Reinventing the WAN

How to design a branch office WAN using new technologies like SD-WAN, NFV

idea lightbulb

While some organizations continue to make use of WAN services such as Frame Relay and ATM, the use of those services is quickly diminishing. As a result, we are rapidly approaching a time when IT organizations will have only two WAN services to choose from: MPLS and the Internet. Given that trend, a key question facing network organizations is how to best design a branch office WAN using just those two services.

The traditional approach has been to have T-1-based access to a service provider’s MPLS network at each branch office and higher speed links, possibly one or more T-3 links and/or high speed Internet links, at each data center. In many cases a key characteristic of the traditional branch office WAN has been multiple hardware-based appliances in each branch office to perform a wide range of functionality, including security and optimization.

One downside of this approach is that the provisioning and configuring of these appliances is complex and time consuming. Another common characteristic of the traditional branch office WAN is backhauling Internet traffic to a data center before handing it off to the Internet. Since the Internet traffic transits the MPLS link, this adds cost and delay.

In our 2015 State of the WAN Report, survey respondents listed the factors causing them to rethink their approach to WAN design. The top five factors were, supporting real-time apps such as voice and/or video, increasing security, improving application performance; providing public cloud access, and cutting cost.

Over the last couple of years, a new category of WAN technologies, called Software Defined WANs (SD-WAN), has been introduced. These new technologies enable network organizations to rethink their approach to branch office WAN design and potentially enable companies to respond to the factors listed above.

The need for consistent policy

One of the emerging components of WAN design that gets a lot of attention is the use of policy.

Lloyd Noronha, director of marketing at Viptela, says the primary challenge that network organizations currently have with policy is implementing it in a simple fashion from one place and having it be recognized by all components of the company’s WAN.

Kiran Ghodgaonkar, marketing manager for Enterprise Networking at Cisco, adds that as we continue to see more devices access the network, combined with different types of users who have varying levels of security clearance, network organizations will need to implement more automation of policy. The network needs to be able to detect who the user is and automatically apply security profiles to the device.

Business policy will play a significant role in the next generation of branch office WAN designs, adds Michael Wood, vice president of marketing at VeloCloud. He points out that a critical need for business policy in enterprise branch networks is the ongoing requirement to maintain consistent and appropriate configuration, performance and security templates.

According to Neil Abogado, director of product marketing at Talari Networks, business policy will impact overall application priority and will dictate how functions, such as QoS, are deployed and enforced. In addition, application policy will establish which services are required from the network (e.g. load balancing) and where they are located.

Access to cloud services

One of the primary factors causing organizations to change their approach to WAN design is the requirement to provide access to cloud services. According to Apurva Mehta, co-founder and CTO at Versa Networks, users often have the ability to connect through multiple service providers. As a result, the branch network should be able to choose the best service provider based in part on an understanding of the network and security requirements of each application being accessed.

Abogado says that network organizations that want to eliminate Internet backhaul in order to reduce cost and improve application performance now have the option of enabling local, direct Internet and cloud access from branch offices. According to Abogado, in order for this to work, services such as security must be extended to the branch and this results in increased infrastructure cost and branch complexity.

He adds that cost can be managed by implementing the relevant services using options such as a virtual appliance or a cloud-based appliance and that complexity can be managed by using orchestration tools and the controller-based services of a SD-WAN to simplify the provisioning and monitoring of this distributed environment.

+ MORE SD-WAN: How to choose a software defined WAN (SD-WAN) +

According to Wood, with a cloud-delivered SD-WAN, enterprises can extend the end-to-end security from every branch office to private data centers, public cloud data centers and cloud service providers. He added that cloud gateways, which are part of a cloud-delivered SD-WAN, will provide full encryption, authentication, strong security, performance, quality of service and network impairment remediation from the branches to the cloud resources.

1 2 3 Page 1
Page 1 of 3
The 10 most powerful companies in enterprise networking 2022