New Innovations Unveiled at Cisco Live 2024


Challenges and New Approaches for SD-WAN Policy Management

By Mike Hicks
| | 10 min read


Current SD-WAN policy approaches have drawbacks. Predictive SD-WAN can improve end user experiences by producing recommendations that avoid major downtime and hyper-tune site-level performance.

SD-WAN (Software-defined Wide Area Network) policy management can be complex. And as SD-WAN technology evolves to replace dedicated WAN Multiprotocol Label Switching (MPLS) circuits in hybrid WAN and SD-WAN-only deployments, new challenges emerge alongside innovative approaches to optimizing user experiences.

Organizations are embracing SD-WAN architectures to drive network flexibility, efficiency, and lower cost. In this blog post, we will look at some aspects of SD-WAN policy management and how you can use it to optimize your organization's policy management while improving network performance and application experience from end to end and in better than real-time.

Scaling Networks Drive SD-WAN Adoption 

With the adoption of hybrid work and security services like SASE and the increased use of distributed applications, organizations rely more on a complex digital supply chain and the Internet. Therefore, the benefits of SD-WAN versus on-premise enterprise networks are about more than just replacing legacy dedicated WAN circuits. Instead, it represents a cost-effective solution for managing expanded and dynamic SD-WAN uses, including zero-touch provisioning and resource scaling, to improve network connectivity for cloud-delivered SaaS applications.

SD-WAN was derived from SDN technologies and arose as an alternative to dedicated MPLS as it could demonstrate similar levels of broadband bandwidth for network services between branch offices. SD-WAN solutions are typically easier to implement because they are a software-based overlay, and IT can deploy them on some existing hardware, such as routers or firewalls. This use of existing hardware allows for lower capital expenditures, making it easier for IT to stay agile and scale more rapidly.

More important than cost savings, an SD-WAN deployment facilitates branch WAN connectivity with direct Internet access (DIA), improving the experience of accessing SaaS and cloud applications without having to backhaul traffic to a centralized data center. DIA can also reduce latency, enhancing quality of service while offering secure connections for users of SaaS and cloud-based services—all with the orchestration of network resources for optimized project outcomes.

As such, organizations are adopting SD-WAN at an accelerated pace. According to IDC's 2022-2026 forecast, analysts expect the compound average growth rate for worldwide SD-WAN infrastructure to be about 14.1%.

A Reactive SD-WAN 

SD-WAN allows network operators to set centralized rules to prioritize network traffic based on a variety of criteria, such as the application used. It also allows for local site policies if you want to take the time to design and set them up. But when working across upwards of 50 sites, the effort required to work out all the alternatives does not justify their reward.

The centralized policy used today to manage distributed SD-WAN fabrics is simple to implement and maintain. But an unintended result of this one-size-fits-all approach is that it offers "good enough" performance to different locations and applications, meaning that the digital experience may not necessarily be fully optimized in relation to the conditions and requirements of each location. And, because there is no steady state on the Internet, a "set and leave" approach to policies may lead to the policies becoming outdated.

The reality is that SD-WAN today functions in a reactive manner, i.e., only responding when a situation, error, or degradation occurs.

Five Challenges With a Reactive SD-WAN 

Current approaches to SD-WAN policy configurations have their drawbacks. Here are five for you to consider:

  1. When a centralized policy determines SD-WAN behavior, it can impact the performance of applications workers rely on. For instance, a change to optimize the application performance of one app could have a different or unexpected knock-on impact on other critical services, like Microsoft 365, Webex by Cisco, or Salesforce.

  2. Since users more often experience degradation rather than a complete outage, automated remediation is unlikely to be initiated.

  3. Operators can only plan for what they know, so they tend to take a "set-it-and-forget-it" approach to avoid fiddling in an effort not to disturb the status quo. As a result, they are likely to only make policy changes or interventions in the aftermath of a catastrophic event occurring.

  4. Operators often do not know if their "normal" SD-WAN performance is good or bad. What if a site location's experience has always been terrible?

  5. Users stop complaining as they accept mediocre performance as the norm. And, with no complaints or tickets filed with the helpdesk, these teams assume no news is good news, and poor performance becomes customary.

Predictive SD-WAN Is a Gamechanger

Predictive SD-WAN is proactive. It takes the characteristics of applications and applies predictive analytics against historical data to ascertain the potential of an issue occurring on the circuit in the future. Subsequently, it produces a recommendation to route an application’s traffic to a circuit with a lower, or no, potential of incurring an issue. This approach allows you to act on problem avoidance with proactive decisions.

Predictive SD-WAN allows operators to define and establish a baseline—what good connectivity is for each location—and then improve performance by avoiding issues and continuing to provide recommendations based on current conditions for hyper-tuning performance. And automated forecasts allow operators to design individually tailored site policies for different locations and trigger notifications when thresholds are breached so that action can be taken before employees or customers suffer from service interruptions or degraded performance. 

 Figure 1. Predictive SD-WAN performance tuning process 

Value of Predictive SD-WAN

The benefits of predictive SD-WAN are not limited to network operators, however. Anyone involved in digital transformation or who wants to take advantage of optimized network assurance will benefit from the enhanced visibility and control that predictive SD-WAN provides.

Predictive SD-WAN improves the end-user experience by avoiding major downtime and hyper-tuning site-level performance. Moreover, it reduces helpdesk tickets by avoiding issues before they manifest and affect users, which means fewer people must lift a finger when a problem does occur—and they'll be happier when they don't have to deal with it!

How It Could Work

Say you were a network operator overseeing employees at 200 locations. One site had an issue with voice quality on a collaboration app, but no one reported it. So, as a workaround, site workers used a company-paid cell phone to communicate with each other because they needed to get adequate voice quality from the collaboration app over their office connection

With predictive SD-WAN, the system notified network operators about the problem and provided adjustments based on forecasted data they could use to implement a fix. The change resolved the issue and improved voice quality by 20%. As a result, workers at the office are happy and no longer use their cell phones for work calls or meetings because they now get much better voice quality on their apps.

While this example is certainly a bit simplified, it shows how predictive SD-WAN can help fix problems before they happen, reducing costs and improving the experience for both users and organizations.

With the growing adoption of SD-WAN, network operators will need proactive policy management. This technology's flexibility, scalability, and ease of use make it a compelling option for many businesses. However, some challenges are associated with managing policies on a large scale across different locations and networks. To address these issues, companies need to look at new approaches to manage their policies, and predictive SD-WAN offers just that. 

Subscribe to the ThousandEyes Blog

Stay connected with blog updates and outage reports delivered while they're still fresh.

Upgrade your browser to view our website properly.

Please download the latest version of Chrome, Firefox or Microsoft Edge.

More detail