Carrier Status of SD-WAN Deployments

This discussion summarizes the status of SD-WAN deployments and other Virtualized Network Services (VNS) with the major U.S. carriers. It presumes a degree of familiarity with VNS including network– or cloud-based VNS offerings. Although this discussion strives for accuracy, the status of SD-WAN deployments and other VNS offerings by carriers are evolving rapidly. You will need to speak with your carrier representative to ensure that you have the most current information. Those desiring an introduction to SD-WAN and VNS may find the accompanying Tutorial Introduction to SD-WAN helpful. It includes a video of an animated PowerPoint presentation.

Carriers Converge on Network Function Virtualization (NFV) and Basic SD-WAN Features

The major U.S. carriers have embraced NFV in the form of virtualized capabilities (e.g. routers, firewalls) running on x86 server platforms deployed at the customer site. You may see such servers referenced as universal CPE (uCPE). AT&T seems to have most articulated strategy on NFV, but others are moving in the same direction.

While NFV is considered a solution on the customer premise, some solution elements are moving from the premise into the network itself (according to context, often then called a cloud-based solution or virtual cloud platform, including virtual CPE (vCPE)).

The carriers’ approaches on SD-WAN, and virtualized services in general, are converging towards NFV on the premises and cloud-based offerings as appropriate. In some cases the premise and cloud-based solutions will support each other. For example, in a security service, the premise-based security function might perform some of the more basic functions, like access control lists (ACL), while the cloud-based portion might do the heavy processing lifting, such as sandboxing.

There is also convergence on carrier SD-WAN offerings in that all support the nominally expected SD-WAN feature sets including: central and simplified service orchestration capabilities such as network virtualization/visualization and a centralized director (including with shared carrier/customer responsibilities), powerful analytics for network and application performance monitoring; secure transport; simultaneous support of multiple connectivity options per site; transport agnosticism (the free use of any transport medium and technology, e.g. mixes of wireline and wireless, ethernet and TDM); routing on the basis of application, policy and performance; good support for multitenancy; and the ability to insert network/cloud-based services (such as network-based security). For reference, some of these items are discussed in the accompanying Tutorial Introduction to SD-WAN page/video and summarized in the figure below.

Summary of SD-WAN in a Single Image

Carrier SD-WAN Offerings Summaries

We summarize the status of SD-WAN deployments and other VNS offerings of AT&T, CenturyLink and Verizon. As suggested above, all are pursuing similar approaches on SD-WAN, and virtualized services in general.


AT&T is approaching SD-WAN within a broader strategy on software-defined capabilities. Fundamental to this strategy is NFV, which is called FlexWare® (formerly Network Functions on Demand) and founded on a premised-based virtualization platform of the same name. FlexWare is realized as AT&T-branded x86 servers running KVM hypervisor software on Linux. Specific virtualized network functions are called FlexWare applications. In addition to SD-WAN itself, FlexWare currently has 3 classes of applications (routing, security and WAN acceleration), and AT&T is actively seeking to expand both application classes and participants in each class. The current classes and their participants are:

  • Routing: Cisco, Juniper, and (announced) Brocade
  • Security: Check Point, Fortinet, Juniper, Palo Alto Networks
  • WAN Acceleration: Riverbed.

For the SD-WAN solution, AT&T has selected start-up VeloCloud, rendering SD-WAN as another FlexWare application. Therefore, FlexWare could offer more than one SD-WAN application participant. SD-WAN solutions do perform common routing functions as well, so the SD-WAN application class most likely will include routing.

The AT&T offering in which SD-WAN services are derived from a FlexWare application is now called AT&T SD-WAN Static Over the Top. In the figure above, the location on the right hand side would be using this offering. This premise-based offering contrasts with a forthcoming AT&T SD-WAN Network Based offering. In the Static Over the Top offering, the customer deals with the FlexWare SD-WAN application via a portal to one or more centralized SD-WAN controllers. Presumably this will be the same in a Network Based offering.

Regarding VeloCloud and its SD-WAN solution, VeloCloud has deployed a global network of its SD-WAN gateways in service of its own enterprise customers. This network can assist AT&T with coverage and/or AT&T can add VeloCloud gateways within the AT&T network. VeloCloud sees itself as part of an ecosystem of cloud-based services (e.g. security), which aligns with AT&T’s own construct. Among the capabilities VeloCloud highlights are its techniques (such as forward error correction measures) to manage traffic in a degraded environment, thereby delivering more-robust, higher quality transport over the Internet.


While CenturyLink’s virtualization strategy is perhaps not as well articulated as that of AT&T, it is on par on an offer-by-offer basis. CenturyLink offers two classes of SD-WAN packages, Private and Premium. Among other enhancements, the Premium package provides secured Internet access at each site, more-detailed analytics, wireless access (as a redundant connectivity option), and some better management capabilities.

CenturyLink has chosen start-up Versa Networks as the basis of its SD-WAN solution, and Versa has a well-considered SD-WAN solution. Its FlexVNF® is the x86-based premise solution. In addition to supporting routing/SD-WAN capability, Versa also offers its own premise-based security solution – which would be another NFV application.

The Versa SD-WAN premise solution is also available on a virtualized basis running on an Advantech platform. This platform is used in a smaller scale SD-WAN offering with Bronze, Silver, and Gold packages.


Verizon is now largely positioning SD-WAN within its Virtual Network Services (VNS) portfolio, which also includes offerings for security and WAN optimization (i.e. its “applications”). Verizon’s current platform applications and service partners are:

  • SD-WAN: Cisco, Versa (part of Secure Branch offering), Viptela (now part of Cisco)
  • Virtual Routing: Cisco, Juniper
  • Security: Check Point, Cisco, Fortinet, Juniper, Palo Alto, Versa (part of Secure Branch offering)
  • WAN Optimization: Riverbed

Verizon offers its VNS offerings in service tiers, Essential, Core, and Complete. Not all services offer all three tiers, and within a service, not all suppliers are offered with the same tiers. If you have more than one service, you can mix tiers.

Cisco has been active in SDN in the data center, where SDN took root, and has extended it to the WAN in its Intelligent WAN (iWAN®) solution. Cisco also offers a cloud based security offering, Cisco Cloud Web Security (CWS), which SD-WAN would consider an insertable network-based service.

Viptela is another start-up company in the SD-WAN system space. Its SD-WAN offering, Viptela Secure Extensible Network (SEN), is competitive with the industry. Its vEdge customer premise solution offers physical and virtual implementation options.

While this discussion has focused on major U.S. carriers, SD-WAN solutions are being adopted worldwide by service providers of all sizes. Other providers include Colt and Tata, which have embraced Versa Networks’ solution; EarthLink, Sprint and Deutsche Telekom (VeloCloud); Singtel (Viptela); and BT (Nuage Networks).

Verified or Updated: October 30, 2017