Dennis Thankachan
Dec 3, 2024
SHARE
If you’ve been tasked with thinking through your enterprise’s SD-WAN strategy or estimating the cost of a revised WAN architecture for your company and have been stuck scratching your head in confusion, then you’ve come to the right place. SD-WAN is scoped and priced in many different ways, so honing in on the right vendor and an adequate cost estimate begins with understanding software-defined wide-area networking (SD-WAN) in the context of your organization’s needs for WAN edge infrastructure. But first, let’s start by defining SD-WAN.
Software Defined Wide Area Networking (SD-WAN) is a software-based architecture that acts as a virtual overlay to an underlying hardware-based network. It provides a centralized control function to efficiently steer traffic across a WAN based on an enterprise’s business needs.
By enabling traffic prioritization, SD-WAN can support many of the same quality-of-experience and security benefits of Multiprotocol Label Switching (MPLS) or point-to-point connectivity for important applications, albeit with easy-to-use centralized software controls. Also, for the most part, SD-WAN data transmission occurs over the public internet rather than on preset or dedicated routes. This potentially makes it much cheaper than MPLS or P2P architectures.
With centralized control an SD-WAN enables IT to prioritize traffic over the public internet.
SD-WAN vs. MPLS
A key difference when comparing SD-WAN vs. MPLS is that SD-WAN acknowledges the public internet as arguably the most important node on the enterprise WAN. One of its advantages over MPLS—along with flexibility, cloud-readiness, resiliency, carrier diversity, and transparency—is the potential for significant cost savings. There are some disadvantages too and I encourage you to take a look to help you choose the right SD-WAN solution for you.
The potential opportunity to do more with less budget and foster ongoing cloud transitions has got enterprise IT leaders’ attention spurring the growth of the SD-WAN market.
See here for a detailed guide from us comparing SD-WAN to MPLS.
According to TeleGeography, Dedicated Internet Access (DIA) connectivity has overtaken MPLS at most enterprise WAN sites, likely driven by a shift away from MPLS WANs to SD-WANs.
Clearly, the advantages are compelling, but when you are pricing SD-WAN options, it can be very difficult to compare costs given the lack of standardization around pricing models.
General Provider Landscape
From a provider perspective, the SD-WAN landscape is fragmented and concentrated in different areas and use cases. This fragmented market has been a big driver of all of the SD-WAN mergers and acquisitions (M&A) in recent years.
Some of the players are heavily focused on interoffice networking while others focus on application and SaaS performance optimization. There are solutions geared toward global enterprises and others toward the small-to-medium-size business market. To know what’s best for your company, you need to first delineate your own objectives in deploying SD-WAN.
SD-WAN Offerings and Pricing
Taking steps to compare SD-WAN appliances and service offerings from different providers is crucial. Further, to get to a true estimate, you have to qualify your needs. Then, you’ll single out the vendors that meet your organization’s needs and start comparing pricing (which is quite difficult) between the solutions that fit.
The Impact of Lack of Standardization
There is no widely accepted and referenced standard for what SD-WAN even is. The Metro Ethernet Forum (MEF) took the lead and came up with MEF 70 in July 2019. They defined SD-WAN Service Attributes and Services and then made an update to MEF 70.1 in November 2021. MEF 3.0 SD-WAN-validated service and technology partners conform to the MEF 70 standard. This standard and certification is not widely accepted.
Due to the lack of a widely accepted standard, there are large variations between SD-WAN solutions and pricing. The large variations between what each solution provides make it challenging to compare the solutions in a fair “apples to apples” comparison. This leads to a complex process that should start with a buyer taking the time to analyze their business’s needs. After the needs analysis is completed, the search for an SD-WAN solution can be streamlined by limiting the evaluation to only include solutions that meet your requirements.
SD-WAN Features
You can use the following features as a starting point for your organization’s SD-WAN evaluation in order to ultimately determine what service to purchase:
Site-To-Site Communications
One of the core use cases for an SD-WAN deployment is the ability to use it as a suitable replacement for MPLS traffic. Most SD-WAN deployments include the ability to establish secure site-to-site transmissions. This is (perhaps) one of the first elements that draw people to an SD-WAN deployment. They’re almost always used for physical site-to-physical site, physical site-to-data center/colocation, or physical site-to-cloud applications.
