Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

The Rise Of Internet-Based WAN

Connecting headquarters, remote offices and business applications located in data centers over one reliable network is crucial for real-time voice, video or latency-sensitive services. Yet, there has been little evolution on this front in the last 15 years. Recently, internet-based WAN has emerged as a more feasible option thanks to a number of key developments.

First, let's look at traditional WAN architecture. Two approaches have been commonly used to establish the enterprise WAN; each require tough trade-offs that cause IT teams to either restrict access to non-critical services or rely on low- quality connectivity:

Backhaul the branch office traffic through MPLS links to the data center, including public internet traffic. This approach adds latency and can impact the user’s experience when accessing the public internet (the so-called “trombone effect”), and also overloads the expensive MPLS connection. This has become a critical issue as more enterprise traffic is now directed to the internet and public cloud applications (SaaS).

Connect the branch office firewall to the data center firewall with an IPsec VPN tunnel. This approach requires costly appliances at each branch location for the VPN site-to-site mesh and also demands constant management, maintenance and periodic refreshes of hardware appliances. Additionally, establishing VPN connectivity from all remote sites to the data center over the internet has unpredictable latency and availability.


MPLS networks provide end-to-end connectivity and therefore full control over the network. They have become the gold standard for WAN connectivity for the following reasons:

  • Reliability: MPLS is backed by a carrier-service guarantee, including handling physical last-mile failures within a given time frame.
  • Quality: assured low latency and packet loss (when using a single carrier)
  • Capacity: guaranteed capacity vs. “best effort” internet links
  • Prioritization: built-in quality of service per application

These attributes come at a cost, though, but historically the MPLS premium was justified because of the state of Internet connectivity in both the last mile and the middle mile.

Overcoming limitations

Internet access availability and capacity have increased dramatically over the past decade. This expansion occurred both at the last- and middle-mile stages of connectivity. And yet the internet is still widely considered to be an unreliable and unpredictable transport.

One reason for this is because the middle mile, mostly made up of tier-1 providers, suffers from coordination challenges. When packets bounce between providers, latency is added, and a packet’s route depends on the provider’s business relationships with other providers. If the optimal route isn't supported by the right commercial relationships, a sub-optimal route will be chosen with more hops and more latency.

Moreover, the last mile is often oversubscribed by ISPs that resell the same capacity over and over again. This model is based on the assumption that customers are not consuming the bandwidth they pay for all the time, so the risk is minimal. However, oversubscription creates congestion that occurs when demand pushes or exceeds the network’s limitations, hence making the internet a “best-effort” service rather than a guaranteed one.

However, as shown in Akamai’s State of the Internet Report, the first quarter of 2016 saw a 12% increase in the global average connection speed to 3.6 Mbps from the fourth quarter of 2015 (average of 15.3 Mbps in the US). Internet connectivity is improving, and becoming more viable for businesses.

Next-generation WAN

Establishing a reliable network over the internet isn’t easy, but is indeed achievable thanks to the recent developments outlined above. The following capabilities can help solidify internet connectivity as part of a next-generation WAN:

Middle mile

  • Route control: Optimize routing over the Internet that isn't subject to inter-carrier agreements. This approach had been implemented by content delivery network providers, and now can leverage a much smaller number of PoPs.
  • Network redundancy: The ability to alternate between providers based on availability and reliability
  • Traffic optimization: Packets kept on the same provider for as long as possible coupled with traffic optimization and error-correction techniques

Last mile

  • Availability: Augmenting or replacing MPLS traffic to dual Internet links with optional LTE/4G failover
  • Capacity: Aggregating traffic across multiple links (active/active or link bonding)
  • Reliability: Minimizing packet loss through error correction algorithms

As the internet continues to improve as a network medium, it will challenge traditional WAN architecture in terms of both speed and cost-effectiveness.

Gur is co-founder and CTO of Cato Networks. Prior to Cato Networks, he was the co-founder and CEO of Incapsula Inc., a cloud-based web applications security and acceleration company. Before Incaspula, Gur was director of product development, VP of engineering and products at Imperva, a web application security and data security company. Gur holds a BSc in computer science from Tel Aviv College.