SD-WAN Won’t Become a Feature of Branch Routing

M. Fratto

Summary Bullets:

  • SD-WAN products and technology offer distinctly different features and benefits compared to branch routers. SD-WAN won’t augment routers but will replace them in the branch.
  • Vendors making branch devices like routers and firewalls should be very concerned about being replaced with SD-WAN hardware and software.

I make no secret that I think SD-WAN is the cat’s meow. It really is transformative technology that, in most cases, can deliver on the promise of an as robust or better WAN overlay that obviates the need for a complex routed WAN architecture and the skills need to maintain it. If an enterprise wants to relegate its WAN to just pipes, it can overlay an SD-WAN on top of the WAN and manage it themselves. If the enterprise wants an SD-WAN and WAN service that has management integration from service provisioning to management, it can get a combined service—or soon will be able to get a combined service—from any number of managed service providers. In either case, gone is the complex routed WAN which is brittle and takes a long time to respond to problems. Whether the enterprise router jockeys will want to give up their beautifully crafted BGP is another matter, but the potential exists for most companies.

Depending on the company and branch sizes, the pure branch router was replaced long ago with a firewall or UTM device. Many branches have only one WAN connection and there’s no need for a stand-alone router. In locations with two or more WAN links, branch routers are deployed outside the firewall to manage the WAN connectivity across all available links largely because IT either didn’t trust the routing stack on the firewall or UTM appliance or their security team wanted separation of function. With SD-WAN, having a separate router is redundant and unnecessary unless there is a very specific and clearly defined need.

And this is why SD-WAN should, and I think will, replace branch routers and firewalls. The bar should be very high for maintaining multiple products when a single consolidated product will do. In “Enterprises Want Streamlined Operations. Who’s Going to Provide It?”, I tried to make the case that enterprises want streamlined operations and that includes streamlining operations across network functions like routing, firewall, VPN, and WAN optimization in the branch from the same or multiple vendors. I think for many enterprises, the functional requirements may not dictate the same firewall must be used in the branch that is used in the data center or central hub site. Depending on how the traffic policies are defined, any firewall that stops traffic on the outside from getting in will do. If your company wants to perform content filtering, that can be accomplished at the branch, a central site, or perhaps even better, from a service. Other functions must be performed locally at the branch like WAN optimization and data caching and that’s where integration is critical.

But I simply don’t see a good reason for most enterprises to continue to use a suite of bespoke functions, either in hardware or software. Doing so simply complicates management for very little benefit. Don’t carry your legacy networking into the future. It’s time to consolidate and replace functions where you can rather than augmenting or integrating redundant and unnecessary functions.


What do you think?

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.