The topic of WAN transformation is certainly nothing new, but the shift to mobile and cloud computing is making the evolution of the WAN something businesses must make a priority.
Prior to being an analyst I ran some fairly large WANs, and for as long as I can remember there has been talk of trying to move away from the legacy hub-and-spoke model. However, despite the chatter, for a number of reasons nothing really happened.
One reason was that the majority of mission-critical traffic was client-server, so hub-and-spoke worked fine. Sure, the Internet was inefficient, but that was a small piece of overall traffic, so we lived with it. Also, configuring split tunnels and multi-path networking required a high degree of expertise. I remember the first time I tried to build a VPN-based WAN, it took me a couple of days to bring the first connection up.
The other reason that many businesses didn’t make the shift before is that the Internet has a reputation of being unreliable and can’t provide the same level of performance as MPLS or even frame-relay and ATM.
The Cloud Evolves The WAN
Times have changed though — cloud computing has created a scenario where the majority of our traffic is Internet-based. The old hub-and-spoke model is outdated and inefficient for the delivery of Internet traffic, and all these factors are driving the need for a new type of WAN.
One thing that hasn’t changed with the times is the idea that the Internet can’t handle mission-critical traffic. If you look at the marketing from many of the hybrid or SD-WAN vendors, the message is to keep the MPLS network for mission-critical traffic and use the Internet connection for cloud, and traffic that is deemed less important.
I believe it’s time to shed this legacy thinking, and support building all-Internet WANs that can be used for not only run-of-the-mill traffic, but also mission-critical traffic. Now, I’m not saying that there has been some fundamental re-architecting of the Internet that brings the same level of reliability to the Internet that MPLS has, but there are certain technologies that can go a long way into closing the gap and giving performance that is close to — or on par with — a much more expensive MPLS network. To do this, though, network architects must consider the following:
- Leverage multi-path technology. The Internet is a highly chaotic, unreliable system, and a single Internet connection can’t challenge the performance of an MPLS connection. However, if multiple Internet connections are used and the multi-path solution can continually find the best path, then the performance can be close to that MPLS connection.
- Implement WAN optimization everywhere. As I stated in the paragraph above, the Internet is an unreliable network, particularly for large data sets. There are several different types of WAN optimization technologies and they can all help with performance. Acceleration reduces the actual amount of traffic sent over the network. QoS can be used to ensure a dedicated pipe for real-time traffic, and even caching can be used to move the content closer to the user. In my opinion, WAN optimization is the biggest no-brainer in networking since the invention of Ethernet. Whether a private or Internet connection is used, the link should be optimized.
- Secure each location and encrypt the traffic. This may seem like an obvious statement, but one of the advantages of a private IP circuit is that it’s private, making it seemingly more secure. Internet traffic, however, is not secure and I would certainly never recommend running any kind of business traffic over an Internet connection with no security. I would also never terminate an Internet connection without some kind of firewall in place. One important point to keep in mind is: just because an MPLS connection is private, that doesn’t necessarily make it secure. As we have seen far too often recently, hackers breech seemingly secure points in the network and then make their way to other parts of the business over a “private” but un-encrypted connection. So, even if the decision is to stay with an MPLS connection, it may not be a bad idea to re-think your security strategy.
For those of you reading this that are on the fence regarding making the switch to an all Internet connection, perhaps try this with one or two branches and see how it goes. The key is to open your mind and understand there may be a better way to build a WAN in this era of cloud and mobile computing.