SD-LAN: Why Your Network Edge Refresh Strategy Needs To Be Software Defined

Mobility Changes Everything – but is it giving you a network planning migraine?

You may have heard this before, but nowhere does this ring truer than at the network edge. If you’re planning, deploying, or managing your WLAN, it was the case even a few years ago, that typical wireless refresh cycles were 4 -7 years, and wired edge switch refreshes every 7-10 years.

But those days are gone. New generations of Wi-Fi technology every couple of years (802.11n, 802.11ac Wave 1, Wave 2…) and mobile devices (iPhone 6, 6s, 7..) on an unrelenting annual product cycle are driving change much faster at the access layer of the network.

But perhaps more importantly, the pace of change at the network edge is being driven by a rapidly evolving consumer experience and workforce productivity expectations that are wireless-first. At the same time, the wired edge is evolving to where switch ports are no longer about laptop docking stations, but increasingly about connecting wireless access points and powering things (printers, surveillance cameras, sensors, VDI displays and even smart LED lighting systems.

Yes, the Internet of Things has really arrived.

How should you then, today, evaluate wired- and wireless-networking infrastructure to ensure you’re building a campus network that will adapt with changing devices and applications, stay flexible so you can mix and match generations of hardware, be cost-effective not just in terms of CapEx, but also to manage in terms of ongoing OpeEx, ensure business continuity as the mobile edge becomes mission critical for delivering business services, and scale as your needs grow to an expanded campus, or thousands of distributed sites? Seems like an impossible task?

Software Defined LAN: A better architecture to plan, deploy and refresh the access network

Wait now, SDN? Isn’t that all about agility in the Data Center, or maybe something to do with reducing costs in the wide-area network with SD-WAN?

Well, not quite. While the term software-defined Networking (SDN) might almost seem to have been co-opted into the data center by endless conversations around protocols, SDN is all about benefits and architectures for every part of the network, and therefore merits distinct definitions.


In fact, there are really three distinct software-defined networking architectures. Historically, the conversation started with bringing benefits such as agility of application deployment and virtualization of network resources in the data center (SD-DC).

This is where the “SD fatigue” around conversations that revolve around protocols such as OpenFlow often arises.  And the benefits there are mostly relevant to massive enterprises and carriers.

However, in recent years, we’ve seen the conversation branch out (no pun intended), with SD-WAN, to provide real cost-savings for branch office connectivity with a better alternative to expensive legacy private WAN connection technologies such as MPLS, by offering resilient dynamic multi-path connections including LTE, Cable, DSL, and MPLS. Given these benefits, Gartner predicts that by 2019, 30% of enterprises will use SD-WAN solutions in all their branches.

Software defined LAN (SD-LAN) architecture builds on these preceding software-defined principles, to bring specific benefits of adaptability, flexibility, cost-effectiveness, and scale, while providing mission-critical business continuity to the network access layer.

What defines SD-LAN?

SD-LAN builds on the principles of SDN in the data center and software defined WANs (SD-WAN) to create a new approach to building an adaptable, flexible, and cost effective wireless and wired access network. It is defined by an application and policy driven architecture, that decouples hardware and software layers enabling a self-organizing, centrally-managed network edge that is simpler to operate, integrate, and scale.

An SD-LAN solution requires the following 5 key components:

1. Application Optimization

  • Dynamic optimization of the LAN, driven by application priorities
  • Ability to focus network resources where they best serve the organization’s most important needs
  • Fine-grained application visibility and control at the network edge

2. Identity Driven network

  • Secure, identity-based access for users, devices and things
  • Context-based policy control
  • Access can be granted or revoked at a granular level for collections of users, devices and things, or just one, on corporate, guest and IoT networks

3. Adaptive access

  • Control Protocols that enable self-healing, self-optimizing, self-correcting access at the edge
  • Ability to intelligently adapt device coverage and capacity through use of software definable radios and multiple connection technologies (802.11a/b/g/n/ac/wave 1/wave 2/ MIMO/MU-MIMO, BLE, and extensibility through USB)
  • Cloud-managed switches and wireless access points with unified wired and wireless policies

4. Centralized cloud-based Network management

  • Deployment in public or private cloud with a unified architecture for flexibility of operations
  • Centralized management for ease of network planning, deployment and troubleshooting
  • Ability to distribute policy changes quickly and efficiently across geographically distributed locations

5. Open APIs

  • Programmability that enables applications to derive information from the network and enable the network to respond to application requirements
  • A big data cloud architecture to enable insights from users, devices and things
  • An open developer program to enable an ecosystem of developers, software vendors and MSPs

SD-LAN in a nutshell


This definition of SD-LAN can be used as a guiding principle to bring concrete benefits to your organization as you consider your next edge network infrastructure refresh cycle.