Carrier Agnostic
Most SD-WAN appliances/networks are “carrier agnostic,” meaning, it doesn’t matter who the internet service provider (ISP) is. The SD-WAN functionality takes place over-the-top of the internet underlay. If you have existing internet service with contractual time left, it’s important to ensure that the SD-WAN appliance isn’t tied to any specific carrier’s network.
It’s also a standard SD-WAN deployment architecture to leverage “carrier diversity,” meaning, you order (at least) two circuits from different internet service providers. It is very rare that an ISP has a massive outage, but it does happen. It’s exponentially rare that two ISPs have an outage at the same time.
MPLS-Centric
There are several reasons that organizations might need to retain an MPLS network. If your organization requires MPLS as part of the SD-WAN solution it’s important to ensure that the SD-WAN provider’s deployment supports MPLS. If MPLS is required, ensure that the SD-WAN vendor’s deployment supports both internet and MPLS circuits into the same environment.
In SD-WAN deployments, all traffic is typically treated as sensitive data. In deployments that have MPLS requirements, typically the highly sensitive traffic is routed over the MPLS circuit and the less sensitive traffic is encrypted and then routed over the public internet.
Hardware Appliance or Virtualized
In most cases, the SD-WAN solution is a hardware appliance that is installed at the network edge. There are several providers that offer a virtualized instance of their SD-WAN appliance. Virtual appliances are almost always reserved for data centers (i.e., a hosted server farm.)
Middle-Mile Network
Simply put, a middle-mile network is a provider-created network that lives between the last mile and the internet peering/transit. In many cases, providers configure the middle-mile network to be Layer 7 aware. This allows for prioritization and optimized routing for things like voice and video calling, popular web-hosted applications like Salesforce, and better routing to cloud providers like AWS and Azure.
Encryption
Data is almost always encrypted before it goes across the internet between multiple sites. Most SD-WAN appliances create some version of a VPN tunnel between sites and pass the encrypted traffic back and forth (not all but most do this).
OSI Layer 7 Application Awareness
Prioritized routing based on the type of traffic is extremely useful; for example, voice- over-internet-protocol (VoIP) traffic versus streaming video content on YouTube. Standard profile configuration is implemented so that VoIP traffic would have preferential treatment if the network experiences congestion.
Layer 7 Visibility
With Layer 7 visibility, several SD-WAN providers are able to provide detailed information on which applications are being used and which devices are using them.
Redundancy
Almost all SD-WAN networks have the ability to take multiple WAN connections into the box (internet, MPLS) and prioritize traffic. But there are differences in how they handle load balancing and failover. Two of the most prevalent network load balancing/WAN optimization methods at a packet level are flow-based and packet-based. The big takeaway here is that you need to ensure that you know how your business-critical applications function and how flow-based versus packet-based failover will affect these applications.
Active/Active Topology
In an active/active scenario, at least two circuits are always on, so if one goes down the only data that drops is whatever was on the line at the time. This significantly lowers the impact that the end users experience.
Active/Standby Topology
In an active/standby scenario, if the active circuit goes down there is a brief outage while the SD-WAN device brings the standby circuit status to active, and then starts to send traffic across it. Active/standby is a popular topology when one of the circuits is a metered LTE circuit.
Customization
After you finish taking a few initial steps to understand your business’s needs you’ll know if there is an SD-WAN topology that fits your needs. If not, you’ll end up needing to find a flexible deployment method that can be customized to suit your individual needs. A lot of times, SD-WAN doesn’t have to replace your entire network. Rather, in a great many instances, it can be one element of a much larger network.
All of these features can affect overall cost, and therefore it is important to determine which are essential before moving forward with your evaluation.
Defining “Managed” SD-WAN
There are 40+ managed SD-WAN providers out there. Unfortunately, the definition of “managed” will vary by provider.
For example, some managed SD-WAN providers will manage your underlay network while others will not. This means that if there is an issue with your underlying circuit, your SD-WAN provider will reach out to the provider and get it fixed. If they don’t manage the underlay, then your IT team is in charge of identifying and fixing underlay network issues.
Additionally, each managed SD-WAN provider draws the line differently when it comes to what your IT team’s responsibility is and what the SD-WAN providers’ responsibility is. Sometimes the provider will manage your VPNs and other times that will be your responsibility (but for the most part, “managed SD-WAN” includes VPN management).
Lastly, some providers will help you manage circuit Move/Add/Change requests whereas some will not include that in their definition of “managed SD-WAN.”
Hardware Only vs. Hybrid Solutions
To elaborate further on the SD-WAN buyer’s dilemma: sitting at opposite ends of the SD-WAN spectrum are hardware-only solutions and holistic (or hybrid) solutions. Some solutions exclusively offer SD-WAN hardware appliances for site-to-site connectivity. Others offer a holistic cloud-based platform with appliances at the edge, the option for virtual appliances, and a middle-mile network with gateways that efficiently route cloud-based applications to the appropriate service provider.
When comparing the SD-WAN cost of hardware-centric solutions against holistic/hybrid services, you’ll see a significant pricing delta. The huge difference in the overall offering is the primary source of it.
Appliance vs. Platform vs. Integrated Provider
Currently, there are three popular flavors of SD-WAN: appliance, platform, and integrated provider.
Appliance
The first method to deploy is by self-managing SD-WAN appliances (or having an MSP do it) that are installed at the edge. While these devices will have cloud management capabilities, they don't actually route WAN traffic through their platforms. Instead, they provide traffic shaping and prioritization on the LAN that is enforced before the local WAN interface is reached. Cisco Meraki and Fortinet are good examples of solutions that operate in this manner. In most cases, these solutions can be purchased as a one-time capital expenditure. Typically, this is the lowest-cost option for deployment.
Platform
The second method to deploy is by adopting a major proprietary cloud-based platform like VeloCloud, Silver Peak, Cisco Viptela, CATO Networks, Aryaka, or BigLeaf Networks. These also rely on physical or virtual appliances at the edge, but the key difference is that in addition to cloud management, these companies also have the ability to route your traffic through their clouds, which are often peered with major ISPs, other public clouds, and numerous SaaS providers.
This in essence allows for direct routing to these services by largely avoiding the inherent uncertainty of the public internet. Most of these companies have built out global points-of-presence to make their core networks easy to reach. These solutions are provided as a service, and in many cases have both an upfront cost for hardware/setup and an ongoing monthly service charge.
Integrated
The third method to deploy is by partnering with a telco or NSP that has deployed one of the proprietary platforms mentioned above within their own network. The major platform solutions like VeloCloud offer carrier-focused solutions that can have some nuances in terms of functionality vs. their native platforms. But, in general, they offer parity across the major feature sets.
SD-WAN Vendor List
There are a multitude of options available depending on what an organization is seeking to accomplish. To help you make a decision, we will take a look at a few of the providers below and outline where we see general fits.
Aryaka is an attractive solution for large enterprises who are ready to migrate away from their MPLS network but still want to maintain a fully managed solution down to circuit monitoring and procurement. While Aryaka has excellent peering and a robust network, they do not offer a portfolio of adjacent technologies like unified communications or security.
Their solution will appeal to enterprises that are focused on deploying a managed WAN as a foundation for moving toward a next-generation network strategy. Aryaka offers high-touch service, and can also incorporate existing MPLS infrastructure which allows enterprises to migrate at their own speed with limited risk.
Bigleaf Networks is an “easy button” of sorts for SD-WAN and is geared towards organizations that require high availability and quality access to cloud applications and who also have existing edge security devices in place to handle security and site-to-site connectivity. Bigleaf is equally valuable to single-location enterprises who want to aggregate multiple ISP links and take advantage of Bigleaf's peering with major SaaS platforms and public clouds.
CATO Networks’ embedded security will pose a compelling value proposition for the midsize-to-large enterprise. These organizations often have personnel constraints and are increasingly looking to consolidate multiple services under a single vendor for simplified management, but are not willing to sacrifice functionality and performance.
CATO’s wholly-managed strategy will also be of benefit to this profile of organization and their network peering will likely be in place to optimize connectivity to cloud-based applications that have already been deployed. For organizations that have separate security teams in place and infrastructure deployed that they are comfortable with, the CATO solution may be less compelling.
GTT’s global network reach, with the ability to aggregate broadband and DIA connections from over 3,000 carrier partners, is undeniably their biggest benefit to enterprises. Additionally, GTT offers an array of complementary solutions like Unified Communications as a Service (UCaaS), Session Initiation Protocol (SIP) trunking, and security while being known to price aggressively. GTT’s solutions are flexible and give IT professionals the ability to control what they want to control while also feeling like they have a truly managed service.
GTT’s solution is extremely compelling for organizations that have a large number of geographically dispersed remote sites that require a mix of broadband and dedicated internet connectivity and value both a single management and billing platform.
