Skip to main content
HashnodeHub & Spoke | Best SD-WAN Blog on Earth

Command Palette

Search for a command to run...

Understanding Underlays & Overlays in SD-WAN

Discover how SD-WAN's underlays & overlays revolutionize business connectivity for efficiency and security

Updated
Understanding Underlays & Overlays in SD-WAN
R
Ronald Bartels

Driving SD-WAN Adoption in South Africa

Part of serieseBook

Software-Defined Wide Area Networking (SD-WAN) has transformed how businesses connect their distributed locations, offering flexibility, scalability, and cost-efficiency compared to traditional WAN solutions. At the core of SD-WAN architecture lie two critical concepts: the underlay and the overlay. These components work together to create a robust, secure, and efficient network. This chapter explores the roles of underlays and overlays, their interplay, and their significance in modern SD-WAN deployments, drawing on insights from industry resources.

The Underlay | The Foundation of SD-WAN

The underlay refers to the physical or virtual network infrastructure that serves as the foundation for SD-WAN. It consists of the physical links, such as MPLS, broadband Internet, 4G/5G, or leased lines, that connect sites within the network. The underlay provides the raw connectivity over which the SD-WAN solution operates.

  • Characteristics of the Underlay:

    • Diverse Transport Options: The underlay can leverage multiple transport mediums, including MPLS for reliability, broadband for cost-effectiveness, or cellular networks for mobility. This diversity allows businesses to optimize costs and performance based on their needs.

    • Physical or Virtual: The underlay includes physical circuits managed by service providers or virtualized connections like VPNs over the public Internet.

    • Performance Variability: Underlays, especially public Internet links, are subject to latency, jitter, and packet loss, which SD-WAN mitigates through intelligent traffic management.

  • Role in SD-WAN: The underlay provides the pathways for data transmission. SD-WAN solutions monitor underlay performance in real time, dynamically selecting the best path for traffic based on application requirements, such as low latency for VoIP or high bandwidth for video streaming.

The Overlay | The Intelligent Layer

The overlay is the logical or virtual network layer built on top of the underlay. It abstracts the complexities of the underlying infrastructure, enabling centralized control, simplified management, and enhanced security. The overlay is where SD-WAN’s software-defined intelligence shines, orchestrating traffic across the underlay to meet business objectives.

  • Characteristics of the Overlay:

    • Abstraction and Control: The overlay decouples network services from the physical infrastructure, allowing centralized policy management and dynamic traffic routing. This abstraction simplifies network configuration and scalability.

    • Security: Overlays often incorporate encryption and segmentation, ensuring secure communication over potentially untrusted underlays like the public Internet.

    • Flexibility: The overlay supports various architectures, such as hub-and-spoke or full-mesh, depending on the organization’s needs. Hub-and-spoke is ideal for centralized traffic flows, while mesh architectures suit distributed, peer-to-peer communication.

  • Role in SD-WAN: The overlay intelligently directs traffic across the underlay, using policies to prioritize applications, optimize performance, and ensure reliability. For example, an SD-WAN overlay can reroute traffic to a backup underlay link if the primary link experiences congestion or failure.

Underlay & Overlay Interplay

The underlay and overlay work in tandem to deliver SD-WAN’s benefits. The underlay provides the physical or virtual connectivity, while the overlay adds intelligence to manage and optimize that connectivity. Here’s how they interact:

  • Dynamic Path Selection: The overlay monitors underlay performance metrics (e.g., latency, packet loss) and dynamically selects the best path for each application. For instance, a business-critical application like ERP software can be routed over a low-latency MPLS underlay, while less sensitive traffic uses broadband.

  • Security and Segmentation: The overlay applies encryption and network segmentation to secure traffic across diverse underlays, protecting data even over public Internet links.

  • Scalability and Flexibility: By abstracting the underlay, the overlay enables businesses to add new sites or change connectivity types without reconfiguring the entire network. This is particularly valuable for organizations with distributed branch offices.

  • Architectural Choices: The overlay supports different topologies, such as hub-and-spoke for centralized control or mesh for direct site-to-site communication. The choice depends on the organization’s traffic patterns and scalability needs.

Benefits of the Underlay-Overlay Model

The separation of underlay and overlay in SD-WAN delivers several advantages:

  • Cost Efficiency: By leveraging affordable underlay options like broadband alongside premium MPLS links, businesses can reduce WAN costs while maintaining performance.

  • Improved Performance: The overlay’s intelligent traffic steering ensures optimal application performance, even over unreliable underlays.

  • Enhanced Security: Overlays provide end-to-end encryption and segmentation, securing data across diverse underlays.

  • Simplified Management: Centralized control via the overlay reduces the complexity of managing multiple underlay connections, enabling rapid deployment and policy updates.

Challenges & Considerations

While the underlay-overlay model is powerful, it comes with challenges:

  • Underlay Reliability: The performance of the overlay depends on the quality of the underlay. Poorly managed Internet links can degrade application performance, requiring robust monitoring and failover mechanisms.

  • Configuration Complexity: While the overlay simplifies management, configuring policies for diverse applications and underlays requires careful planning to avoid conflicts or suboptimal performance.

  • Security Dependencies: Although overlays enhance security, organizations must ensure underlay providers meet compliance requirements, especially for sensitive data.

Wrap

The underlay and overlay are the backbone of SD-WAN, enabling businesses to build flexible, secure, and cost-effective networks. The underlay provides the physical or virtual connectivity, while the overlay adds intelligence to optimize traffic, enhance security, and simplify management. By understanding and leveraging these components, organizations can tailor their SD-WAN deployments to meet specific performance, scalability, and security needs. Whether using a hub-and-spoke architecture for centralized control or a mesh topology for distributed connectivity, the underlay-overlay model empowers businesses to revolutionize their network infrastructure.

#sd-wan

Comments

Join the discussion

No comments yet. Be the first to comment.

eBook

Part 16 of 30

This is an eBook about SD-WAN by Ronald Bartels also known as the Tao of SD-WAN

Up next

Revolutionizing Connectivity with Nepean Network's SD-WAN

Discover SD-WAN & Why It Matters for Modern Networking

More from this blog

H

Hub & Spoke | Best SD-WAN Blog on Earth

830 posts

Driving Software Defined Wide Area Networking (SD-WAN) Adoption in South Africa. The best SD-WAN blog on Earth & in the World that also includes insights on Cybersecurity, IoT, Cloud, & Data Centres!