For example, consider why an adaptive access layer is important.

Most Wave 2 access points today could be highly under-utilized in real-life deployments.  Why? Because, aside from a few MU-MIMO-capable laptops from vendors like Dell, your network does not have a lot of MU-MIMO devices today.

At the same time, in dense deployments, such as an AP in every adjacent classroom, you probably have to switch off your 2.4Ghz radios on every second or third access point to reduce interference. With an Adaptive access layer, that has software definable radios, you could switch that second radio to 5GHz, effectively increasing your capacity today. That’s the balance between future-proofing your purchase and ensuring you are seeing ROI today.

Similarly, edge switches today have dramatically different requirements than those in the core. At the edge, you need to optimize for power and secure connectivity to things, such as access points and conventional and new IoT devices. The edge of your network is getting more and more geographically spread out with more users, devices, and locations. That’s why edge switches need easy, UI-based centralized cloud management, and unified wired-wireless policies – not a cumbersome CLI for common tasks.

With an identity-driven SD-LAN, technologies such as private PSK can enable you apply fine-grained security policies to individual users on your Guest network, complementing the AD based 802.1X authentication that you use in your corporate network. This can be a huge benefit for corporations who typically use a single Guest SSID with a common PSK that could be compromised.

Care facilities, for example, have health monitoring devices that are often headless and therefore hard to administer or can’t afford downtime. They could now secure devices down to a level of granularity that would make it possible to only triage the device that’s compromised without affecting the rest of the network. Or, ensure surveillance cameras, thermostats or other IoT devices are only sending appropriate traffic to specific end points, reducing potential vulnerabilities in your network.

With an application-optimized network you can ensure, say at financial quarter-end, that your CRM and financial systems get the QoS you need, even if there’s a big game on, and employees are slamming the network with ESPN.

Also, think about that school kid who comes into the network, has access credentials, but runs a Bit torrent server inside the LAN to distribute movies to classmates. With deep packet inspection and policy enforcement right at the access point, that can be easily nipped in the bud.

Cloud management is a must (and, here, I mean secure public or private cloud options) to deploy and centrally manage thousands of access points, switches, sites, end users, and devices. The benefits to your organization will continue for years in ongoing costs of operations and speed of deployment.

Lastly, Open APIs can provide real benefits in specific use cases today, but can also support your organization’s digital transformation efforts in the future.

Location and Presence APIs provide tangible benefits to customers in retail, manufacturing, and logistics use cases today. Monitoring APIs can enable MSPs to offer Wi-Fi as a service, and add value with their own customized network management dashboards. APIs for identity can help schools and colleges for example, create easy guest on-boarding and sponsorship workflows that are integrated into their student/teacher IT portals, making self-serve IT a reality. And it’s important that there be a vision for future-proofing your investment with a big data architecture and the ability to dynamically configure the network with Configuration APIs.

After all, it was customized agility in the data center that enabled Google, Facebook, and Amazon as just a few examples, to create compute environments that provided huge business advantage.

The network edge is the next big frontier where business will seek to create competitive advantage and differentiation. After all, that’s where consumer experience and workforce productivity are drivers of innovation.

With SD-LAN, you’ll be smart today and ready for the future.

Related posts on SD-LAN

  1. Introducing the Software-Defined LAN: SDN at the Edge, and More (1 of 3 in a series by Craig Mathias)
  2. What Are The Requirements For SD-LAN? (2 of 3 in a series by Craig Mathias)
  3. What Are The Benefits of SD-LAN? (3 of 3 in a series by Craig Mathias)

Technology Details

Customer Stories

News Coverage

For More Info on SDN, Read This Series of Articles By Marko Tisler

  1. Software Defined
  2. The Many Colours of SDN
  3. The Coming Age of SDN

For More Info on SDN, Read This Series of Articles By Craig Mathais


Milind Pansare is Strategic Marketing Director at Aerohive, responsible for working with Aerohive’s strategic alliance initiatives, corporate messaging and positioning, and working with key industry analysts. Prior to Aerohive Milind has led Product Marketing at several Silicon valley cloud startups, and held marketing and engineering leadership positions at companies such as Sun Microsystems (now Oracle), Saba Software, and HP. Milind holds a Bachelor of Science degree in Computer Science.

Leave a Reply

Your email address will not be published. Required fields are marked *