AWS Cloud WAN preview: a global network that spans multiple physical networks and geographic locations

On the heels of announcing the AWS 5G Private network earlier this week,  the world’s largest tech conglomerate described another new blockbuster network service.  AWS Cloud WAN is a managed wide area networking (WAN) service that simplifies the way enterprise end users build, manage, and monitor a global network that connects resources running across Amazon’s cloud and on-premises environments.

With Cloud WAN, customers use a central dashboard (the AWS portal) and network policies to create a global network that spans multiple geographically dispersed locations and networks—eliminating the need to configure and manage different networks individually using different technologies. Network policies can be used to specify which of the customer’s Amazon Virtual Private Clouds (VPCs) and on-premises locations you wish to connect through AWS VPN or third-party software-defined WAN (SD-WAN) products.  The Cloud WAN central dashboard generates a complete view of the network to monitor network health, security, and performance.

Cloud WAN automatically creates a global network across AWS Regions using Border Gateway Protocol (BGP) so customers can easily exchange routes around the world.

Like all AWS services, Cloud WAN is designed to be managed through the AWS portal, which has become a single point to manage the “full stack” of AWS services – from the network through application. Through the console, IT professionals can configure connections to all company locations including branches, data centers, headquarter locations as well as Amazon Virtual Private Clouds (VPCs) though a graphical interface.

Businesses will connect into the network through a VPN or a direct connect (private line) for the “last mile” and then will have access to the global AWS network. AWS customers have been using the network already for setting up transit gateways or cloud connection, but this can now be extended to some or all of the corporate network.

“Imagine you’re a large global company with dozens of manufacturing sites round the world… — you need to connect them all to AWS,” Amazon CTO Werner Vogels said during his re:Invent keynote address. Cloud WAN “actually builds it for you in minutes using the big AWS backbone for you, to give you a highly reliable, highly available, software-defined wide area network running over AWS infrastructure,” Vogels added.

Source: Amazon blog post on Cloud WAN

Cloud WAN is available in ten AWS Regions in Public Preview; US East (Northern Virginia), US West (Northern California), Africa (Cape Town), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), Europe (Frankfurt), and South America (São Paulo).

Cloud WAN will have a consumption-based pricing model. The Cloud-WAN site shows there are three pricing factors – the number of cloud network edge (CNE) locations deployed, the number of attachments to each CNE and data processing charges for traffic sent through each CNE.  This is a new type of pricing model for telecom services and may result in customers paying less than they do now.  That’s because the current telco industry pricing is based on a flat fee up to a certain data traffic capacity and then an “over-charge” for additional data transmitted over the network.

AWS has been working with industry leading partners at the launch of Cloud WAN. Here are some of the things they have been doing and saying:

Source: Amazon blog post on Cloud WAN


Analysis by Zeus Kerravala of ZK Research:

The rise of distributed clouds, combined with containers and microservices is making workloads and applications much more ephemeral in nature requiring connectivity that is equally ephemeral. Legacy networks are not nearly dynamic enough to meet the needs of a business running modernized clouds, so AWS is building a service to change the network. While not known as a network provider, AWS has a very sophisticated network that’s highly available with per region fault isolation built into it and those benefits would be passed on to the customer.

The initial use case for a product like this would be for the customer to continue to use their existing telco network for the primary network and use AWS Cloud WAN for offload, backup connections or alternative paths. In this case, the telco networks would still be managed through the AWS console in a “bring your own carrier” model, making the console the single control point for the global network.

For telcos, this kind of “co-opetition” is new as many have a near monopoly in some regions, which is why this group of companies isn’t known for their innovation. It will be interesting to see how the network operators respond. I do know, now that AWS has jumped into networking, it will continue to deliver innovative features that improve network reliability, make it easier to operate and improves application performance. Some will embrace this, change their operating model and benefit from this. I suspect many won’t and will view AWS as a bigger threat.

While Cloud WAN may be negative to the service providers, it should be a positive for its SD-WAN partners, which include Aruba, Cisco, Palto Alto Networks and VMware. AWS told me it has no intention of getting into making SD-WAN appliances but would rather leverage partners. Customers will be able to manage these appliances through the AWS Console as well as the network services.


Learn more by visiting the product overview page and documentation.

To get started, visit the Cloud WAN console or read AWS’ technical blog post and  FAQ page

One thought on “AWS Cloud WAN preview: a global network that spans multiple physical networks and geographic locations

  1. “AWS Cloud WAN removes the difficulty of stitching together and managing third-party tools so customers can now more easily keep their networks securely connected and high performing,” David Brown, VP of AWS Elastic Compute Cloud, said in a statement.

    Cloud WAN works like most middle-mile network providers. In the case of branch-to-branch communications, customer traffic travels a short distance across the internet to the nearest AWS data center where it hops aboard the cloud provider’s private network.

    Once on the network, customers can define how that traffic should be routed between AWS data centers based on networking and security policy configured in the Cloud WAN dashboard. The traffic then leaves AWS’ network at the data center closest to its destination — or as dictated otherwise by routing policy — and completes its final leg once again over the internet.

    While Cloud WAN supports a variety of popular SD-WAN vendors at launch, it should be noted that SD-WAN is not a prerequisite. The service also supports AWS VPN, Direct Connect, and Transit Connect Gateway as on ramps.

    However, according to Cisco’s Raj Gulani, senior director of product management for enterprise cloud and SD-WAN, using AWS Cloud WAN in conjunction with SD-WAN provides numerous benefits.

    By integrating with Cloud WAN, SD-WAN customers can extend their existing WANs into and across AWS’ private network, enabling consistent networking and security policy enforcement, he said. “We can actually orchestrate the entire internal network backbone with just a push of a script from our side and that gets honored by AWS.”

    This is possible thanks to deep API integrations with Cloud WAN that enable SD-WAN vendors, like Cisco, to orchestrate the middle-mile network based on the customer’s intent, he explained. “Now we can actually honor the enterprise SD-WAN policy from an intent perspective.”

    By extending the SD-WAN overlay across AWS Cloud WAN customers can also maintain visibility and more importantly, extend network segmentation across the middle mile, noted Karl Brown, senior director of product marketing for VMware’s SASE business unit, in an interview with SDxCentral. “If they [the customer] had segmented guest traffic from employee traffic, if they had segmented different internal teams … we can maintain that segmentation across the AWS Cloud WAN.”

    Cloud WAN Competition Amps Up
    AWS is far from the first cloud provider to venture down this path. Earlier this year, Google announced the evolution of its SD-WAN Cloud Hub platform — which bears striking similarities to Transit Connect Gateway and Direct Connect — to support middle-mile transport.

    Google Cloud’s Network Connectivity Center, similar to AWS Cloud WAN, provides a single dashboard for provisioning and managing VPN tunnels and SD-WAN interconnects. Cisco was among the first to announce support for the service and was joined by rival SD-WAN vendors Fortinet and Versa late this spring.

    Meanwhile, Microsoft introduced this functionality more than a year earlier in an update to the Azure Virtual WAN Hub. In addition to providing an on-ramp to workloads running in Azure, vWAN provides a platform on which technology partners could extend their SD-WAN overlays across the public cloud provider’s network.

    While not public cloud providers, content delivery network (CDN) and domain name system (DNS) providers Cloudflare also offers similar transport services targeted at SD-WAN customers.

    Building on these developments, many SD-WAN vendors see an opportunity to glue the various clouds together, enabling branches, users, and workloads to communicate seamlessly regardless of where they’re located or on which cloud they’re running.

    “What VMware, as a company, will provide is a means to go across cloud and provide security and connectivity as you shift data and workloads across the different cloud providers,” Karl Brown said.

    VMware isn’t alone in this endeavor. Cisco and Fortinet have announced similar plans to address multi-cloud networking challenges using their SD-WAN and security platforms.

Comments are closed.