Hybrid WAN Requires A New Connectivity Model

Hybrid WAN can ease application deployment, but to make it a reality, we need to switch from a network topology to a service topology.

Khalid Raza, Founder and CEO, Graphiant, Founder and CEO

April 8, 2015

3 Min Read
NetworkComputing logo in a gray background | NetworkComputing

One of the biggest headaches for networking teams is supporting the rollout of new enterprise applications. Initially, the challenges were associated with data-center complexity, but increasingly they have shifted to the WAN.

That’s because the exploding use of the cloud for applications such as ERP and CRM is placing new and greater demands on the WAN, which isn't well suited to support many of those applications in its current incarnation. Ever since the WAN was transformed into an MPLS Layer 3 VPN infrastructure more than a decade ago, not much has changed. It generally lacks the flexible connectivity to keep up with growing cloud bandwidth requirements which makes it costly and difficult to provision new applications.  

One of the biggest challenges to deploying new applications is lack of control over WAN services. In the current model, enterprises must rely on carriers to implement infrastructure changes for new applications and locations, which can take weeks or months. In addition, because there’s no way to instantiate VPNs independent of the underlying transport, implementing different service levels for individual applications is difficult, if not impossible.

Instead of relying exclusively on MPLS for transport, what enterprises need to make application rollouts easier is a hybrid WAN. For example, a single enterprise VPN infrastructure could encompass MPLS, carrier Ethernet, and the Internet for transport, while providing coherent connectivity for all required applications. Since the Internet is ubiquitously available, it can serve as the core of the enterprise WAN and include branches of other types of transport, thus forming a complete infrastructure. This would allow enterprises to acquire services with different SLAs, based on application use and location.

Figure 1:

To make hybrid WANs a reality, we need connectivity that is based on service topology and can be centrally managed using policies. Currently, WAN connectivity is based on network topology and managed using a peer-to-peer model.

This means routing relationships are established by multiple control planes that operate independent of each other. Routing protocols like OSPF and BGP are used to establish site VPN routes and IPsec is used to secure the location. These routing and security control planes run independent of each other and have their own scaling, convergence and policies. Since most control planes are setup on a peer-to-peer basis, each requires its own policy and configuration. As a result, when a configuration change is required in the network, it has to be provisioned and propagated across all the control plane peers, creating an operational nightmare.

To transition from network to service-oriented WANs, the control plane must be decoupled from the physical topology. Today, control intelligence is discovered and processed independently by each and every network element. By decoupling the control plane from networking nodes we gain key benefits:

  • Most computationally extensive calculations, such as best path, alternate paths, policies, and configurations are centralized

  • The control plane can be provisioned as a virtual machine that can reside in either the data center or in the public or private cloud such as Amazon or Azure.

  • Deploy any type of data plane topology with limited control plane connections

  • New site bring-ups only need to authenticate with a few controllers to get their connection policies rather than the extensive peer-by-peer adjacencies currently required

  • Security services such as IPS, firewalls, and IDS no longer need to be in physical paths and can be on virtual paths

The cloud is evolving into the largest VPN ever built. To support applications on this new infrastructure, we need a network that is capable of providing security at Internet scale, can support segmentation for lines of business, and is decoupled from physical circuit-based topologies.

About the Author

Khalid Raza, Founder and CEO, Graphiant

Khalid Raza, Founder and CEO, Graphiant

Founder and CEO, Graphiant

Khalid Raza is the CEO and Founder of Graphiant. He was the co-founder and CTO of Viptela and is widely regarded as the “Father” of SD-WAN. He is a visionary in routing protocols and large-scale network architectures. In the past 25 years, he has redefined expectations and delivered innovative solutions across all industries for Tier-1 carriers and Fortune 100 companies.

See more from Khalid Raza, Founder and CEO, Graphiant
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Integrating the new APs into Dartmouth’s existing network infrastructure was no small feat. Mist’s AI-driven insights made this easier.
Network Management
How Dartmouth College Leveraged AI To Modernize Its Network in One Weekend
How Dartmouth College Leveraged AI To Modernize Its Network in One Weekend

Sep 12, 2024

Extensive communications outages from Hurricane Helene drive home the need for new approaches to strengthen network resiliency.
Network Resilience
Hurricane Helene Communications Outages Show Need for Greater Network Resilience
Hurricane Helene Outages Show Need for Greater Network Resilience

Oct 3, 2024

Satellite services could bridge the digital divide in remote areas through partnerships like the SoftBank-Intelsat collaboration announced last month.
Network Infrastructure
Intelsat, SoftBank Plan Ubiquitous Satellite Connectivity Network
Intelsat, SoftBank Plan Ubiquitous Satellite Connectivity Network

Oct 9, 2024

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events