Cisco Subnet An independent Cisco community View more

A spectre is haunting Europe (and cloud computing everywhere) – the spectre of the 'trombone' effect

Backhauling all Internet traffic though HQ or data center makes network management and security simpler, at the expense of application access performance.

A spectre is haunting Europe – and North America, and Asia Pacific – in Enterprise IT managers' quest to leverage the power of cloud computing. It is the spectre of the "trombone" effect in enterprise Internet access!

It should be fairly clear to most people paying attention that the Enterprise WAN is going to need a lot more Internet bandwidth if it is to keep up with the demands of enterprise end users, and the needs of cloud computing. You can never be too rich, too thin, or have too much Internet bandwidth.  Yet in fact, not only do most enterprises not have much bandwidth available for Internet access at most of their locations, for many that access is slow and inefficient.

In the next few columns, we'll look into more detail at the performance, security and ease of management issues involved with how enterprise Internet access is done, with an eye towards how Internet access can be addressed with the Next-generation Enterprise WAN (NEW) architecture.

What is the "trombone" effect?  Fellow Network World blogger Zeus Kerravala describes it well in a paper he wrote last year for Cisco, Why Cloud Computing Needs a Cloud-Intelligent Network.

"Historically, enterprise networks have been designed with a hub-and-spoke architecture. Each branch [connects] to the data center for connectivity. This means traffic is backhauled over the corporate WAN, through the data center, and then to its destination, whether it's the Internet or another branch. This 'trombone' effect is highly inefficient..."

While some enterprises employ Internet access fully distributed to each location, most do not. These days, the corporate WAN is typically MPLS. Because MPLS is so expensive, the size of the WAN pipe is typically fairly limited. For these enterprises, any Internet connection there might be at the typical branch is used only for VPN backup connectivity, rather than allowing Internet access directly from the branch location. And so whether to a data center, to headquarters or to a regional hub, all branch WAN traffic is first sent to that central point. If destined for the Internet, the traffic then goes out ("tromboned" through) the corporate Internet connection, comes back to that hub, and then is sent back over the corporate WAN to the original site.

Before looking at what might be done to improve this "trombone" effect issue going forward, it's important to understand why most networks were designed this way in the first place.  As with most such things, the people who designed these networks that way were in fact being quite rational when they did this.

First, the relatively simple hub-and-spoke network matched the traffic patterns of most intranet traffic. Data center consolidation only reinforced this.  Other than some low-volume VoIP traffic, almost all WAN traffic on the enterprise intranet does go to/from a small number of data center locations.

Second, such an architecture makes it much easier to handle network security management. Security experts will tell you that one tenet of good security policy is to minimize the number of points of entry to be secured. With traffic destined to the Internet backhauled to a data center, the number of places where expensive, complex security devices need to be deployed and managed is kept to a minimum.

Finally, for the longest time, most traffic to/from the Internet was not considered mission critical. Web surfing of public Internet sites, whether for personal use or even for business purposes, has historically not been something IT worried much about, save perhaps to ensure that there was sufficient Internet bandwidth at those data center locations. So pre-cloud computing, application performance across the Internet for branch office users was not a particularly important priority for IT. (And of course, if executives and the IT folks themselves are based at headquarters or in the same facility as a data center, then Internet access performance for them is likely quite decent.)

Now, it's fairly obviously that a network design with such a "trombone" effect is inefficient and bad for application performance for those branch users. In our next column, we'll look more at why the "trombone" effect is a problem for Enterprise WAN design going forward, particularly for supporting public or hybrid cloud computing efforts.

A twenty-five year data networking veteran, Andy founded Talari Networks, a pioneer in WAN Virtualization technology, and served as its first CEO, and is now leading product management at Aryaka Networks. Andy is the author of an upcoming book on Next-generation Enterprise WANs.

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies