What is SD-WAN and the Open Source Building Blocks it is Made Of

The anatomy of a modular SD-WAN solution

Why modular & open SD-WAN architecture can reduce cost by 50% to 90%

What is SD-WAN?

Is every SD-WAN modular?

Not exactly, actually the typical SD-WAN you would find out there is not modular at all but rather a black box. That’s one of the “tools” SD-WAN vendors use to lock-in their customers.

But let’s take one step back and look at the networking open source building blocks typically used for building SD-WAN services and products.

SD-WAN vendors make use of a multitude of open source building blocks to create their products. They combine these open source building blocks with 3rd party licensed SW and technology they build themselves, lock them in a one big black box they call – An SD-WAN product.

Some people hold the perception that to build an SD-WAN solution, all that one needs is to glue a few open source elements together. This perception is far from reality.

In my presentation at the Paris SD-WAN Summit in September, I opened up this black box and presented the anatomy of an SD-WAN solution. I also spoke more specifically about the available open source elements, where are the gaps and the different approaches to SD-WAN including the horizontal layers that make an open SD-WAN solution versus the typical closed black box solutions offered by most vendors today. 

Reading through this blog post will answer the following questions:

  • What is open SD-WAN? For this I will break SD-WAN to horizontal layers and show how multi-vendor elements can be integrated into an SD-WAN service if an open approach is adopted
  • Does an open SD-WAN solution need to be open source? The short answer is no. Longer answer, it is preferred to be open source
  • Examples of open source building blocks available for DIY SD-WAN or networking solutions in general
  • Show where are the main open source gaps in the SD-WAN architecture

Open source elements and where they fit in the SD-WAN architecture

An SD-WAN solution is typically divided into edge and management. A more detailed view depicted below will split the edge to a controller and router while the management will be split to the SD-WAN management itself and the orchestrator. The orchestrator should be considered as external to a specific SD-WAN solution because it should be able to manage more than one vendor’s product and interact with other services such as OSS/BSS.

The Anatomy of an SD-WAN Solution

In the sections below we will review some of the open source components available today that can be used for building an SD-WAN service. This is by no means an exhaustive list of available networking open source building blocks but simply examples.

Before using any open source element, it is important to check who is behind it, when was the last time it was updated and what are the available licenses (open source license and if a commercial license is available).

Edge device software

On the edge device (which can be software only or a physical device) we will have the Linux OS as well as virtualization technologies and in some cases, containers frameworks. On top of that, we will have an open source router such as FD.io and typically also DPDK for better networking performance. To these base elements, we should add the components responsible for encryption,  tunnel creation and management. These elements can be considered as the networking infrastructure. These are the elements required for connecting between one edge device to the other. The following layer will be the add-on technologies, or networking applications that implement the more advanced SD-WAN capabilities such as DPI, WAN Optimization and security.

SD-WAN Edge Comprised of Open & Closed Source Elements

The controller that rides on top will handle the routing protocols via the FRR open source as well as the connectivity and communication with the central management. The controller will also hold the policy received from the management so in case the router disconnects from the central management, it will be able to continue operations.

Although there are some open source options that can be included in the networking applications and controller layers, these layers will mainly be based on proprietary technology developed by the vendor himself or licensed from 3rd party. Typically in SD-WAN solutions, these are all closed in that one black box offered by the vendor with no control or choice left for the service provider or enterprise. This fact is one of the main pain points for service providers today, lack of differentiation they can offer for their SD-WAN hosted services.


The central management includes an infrastructure layer that will typically comprise of NODE.js and databases as well as open source components for microservices orchestration and installation scripts. The core logic of the management will typically be proprietary as that’s where a lot of the vendor secret sauce is.

SD-WAN Management Comprised of Open & Closed Source Elements

The orchestration layer does hold some open source options but that would be considered out of scope of the pure SD-WAN solution coming from the vendor.

Open source gaps

As described in the sections above, there is a good open source coverage for some of the layers. This still doesn’t mean that using these open source building blocks will make it easy to take the DIY approach for building your own SD-WAN solution. As illustrated below, there are still gaps, mainly in the edge software controller and the management. These are the layers that include the specific secret sauce and logic of the SD-WAN solution and therefore can’t come as standalone but rather need to be part of the complete SD-WAN solution.

Open Source Gaps for DIY SD-WAN

flexiWAN comes to close these gaps by offering the world’s first complete open source SD-WAN solution where all this logic is included in the package.

Breaking SD-WAN horizontally makes it an open SD-WAN architecture

As illustrated at the opening of this blog post, SD-WAN architecture is typically presented as edge and management but is not shown in its horizontal layers. When we take a closer look at the horizontal layers (that span across edge and management) inside the SD-WAN architecture, we find out that with the right design and interfaces, it is possible to allow for much more flexibility and control in an SD-WAN product and service.

The Horizontal Layers Required for a Modular SD-WAN

The networking infrastructure layer is what makes it possible to create secure tunnels between the branches themselves and between them and the cloud, build the network in various topologies (full mesh, hub and spoke and any combination of these) and manage it from one central location. This also requires the implementation of routing protocols and managing the complete lifecycle of the solution including SW upgrades, availability and health checks.

The layer on top is where flexibility and modularity should come in place. Since enterprise network requirements can’t be viewed as a one size fits all, SD-WAN solutions shouldn’t be built as such. Unfortunately most SD-WAN vendors still build their products as closed boxes making such flexibility and modularity impossible, which in turn, doesn’t allow an SD-WAN hosted service to be more tailored to the needs of a specific enterprise or segment.

What is SD-WAN? Or more specifically, what is a modular SD-WAN?

A modular SD-WAN should be built in these layers and allow for the integration and replacement of the different networking applications that comprise the overall SD-WAN functionality. This allows to tailor the SD-WAN service deployed at a specific enterprise to the enterprise’s technical and budget needs and thus, reduce TCO. Moreover, we see cases in which an enterprise will have different technical and budget requirements for different branches. The requirements for a small branch are not the same as those of a large HQ office or private cloud.

Many of today’s proprietary SD-WANs have a bloated software stack requiring a minimum of 4 core CPU and 8G of memory for the smallest edge component. Adopting the practices of a modular and open architecture will allow to reduce these hardware requirements for the smaller edge components as well as the software cost. Following these concepts can reduce TCO by 50% to 90%.

The diagram below of the flexiWAN SD-WAN architecture demonstrates what a modular and open architecture SD-WAN looks like. On top of the routing and routing infrastructure components which together with the central management comprise the networking infrastructure layer, we have the application infrastructure which provides the interface for integrating, managing, synchronizing and provisioning the networking applications. These can run in both the edge device and in the management in order to allow for holistic life cycle management of the system. These applications, that run in the edge, are not VNFs but rather applications tightly integrated with the SD-WAN edge router software and are part of the data flow, making this integration super efficient.

flexiWAN architecture

Closing notes

There is a large variety of open source networking technologies that can be used for building an SD-WAN solution but there are gaps that need to be filled in, mainly in the logic parts and the more advanced networking capabilities. It is also clear that lack of modularity of SD-WAN products and closing all components in one black box, results in more expensive solutions and SD-WAN services that lack differentiation. Welcome to the cookie cutter SD-WAN solutions.

flexiWAN closes these gaps by offering a comprehensive modular SD-WAN solution. The flexiWAN SD-WAN solution is built in an open architecture and is also open source. The combination of  open source with the modularity and interfaces for 3rd party application integration is democratizing the networking industry. This in turn allows for launching and deploying cost effective, purpose tailored SD-WAN solutions that reduce TCO and allow for service provider differentiation.