Cisco Subnet An independent Cisco community View more

What does the NEW architecture look like?

A high level description of the Next-generation Enterprise WAN

Ok, so if previous columns have whetted your appetite, you’re probably wondering just what exactly this Next-generation Enterprise WAN architecture looks like?

In our last column we saw the state of the Enterprise WAN today: remote sites connected to data center sites and headquarters via expensive MPLS pipes with relatively little bandwidth, often augmented with WAN Optimization technology at each end to get more capacity and performance from the links, with Internet links used sometimes for VPN backup connections and also from the data center for enterprise-wide access to the Internet.

A deeper understanding of what the NEW architecture "looks like" cries out for pictures. I show some here, although this column format is not really the place to show detailed pictures, so these are just highly stylized.

This is the point in the column where I could cite the standard disclaimer that everyone’s network is different. That said, I actually believe this thinking only applies to a point. For the overwhelming percentage of enterprises using MPLS – a private WAN cloud service – today, what follows is a description of the next enterprise WAN, which will be highly applicable to all enterprises. Just as in the mid to late 1990s, when despite the competition from FDDI, Token Ring and ATM, the campus LAN answer became Ethernet everywhere (using a combination of Layer 2 and Layer 3 switching) once Fast Ethernet was popularized, this NEW architecture will have a similarly transformative effect on the enterprise WAN, both because of the compelling Internet economics it delivers on its own, and because of the symbiotic accelerating effect it will have in enabling secure, reliable, scalable access to cloud computing for all enterprise users.

A side note: server virtualization, WAN Optimization and colocation are well-established categories with well-understood names (even if the NEW architecture uses colocation facilities in an expanded capacity versus how they’ve been historically utilized). WAN Virtualization and distributed/replicated/synchronized file service, on the other hand, are newer technology categories. While I’m quite confident that each will be a mainstay of the WAN as it evolves and will play critical roles in the NEW architecture, it’s certainly possible that the industry will in the future adopt different labels or terms for the technology each embodies.

Three of the technologies are "two-ended solutions": WAN Optimization, WAN Virtualization, and distributed/replicated/synchronized file service. This means that appliances and/or virtual instances of these technologies are needed at both ends of the WAN connection to deliver the benefits of the technology. In fact, it’s the Moore’s LAW quantum leaps in CPU and memory price/performance - which first made dual-ended WAN Optimization possible and beneficial several years ago - combined with the quantum leaps in Internet bandwidth at colocation facilities and, via broadband, everywhere else that are making WAN Virtualization and distributed file services possible and valuable today. The common thread: cheap intelligence at the network edge to augment the comparatively and inherently slow and expensive WAN.

Our other two technologies – server virtualization and colocation - are single-ended solutions, typically for data center use. [Yes, there are uses for server virtualization to reduce footprint and cost at remote sites, but this is not fundamental to the NEW architecture, and is still a separate single-ended use.]

In thinking about what the combined architecture looks like, start in your mind’s eye with an existing MPLS WAN with WAN optimization appliances deployed per location, and also using IPSec VPN connections for WAN backup. The backup VPN connections are fully meshed across all of the data center/hub sites, while each branch or spoke site is connected to each data center/hub, but not directly to each other.

To this, add as many additional links as you’d like at each site; e.g. multiple broadband connections at a branch, multiple fiber-based Internet connections at a physical data center, and multiple cross-connected Ethernet connections at a colo-based data center. The resulting picture between any data center site and remote/spoke site would look like Figure 1.

Figure 1

You can optionally replace or eliminate the MPLS connection on a per-location basis if you’d like. Just as for n+1 RAID redundancy for storage, the organizing principle is that there must be at least 2 connections per location. In fact, for (expensive) belt-and-suspenders reliability, you could even have two different MPLS connections from different carriers if you wanted.

At the remote site, the picture looks like Figure 2:

Figure 2

As you can see, the WAN Virtualization appliance slides logically in between the WAN Optimization device and the WAN router and/or WAN firewall. While enabling the combined active use of multiple WAN links, everything else in current branch design can remain the same. That said, deploying distributed replicated/synchronized file service to enable truly LAN-speed access to what are centrally stored and managed files is something that will make a lot of sense in this architecture, where the downstream WAN bandwidth is now so much larger than was available previously, because "pre-positioning" of a huge amount of data to each remote site on what are now huge, cheap storage devices becomes something sensible, rather than something that will constantly clog extremely thin WAN pipes and require substantial time to manage.

The additional WAN connections per location can either attach directly to the WAN router(s) in place, via Ethernet connection to the untrusted side of the WAN firewall, or in some cases directly to the WAN Virtualization device.

An example of an early adopter using WAN Virtualization together with WAN Optimization for greater bandwidth, reduced cost and greater reliability is Equity Office, per this recent Network World article.

For a data center or colo site, the picture looks like Figure 3.

Figure 3

Note again that these are stylized pictures, and in all likelihood, at a colo especially, the entire design, including servers, might be in a single rack. Server virtualization, of course, is what makes such a small footprint possible, and so is essential to any colo deployment (independent of any decision to more fully implement a private cloud computing infrastructure).

Just as for the remote site, here again the WAN Virtualization appliances slide logically in between the WAN Optimization device and the WAN router/WAN firewall. (I show redundant appliances here; how high-availability networks are built within the data center actually is something that will vary somewhat from network to network.) Everything else in current data center design can remain the same.

Importantly, when adding colo-based "data centers," the same logical design can be used there as well, and so the colo becomes a standard part of the enterprise WAN, with the same security and quality of service mechanisms. Of course, the "WAN" connections are done via Ethernet cross-connects within the colo facility, and monthly service pricing is considerably lower than that for premise-based Internet or MPLS connectivity.

As we will see in future columns, colocation facilities operating as full participants in the Enterprise WAN will be extremely important for the centralization of network complexity, and for a secure, scalable approach to migrating to cloud computing while maintaining reliability and application performance predictability. In fact, using as few as 2 to 3 colo facilities in North America, 1 to 2 in Europe and 1 or 2 in the Asia Pacific region can deliver previously unheard-of levels of WAN application performance even for the largest of global enterprises, and simply adding one such colo deployment per geography will substantially improve performance and add reliability while making migration to public or hybrid cloud services substantially smoother than almost any other alternative.

We covered more this week than we will typically, but hopefully this gives you the first "5,000 foot" view of what the WAN looks like. In upcoming columns, we’ll talk more about each of the key technologies involved here, and the benefits, both to the network and beyond the WAN itself, that this NEW architecture will deliver.

A leading expert in WAN/LAN switching and routing, Andy founded Talari Networks, a pioneer in WAN Virtualization technology, and served as its first CEO. Andy is the author of an upcoming book on Next-generation Enterprise WANs.

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies