How to Get a Head Start with Secure SD-WAN on uCPE

By Kenneth Jealmo, Director Product Management, Enea 

I was recently invited by Intel to speak at the webinar “Where is uCPE Going in 2021?” together with Khang Pham from NEXCOM, and William McDonald from Intel. We presented an approach for a secure SD-WAN solution using white-box uCPE and open-source applications.

Deployment of SD-WAN remains strong and steady, but some industry analysts forecast particularly rapid growth of SD-WAN solutions deployed on white-box uCPE. As an example, Omdia concluded in their uCPE Market Tracker 2020–24, that “SD-WAN is in the driving seat with medium uCPE still the sweet spot”.  The transition from fixed-function appliances to virtualization on uCPE allows new vendors and technologies to challenge the large SD-WAN and security vendors for market share.

Personally, I think that open-source SD-WAN and security solutions on uCPE will create an even bigger opportunity for service providers. Applications will no longer need to be bundled with hardware, creating an opportunity for new service innovation.

A Ready-Made Open-Source Solution for Secure SD-WAN

Showns pfSense firewall and flexiWAN SD-WAN as virtual functions hosted by Enea virtualization on top of NEXCOM white-boxEnea and NEXCOM have configured and tested an open-source solution consisting of flexiWAN’s SD-WAN and the pfSense firewall running on top of NEXCOM white-box hardware and Enea’s uCPE virtualization platform. The results showed that this works well for networks with branches up to 300 employees.

We tested two configurations. Each configuration had flexiWAN and pfSense service-chained and virtualized on Enea NFV Access. One configuration ran on NEXCOM’s desktop appliance DTA1160 featuring an Intel Atom® processor. The other one ran on a more powerful device, the NEXCOM TCA5170B, with an Intel Xeon® processor. Both configurations demonstrated throughput and latency suitable for small and midsized branches, with the TCA 5170B slightly ahead on performance but with CPU cores and memory still remaining for additional workloads. Full details and results are available in the Intel report “NEXCOM and Enea Test Open Source flexiWAN SD-WAN and pfSense Firewall”.

5 Reasons for Choosing the NEXCOM and Enea Pre-configured Open-Source uCPE Solution 

In addition to its proven operability and performance, there are five reasons why service providers and enterprises will benefit from using the pre-configured NEXCOM / Enea open-source uCPE solution to get started with secure SD-WAN:

1 - It is Based on Open Source

I do not think I need to repeat the general benefits (low initial cost) and drawbacks (you must do more yourself) of open-source software, but I want to highlight a couple of things. Since you do not need to obtain a license for it or sign an evaluation agreement, it is quicker and easier to get started with an evaluation and you can focus on what matters most – your network.

2 - It is Ready to Go

We have already integrated and packaged this solution, complete with configurations and service chaining, which means it is ready for deployment. Even if you want to carry out your own PoC or testing before integrating into customer networks, this gives you a significant head start, saving time, resources, and cost.

3 – It is Tested and Verified

The results of the tests with NEXCOM and Intel prove that the solution is well-suited for small and midsized branches. Performance can often be a concern with open-source applications and untested products, but a validated solution provides assurance of operational capacity and quality, minimizing deployment risks.

4 – It is Scalable

With a pay-as-you-grow model for both management and platform configuration, our solution lets you start small and scale up over time. You can add more sites and enterprise customers as and when required without having to provide a large upfront investment. This helps to minimize financial risk and allows you to start with a base offering and go-to-market strategy that can be extended and refined according to market evolution and business growth.

5 – It is Based on uCPE

uCPE is the most flexible option for the deployment of SD-WAN services. You can extend functionality on-demand by activating add-on services, and you can change or replace any of the applications running on the platform at any time, even after deployment. You can for example easily replace your current firewall with a higher-performance commercial alternative. Or, if you have enterprise customers who have standardized operations and are using a specific security solution, you can offer a customized configuration.


The pre-configured and tested, secure SD-WAN solution combining NEXCOM and Enea products and based on open-source applications is ready for commercial deployments. It is a practical solution to accelerate the migration to a flexible and future-ready uCPE platform, it can be extended to meet future requirements, and it can be customized to fit various needs and use cases. It is a low-risk, minimum investment, flexible, rapid-to-deploy and easy-to-use solution.

It is already available as a free evaluation kit and for commercial deployments using NEXCOM white-boxes. Contact us for more details.