2014 is the year of the virtual WAN

Peter Christy, director, networking practice, 451 Research
Peter Christy, director, networking practice, 451 Research

451 Research networking practice director Peter Christy has over thirty years’ experience  managing software and systems technology for leading IT vendors, including HP, Sun, IBM, DEC and Apple,  and was founder of MasPar Computer, a midrange SIMD HPC provider. This long term operational involvement has translated well into a research and advisory role at 451 Research, where he now leads the firm’s research into networking trends — which today typically means SDN. Christy’s fluency with the world of IT allows him to redefine SDN — “software-defined being so vague, as to be meaningless” he notes — and to focus instead on the history and current reality of network virtualization in enterprise WANs. In the article below, Christy offers a compelling explication of WAN optimization, network convergence, and virtual WAN, composed of physical and virtual appliances, a management system, and the means of integrating other network access service (i.e. SaaS) — based, as in SDN, on abstraction or separation of the physical and logical components of the network.

For non-practitioners, the science of networking can be an obscure one. But InsightaaS is pleased to present articles like Christy’s which can help enterprise managers and data centre managers alike better understand not only the roots of virtual WAN, but also the critical importance of network programmability in the complex cloud environments of today, and most importantly, what can be achieved through optimization of network resources: “configuration simplicity and agility, security and compliance, and performance and cost efficacy.” Christy concludes with the 451 signature — an overview of who (upcoming vendors) we should expect to see in this emerging space as enterprises come to grips with one of the most pressing and promising challenges in data centre management.

Over the last year, we have seen the emergence of a new category of software-defined networking: SD wide area networks (WANs). In covering the category (Aryaka, Ayla Networks, CloudGenix, Distrix, Glue Networks, Pertino, Silver Peak Talari, VeloCloud, Viptela) we have chosen to describe them as virtual WAN offerings, in part because software-defined is so vague as to be meaningless, and in part because we think the creation of a virtualization abstraction is a big part of the value (agreeing with an observation first made by VMware’s Martin Casado). The purpose of this spotlight is to briefly describe the category and detail the definition and value of the virtualization abstraction inherent in these and many other software-defined offerings.

The 451 Take

Network virtualization has leapt to the forefront in recent years, in part because of the necessity of supporting virtualized applications, and in part because of the manifold benefits of separating logical and physical networking cleanly with the addition of this abstraction. This is the year of the virtual WAN, clearly emphasizing the value of the abstraction. These offerings provide high value, and we think they will see significant market traction over the next 12 months and create attractive acquisition targets for the larger players.

Enterprise WANs
The importance of enterprise WANs has grown over the years for a combination of reasons. Enterprise WANs began as communication links that enabled workers in branch offices to utilize corporate applications at a centralized datacenter. When branch office servers were consolidated into datacenters a decade ago, the importance of WAN links grew, as it has as more business processes become automated. As business Internet use grew, branch Internet traffic was typically routed to the datacenter so that a well-protected Internet connection could be used, further increasing WAN traffic and importance.

As WAN traffic and bandwidth grew, WAN technology evolved in parallel. The early WANs were built with dedicated ‘leased’ lines. Over time the traffic evolved to use service-provider MPLS services that created virtual circuits over a multi-tenant SP network. More recently, enterprises have added VPN WAN links using Internet connectivity to take advantage of the disruptive cost and performance of ‘consumer’ broadband services.

Sophisticated network optimization has been driven by WAN needs (WAN optimization) — in many cases, one or more branches had limited bandwidth. As optimization appliances became more powerful and cost-effective, WAN optimization use broadened because of the high amount of redundancy in most network traffic, and with intelligent optimization, the effective capacity of the link can be multiplied.

When viewed broadly, from the perspective of network evolution, the WAN has seen the direct impact of network convergence — the integration over time of different network systems onto a common IP transport (e.g., voice, video, security) — a trend that increases WAN traffic and increases the importance of effective WAN management (for example, assuring that voice or video traffic is given transport of suitable bandwidth and quality for the application).

In summary, over the last decades the importance, traffic, technical demands and technological sophistication of the enterprise WAN have all increased, as has the value of an integrated management solution (in this case, a virtual WAN).

What is a virtual WAN?
Structurally, a virtual WAN consists of appliances (physical or virtual) that are added at the WAN nodes (branch and centralized locations); a management system (appliance or cloud); and a means of integrating other network-access services, such as SaaS offerings.

The essence of a virtual WAN is the separation of the WAN into the logical views and the physical parts. With a virtual WAN, all of the uses of the WAN can be described independently of one another and without reference to the specific details of the physical WAN. Each virtual WAN is defined by its topology (which virtual nodes are connected), the service requirements (what each use requires), and the security, privacy and regulatory compliance requirements that apply. Each use can be configured independently, and created or changed on the fly, consistent with the physical underlay being capable of meeting the requirements and the availability of enough aggregate connection capacity.

A virtual WAN is analogous to a virtual LAN, such as provided by VMware NSX or Cisco ACI for a VMware ESX virtual server fabric. Both can be created, moved, changed, replicated or discarded — all on-demand. In each case, the network abstraction is of equal value to the team that manages the underlying physical infrastructure because they can evolve or refresh the physical infrastructure without having detailed negotiations with each user of the WAN.

