• 08/13/2015
    7:00 AM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Where Should WAN Functionality Live?

Improving outdated WAN architecture is not a simple decision, due to the growing number of technology options and services.

Until recently, there hadn't been a fundamentally new WAN technology or service introduced into the market for over a decade. Driven by the lack of viable alternatives, over the last ten years the vast majority of network organizations implemented a branch office WAN based on each branch office having either a T1 link or a set of bonded T1 links that provide access to a service provider's MPLS network and had one or more higher speed links at each data center. In this design, it is common to have a variety of dedicated appliances in each branch office and to backhaul all or some of a company's Internet traffic over the MPLS network to a data center before handing it off to the Internet.

In my recent report, the 2015 Guide to WAN Architecture and Design, I described a hypothetical company called NeedToChange (NTC) that ran a traditional WAN. I then asked several vendors (some sponsors of the report, some not) to describe how NTC should evolve its WAN. I received answers spanning a large and growing set of WAN architectural alternatives that enterprises will need to evaluate to determine the best way to move forward.

When evolving their branch office WANs, one of the key architectural alternatives that network organizations need to evaluate is where to locate key functionality. While there is no question that some functionality is needed at each branch office, it is less obvious how much functionality belongs in the branch and how that functionality should be implemented. Cisco, unsurprisingly, suggested an evolutionary path for NTC that revolved around branch office routers supporting a range of sophisticated functionality. In addition to routing, that functionality included deep packet inspection, WAN optimization, and QoS, as well as application visibility and control.

AT&T took a far different approach. Communications service providers like AT&T are working to implement a Network Functions Virtualization (NFV) use case that is commonly referred to as virtual CPE (vCPE). AT&T's emerging implementation of vCPE is focused around white boxes supporting a wide range of functionality that can be dynamically downloaded. The functionality includes IP voice, routing, WAN optimization, visibility, firewalls and DDOS protection.

One architectural option is that these white boxes are located in a company's branch offices. In this case, the AT&T solution looks a lot like the Cisco solution, although at least some of the functionality that runs in the white boxes is likely to not come from Cisco. However, it is also possible to locate the white boxes either in one of AT&T's facilities, or in a combination of customer facilities and AT&T facilities. A customer could, for example, make the choice to have some functionality (such as firewalls) running on white boxes in the branch office and have other functionality (such as WAN optimization) run on white boxes in one of AT&T's facilities.

Both Viptela and Silver Peak recommended solutions to support the burgeoning volume of Internet traffic. The suggested that network organizations utilize one or more regional hubs to consolidate connectivity to cloud services and the Internet. These regional hubs could be located at one of the organization's existing facilities, or they could be at a co-location facility that is close to one or more of the relevant cloud providers. Using this architectural option, there is functionality from Viptela or Silver Peak in each branch office and in each regional hub. Internet traffic travels directly from the branch office to the regional hub, which has firewalls for security and infiltration.

Yet another architectural approach was presented by Talari. This company is working with some of the major cloud providers, such as AWS, to host Talari virtual appliances. Using this option, Internet traffic travels directly from the branch office to the cloud provider's site, enabled by equipment from Talari in each location.

In the traditional branch office WAN of a few years ago, most if not all network related functionality was located in the branch office, provided by dedicated appliances. The last few years, however, adoption of virtualized network functionality such as WAN optimization in branch offices has grown. We are now at the point where network organizations must make an architectural decision about where to locate key WAN functionality.

 Leaving that functionality in the branch office is still a viable option. However, they should also evaluate the many other options, including locating it in one of their own regional facilities, a service provider facility, a co-location facility, or onsite at a cloud provider facility.


Where Should WAN Functionality Live

Hello Jim,

Thank you for this post. It is very educative? These approaches are very interesting. But the near future will tell us more. Cisco is doing some great innovations with some new techno  included in its iWAN, i've just heard little about those of AT&T but it looks like promising, i think.

Thank you again!

Re: Where Should WAN Functionality Live

If i remember, i got a chance to read some comments about the AT&T approach on a well-known social network, and what i notice, their approach is based on NFV, IMO. but i need to learn more.Please, someone can share on this ? Thanks!

Re: Where Should WAN Functionality Live

We are now at a moment in IT where companies have differents types of WAN connections, and some intelligence is now required at the WAN edge for full profit. Actually, i'm working on a project, where i have to redesign all the infrastructure included the WAN, LAN, DC, Internet, Wireless, .... Analyse the devices (EoF, capacity, the positions in the network, software, version ..), design (hiearachy, links capacity, ..), actual configuration, implement some trafic collectors (H5 devices, so conifgure SPAN, RSPAN, ..) and more ......

Re: Where Should WAN Functionality Live

We have lot of cisco devices (6k5, 29xx, 35xx, nexus, asa...) And after, propose something more intelligent, flexible, in fact that respect the best practices of design. the job included the VPN connecntion (Remote, Site-Site), with more 200 remotes sites. if we want scalability and more flexibility, i recommend DMVPN, iWAN (with all that its included -- i deal with more that 4 wan connections)...

Re: Where Should WAN Functionality Live
At the moment, they designed their network, no intelligent concept were proposed by vendors or others, but now the WAN design becomes a job and speciality, so challenges exist there! Thanks and Regards, Jerome AMON