Cloud 9 Advisers
    Go

    Will the real SDWAN please stand up

    08/09/2018 5:54 PM By Chuck F

    The Three Architectures of SDWAN: How to Spot the 'Real Deal' in a Crowded Market

    Understanding the Three Architectures That Dictate Performance

    A comprehensive breakdown of the SDWAN landscape, revealing why the deployment model—On-Premise, Hybrid, or Cloud-Native—is the ultimate determinant of network resilience and quality.


    Updated!

    The three primary SDWAN architectures illustrate varying levels of control, scalability, and resilience.

    Understanding the Three Architectures That Dictate Performance

    In the ongoing digital transformation of the enterprise, Software-Defined Wide Area Networking (SDWAN) is no longer a cutting-edge technology—it is the de facto standard for a bulletproof internet and WAN connection strategy.


    Yet, despite its ubiquity, SDWAN remains one of the most misused and misunderstood terms in B2B technology. With every carrier, vendor, and service provider claiming to offer an SDWAN solution, the market is thoroughly flooded. The resulting confusion forces IT leaders to sift through marketing claims that often mask an unfortunate truth: not all SDWAN solutions are created equal.


    At Cloud 9 Advisers, we cut through this noise by asserting that the capability of an SDWAN solution is determined not by its feature checklist, but by its core architecture. You must look beyond the box and understand the deployment model. When you ask, "Will the real SDWAN please stand up?" you are really asking, "Which architecture provides the resilience, performance, and simplicity my modern, cloud-centric business requires?"


    To answer this, we must first dismiss the flawed approaches that pre-date true SDWAN innovation.


    The Flawed "Old Way": Why Legacy Solutions Fall Short

    Before the rise of modern SDWAN, organizations attempted to solve connectivity and resilience challenges using traditional network technologies. While these tools are essential for other tasks, they fail miserably when asked to manage application-aware traffic over disparate public internet links.


    1. Dual-WAN Firewalls and Simple Load Balancers

    The most common confusion is equating an SDWAN appliance with a firewall that simply has two public internet ports.

    • Linear Failover: Dual-WAN firewalls typically operate on a rigid, linear failover model: they use one link until it fails completely, and then switch to the second. This transition is almost never seamless, resulting in session drops, VPN crashes, and interrupted calls.

    • Outbound-Only QoS: Traditional firewalls and simple load balancers lack the global context needed to control inbound traffic quality. They can prioritize your internal traffic moving out but are blind to sensitive traffic coming in, crippling bidirectional communications like VoIP or high-resolution video conferencing.

    • No Seamless IP Portability: If your primary public IP address fails, your entire session must restart. The appliance cannot gracefully shift your identity to a secondary link, making it a critical point of failure for services relying on that fixed IP.


    2. Traditional Routing Protocols (BGP and MPLS)

    Traditional enterprise solutions, while powerful in their context, are ill-suited for today's dynamic cloud connectivity needs.

    • BGP (Border Gateway Protocol): BGP is the routing protocol of the internet core, excellent for managing large traffic blocks. However, for the enterprise edge, it is complex, expensive, and crucially, blind to real-time link performance. BGP routes traffic based on path availability, not on link quality (latency, jitter, and packet loss)—metrics that are essential for modern applications.

    • MPLS (Multiprotocol Label Switching): MPLS provided the enterprise-grade guarantee of QoS over a single, private connection. While reliable, it is expensive, slow to deploy, lacks flexibility, and cannot efficiently steer cloud-bound traffic, forcing businesses to backhaul all data through the central data center—a crippling expense in the age of SaaS.


    True SDWAN was invented precisely to overcome the cost, complexity, and performance limitations of these "old ways." It achieves this through one of three architectural approaches.


    The Three Primary Architectures of SDWAN

    The core of an SDWAN solution is the control plane—the intelligence that measures link quality, applies business policies, and steers traffic. The three architectures are defined by where this control plane resides and how it interacts with the physical network edge.


    Architecture 1 - Edge-Based: DIY/On-Premise SDWAN (SDWAN Lite)

    This model is the closest to the legacy router approach and represents the most basic level of SDWAN functionality.

    • Description: The entire control and data plane resides in appliances deployed at each physical location. They communicate site-to-site via encrypted tunnels over the public internet. Management and orchestration are performed via a separate, customer-hosted controller (physical or virtual).

    • Pros: Offers full control over the hardware, often lower licensing costs, and can be integrated into existing network segments easily. It is an excellent, low-cost replacement for legacy site-to-site VPNs.

    • Cons:Limited Scalability and Resilience. This model still places the burden of public IP address management and global gateway provision on the customer. It struggles to provide seamless failover, offers generally poor cloud connectivity (as traffic still hits the internet without intelligent steering), and requires complex configuration as the network grows. It rarely offers the advanced, application-aware intelligence needed for a dispersed workforce.


    Architecture 2 - Gateway-Based: Hybrid/Distributed SDWAN (The Service Provider Model)

    This is the architecture most often sold by large telecom carriers and managed service providers.

    • Description: The customer places an SDWAN appliance at the edge, but this appliance connects to a provider-managed backbone. The provider hosts the control plane and gateways within their own Points of Presence (PoPs) or cloud-based controllers. Traffic is optimized and managed within the provider's private network before exiting to the public internet or cloud.

    • Pros: Simplicity of managed service, reduced operational burden on the customer, and better performance than DIY, especially if traffic needs to move between customer sites that share the provider's backbone.

    • Cons:Security Fragmentation and Performance Cliffs. Security is often service-chained, meaning the SDWAN (the network) is separate from the security stack (firewalls, web gateways). Performance degrades significantly once traffic leaves the provider’s managed network. Furthermore, this model introduces vendor lock-in to the provider’s specific backbone and PoP locations.