Masergy offers an interesting value proposition for midsize-to-large enterprises who have complex voice and data needs across multiple locations and are seeking a partner that can deploy and manage an assortment of premium services. Masergy has an excellent reputation in the marketplace and is capable of managing all aspects of a user’s network including high availability SD-WAN, UCaaS, Contact Center, or security regardless of how complex each need may be.
However, it is important to note that this is not a complete list of vendors, and there are others that may also suit your needs.
Vetting Vendors
Understatement: there are a lot of SD-WAN products and flavors to choose from. A critical first step is to figure out your SD-WAN needs relative to what you already have in place. For example, consider how your underlay network will support your SD-WAN overlay network and who is responsible for managing it. Factor in any existing contracts for services like MPLS so you can maximize your return on investment.
While the industry lacks SD-WAN standards for vetting vendors, the 2021 Gartner MQ for WAN Edge Infrastructure has differentiated providers based on Gartner’s SD-WAN criteria. The same SD-WAN providers have come out on top for the last couple of years in the Magic Quadrant while the number of vendors who’ve met the criteria for being included has tripled since 2019.
SD-WAN offers many benefits that are driving adoption. It will be important to determine which offerings are best suited for your needs and to prioritize them in order to properly vet potential vendors.
Factors That Differentiate SD-WAN Providers
The following are the key differentiators to consider when evaluating managed SD-WAN providers.
Middle mile/peering capabilities: When choosing a managed SD-WAN provider you need to know whether they provide a middle mile network or not and how well-peered it is (if they do have a middle mile network).
Appliance/edge device capabilities: Every SD-WAN provider has a unique appliance or “edge device” and you’ll need to vet the capabilities of each appliance before choosing a provider. You’ll need to determine your appliance needs at each location and then make sure that the provider can meet those needs.
Security: Considering that SD-WAN utilizes the public internet as part of its network, cybersecurity options are of the utmost importance when comparing providers. Typically, you’ll pay more when you add more security layers to your service, but it can be worthwhile.
Quality of experience (QoE): A key feature of SD-WAN is that you are able to intelligently steer traffic over the public internet (or your own dedicated connection). Quality of Experience (QoE) is the “contractual term” that defines the service level expectations for your SD-WAN. Before signing up with any SD-WAN provider, you should understand their standards for QoE and their track record of meeting customer expectations.
Managed VPNs: Businesses often establish a Virtual Private Network (VPN) link between sites. In the past, such connections were often fixed between endpoints, which ensured that the connection was secure but may not route information quickly or efficiently. Managed VPNs address that limitation. They examine circuit quality in real time, identify which path is best, and route the information over that link.
WAN ingress and egress traffic: In some cases, SD-WAN providers will assign IP address(es) to their customers but in other cases, they will not. This difference in design impacts how quickly packets move back and forth between different underlay circuits/end points and how much resiliency a line has. If the provider has a middle-mile network you will (in most cases) be assigned an IP address. If they do not have a middle-mile network then you likely won’t have unique IPs.
Supply resiliency: Ensuring you have a steady and resilient supply of SD-WAN appliances is critical for your network. Whether you experience breakage, your appliance requires maintenance, or perhaps you want to expand your SD-WAN to a few new locations — you’ll always need more appliances.
Recent M&A: Before teaming up with a managed SD-WAN provider, you should understand their corporate structure and if they are undergoing any large corporate changes (such as M&A) that could cause any issues or changes to their services/pricing/etc.
This is not a complete list of services and features, and it will be important to understand the full scope of each vendor’s offerings.
Key Use Cases
Like most modern technologies, decisions on which SD-WAN solution is most appropriate for a specific enterprise come typically down to use cases. Here is a quick look at some of the top SD-WAN use cases:
Managed site-to-site VPNs: Provider managed wide area network connectivity between multiple offices. The provider manages tunnels as well as the quality of experience and adds and deletes locations as appropriate.
WAN acceleration and optimization: Caching, compression, and other tricks that allow data to move across the network more quickly and efficiently.
Application queuing, traffic prioritization, and SaaS QoE: Prioritization of application data across the WAN, often combined with peering arrangements that provide shorter and more predictable routes to SaaS and VoIP providers.
Multi-link/ISP aggregation and or load balancing/failover: Real-time, or near real-time monitoring of ISP quality with dynamic routing of traffic based on which ISP link is best able to transmit and receive traffic destined for a specific URL or domain; some SD-WAN solutions even have the ability to fail a voice call over from one ISP to another without dropping the call.
