DDI for SD-WAN

Software-defined wide area networks (SD-WANs) enable organizations to supplant private network services partially or entirely such as Multi-Protocol Layer Switching (MPLS) in order to improve network performance, centralize provisioning, simplify operations, and reduce costs. A key characteristic of SD-WAN features the decoupling of the data plane and control plane. The data plane comprises network routing hardware while the control plane includes software that “defines” or monitors, manages and reconfigures network routers to achieve optimal performance. Such reconfiguration may include dynamic path selection for load balancing and redundancy as well as support for multiple network interfaces, e.g., for the Internet, VPN, 5G and MPLS for example.

Another key characteristic of SD-WAN is the topological transition from a single or dual Internet access connection to a network with "Internet breakouts" at each SD-WAN router location. The direct Internet access at each location enables routing of local users to nearby cloud application servers, thereby optimizing cloud application performance via a direct path instead of traversing internally to a single Internet access point. This optimal routing is facilitated by the deployment of a local DNS recursive server that a cloud DNS server can resolve accordingly. Given the abundance of Internet connections with Internet breakout, distributed network security arises as a key requirement, which the local DNS server can also promote. This white paper discusses the goals and benefits of SD-WAN and how a robust DDI solution can facilitate application performance without sacrificing security.