    Architecture 3 - POP-Based: Cloud-Native/Cloud-First SDWAN (The "Real Deal" SASE Enabler)

    This architecture is the most advanced, representing the full realization of Software-Defined WAN and the fundamental requirement for Secure Access Service Edge (SASE) convergence.

    • Description: Both the control plane and the data plane are delivered via a global, unified software fabric hosted entirely in the cloud, utilizing a vast, highly distributed network of PoPs. The physical appliance or software agent (for mobile users) simply connects to the nearest cloud PoP, and all security and network intelligence are applied from there.

    • Pros:True Resilience and IP Portability. Because public IP addresses and session management are handled in the cloud fabric, these solutions can deliver truly seamless failover (even active calls survive). They offer built-in, unified security (SASE), global scalability, and real-time, packet-by-packet optimization for both inbound and outbound traffic. This model is built for the cloud, by the cloud.

    • Cons: Requires trusting the vendor's global network footprint and architecture. It also usually involves a higher cost model reflecting the delivered features and massive infrastructure investment by the vendor.


    The Cloud 9 Standard: A Non-Negotiable Checklist

    If you are evaluating an SDWAN solution, you must hold it to a higher standard—a standard that only Architecture 3 consistently delivers. Anything less represents a compromise on resilience and performance.


    The real solution must deliver these four capabilities, which are based on the advanced concept of a cloud-based control plane:


    1. Truly Seamless Failover and IP Address Portability

    This is the ultimate test. As we discussed in our article on call survivability, if you are on an active, highly sensitive call—and all but one of your internet links fail—the call session must survive. The key to this is IP Address Portability.

    • The Mechanism: The Cloud-Native architecture handles your public IP addressing within its global cloud cluster. When a circuit fails, the cluster instantly shifts your IP identity and active sessions to a surviving circuit without interrupting the application session. This means active video calls, VoIP sessions, and VPN connections do not drop.

    • The Pragmatic Benefit: This also means portability. If you move offices or change ISPs, you simply plug the new links into the edge device, and the cloud takes care of the routing and IP identity - becuase your IP addresses come from the SDWAN provider, not the ISP.


    2. Automated Inbound and Outbound QoS

    A genuine SDWAN solution must solve the problem of Quality of Service (QoS) over the unpredictable, open internet.

    • The Requirement: The system must use its integrated AI/ML to continuously detect and respond to changes in throughput when sensitive traffic could be affected. It must have the intelligence to apply granular control to both outbound and inbound traffic, prioritizing what you want, how you want it, in real-time. This is essential for maintaining the quality of bidirectional communication.


    3. Intelligent, Packet-by-Packet Load Balancing

    Unlike simple load balancers that distribute traffic based on connection count, a real SDWAN solution operates at a higher level of intelligence.

    • The Mechanism: It uses in-depth, real-time monitoring of link quality (latency, jitter) and adapts to fluctuations packet by packet. It doesn't just send traffic down a path; it dynamically steers critical data to the best-performing path at that very moment, ensuring you achieve "fiber performance out of any broadband connection."

    • The Ultimate Test (See it in Action): The best way to visualize this capability is to watch it happen live. We encourage you to watch a demonstration of a seamless link failure to see if the session truly survives: Check out this video to see how a "real" SDWAN solution should work: https://youtu.be/4N2PM_f_8WE


    4. Enterprise-Grade WAN Replacement

    The cloud-native SDWAN can augment or completely replace complex, traditional technologies like MPLS, site-to-site VPNs, and Point-to-Point circuits. It provides a private, always-on, and secure connection across all endpoints while delivering far better performance, reliability, resiliency, and flexibility than the legacy solutions.


    Conclusion: Simplifying the Strategic Choice

    The choice of SDWAN is a strategic one, not a product specification exercise. The right solution dramatically reduces risk, removes operational fatigue, and delivers a resilient foundation for your most critical cloud, AI, and collaboration initiatives.


    The central takeaway is that Architecture 3: The Cloud-Native Model is the de facto standard for a bulletproof WAN strategy and the required foundation for SASE. It is the only architecture built from the ground up to solve the challenges of the modern, cloud-first enterprise.


    There are many types of SDWAN out there in the world. Some good, some not so good, and others that are specific for different applications. Cloud 9 Advisers can help you spot the differences and select the right providers for your needs. We eliminate months of labor by shortlisting the providers and services available that can actually perform like they should—and identifying those that do not.

    KITS: Keep IT Simple.

    SD-WAN
    SASE

    More Related Posts: 

    SDWAN & SASE: The Essential Guide to Converging Connectivity and Cloud Security

    The 'Real' SDWAN Test: Why Call Survivability is the Only Benchmark That Matters


    Tags :
    Categories :
    Stop wasting time on complex IT decisions. Cloud 9 gives you the clarity and confidence to select the right providers and choose the right solutions, fast. 

    Make informed IT decisions that drive business growth.

    Cloud 9 helps you:
    • Reduce risk: Confidently choose the right solutions with comprehensive vendor analysis and solution validation.
    • Eliminate vendor fatigue: Say goodbye to endless research and sales pitches.
    • Streamline the buying process: Accelerate your IT projects and achieve your goals faster.

    Industries Served

    • Architecture/Engineering/Construction
    • Association/Non-Profit
    • Automotive/Auto Dealers
    • Banking/Credit Union/Finance
    • Education
    • Gov/Fed/DoD Contractors
    • Healthcare
    • Legal
    • Manufacturing
    • Mining & Agriculture
    • Retail & Restaurant
    • Small Business
    • Startups & Software
    • Trucking & Logistics 

    Matching you with the best in AI, security, cloud, and IT

    © 2009-2025 Cloud 9 Advisers, LLC    -    (202) 996-0757      Consulting@Cloud9Advisers.com