What does a next-generation WAN look like?

The WAN is changing faster than ever before, but what will it look like?

After years of sitting in the shadow of virtualization, SaaS, containers, and all the other exciting IT trends, the wide area network is finally getting some attention. These other trends are actually drivers for this change in many cases; while WAN architectures have remained relatively static in recent years, the applications they need to support have changed beyond recognition. This is driving the need to re-think what the WAN looks like and how it operates.

The phrase 'next-generation WAN' will mean different things to different enterprises, but let's identify some of the characteristics that are starting to become more common. Some of these are new, but in many cases the next-generation WAN is a new network methodology or mindset. This can impact the technologies used, insourcing/outsourcing decisions, and functionality provided by the network.

It will probably include more Internet

Let's start with one of the more controversial aspects of the WAN. Private connectivity between sites is a prerequisite for many global enterprises. This has been true since the concept of a WAN was invented. The concept of a 'closed user group' has always applied to private WAN technologies; it is a natural fit for many traditional applications. Even today, technologies like Microsoft's Active Directory assume a private network exists between sites by default.

Where enterprises have deviated from natively private connectivity, it is usually for cost, coverage, or bandwidth reasons. Site-to-site VPNs are a mature technology, allowing an enterprise to extend its private network to all locations, but there are tradeoffs. Performance has always been the biggest perceived issue, closely followed by accountability and lack of SLAs. For many enterprises, these weaknesses have resulted in Internet VPNs being used as a last resort.

The application mix in many enterprises is driving the need for a re-think of this approach. In many cases, 70% to 90% of the traffic carried over the private network is destined for the Internet. This isn't all critical SaaS or IaaS traffic going to AWS, Office 365, Salesforce.com or Azure, of course; it also includes the regular Internet browsing traffic for each location.

The natural concern is that the highly engineered private MPLS network has become an expensive conduit to centralized Internet breakout points – the enterprise pays for the private network bandwidth and then pays again for the Internet breakout capacity. In most enterprises, non-Internet traffic is becoming an ever-smaller percentage of the total WAN traffic. This can impact capacity planning, application performance, and user satisfaction. This trend is resulting in enterprises considering a greater adoption of Internet technology, along with the necessary intelligence in the network to deliver traffic to its destination using the most appropriate path.

Abstraction is changing network infrastructure

Deploying an enterprise WAN with a mix of public and private technologies, with prioritized connectivity to on-net and off-net destinations, is somewhat of a nightmare using traditional network architecture techniques. Policy-based routing, split tunneling, access control lists, IP SLA for link performance monitoring, object tracking to detect state changes – these are all features available in traditional networks but combining them to deliver a cohesive solution, and troubleshooting them when something goes wrong is a major challenge.

One of the key technologies that is driving the next-generation WAN is Software Defined WAN (SD-WAN). This can mean many things, and in future posts I'll discuss these in detail, but from a practical perspective one of the key features of SD-WAN is the ability to abstract the virtual, software-controlled network fabric from the underlying network components. This results in network architecture definitions that can be based on creating a path from site A to site B, regardless of whether sites A and B are connected using MPLS, point-to-point Ethernet, 4G mobile, DSL connections from local ISPs, or any combination of these. This is a huge mindset change for enterprises, and it finally opens up the possibility of treating the underlying bandwidth as a true commodity.

Think network services, not device configurations

In the same way that abstraction is changing site-to-site connectivity, services are replacing traditional complex configurations. Take a piece of functionality that is common to all (or most) sites like a security policy: this could consist of hundreds of lines of configuration deployed on the routers at every location. Changing the policy means editing configuration lines on each device, checking for errors, and then testing.

Next-generation WAN architectures allow network-wide services to be managed at the policy level. The policy is held centrally, with version control and audit capabilities, and automatically pushed to devices. This is a powerful new capability for IT teams, especially when extended to include more complex services like cloud-based web filtering, WAN optimization, and IDS/IPS services.

Putting it all together

In future posts I'll break down many of these themes in more detail, looking at what benefits the enterprise can derive from these new technologies, and where it does (and does not) make sense to adopt them. The new mindset behind next-generation WANs encompasses many sub-themes, and there is an increasing level of hype in the industry behind some of the promises of the emerging technologies and methodologies. Cutting through this and arriving at a realistic assessment of what options are best suited for each type of enterprise is essential.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)