SD-WANs offer an easy, cost-effective way to unify the networks of a multi-site business. We explore which SD-WAN systems will get your LANs merged into a WAN.

A software-defined WAN (SD-WAN) offers a simple way to merge the networks of a multi-site business into one. Individual networks that serve one location are called “local area networks” (LANs); networks that cover multiple sites are called “wide area networks” (WANs).

Using the internet to facilitate communication between LANs does not create a WAN. In a WAN, all of the links are private, even though they are laid over long distances.

Why use an SD-WAN?

Buying all of the cable to link two sites together and getting permission to lay that cable over public and private land is very expensive and complicated. One solution is to lease a line from a telecommunications company. However, this strategy is also costly.

The most cost-effective medium to connect sites together is over the internet. SD-WANs deploy techniques to create a private network link over the internet.

This is known as an “overlay network” and it counts as a private line, even though the physical medium is not owned by the business operating the network. This is how SD-WAN got its name, it converts internet-connected LANs into a WAN through software methods.

Is VPN traffic encrypted?

SD-WANs require a device to connect to the internet. The system can be created by channeling all internet-bound traffic through a server that runs the WAN-creating software and then on to the network’s gateway. This is called a virtual solution. The other option is to buy a special appliance that is a gateway with the SD-WAN software embedded in it.

SD-WANs and UCaaS

Thanks to the cloud, businesses don’t need to buy and manage the software to create an SD-WAN solution, nor the hardware required to run communications software or a special appliance. A Cloud-based SD-WAN system is officially called “Unified Communications as a Service,” or UCaaS.

UCaaS is an edge service that takes care of all routing for your business. All traffic from all of your sites is channeled to the UCaaS server, which acts as a hub. The SD-WAN software on the cloud server routes company traffic through to the appropriate site and sends regular internet traffic destined to other organizations through a gateway.

The connections between sites are all secured with encryption. The IP packets that travel between sites and the cloud-based hub are hidden with encapsulation. This carries the original network packet inside an outer packet. All of the original packet, including its header is encrypted.

Network administrators get access to a console on the UCaaS server and can get traffic statistics from it, even watching live feedback on traffic flows.

More about SD-WAN Technology

The SD-WAN software, whether hosted on a computer, embedded in an appliance or based on the cloud provider’s server, enables the address space of all participating LANs to be unified. This is what makes the WAN.

The internet is a separate address space and its inclusion in the system breaks the requirements for the definition of a private WAN. However, the encapsulation procedures of the SD-WAN bridge that address-related problem, enabling the network software to ignore the underlying internet’s addressing requirements.

You can read more about the methodology in creating a software-defined WAN in the article “What is SD-WAN?”

Set an SD-WAN strategy

Your starting point on your SD-WAN buyer’s journey is to decide whether you want to host the SD-WAN software, buy a specialized appliance to implement the WAN connections, or opt for a cloud-based SD-WAN service. As you can see from our list, we have looked into all three deployment methods and found solutions for each.

Once your strategy is sorted out, your search becomes a lot easier. Our shortlist of the best SD-WAN vendors should help to speed up that process.


An SD-WAN appliance is a replacement for a traditional network router. It implements all of the connection management for an entire LAN to link through to remote sites.

Multiprotocol Label Switching (MLPS) is a routing algorithm that selects a neighboring router to pass data onto by its short path label rather than by looking at a routing table. SD-WAN works with IP addresses and so is easier to route over the internet. The SD-WAN just manages the address differences when accessing an endpoint on a remote network so it seems to be resident on the local network.

SD-WANs do have weaknesses. They require more planning than a traditional WAN system and some monitoring systems might not be able to communicate with the SD-WAN service/appliance or properly interpret the address space that it creates.

Not all SD-WAN systems are equal. However, the SD-WAN process offers opportunities to bundle many services together. A good SD-WAN system will also include network security protection. Another advantage is that it can optimize speeds for different types of traffic traveling between sites. Thirdly, SD-WANs can easily integrate new sites because all of the addressing issues are solved by remapping them within the SD-WAN.

Going by the OSI stack numbering, SD-WAN can operate on Layer 2 and Layer 3. Some experts explain this duality by labeling SD-WAN Layer 2.5 technology.

A VPN establishes a single connection across the internet and channels all traffic along that connection. An SD-WAN manages multiple simultaneous connections. It can use different technologies for each, including a VPN.


Check The Features