The value of virtualizing the WAN
The most important benefits of WAN virtualization are configuration simplicity and agility, security and compliance, and performance and cost efficacy.

Virtual WANs (vWANs) bring agility and simplicity to WAN management, just as it is most needed. Legacy WAN configuration management and evolution is challenging because of the linkages between specific WAN functions and application needs, compounded by the difficulty of configuring remote devices (some in unmanned locations), private links and service-provider offerings. As in the case of datacenter network virtualization, a vWAN implementation moves the most dynamic aspects of the WAN to a software overlay and utilizes the physical WAN as a more static ‘underlay,’ thereby enabling greater configuration and orchestration agility since it can be done largely in the software overlay.

Virtual WANs simplify the incorporation of Internet technology into a WAN fabric while making it easier to assure compliance with privacy and security regulations. Implementations of vWANs let the use and structure of the WAN be separated, and compliance requirements added as a necessary attribute of a virtual WAN link. Many vWAN implementations include robust encryption at the edge — the foundation for improved security and a critical element of implementing many regulations.

Finally, with a vWAN the SLAs for particular virtual paths can be described explicitly (e.g., VoIP transport, high-bandwidth video conferencing), and the dynamic performance of the underlay fabric links can be monitored so that particular virtual paths can be managed to meet the SLA while enabling the remaining link capacity to be used for other traffic, thereby improving link utilization significantly.

vWAN competitors and offerings
With the exception of Akamai and Aerohive, the companies listed here are aspiring startups. We expect accelerating acquisition activity over the next 18 months as these offerings gain market traction and attract the attention of the larger providers. Cisco is sure to participate at some time, and will choose from its internal efforts (a significant investment in WAN provisioning automation), new architectures (ACI) and existing partners (e.g., Glue Networks), as well as the independents. Juniper and Alcatel-Lucent have similar positions, albeit less cash. The major network service providers may well choose to offer this functionality as a service (e.g., BT, Telefonica, Verizon), as well as emerging network service provides such as CloudFlare. Finally, leading application delivery vendors (e.g., F5, Citrix) could choose to extend their offerings into the cloud.

It is also worth noting that virtual networking solutions (e.g., NSX, ALU Nuage, Juniper Contrail, Midokura, PLUMgrid) have architecture and technology that are relevant to vWAN implementation, and these vendors could repurpose their existing products for this new use.

Akamai is the leading content-delivery network service, founded in 1998, with revenue of $476m in the most recent quarter. Akamai provides Internet acceleration services based on their 150,000 servers located near Internet users, for example, to provide cached copies of popular content that can be served closer to the user. Akamai provides vWAN services by steering traffic through these overlay servers to provide high-quality paths.

Aryaka Networks
Aryaka Networks was founded in 2009 with the mission of providing WAN acceleration in the cloud. Since launch, Aryaka has focused increasingly on providing virtual branch office networks (vWANs) that can be quickly defined and configured, and immediately provide detailed analysis of the traffic carried.

Ayla Networks
Ayla Networks (founded 2010) builds a platform on which IoT applications can be built without having to worry about implementing the infrastructure. The Ayla architecture includes virtual networking that virtualizes the communications and provides security and robustness on top of an IP underlay, such as a customer’s home Wi-Fi connection to the Internet.

CloudGenix was founded in 2013 and launched in 2014, and sells an offering that enables customers to build a vWAN using software appliances at the edge, with special attention to both security/compliance and traffic performance optimization.

Distrix was founded as Spark Integration in 2006 and renamed Distrix in 2014 after its wLAN offering. Distrix is differentiated by its ability to transport non-IP protocols (such as have been used for industrial automation) securely over an IP WAN transport.

Glue Networks
Glue Networks isn’t a virtual WAN provider per se, but gives insight into how the physical WAN infrastructure can be managed with much greater agility.

Pareto (acquired by Aerohive)
Pareto Networks (founded in 2007, acquired by Aerohive in 2011) was one of the earliest wLAN participants. Pareto manufactured inexpensive branch office communications devices that connected to WAN links and let branch office communications be configured and managed from the cloud.

Pertino was founded in 2011 and builds virtual LAN, branch and (most recently) cloud networks.

Silver Peak
Silver Peak was founded in 2004 as a WAN-acceleration company. In 2014 it introduced Unity, a vWAN offering in the form of virtual appliances, differentiated by the incorporation of its WAN optimization technology and by the ability to optimize traffic on the IP underlay.

Talari Networks
Talari Networks (founded in 2007) began providing technology that let multiple broadband links be optimized dynamically, and has since evolved toward a vWAN offering, creating an abstract view of the virtual WAN.

VeloCloud (founded in 2012, launched in 2014) is differentiated by the use of inexpensive appliances at the edge, based on Intel system-on-a-chip technology, providing a programmable, high-bandwidth platform for delivering services at the edge, including dynamic performance optimization.

Viptela (founded in 2012, launched in 2014) is differentiated by proprietary edge routers with robust security and encryption capabilities, of particular importance to the company’s initial focus market — highly regulated segments.



  1. […] and the regulatory compliance requirements that apply,” Christy wrote. “Each use can be configured independently, and created or changed on the fly, consistent with the physical underlay of being capable of […]


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.