SD-WAN has undergone a number of transformations, driven (for a change) more by a recognition of new missions than by simple technology evolution. What we may now be seeing is a completely new network model emerging, one that separates connectivity from bit transport in a decisive way. That new model could empower new competitors in both these layers, and change the networking landscape decisively.
From the first, SD-WAN has been linked to “virtual networking”, but in particular to the virtual private network or VPN. VPNs emerged as a way of reducing enterprise networking costs by using shared infrastructure to provide what appeared to be the same connectivity and security that privately built IP networks could offer. The problem was that MPLS VPNs were too expensive for most small sites, and not even available at some fringe locations. SD-WAN used the Internet to extend VPNs, which makes it a virtual network technology of sorts.
Other virtual network technologies emerged from the cloud, and the need to create secure multi-tenant infrastructure. Nicira, whose technology now forms the basis for VMware’s NSX, was a very early example, and NSX is an enterprise-side virtual network model. Nokia’s Nuage is a solution that’s been more popular with service providers. Regardless of who provides them, though, these virtual-network tools are aimed at creating an independent connection layer.
The current SD-WAN market dynamic emerges from this difference in approach. SD-WAN/VPN-side strategies have one enormous advantage, which is that almost every enterprise can use them. Virtual-network models have been viewed by enterprises as a more specialized toolkit, and so they’re not as widely used. Competition has expanded SD-WAN features, enterprises have increasingly realized that you don’t have to supplement a VPN with SD-WAN, you can replace it, and SD-WAN is now becoming a general virtual network strategy.
The cloud is also injecting its requirements into the mix. As I’ve noted in many past blogs, the dominant cloud computing model for enterprises is one where the cloud acts as an agile front-end technology for legacy data center core business applications. Not only has this model been adopted to improve web access to applications for direct sales and customer support, it’s also increasingly used as a partner portal and, now, as a means of connecting remote workers to applications. That means that SD-WAN at the edge encourages SD-WAN within the cloud, which of course is what’s happened. Where multiple clouds (multi-cloud) are used, SD-WAN support within each cloud can unify the networking model for cloud front-end computing.
The immediate impact of the new SD-WAN attention to general virtual-network issues is a sudden leap in the number of enterprises with separate and explicit virtual connectivity. SD-WAN is redefining the notion of “tenant” in virtual networking, moving from the limited vision of separating companies to a vision of separating everything that needs separating. You can have, at the minimum, organizational tenants whose connectivity is partitioned from the rest of the company’s. For a very few SD-WANs, like the 128 Technology product acquired by Juniper, you can almost think of every worker as a tenant, with explicit things they’re allowed to connect with.
If SD-WAN separates connectivity overall, it has to separate it from something else. That something else is IP networking as an industry. You can run SD-WAN over the Internet, over VPNs, over private fiber, over cloud networks…you get the picture. Best of all, because connectivity is truly independent of all these things, you can use any or all of them at the same time, switch between them, and so forth. Since personal and application connectivity is the goal of business networking, SD-WAN now lets it be separated from generalized IP and the Internet. That makes SD-WAN the potential business networking strategy of the future.
Virtual networking has always been a threat to traditional networking for the very reason that it would be the provider of the customer-facing service. When Nokia bought Nuage, my biggest and longest-standing criticism (which I’d still levy on Nokia) was that they submerged Nuage to placate their router people. Perhaps the biggest question in the world of SD-WAN is whether SD-WAN vendors will do that same thing. I’ve already noted that 128 Technology (whom I’ve always said was the top SD-WAN vendor in feature terms) has been acquired by Juniper. Will Juniper play their 128T cards aggressively, or do a Nokia/Nuage? Same question for Cisco and other network vendors.
One vendor who may fear that very thing is IBM. Companies who don’t sell traditional network gear would benefit from the SD-WAN-virtual-networking revolution, and that’s particularly true of companies like IBM who have a private backbone network as a result of their cloud computing offering. With SD-WAN, any backbone is a potential transport underlayment, invisible beneath the connectivity layer of SD-WAN. IBM partnered with Turnium for a cloud-native SD-WAN, one that isn’t aligned with a network equipment vendor and so isn’t at risk for Nuage-style subduction.
IBM isn’t one of the three public cloud giants, of course, but can we doubt that Amazon, Microsoft, and Google are looking at what IBM does here? A cloud-hosted SD-WAN-as-a-Service offering could be a big differentiator, so of course the Big Three in cloud want to make sure that it doesn’t bite against them. Just, as I’ve pointed out, the network equipment vendors have seemed to back away from the separate-connection-layer concept to be sure it doesn’t bite against them! How this plays out might depend on two vendors.
VMware is arguably the only major vendor who has their own SD-WAN offering, and their own overall virtual-networking product to boot. They’ve been very quiet on this whole topic of an SD-WAN independent connectivity layer, and were they to take a very aggressive position on a virtual connection layer as the foundation for business networks, they could move markets both by educating buyers and frightening the cloud providers and network vendors.
The other possible vendor influence is flexiWAN, the “first open source, first application store” SD-WAN. The benefit of an open-model SD-WAN (and, according to flexiWAN, SASE) is obvious, but some enterprises I’ve talked with aren’t really completely comfortable that flexiWAN is as open-source as they’d like. Their model seems aimed purely at service providers (MSPs and CSPs), and whether that target would actually induce a shift to a connection-layer-and-transport-layer model is an open question.
Virtual networking strategies to separate connectivity from transport aren’t new, of course, and they’ve never really changed the game much…up until SD-WAN. There, the separation of connectivity isn’t the goal, but an interesting side-effect that’s pulled through by other significant benefits. In the long run, of course, that may not matter much. The times, as they say, are a’changin.