SDN-WAN Startup Primer


Traditional hardware and software pairings are both expensive and may severely limit programmer’s capabilities to manage traffic, safety, and other network features. The disruptive force in network hardware and software is the software-defined network (SDN). SDNs allow companies to independently choose their components and pair advanced software with high-powered bare-metal hardware. Networks need not be tied to an expensive and pre-configured hardware and software combination, and a more powerful network can be developed.

SDNs often reduce capital expenditure as well as operating expenses by virtualizing and allowing configuration of network architecture, which is highly valuable when delivering cloud applications to many servers. Gateways can also be used to extend the SDN architecture across many remote data centers. Many SDNs allow pay-as-you-grow models of billing and the ability to automate provisioning and orchestration to reduce management time. Furthermore, SDNs offer quick deployment, application awareness and analytics, and encourage innovation by allowing diverse and sophisticated methods network management.

Growth in SDNs has been further aided by a transition to mobile devices and the cloud which challenge traditional networks. SDNs are quick to adapt, can be highly scalable, and may offer network savings of components around 60 to 80 percent. Importantly, SDNs do not require a partnership with a specific Internet Carrier, so networks are free to choose the Carrier that fits their needs.

Many SDNs are eliminating the concept of customer premise equipment (CPE) entirely and offering virtual installation of their systems. Instead of installing 50 firewalls and protocols in all 50 branches of a network, SDNs can offer virtual installation across all branches of the network. SDNs can provide the virtual CPE, WAN, and security or can be paired with any other security company.

SDNs also allow high levels of customization. Most recently, SD-WAN has begun to penetrate the market and replace multiprotocol label switching (MPLS) and rid networks of the typical headaches of private WANs including latency, jitter, packet loss, many security vulnerabilities, WAN link outages, and immense lead times to install new or upgrade existing WAN link capacities.

An SD-WAN requires some combination of the following components: a policy manager to define traffic classes, security parameters and QoS characteristics, forwarders that may operate as routers and are aware of the applications flowing through them, a central controller to tell forwarders how to forward traffic, and analytics to change network topology, link load, and circuit performance in real time.

CloudGenix believes that three factors have led to the possibility of SD-WANs: the viability of Internet links (which also requires encryption and QoS not easily solved by Internet service providers), the presence of hybrid WANs in which a WAN configuration is needed for every iteration, which drastically increases costs, and the rise of x86 as a network computing platform. Though SDNs may not be overtly present in the current market, IDC predicts that the SDN market will reach revenues of $3.5 billion in 2016 and $8 billion in 2018.


Founded in 2014, Viptela specializes in virtualizing the WAN through their Secure Extensible Network (SEN), an SD-WAN overlay which integrates policy, network security, routing and operations. Viptela launches a vSmart Cloud-based SDN-WAN Controller which virtualizes the network to provide many of the benefits of private MPLS Layer 3 virtual private networks (VPNs) without its drawbacks. It also incorporates the vManage Network Management System with a real-time dashboard on the health of the network, and, should the company choose to replace their current routers, vEdge routers can provide secure data connectivity over any transport. Viptela can be used as a backup for MPLS, alongside MPLS for traffic steering at high bandwidths, on new sites, or to replace MPLS.

Viptela converges multiple WAN infrastructures into a single overlay, can process network-wide changes between one and seven days, offers zero-trust network security through device authentication and traffic encryption, WAN capacity that can be augmented on-demand, is non-disruptive to existing networks’ routing and protocols, and offers seamless insertion and end-to-end segmentation. This slew of features has enticed a Verizon partnership, led Viptela to win the 2015 Communications Solutions Product of Year awarded by TMC, and helped them become a strong competitor against Cisco in the WAN market. Viptela recently landed a contract with Singtel, which has over 500 million customers in 25 countries, and was chosen over Cisco for a deal with retailer The Gap, which will be able to deploy Viptela to 25 stores per night to reach approximately 1,200 stores in total.


CloudGenix is new to the marketplace, founded in 2013, but has already raised $34 million in venture capital funding and has more than 25 enterprises testing its products. CloudGenix has created an encrypted overlay that can include private circuits, low-cost Internet broadband, and LTE. CloudGenix’s products can be launched in a timely manner and include the CloudGenix Central Controller that can run as a virtual machine (VM) in the cloud on a local network or on a CloudGenix X86 box in the datacenter. The Central Controller is a control plane only, so the effects on latency are minimal, and flows forwarding policy onto the forwarders (ION (instant-on-network) fabric) using APIs instead of having built-in routing protocols.

The ION elements are analogous to WAN routers, but are launched as VMs on x86 devices at branches, headquarters, co-los and public cloud locations, which can either be supplied by the company or can be purchased through CloudGenix. ION elements allow flow forwarding and classification, topology change notifications, service level agreement enforcement and monitoring, and flow table maintenance. ION Fabric is the overlay of ION Elements, and all traffic flowing over it is encrypted with AES-256 IPSEC.

