Maintaining VLAN Business Intent Across the WAN

VLANs (Virtual LANs) are a staple of enterprise networking — administrators partition LAN traffic into separate subnetworks. Using VLANs, you keep real-time traffic separate from bulk data traffic, finance data separate from engineering data, guest WiFi separate from all enterprise traffic, and so forth.

This practice has grown so familiar because it enhances security and makes networks easier to manage. Maintaining separate broadcast domains greatly increases the odds that the unique requirements of many disparate applications will consistently be met.

In general, however, people don’t do this for WANs. While it’s true that VLAN content is often maintained across the WAN — through mapping into VRFs or subnets — there is a loss of quality assurance since the data from all VLANs is mixed into a single stream.

This is the where the notion of a virtual WAN (VWAN) comes in. With VWAN’s, you can use business intent policy to choose (for instance) the topology, connection, QoS characteristics and (possibly) WAN optimization features from all sources to all destinations on the enterprise WAN.

Why Hasn’t This Been Done Before?

Since the advantages are so apparent, it makes sense to ask why virtual WANs have not existed before. With traditional networking, even building and maintaining one IP VPN overlay spanning hundreds of locations is a difficult task, and it is correspondingly more difficult to build several, and to set up and tear down overlays on demand.

But recently, SD-WAN approaches have emerged that allow for a much easier implementation of overlays. Silver Peak, for instance, builds a baseline overlay connecting all nodes of an enterprise WAN into the Unity fabric. Further virtual overlays, built atop this baseline, herald a new era of wide area networking, one where VWANs are as commonplace as VLANS.

Example

The following figure depicts Silver Peak’s business intent overlays.

Figure 1: Silver Peak's Business Intent Overlays
Figure 1: Silver Peak’s Business Intent Overlays

Silver Peak’s Unity Orchestrator applies business intent to separate application sets, which are naturally mapped to VLANs. Thus, for instance:

  • All voice traffic stays within its own overlay (uses its own traffic tunnels), is arranged into a full mesh (as all sites need to talk to each other), uses multiple connection types and requires maximum quality
  • Similarly, all enterprise data is also segregated and uses a dual hub and spoke topology (data centers as the hubs); it also uses multiple connection types and requires maximum availability
  • Guest WiFi only connects the sites that offer it; a simple Internet connection gets you by, and the main requirement, as it’s not business-critical, is that the cost is kept low.

These are just simple examples. With Silver Peak’s Unity Architecture, the requirements of different applications can be further stratified into (for instance)

  • Critical real time services that cannot accept any interruption at all — e.g. call center voice, critical VDI traffic.
  • Other real time services, such as WebEx video-conferencing or business-quality Skype
  • High bandwidth, latency tolerant applications such as data replication, NFS, and file transfers
  • Everything else including most TCP applications that involve large numbers of non-real-time flows

Using Dynamic Path Control, tunnels built with the business intent overlays are bonded in different ways to support these application classes. And on a case-by-case basis, selected overlays can also be fortified with dynamically applied latency mitigation and data reduction.

This unique functionality is the state of the art in maintaining business intent across the WAN.