Note: This article was first published at Packet Pushers.net on March 5, 2018
I was preparing for a podcast and started comparing the complexity of a private vs. public WAN.
I doodled some diagrams and realized that using Internet bandwidth for SD-WAN to replace private bandwidth is actually simpler. Perhaps because the familiar is always seen as the better choice, I prepared some diagrams.
Consider a private WAN that has up to 4 “bandwidths” that need to be managed at the branch, the DC/Private Cloud, the Internet gateway, and perhaps a local breakout at the branch.
If you replace a private WAN with SD-WAN on the public Internet, then the basic diagram gets a lot simpler.
And because SD-WAN appliances are “packet inspection devices” and “application aware” they can be used as firewalls. Some vendors have deep security capability that approaches NGFW-class, and others integrate with cloud services that can provide scanning, filtering, and logging.
But this is even easier than building a mega-size security cluster in the core, provided you can manage the policy. Which you can.
Hope you enjoy the video.