CloudGenix has distinguished itself from the SD-WAN field with its innovative application fingerprinting which “uses sessions flowing between endpoints to identify applications, rather than using signatures or deep packet inspection (DPI).” These many components incorporate sophisticated path selection, simple policy management and reporting, traffic analytics, zero-touch provisioning, and service chaining.


Pertino was established in 2011 and acquired by CradlePoint Technology in late 2015. Pertino believes that the Internet has become the new WAN, and “enables enterprises to build and manage private cloud networks that overlay the public Internet and extend visibility, security and control to workforces and workloads everywhere.” Pertino provides network-as-a-service powered by the Cloud Network Engine platform, combining the cloud with the power of SDNs, NSV, and network visualization. This platform is highly scalable and virtual network services can be added easily to the platform through AppScape. Over 5,000 customers in 70 countries are using Pertino’s Cloud Network Engine including Softbank Commerce & Service in Japan and Dell’s Cloud Marketplace.

Pertino’s Cloud Network Engine allows remote access to connect dispersed workforces, enterprise mobility, M2M and connected devices, allows for extension of AD domains everywhere, hybrid and multi-cloud networking, and SD-WAN. Importantly, Pertino’s product can be deployed virtually in a matter of minutes because it is cloud based. Once a network is specified, the Engine configures the network using historical network behavior, geography, and capacity to determine the optimal hosting data center (within 30 milliseconds of most population centers) using a proprietary algorithm.

Glue Networks

Glue Networks, which has been in the cloud market since 2007, launched its platform to deliver network automation SD-WAN in 2011. Like the other SD-WAN providers, Glue Networks’ Gluware Control provides dynamic network modeling with a user-friendly interface, is network aware and has zero-touch deployment. It also offers pre-built (in its Network Development Kit (NDK)) or customizable architectures, verification and instant roll-back capabilities, notifies the system when there are compliance or out-of-sync policies, and has full PKI automation and 2FA security.

Glue Networks has designed Gluware to integrate seamlessly with Cisco’s IWAN and has a Flexible Language Object Workstream (FLOW) with open standards based abstraction framework, an Intelligent Orchestration Engine, and is completely cloud-based for scalability, controlled rollout, and secure deployment. Data planes remain in the encapsulated network, so they are highly secured. Many Fortune 100 and Fortune 500 companies have launched Gluware on their platforms, and Glue Networks’ growth shows no signs of slowing.

Talari Networks

Since 2009, Talari Networks’ THINKING WAN has been providing enterprise SD-WAN that leverages the cheapest links to reduce WAN operating costs, adds networks to create more WAN bandwidth, and increases WAN reliability. Talari’s SD-WAN is also cloud-based and uses virtual appliances, a logical network controller, and a management and analytics platform similar to the SD-WAN providers discussed previously.

Using Talari’s WAN, traffic is prioritized, bandwidth is reserved and reliable, packet duplication and packet level intelligence ensure network sessions are not interrupted or VoIP calls dropped, bandwidth-intensive applications may use all WAN links, the cloud is secure and allows management in real-time, and links that are poor performing or approaching saturation can be dealt with appropriately. THINKING WAN also performs per-packet path selection to ensure seamless application use, is highly flexible, and Talari Aware reduces configuration time and increases visibility into the network.

Limitations to SD-WAN

Despite all the benefits of an SD-WAN, there are a few drawbacks to several companies’ products. Primarily, weaknesses may lie in the lack of a next-generation firewall in the network. Many SD-WAN providers have not yet come up with a solution for this other than suggesting other great companies that can provide security. However, the transition to the cloud and the innovations in cloud security may soon render this argument irrelevant.

SD-WAN may also be more expensive than MPLS, but, as with Talari Networks, this is not always the case. MPLS can also be completely outsourced to have the routing and firewall provided by a Carrier, but this can be much more expensive than an SD-WAN. Finally, CloudGenix reported that virtualization may prove difficult for some companies, as multiple overlays may have to be implemented initially to maintain a secure boundary, hybrid WANs can be difficult to manage, and “organizations with software-as-a-service or public cloud applications may lose some insight into network performance beyond their borders.”


If it were any indication of the anticipated demand for SDNs, Ncira Networks, founded in 2007, raised $41.8 million in venture capital funding and sold to VMWare for an amazing $1.26 billion in 2012. Since then, SDNs have evolved into SD-WAN providers and are offering stiff competition to the rigid configurations and often user unfriendly platforms provided by the likes of Cisco.

Enterprises are transitioning to the cloud and demanding more flexibility from their WAN providers along with the ability to choose their Carrier. Viptela, CloudGenix, Pertino, Glue Networks, and Talari Networks are transforming the WAN marketplace and delivering a more reliable, easy to install, scalable, and customizable platform that can address routing concerns in real-time and often in innovative ways. Cisco and others are, understandably, trying to partner with these innovators to keep customers happy, but few have been successful thus far.

Scroll to Top