Skip Links

What does the NEW architecture look like?

A high level description of the Next-generation Enterprise WAN

By Andy Gottlieb on Fri, 04/13/12 - 10:40am.

Ok, so if previous columns have whetted your appetite, you’re probably wondering just what exactly this Next-generation Enterprise WAN architecture looks like?

In our last column we saw the state of the Enterprise WAN today: remote sites connected to data center sites and headquarters via expensive MPLS pipes with relatively little bandwidth, often augmented with WAN Optimization technology at each end to get more capacity and performance from the links, with Internet links used sometimes for VPN backup connections and also from the data center for enterprise-wide access to the Internet.

A deeper understanding of what the NEW architecture "looks like" cries out for pictures. I show some here, although this column format is not really the place to show detailed pictures, so these are just highly stylized.

This is the point in the column where I could cite the standard disclaimer that everyone’s network is different. That said, I actually believe this thinking only applies to a point. For the overwhelming percentage of enterprises using MPLS – a private WAN cloud service – today, what follows is a description of the next enterprise WAN, which will be highly applicable to all enterprises. Just as in the mid to late 1990s, when despite the competition from FDDI, Token Ring and ATM, the campus LAN answer became Ethernet everywhere (using a combination of Layer 2 and Layer 3 switching) once Fast Ethernet was popularized, this NEW architecture will have a similarly transformative effect on the enterprise WAN, both because of the compelling Internet economics it delivers on its own, and because of the symbiotic accelerating effect it will have in enabling secure, reliable, scalable access to cloud computing for all enterprise users.

A side note: server virtualization, WAN Optimization and colocation are well-established categories with well-understood names (even if the NEW architecture uses colocation facilities in an expanded capacity versus how they’ve been historically utilized). WAN Virtualization and distributed/replicated/synchronized file service, on the other hand, are newer technology categories. While I’m quite confident that each will be a mainstay of the WAN as it evolves and will play critical roles in the NEW architecture, it’s certainly possible that the industry will in the future adopt different labels or terms for the technology each embodies.

Three of the technologies are "two-ended solutions": WAN Optimization, WAN Virtualization, and distributed/replicated/synchronized file service. This means that appliances and/or virtual instances of these technologies are needed at both ends of the WAN connection to deliver the benefits of the technology. In fact, it’s the Moore’s LAW quantum leaps in CPU and memory price/performance - which first made dual-ended WAN Optimization possible and beneficial several years ago - combined with the quantum leaps in Internet bandwidth at colocation facilities and, via broadband, everywhere else that are making WAN Virtualization and distributed file services possible and valuable today. The common thread: cheap intelligence at the network edge to augment the comparatively and inherently slow and expensive WAN.

Our other two technologies – server virtualization and colocation - are single-ended solutions, typically for data center use. [Yes, there are uses for server virtualization to reduce footprint and cost at remote sites, but this is not fundamental to the NEW architecture, and is still a separate single-ended use.]

In thinking about what the combined architecture looks like, start in your mind’s eye with an existing MPLS WAN with WAN optimization appliances deployed per location, and also using IPSec VPN connections for WAN backup. The backup VPN connections are fully meshed across all of the data center/hub sites, while each branch or spoke site is connected to each data center/hub, but not directly to each other.

To this, add as many additional links as you’d like at each site; e.g. multiple broadband connections at a branch, multiple fiber-based Internet connections at a physical data center, and multiple cross-connected Ethernet connections at a colo-based data center. The resulting picture between any data center site and remote/spoke site would look like Figure 1.

Figure 1

You can optionally replace or eliminate the MPLS connection on a per-location basis if you’d like. Just as for n+1 RAID redundancy for storage, the organizing principle is that there must be at least 2 connections per location. In fact, for (expensive) belt-and-suspenders reliability, you could even have two different MPLS connections from different carriers if you wanted.