIs
interfaces, and chapter V introduces the SD-WAN
equipment and entities. In the following two chapters, we
introduce the necessary features of SD-WAN (chapter
VI), and then we identify what benefits the SD-WAN can
offer (chapter VII). Finally, chapter VIII concludes the
paper.
II. RELATED TECHNOLOGIES
SD-WAN technology uses some SDN approaches that
are applied to WAN networks, and the generic model is
very similar. The second key technology that is important
to know about understanding the SD-WAN concept is
Network Functions Virtualization (NFV). SD-WAN is
referred to in the available literature as the combined
usage of the approaches introduced in SDN and NFV.
A. Introduction to Software Defined Networks
One of the breakthrough approaches of the last period
in the field of networking is the considered emergence of
the so-called Software Defined Networking (SDN). SDN
as a concept is focused on solution of one of the
fundamental problems of current networking. This
problem is complexity growing in many aspects [4].
Complexity of IP networks results from their design
principles and from their building and administering as
natively distributed system (diverse of integrating devices,
protocols, administration policies and so on), which is
vertically integrated in form of common and
interconnected control and data plane implemented in
specific operating system (OS) of network device (for
example Cisco IOS, Juniper JunOS, etc.). Changes due to
the adaptation or introduction of new services to this type
of infrastructure are usually very complex and difficult
(for example introducing of new service or customer
requires set of separated actions throughout whole
infrastructure).
SDN thus creates a new approach to the design and
operation of network infrastructure, where the network
control plane (control logic) is separated from the data
level (device forwarding functions). The control functions
in the SDN are extracted from individual devices and are
integrated into a centralized control node (redundant in the
production world), called the controller (intelligent logic
of SDN), or also the Network Operating System (NOS).
Physical network devices are in SDN networks used only
for their functions connected with data forwarding
(switching / forwarding). This approach allows the
abstraction of control from the physical network
infrastructure, often represented as a virtual switch, and
allows central programming (automation) of network
behavior or policies or services in one place (often used in
IT style by usage of programming interfaces and tools).
The simplified SDN architecture contains three logically
separated planes [5] [6] (Figure 2):
• Data plane / plane of network infrastructure. It
consists of hardware or software network devices
(data forwarding elements, such as routers,
switches, firewalls, etc.) similar to traditional IP
(Internet Protocol) networks, but with excluded
control functions.
• Control plane / plane of SDN controller. A key
component used as software entity is called
controller (or NOS). It combines the control and
management of network functions. NOS
(controller) via API (Application Programming
Interface) provides an abstraction of network
functions and data plane services (e.g. network
status, topological information, configuration and
reconfiguration of devices, management, etc.).
• Application plane / plane of network SDN
applications (sometimes called as orchestration
plane). It uses the functions and services offered by
the control plane to create the logic of network
SDN applications, which is translated by the
controller into a specific configuration of the
network device and installed on the network
device.
Important in the SDN concept are separated planes
interconnected through program APIs (open or
proprietary). There is a Northbound API between the
Figure 2 SDN from point of view (a) planes, (b) layers (c) and
system design [4] [23]
controller and the application plane. The Northbound API
is used to programmatically connect the controller to the
application plane, where all network SDN applications are
located. This type of interface allows administrators to
take advantage of high-level programmability and high-
level network automation. An example for the application
of the northbound interface can be the use of the REST
API, which can then be integrated with modern
automation tools such as. Puppet, Chef, Ansible, and so on
[7]. Through the Northbound API, network applications
can influence network management, where the controller
then translates the required instructions into instructions
sent via the Southbound API to network devices (setting
up flow tables or reconfiguring devices).
There is a Southbound API between the network
infrastructure level and the controller. Through this API,
the controller controls the forwarding functions of the
network infrastructure elements, or, reversely, the network
elements make their functions or required information
available to the control plane. Through this interface, the
SDN controller can be "hidden" from the SDN application
specific network devices from different manufacturers and
the specifics of their configuration. A typical Southbound
API is the OpenFlow open protocol, standardized by the
Open Networking Foundation (ONF) [4]. However,
OpenFlow is not the only standard for the southbound
interface in SDN, and alternative open (NetConf, LISP,
XMPP, BGP, MPLS-TP, OVSDB) and proprietary (Cisco
OpFlex) solutions are currently available (or under
development).
According to [8], there are four basic building blocks of
SDN:
• Dividing functions to layers: data/forwarding
plane, control plane, management plane
• Simplified devices and central controlling:
Controller distributed configuration to all other
devices
• Network automation and virtualization
• Openness
B. Network function virtualization
According to European Telecommunications Standards
Institute (ETSI) [9], Network Functions Virtualization
(NFV) is technology that focuses to usage of standard IT
virtualization technologies. NFV can replace current
physical network devices (servers, switches, routers,
gateways, firewalls, etc.) by software network devices (or
functions) referred to as Virtual Network Function (VNF).
The purpose of NFV is to save resources by using
generic and, therefore, cost-effective hardware for the
Control plane
Orchestrator
Orchestration
of services and
network
Orchestrator Dynamic multi- Security
path opti.
in CC
Control plane
Overlay
Controller
control
Infrastructure
Overlay CPE/Edge SD-WAN Gateway
Underlay Branch
Figure 3 SD-WAN architecture
application of network functionalities, e.g. running in DC
or in a virtualized CC (Cloud Computing) environment.
The transition to software instances of network functions
also offers the possibility of flexibility through
programmable dynamic resource management (change,
addition, deletion of VNF), e.g. via SDN. However, SDN
is not a mandatory part of VNF, it is a suitably
complementary technology to VNF.
ETSI [9] therefore considers the main objectives of
NFVs to be the possibility to innovate existing services by
deploying NFV network functions (including self-service)
through software development. It allows the use of
automation and orchestration through software (e.g.
controller). Overall, the deployment of NFV is expected to
reduce costs (Opex / Capex), which can bring benefits in
the form of reduced electricity consumption, reduced
overall equipment costs and increased time to market
process.
III. SD-WAN ARCHITECTURE
SD-WAN, as mentioned before, is currently one of the
most actual topics because it connects SDN, NFV, CC and
WAN services (e.g. broadband Internet service) [1]. SD-
WAN architecture (Figure 3), similar as SDN architecture
consist of three architectural planes. They are
infrastructure, or data plane, control plane and
orchestration plane.
A. Data plane
The data plane is able to establish connections via both
private and public IP / WAN infrastructures. It is designed
to simplify communication between geographically
separated sites, as well as with cloud applications and
services. For this purpose, SD-WAN creates its own
software-managed logical infrastructure over the existing
physical infrastructure. This type of network is called
Overlay, the existing physical infrastructure is called
Underlay. While SD-WAN overlay is usually uniform and
consistent, physical infrastructure of underlay WAN
Bussiness Service
Virtualization
Policy Insertion
Other (Templates,
App. Perfor. Analytics, Reports, ...)
SD-WAN
Monitoring
Northbound API
East-West
API
Controller v CC
Southbound API
CPE in CC SD-WAN Gateway in CC
Underlay
SO/HO Mobile
HQ Data center
user
networks is usually heterogenous and fragmented. Some
solutions may use only one uplink (i.e. MPLS). Other
solutions can use only local Internet connection with one
uplink, or use combinations of lines and technologies
(DSL, 4G/5G etc.) or even their combinations with leased
lines or other private WAN solutions.
Overlay networks can logically create several types of
links (hub & spoke, full mesh, partial mesh, point-to-
point, controller-behind-branch, branch-behind-branch,
etc.). Network overlay features include support for VPN
networks, either VPN on the second (L2 VPN) or third
layer (L3 VPN). From the routing, it supports IPv4 and
IPv6 addressing, as well as multicast. Of course, there are
security features that should be offered by all
manufacturers. This can be, for example, the possibility of
implementing and distributing PKI (Public Key
Infrastructure) certificates between the controller and the
CPE (Customer Premises Equipment) of the SD-WAN
customer's devices. In terms of encryption, we can divide
secure traffic into two parts, the encryption of the control
layer and the encryption of the data layer. In the control
layer, it is possible to encrypt the control information of
the controller towards the CPE devices. We can use IPSec,
symmetric / asymmetric encryption using PKI certificates,
TLS / DTLS, etc. Data layer encryption means the
encryption of customer traffic itself, where the family of
IPSec or SSL VPN protocols is mostly used. Another
option is to deploy and use third-party security devices
and features.
B. Control plane
The principle of operation of SD-WAN, like SDN,
separates the control plane for centralizing control logic
from the data plane. The main entity of the plane is the
controller (or several controllers), which can be located at
a branch, headquarters, data center, or in the cloud. This
layer is responsible for controlling the configuration of the
connected devices, while the CPE is connected to the
controller by a secure control connection (southbound
API). Federation of controllers and clustering can be
implemented using the East-West API (MP-BGP, or
custom solutions). This layer is also responsible for
optimizing the communication flow sent through the VPN
tunnel to each of the different types of services, such as
branch services, data center services, and cloud services.
The programming of the SD-WAN service towards the
orchestrator entity (or manager) is implemented via the
Northbound API interface, where mainly RestAPI is used.
C. Orchestration plane
The Orchestration Plane provides a business policy
framework and addresses service security policies and
corporate governance strategies [10].
The management level is a high-level abstraction for
policy enforcement (centralized and unified policy
management), configuration management,
troubleshooting, monitoring, analytics, predictions,
correlations, reporting, and notifications. Then there are
service-related functions, such as creating and managing
services. Consolidation of these features creates a superior
management interface that can easily manage large
deployments. The concept of such deployments is known
as Zero-Touch Provisioning (ZTP). In the case of ZTP, it
is not necessary for each CPE to be individually
configured, but instead it downloads its configuration
from a centralized management level after authentication
[2]. This form of automation eliminates the need for
qualified staff at each branch.
The management level itself can be located at on-
premises IT infrastructure or in the cloud. The main entity
at this level is an entity called an orchestrator, while some
manufacturers also have an entity referred to as a
manager. The orchestrator is a component focused on the
integration and orchestration of the entire SD-WAN
solution, while analyzes show that these are strongly
proprietary solutions. Here, each manufacturer has its own
software solution for this entity, which is also variously
named. The implementation can be as a standalone
solution or as a component integrated into the controller,
including several sub-entities.
IV. API INTERFACES IN SD-WAN
API is one of the most important communication tools
in SD-WAN. Using API calls, applications communicate
with the controller or controller with CPE devices.
A. Southbound API
The communication between CPE and the controller is
also called the Southbound API. These calls are in some
cases proprietary, but the Open-Flow or REST API can
also be used. From a SD-WAN vendor's perspective
Fortinet, VeloCloud and VersaNetwork use RestAPI as
the South API. Cisco Viptela (OMP over DTLS / TLS),
Nokia (OpenFlow, OVSDB and proprietary OF-TLS) and
Riverbed (SteelFlow) use their own protocols.
B. Northbound API
The Northbound API allows the controller to
communicate with external applications that can send
control information to the controller or obtain status data
from it. The REST API is also often used for these calls.
From the point of view of the analysis of SD-WAN
manufacturers, those manufacturers who use the open
Southbound API also use the open Northbound API, i.e.
Fortinet, VeloCloud, VersaNetwork, SilverPeak and
Riverbed. Exceptions are Cisco Viptela, which uses
NETCONF, and Nokia Nuage, which uses XMPP,
RestAPI, and JSON-RPC.
C. East-west API
The last type of API is the so-called East-West API, which
is communication between the same entities, such as
between two CPEs or two controllers. For most SD-WAN
solutions, no more information could be found about the
East-West API, with the exception of Cisco Viptela,
which uses its own OMP protocol via DTLS / TLS for
controller communication, and Nokia Nuage, which uses
MP-BGP for federation of controllers.
V. SD-WAN DEVICES AND ENTITIES
The following entities are usually implemented in an SD-
WAN architecture.
A. Customer CPE devices
CPE (Customer Premises Equipment) is entity of network
infrastructure plane, which is typically placed on
headquarters, branch office or in Cloud environment of
particular SD-WAN customer. Nowadays, there are
mainly following types of CPE devices:
 • Virtual CPE: vCPE is virtual solution of specific
network function, it is, therefore, virtual instance of
VNF [11], which is being run on physical
proprietary devices, uCPE devices or in fully
virtualized environment such as CC environment
(vCPE is then so-called cloud vCPE).
• Universal CPE (uCPE): is an evolution of vCPE-
initiated NFV virtualization. uCPE is essentially a
white-box (or gray-box between an open (white)
and a closed (black) solution) based typically on
the Intel x86 architecture (although other
architectures such as ARM also appear). This
device should primarily use open standards and
interfaces, and generic hardware components (cost
reduction) with sufficient performance. The device
should allow easy deployment (ideally "zero-
touch") with easy maintenance and updating. It
should be possible to download and run one or
more vCPE / VNF instances on the device. We are
talking about routing, switching, FW / NAT / UTM
/ IDS / IPS, voice functions (PBX, SBC, IMS),
WAN optimization, management and others that
run on one physical device. Currently, although the
name may be confusing, there is no standardized
hardware and OS solution for uCPE [16], although
several manufacturers are trying to standardize
them.
• Closed / proprietary CPE (CPE appliance): are
devices, that are designed specifically as CPE
devices, which has additional SD-WAN
functionality. These devices cannot be used on
another purpose or have restricted functions of
VNF virtualization.
B. SD-WAN controller
The controller is a standalone physical or virtual device
that provides control of the CPE and other entities, e.g.
CC gateways, in SD-WAN. In many solutions, it is
available as multi-user (multi-tenant) and deployable in
CC (cloud-based). In terms of deployment options, the
controller can be deployed as a physical or virtual device
directly at the customer (on-premise), or can be located in
the cloud (Amazon AWS, MS Azure, etc.), or directly at
the SD-WAN solution provider / services (provider-
hosted).
The controller is responsible for configuration,
activation, management of IP addresses and policy
enforcement on SD-WAN devices. It also maintains
connections to all devices so that it can identify the
operating state of overlay tunnels across different WANs
and obtain QoS connection parameters for each tunnel
separately.
C. Orchestrator (manager, director)
The orchestrator in many SD-WAN solutions is a
multi-tenant, cloud-based, centralized management for
configuring and monitoring SD-WAN services in real
time. Its main task is to monitor the entire SD-WAN
infrastructure. It is possible to monitor the status of lines,
whether in overlay or underlay network. It can actively
measure their parameters, such as QoS (delay, jitter,
losses), load, or directly the status of the service /
application that uses the line. Based on this information, it
compiles various statistics, graphs or reports. Because it
actively monitors the network and its parameters, it can
send error messages to the administrator when certain
values are exceeded.
Although the controller and orchestrator are two
separate entities, they can be controlled by dashboard,
which was mentioned earlier. Configuration is set on
orchestrator, it then sends instructions to controller, which
sets end devices (CPE).
D. Cloud gateways
Cloud gateways are entities, mostly with multitenancy
support, deployed in top-tier networks and cloud data
centers around the world that provide an extension of SD-
WAN technology as close as possible to entering the
cloud services environment. Their role is to provide and
ensure optimized access to cloud data centers and
services, as well as to the private backbone network and
traditional corporate branches (without SD-WAN). These
gateways are located in Service Provider (SP) data centers
around the world, close to global cloud service providers
(Office365, AWS, SalesForce and many more). They
provide connectivity through the best possible way to the
cloud provider and optimize cloud traffic. SD-WAN
gateways are usually virtual devices located on the edge of
a data center. However, not all manufacturers offer such a
virtual device.
VI. SD-WAN FUNCTIONS
Depending on the manufacturer (history, motivation),
current SD-WAN solutions have many functions, where
orientation between them is sometimes problematic, as
well as generalization of their functions, because the view
of SD-WAN functions differs from vendor to vendor. In
the professional literature, however, it is accepted to see
which functions a quality SD-WAN solution should
fulfill. These criteria were developed by the ONUG (Open
Networking User Group) in its SD-WAN 2.0 WG
working group [12]. ONUG defined that the SD-WAN
solution should meet the so-called top ten strategic
requirements (also called ONUG TOP 10) [13] and in
addition six general features to address the openness of
network systems.
A. Onug top TEN
ONUG TOP 10 criteria are generally accepted by SD-
WAN vendors. SD-WAN devices are often compared
according to ONUG TOP 10, so we can state, that these
are generic functions, which are expected from SD-WAN
solution. The criteria are as follows:
1. Active/Active: It is the ability of the site / branch
to use public and private WAN networks / links
(hybrid mode) operating in active / active mode for
the purpose of application in order to better use the
total available connection capacity.
2. CPE: Flexibility and simplicity that allows you to
deploy SD-WAN CPE as either a physical or
virtual device (branch, headquarters, cloud) that
uses commodity hardware to run. It should be
possible to manage the equipment remotely.
3. Security and business policy. Support for a secure
hybrid WAN architecture (VPN) that enables
dynamic traffic engineering over paths built over
both public and private WANs and routing
performed according to a defined policy. Traffic
 management should consider and allow the
selection of routes per application based on defined
application policies, network availability or
respond to deteriorating conditions in the transport
or application level.
4. Visibility, prioritization and application
management. Flow visibility, prioritization, and
real-time management of mission-critical and
application-based policy, security, and application
requirements.
5. High availability and resiliency. Requirement for
availability and resilience of the hybrid WAN
environment against outages (CPE devices or
WAN lines) while maintaining the optimal
experience for the client or application.
6. Interoperability on L2 and L3 ISO OSI.
Requirement on collaboration of SD-WAN CPE
devices with directly connected devices working
on second (switched) and third (routed) layer of
ISO OSI.
7. Management dashboard / portal. It should be
possible to check and report the SD-WAN service
through the dashboard, which supports reporting
(e.g. status, performance, forecast) for the branch
office, application or VPN tunnel.
8. Controller with open API support. Requirement
for support of open access to controller functions
(for example reading / writing logs, SIEM
(Security Information and Event Management),
and so on).
9. Zero Touch Deployment (ZTD). Support for easy
installation and deployment of CPE devices
remotely, requiring the ability to be deployed by
untrained personnel and without the need to make
configuration changes to the local existing
infrastructure. The device only needs to correctly
connected internal and external interfaces, where
the automatic process of initialization and
authentication will take place.
10. Valid FIPS 140-2 certificate. Valid certification
based on FIPS (Federal Information Processing
Standard), security level 2.
In addition to ONUG TOP 10 strategic requirements
for SD-WAN, ONUG also defines six general features for
solving the openness of network systems:
1. Automated device discovery, provisioning and
registration of assets for physical and virtual
devices.
2. Automated tool for configuration (no hands-on
keyboards), which are equal to functions used by
DevOps and NetOps.
3. Unified controller and control protocol for physical
and virtual appliances.
4. Baseline Policy Manager which communicates
with common controller for policy enforcement.
5. A mechanism for sharing network status and a
unified network status database that automatically
collects at least forwarding tables of MAC and IP
addresses.
6. Integrated monitoring of overlay an underlay
network.
VII. WHAT CAN SD-WAN OFFER?
At present, changes in the business behavior of
companies and organizations are being strongly promoted.
They have a significant impact on the way traditional
WAN services are used, and their use can now become
suboptimal for many reasons.
According to Webtorials portal (Distributed
Networking Associates) [14] organizations that have used
ISP’s services have concerns or doubts about the
deployment and use of their WAN services. Some of the
main concerns mentioned in the analyzed sources, which
are e.g. for the MPLS VPN service, include the cost,
uptime, and time required to implement new MPLS
services. Concerns related to services offered over the
public Internet, in turn, include security, uptime, and
latency. Some of the limitations associated with mobile
services include variable signal coverage, line set-up
latency, and security. The reasons why we as customers
should opt for SD-WAN can be various. However, based
on our analysis, we can categorize them into areas offered
by SD-WAN [14] [15] [16] [17] [18] [19] [20] [21]:
• New way of marketing, which is closer to the
software approach.
• Possibility to simplify WAN management, branch /
SOHO networks and optimization of application
administration.
• Reducing cost for WAN connectivity services.
• Mastering of increasing virtualization service,
security functions and CC usage.
• Mastering problems of increasing requirements on
broadband access and increasing volume of
transmitting data.
• Mastering of increasing pressure on security and
unification of its processes.
Whilst SD-WAN is new technology, about which there
are many myths between potential customers, according to
[21][22] there are, from customer’s point of view,
following benefits, that SD-WAN offers:
1. Application visibility: The customer of SD-WAN
gains the ability to "see" across the entire
infrastructure and down to the level of flows of
specific applications. This opens up opportunities
for easier identification of problems.
2. Alerts and notifications: Thanks to SD-WAN,
administrators can get end-to-end problem
reporting (e.g. violation of SLA) without tracing.
3. Cloud proxies: SD-WAN can act as tool and
motivation to further CC migration, and, at the
same time, it offers ability to see what is going on
at CC environment up to application layer.
4. Central control of application and security
policies – higher flexibility and security: SD-
WAN offers tools to solve application and security
policies and configuration/tuning of network
behavior and setting or managing of SLA.
5. Production portal: Instead of using multiple
applications to manage existing WAN solutions,
SD-WAN offers a single environment focused on
providing all the features.
 6. High availability and resiliency: Possibility to
use robust and dynamically solved redundant
solutions from redundancy of devices, paths (also
Active / Active) to application redundancy and
performance tuning and load balancing
According to [22] we can add:
1. CPE and NFV: Ability to use one physical
solution at branch for more functions, originally
solved on separate devices.
2. Ability for flexible access solutions: The solution
allows you to manage services across different
access SPs, with simplified management of
available bandwidth (adding and removing access
lines) and path selection. According to Cisco, SD-
WAN carrier Ethernet was used as the primary
access technology for early implementations.
VIII. CONSLUSION
SD-WAN is a very current topic, as indicated by
various studies (IDC, Gartner, IHS Markit, Ovum,
Quadrant, etc.) and the scientific community has not yet
responded to it, as has been the case with SDN. It is not a
topic that is its basis, but responds to the needs and trends
of user development. There is a very strong interest of the
organization to build cost-effective solutions for secure
and guaranteed communication services (encrypted as
well as with advanced security features), operated over the
public Internet. At the same time, there is a significant
trend of migration and use of virtualized and cloud
services (IaaS, PaaS, SaaS - XaaS such as storage, voice /
video / unified communication, IT, applications, etc.).
From the point of view of potential SD-WAN customers,
it is possible, according to our analyzes, to include
organizations that plan to use Cloud services intensively.
Multi-branch companies and companies offering mobility
to their employees (or the use of teleworking), which have
to deal with WAN connectivity, network and equipment
management at branches / SOHO, application
optimization, security and the growing complexity of this.
Organizations and companies that record an increase in
the use of real-time video communication and the
associated increase in communication volume and
connection speed requirements. All with the increase in
security requirements. Based on these characteristics, we
can easily include the education sector among future users
of SD-WAN. Healthcare is a similarly identified as an
interesting sector too.
ACKNOWLEDGMENT
This publication has been published with the support of
the Operational Program Integrated Infrastructure within
project: “Výskum v sieti SANET a možnosti jej ďalšieho
využitia a rozvoja/ Research in the SANET network and
possibilities of its further use and development”, ITMS
code 313011W988, co-financed by the ERDF.
REFERENCES
[1] J. Bloomberg, “SD-WAN: Entry Point For Software-Defined
Everything.” [Online]. Available:
https://www.forbes.com/sites/jasonbloomberg/2017/03/20/sd-
wan-entry-point-for-software-defined-
everything/#3861105c46ee.
[2] MEF (Metro Ethernet Foundation), “Understanding SD-WAN
Managed Services,” 2017. [Online]. Available:
http://www.mef.net/sd-wan/understanding-sd-wan.
[3] “How network operators can differentiate SD-WAN
services.” [Online]. Available:
https://searchnetworking.techtarget.com/tip/How-network-
operators-can-differentiate-SD-WAN-services.
[4] D. Kreutz, F. M. V. Ramos, P. Esteves Verissimo, C. Esteve
Rothenberg, S. Azodolmolky, and S. Uhlig, “Software-
Defined Networking: A Comprehensive Survey,” Proc. IEEE,
vol. 103, no. 1, pp. 14–76, 2015.
[5] P. Helebrandt and I. Kotuliak, “Novel SDN multi-domain
architecture,” in ICETA 2014 - 12th IEEE International
Conference on Emerging eLearning Technologies and
Applications, Proceedings, 2015, pp. 139–143.
[6] ONF, “SDN architecture,” 2014. [Online]. Available:
https://www.opennetworking.org/wp-
content/uploads/2013/02/TR_SDN_ARCH_1.0_06062014.pdf
.
[7] “What are SDN Northbound APIs (and SDN Rest APIs)?”
[Online]. Available:
https://www.sdxcentral.com/sdn/definitions/north-bound-
interfaces-api/.
[8] P. Goransson and C. Black, “Software defined networks : a
comprehensive approach,” 2014, p. 325.
[9] M. B. Chiosi et al., “Network Functions Virtualisation,” 2012.
[Online]. Available:
http://portal.etsi.org/NFV/NFV_White_Paper.pdf.
[10] D. P. Sanjay Uppal, Steve Woo, Software-Defined WAN for
Dummies, 2nd VMware., vol. 136, no. 1. John Wiley & Sons,
Inc, 2018.
[11] P. McCabe, “Universal CPE and SD-WAN: Driving a
network services revolution - Broadband Technology Report,”
2018. [Online]. Available:
https://www.broadbandtechreport.com/articles/2018/08/univer
sal-cpe-and-sdwan-driving-a-network-services-
revolution.html.
[12] “Software-Defined Wide Area Networks WG | ONUG.”
[Online]. Available:
https://www.onug.net/community/working-groups/open-sd-
wan-exchange/.
[13] “ONUG Software-Defined WAN Use Case,” 2014.
[14] B. Jim Metzler and S. Taylor, “The 2018 Guide to WAN
Architecture & Design | Applying SDN and NFV at the WAN
Edge,” 2018.
[15] J. Metzler and S. Taylor, “2018 Guide to WAN Architecture
& Design |Applying SDN and NFV at the WAN Edge.”
[16] Forrester, “The Future Of The WAN Is Software-Defined.”
[17] SilverPeak, “Top Benefits of SD-WAN - Building a Better
WAN with a Complete Solution.” [Online]. Available:
https://www.silver-peak.com/sd-wan/top-benefits-sd-wan.
[18] Versa Networks, “The Benefits of SD-WAN with Integrated
Branch Security,” 2017.
[19] N. Labs, “SD-WAN COMPARATIVE REPORT Total Cost
of Ownership (TCO),” 2018.
[20] “Gartner Says 8.4 Billion Connected "Things"
Will Be in Use in 2017, Up 31 Percent From 2016.” [Online].
Available: https://www.gartner.com/en/newsroom/press-
releases/2017-02-07-gartner-says-8-billion-connected-things-
will-be-in-use-in-2017-up-31-percent-from-2016.
[21] Orange Business Services, “Meeting the challenge of the
digital age with SD-WAN.”
[22] “SD-WAN Implementation: Tips - Cisco and BT.” [Online].
Available: https://www.cisco.com/c/en/us/about/case-studies-
customer-success-stories/bt-sd-wan-video.html.
[23] F. Hu, Q. Hao, and K. Bao, “A Survey on Software-Defined
Network and OpenFlow: From Concept to Implementation,”
IEEE Commun. Surv. Tutorials, vol. 16, no. 4, pp. 2181–2206,
2014.