What Is SD-Branch?

Why Use SD-Branch?

SD-WAN provides enterprises and users with automatic deployment, management, and O&M capabilities for WAN-side devices and networks. As more and more organizations undergo digital transformation, LAN-side service access at branch sites becomes increasingly diversified. In this context, an increasing number of enterprises and users want to incorporate the LAN-side networks of multiple branch sites into the SD-WAN architecture for automatic deployment and unified management and control.

SD-Branch extends software-defined technologies from the WAN to the LAN, integrates security and other cloud services, significantly simplifies IT infrastructure of branches, delivers more value than SD-WAN, and provides a comprehensive LAN and WAN management solution, meeting the increasing network requirements of branches.

SD-Branch has the following advantages:

1. Provides SD-WAN multi-link hybrid connections and WAN link quality optimization capabilities, reducing the MPLS link cost and improving the network quality between branches and the headquarters (HQ).
2. Facilitates operations and has high scalability and offers remote centralized configurations to implement network setup or expansion of branch sites within minutes without the need for professional onsite IT personnel.
3. Uses the software-centric architecture and integrates the routing, switching, and security capabilities, effectively reducing hardware costs, space, and overall operation costs of enterprise networks.
4. Allows enterprises to remotely manage and control the WAN-side and LAN-side networks of all branches with software-defined capabilities, providing end-to-end connection and security assurance for branch network services.

What Are the Differences Between SD-Branch and SD-WAN?

SD-Branch and SD-WAN are closely related. SD-Branch extends software-defined technologies from WANs to branch networks, simplifying the network architecture of branches and enhancing service experience of branch networks.

The differences between SD-Branch and SD-WAN are as follows:

1. Definition and function

   SD-WAN applies software-defined technologies to WAN connections and intelligently manages different WAN links (such as MPLS, Internet, and LTE/5G links) to implement WAN optimization, providing enterprises with high-reliable and high-performance access to sites, data centers, cloud services, and Software as a Service (SaaS) applications.

   SD-Branch is a more comprehensive solution. Based on SD-WAN, SD-Branch supports automatic orchestration and control of LAN-side devices by extending software-defined technologies to LANs. SD-Branch provides a comprehensive SD-WAN solution that covers branch and HQ LANs, just as SD-WAN does for traditional WANs.

2. Application scope

   SD-WAN mainly connects the HQ, branches, data centers, and cloud services of enterprises. It is typically used by enterprises or carriers with many branches and various network services.

   SD-Branch provides a wider range of capabilities. It is recommended if an enterprise has many types of network devices and wants to quickly expand branches while managing LANs and WANs in a comprehensive manner.

3. Architecture

   The following figure shows the SD-WAN architecture, which consists of the service presentation layer, management and control layer, and network layer. The SD-WAN architecture focuses on WAN traffic management and path selection.

   
   Overall SD-WAN architecture

   The biggest difference between SD-Branch and SD-WAN architectures regards the network layer. SD-Branch architecture consists of many types of network devices, including APs, switches, firewalls, and routers. It extends management to the LAN and is deployed on the customer side to provide user access services.

   
   Overall SD-Branch architecture
4. Management and O&M

   SD-WAN provides performance monitoring and O&M capabilities for the entire enterprise WAN.

   SD-Branch provides monitoring and O&M capabilities for the entire branch network from the LAN to the WAN.

What Are the Key Capabilities of SD-Branch?

SD-Branch offers the following key capabilities:

• Simplified devices. As shown in the following figure, the all-in-one gateway that integrates routing, switching, firewall, IPS, antivirus, 5G/LTE, and Wi-Fi can be selected for a branch site to effectively reduce the device cost.
  
  All-in-one gateway
• Easy expansion. As shown in the following figure, the device can be easily expanded to support on-demand deployment of IoT, WLAN, wired, SD-WAN, and security services. It supports PoE-capable RUs, which support plug-and-play while providing more interfaces. This frees up IT personnel from performing on-site configurations.
  
  Easy service expansion
• Efficient deployment. As shown in the following figure, SD-Branch supports multiple ZTP deployment modes, such as email-based deployment, USB-based deployment, and registration query center-based deployment. A template can be used to deliver configurations in batches. Configurations then only need to be delivered once, after which all devices at a site are deployed within minutes. This reduces the requirements for onsite IT professionals and shortens the service provisioning period of branch sites. In addition, LANs and WANs are managed in a unified manner, offering clear insights into the network-wide status. Intelligent policy recommendation can effectively improve the management efficiency of branch networks.
  
  Key to efficient deployment

• Ultimate experience. Based on SD-WAN, SD-Branch has the same service experience improvement functions as SD-WAN. As shown in the following figure, the adaptive forward error correction (A-FEC) function ensures smooth video playback even at a high packet loss rate, the adaptive QoS function dynamically adjusts service traffic based on real-time link information to ensure key service experience, and the SaaS intelligent traffic steering function accurately identifies SaaS application traffic and dynamically selects the global optimal access path.
  
  Ultimate experience brought by SD-Branch

Typical Cases of SD-Branch

SD-Branch has different typical cases differing in the branch scale.

• Micro branch with less than 10 users, less than 50 terminals, and less than 100 square meters in size: Typically only needs to access the Internet and does not have high security requirements. Therefore, one NetEngine AR can meet the access requirements of wired and Wi-Fi office terminals and provide basic security protection capabilities, such as ACL and URL filtering.
  
  Typical case of a micro branch
• Small branch with 10 to 50 users, 200 terminals, and 1000 square meters in size: Typically has high requirements on wireless coverage and security. Some industries, such as retail (electronic shelf labels) and healthcare (patient wristbands), have IoT requirements. To meet these requirements, two or three APs can be flexibly expanded to implement wireless coverage, and scalable firewalls can be configured to implement security protection. Scalable IoT APs can connect to various terminals such as Bluetooth, RFID, and ZigBee terminals.
  
  Typical case of a small branch
• Midsize branch with 50 to 250 users, 1000 terminals, and 5000 square meters in size: Has higher requirements on wireless network coverage, performance, and security than a small branch. As such, more APs need to be deployed to meet wireless coverage requirements, and Wi-Fi 7 APs are used to meet high-performance wireless requirements.
  
  Typical case of a midsize branch