Rich reporting both on layer 7 WAN utilization as well as ISP quality and uptime metrics: Insight into how ISPs and SaaS applications are performing, network utilization on an application (and sometimes user) level, where quality issues may lie on the network, etc.
Understanding the major reasons for adopting SD-WAN architecture can help you determine which service will be best for you.
SD-WAN Procurement Checklist
Review this checklist prior to procuring SD-WAN. Knowing the answer to these questions will help you choose the best-fit solution for your enterprise.
1. What’s Your Use Case?
Your network use case is the first and foremost consideration when evaluating SD-WAN. Although SD-WAN includes “WAN,” not every SD-WAN solution includes inter-office VPN capabilities. So, if you need to connect directly between offices with your SD-WAN, you need to look for providers who offer this capability. BigLeaf is an example of a provider that does not provide inter-office managed VPNs.
2. How Many Locations/Appliances Need to Be Serviced?
When kicking off an SD-WAN procurement project, you should know the answer to this question for your current business state and have an idea of your future growth needs as well. This is important because, first and foremost, SD-WAN is often billed “per appliance” — either on a monthly basis or as a one-time fee. On top of the appliance fee, you are typically charged for the actual bandwidth utilization as well as an SD-WAN management fee.
3. What Are Your Bandwidth/Throughput Requirements?
To estimate your bandwidth requirements, you need to know all of the applications and services you want to put on your SD-WAN overlay and the bandwidth requirements of each. These requirements will vary depending on where you are accessing your applications from: public cloud, private cloud, or locally. You also need to take into account what your users are doing on those applications, what the application use cases are, when they are being used, and how often.
Bandwidth needs estimation is both an art and a science. A general rule to follow is based on determining if your network utilizes primarily “low bandwidth activities” (such as internet browsing or emailing) or “high bandwidth activities” (such as large file downloads/uploads and video calling). If you utilize primarily low bandwidth activities, multiply the number of users on your network by three. If you utilize primarily high bandwidth activities, multiply the number of users on your network by 10. That will equal a rough estimate of your bandwidth needs in Mbps.
4. Will the Provider Assign IP Addresses?
If you choose to use a middle-mile network provider, it’s worth asking if they assign IP addresses to their customers. Some SD-WAN providers do this, some don’t.
Having a public or static IP address assigned by the SD-WAN provider allows you to have multiple underlay circuits/ISPs route ingress and egress traffic from different underlay carriers that have their own separate IPs. Simply stated, the internet sees all of your traffic coming from the single IP assigned by the SD-WAN provider’s cloud network/IP, regardless of how many different IPs/ISP connections make up your underlay network.
5. What Are Your Network Security Needs?
It’s becoming common to buy security packaged with your SD-WAN service, but this is not always the case. If you want to buy security with your SD-WAN service, you need to know this upfront because not all SD-WAN companies provide security services. Once you decide to buy security with your SD-WAN services, you'll need to know the level of security you require between your locations and remote workers.
With SD-WAN, the security capabilities range from a basic firewall to a full-blown SASE. If you utilize a separate security solution that you'd like to integrate with your SD-WAN, flag this upfront to your provider as not all SD-WAN solutions offer such integrations.
6. What Contract Length Do You Want?
Before reaching out to carriers, you should determine what contract term length you are comfortable with (with 36 months being the standard).
Oftentimes, the hardware appliance costs will be amortized over the life of the contract. In this case, a longer contract service will result in a lower monthly recurring cost (MRC), but not necessarily a lower total cost. SD-WAN contracts typically come with more flexibility than a typical circuit.
7. What’s Your Installation Timeline?
Last, but certainly not least, are the installation considerations of choosing an SD-WAN solution. As long as there’s no reliance on new underlay circuits, SD-WAN installation intervals tend to be much faster than circuits, given that SD-WAN can be deployed over existing connectivity. SD-WAN also generally involves much shorter installation intervals than MPLS
A 50-location deployment may come with an average installation interval of 30 to 45 days, but this will vary based on project complexity. It should be noted that almost all providers charge an upfront cost for SD-WAN in addition to the ongoing subscription fee.
Need help thinking through SD-WAN design and procurement? Talk to us at Lightyear today!
Featured Articles
Join our mailing list
Stay up to date on our product, straight to your inbox every month.