Hybrid and remote work have redefined the modern workplace. Teams now connect from headquarters, branch offices, home networks, coffee shops, and even while traveling — often switching between Wi-Fi, broadband, 5G, or satellite links in the process. With so many moving parts, keeping voice and video calls consistently clear can feel like an uphill battle. Dropped audio, frozen video, and lagging meetings are not only annoying, but they can be costly in terms of eroded productivity and hampered user experience.
This is where SD-WAN makes a difference. By intelligently orchestrating multiple types of connections, SD-WAN can turn this patchwork of networks into a reliable platform for communication. In this article, we’ll show you how SD-WAN helps overcome the pitfalls of underlay diversity, which mistakes to avoid when deploying it, and the best practices that ensure your UCaaS quality remains high. By the end of the article, you’ll be better equipped to assess your network strategy and support seamless collaboration no matter where your teams are working from.
A significant trend in the evolving WAN (wide-area network) marketplace in recent years has to do with what is known as “underlay diversity.” The ever-increasing choices for WAN connectivity have given organizations the option of using a diverse set of media, technologies, and services to connect to private networks, third-party networks, the cloud edge, and the internet. With a growing mix of commercial-grade connections, mobile networks such as 5G, fiber-to-the-premises, MPLS, WISP services, and low earth orbit (LEO) satellite connections, there are many WAN options for primary and backup links, each with advantages and disadvantages.
Software-defined WAN (SD-WAN) turns the drawbacks of underlay diversity into strengths, providing redundancy, throughput, and reliability that exceed what any single WAN connection can achieve alone. However, these advantages, if not implemented properly, can potentially be detrimental to real-time services. To understand the challenges that SD-WAN brings to voice, UCaaS, and other time-sensitive applications, it’s essential to have a proper understanding of what SD-WAN is used for and what challenges it was originally designed to solve.
The WAN technologies used to connect an organization to outside networks vary in terms of speed, cost, reliability, and medium. SD-WAN is a system that allows you to consolidate multiple types of WAN connections, which are considered the underlay network, into a highly configurable and adaptable overlay network. The following diagram illustrates this.
In the underlay depicted above, you can see a variety of access technologies connecting the LAN (local-area network) at headquarters (HQ) on the left, and a similar diversity of technologies connecting the remote locations on the right. In between, we have network infrastructure through which communications take place. This is typically comprised of a private WAN, an internet service provider's shared network, the internet, some other type of WAN, or some combination of these approaches. The underlay is the physical component of the communications system—the technologies that serve data transmission and the real paths taken by the packets.
The overlay is the abstraction. From the point of view of the networks at HQ, the remote data center (DC), and the branch office, there is a direct link between the edge devices. The underlay is a “black box” that these networks do not perceive—and that’s part of the magic of SD-WAN.
SD-WAN mechanisms live within the edge devices that connect to those multiple WAN technologies. They have the intelligence to route traffic dynamically over different access technologies and physical paths as well as to load-balance across those paths. In doing so, traffic gets optimal treatment, ensuring both reliability and high QoS, making those virtual links in the overlay extremely robust and of excellent quality.
However, those edge devices do not contain all of the intelligence. They are registered to an SD-WAN controller from which all WAN connections can be managed simultaneously, whether they exist only at a single physical location or within a framework of a multi-site enterprise. The following diagram shows the controller (left) communicating with the edge devices (right).
In the diagram above, the SD-WAN controller is physically located at HQ, but it communicates with the edge devices. It acts as an orchestrator, managing the edge devices as a single entity and instructing them on how to treat traffic. The control paths through which the edge devices communicate with the controller can be seen in the diagram.
Managing connections in SD-WAN means traffic is dynamically sent over the appropriate WAN connection depending on specific rules and policies. Policies can factor in considerations such as application class, QoS markings, required reliability, real-time link health (including latency, jitter, and packet loss), financial cost, compliance, and current link utilization. Traffic can be steered, shaped, or conditioned accordingly based on these factors. These mechanisms occur in the underlay, abstracted from the overlay, which stays unaware of the mechanics while traffic is dynamically steered onto the most suitable physical path.
This article provides additional information about SD-WAN and its advantages.
UCaaS, which delivers voice, video, and collaboration media between end users, is sensitive to packet loss, jitter, and latency. While underlay diversity can improve resiliency, unmanaged diversity can introduce a greater degree of these phenomena that can negatively affect UCaaS performance.
Network security policies can add even more latency and out-of-order packet arrival to real-time communications. As a result, blindly running all traffic (including UCaaS traffic) through any implemented security stacks can further degrade its quality. We’ll talk more about this and SD-WAN’s solution to this later in the article.
Voice quality for telephony is evaluated using a metric called mean opinion score, or MOS. Formerly a subjective score assigned by human listeners in the 1960s, the International Telecommunications Union (ITU) formalized and quantified it in the 1990s. It consists of a rating from 1 to 5, where 1 is poor, and 5 is excellent. In industry shorthand, “toll quality,” which corresponds to traditional telephony quality, has a value of four or greater, which is also generally considered the threshold for acceptable quality.
Similar metrics are also used to evaluate the quality of video communications. Although the ITU has formalized an analogous five-point quality score for streaming services, most UC platforms have adopted a composite method of evaluating overall quality. They use the aforementioned MOS score for audio and add several key performance indicators (KPIs) for video, including achieved framerate, resolution, freezes, packet loss, and jitter, rather than presenting a single video MOS score.
Several factors must be considered to maintain MOS scores and KPI values above acceptable levels for both voice and video in an environment where SD-WAN is employed. Real-time traffic must be identified correctly, path health must be measured continuously, and the correct actions must be enforced continuously, dynamically, and with response times measured in milliseconds.
Well-designed SD-WAN implementations typically include the following:
Security for UC applications is a special case when it comes to SD-WAN. Applying security processes at any location in an SD-WAN network will add more latency to any data flow, potentially resulting in increased jitter and out-of-order packets. This is often the case with the introduction of Security Service Edge (SSE), a vital security strategy component. SSE is a cloud-delivered security process that sits between users and the apps they access. SSE primarily focuses on secure access to web, SaaS, and private apps with:
However, SSE alone will unavoidably degrade UCaaS quality when the UC media is forced through the full SSE security stack. Such obligatory inspection adds latency, jitter, and out-of-order packets. But that’s where Secure Access Service Edge (SASE) comes in. This is an architecture that unifies networking and security as cloud-delivered services. SASE can be thought of as SD-WAN + SSE, with unified policy and telemetry.
With SASE, you can identify UC media and apply local breakout and fast-path policies that bypass deep inspection for UDP traffic, while securing UC signaling and everything else. The result is decreased jitter and delay without sacrificing security where it matters.
SD-WAN is an excellent solution for multi-site organizations with main sites, branch offices, off-site data centers, and cloud edges, because it turns a mix of WAN links into predictable, secure transport. It offers reliability and performance that basic broadband alone cannot.
Ensuring the proper implementation of SD-WAN for UCaaS and other time-sensitive applications is an integral part of a WAN strategy and must be part of the plan for organizations that already have SD-WAN or are planning to deploy it.
You may also like:
SD-WAN: What it is and why you need it
VoIP failover options and alternatives
Network edge vs. edge computing