NETWORKING

  • 08/13/2015
    7:00 AM
  • Rating: 
    0 votes
    +
    Vote up!
    -
    Vote down!

Where Should WAN Functionality Live?

Improving outdated WAN architecture is not a simple decision, due to the growing number of technology options and services.

Until recently, there hadn't been a fundamentally new WAN technology or service introduced into the market for over a decade. Driven by the lack of viable alternatives, over the last ten years the vast majority of network organizations implemented a branch office WAN based on each branch office having either a T1 link or a set of bonded T1 links that provide access to a service provider's MPLS network and had one or more higher speed links at each data center. In this design, it is common to have a variety of dedicated appliances in each branch office and to backhaul all or some of a company's Internet traffic over the MPLS network to a data center before handing it off to the Internet.

In my recent report, the 2015 Guide to WAN Architecture and Design, I described a hypothetical company called NeedToChange (NTC) that ran a traditional WAN. I then asked several vendors (some sponsors of the report, some not) to describe how NTC should evolve its WAN. I received answers spanning a large and growing set of WAN architectural alternatives that enterprises will need to evaluate to determine the best way to move forward.

When evolving their branch office WANs, one of the key architectural alternatives that network organizations need to evaluate is where to locate key functionality. While there is no question that some functionality is needed at each branch office, it is less obvious how much functionality belongs in the branch and how that functionality should be implemented. Cisco, unsurprisingly, suggested an evolutionary path for NTC that revolved around branch office routers supporting a range of sophisticated functionality. In addition to routing, that functionality included deep packet inspection, WAN optimization, and QoS, as well as application visibility and control.

AT&T took a far different approach. Communications service providers like AT&T are working to implement a Network Functions Virtualization (NFV) use case that is commonly referred to as virtual CPE (vCPE). AT&T's emerging implementation of vCPE is focused around white boxes supporting a wide range of functionality that can be dynamically downloaded. The functionality includes IP voice, routing, WAN optimization, visibility, firewalls and DDOS protection.

One architectural option is that these white boxes are located in a company's branch offices. In this case, the AT&T solution looks a lot like the Cisco solution, although at least some of the functionality that runs in the white boxes is likely to not come from Cisco. However, it is also possible to locate the white boxes either in one of AT&T's facilities, or in a combination of customer facilities and AT&T facilities. A customer could, for example, make the choice to have some functionality (such as firewalls) running on white boxes in the branch office and have other functionality (such as WAN optimization) run on white boxes in one of AT&T's facilities.

Both Viptela and Silver Peak recommended solutions to support the burgeoning volume of Internet traffic. The suggested that network organizations utilize one or more regional hubs to consolidate connectivity to cloud services and the Internet. These regional hubs could be located at one of the organization's existing facilities, or they could be at a co-location facility that is close to one or more of the relevant cloud providers. Using this architectural option, there is functionality from Viptela or Silver Peak in each branch office and in each regional hub. Internet traffic travels directly from the branch office to the regional hub, which has firewalls for security and infiltration.

Yet another architectural approach was presented by Talari. This company is working with some of the major cloud providers, such as AWS, to host Talari virtual appliances. Using this option, Internet traffic travels directly from the branch office to the cloud provider's site, enabled by equipment from Talari in each location.

In the traditional branch office WAN of a few years ago, most if not all network related functionality was located in the branch office, provided by dedicated appliances. The last few years, however, adoption of virtualized network functionality such as WAN optimization in branch offices has grown. We are now at the point where network organizations must make an architectural decision about where to locate key WAN functionality.

 Leaving that functionality in the branch office is still a viable option. However, they should also evaluate the many other options, including locating it in one of their own regional facilities, a service provider facility, a co-location facility, or onsite at a cloud provider facility.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.