Evaluating WAN Redesign Options

Direct internet access and SD-WAN offer enterprises alternatives to MPLS.

Young Xu

April 7, 2017

3 Min Read
Network Computing logo

Renovating traditional WAN architectures with SD-WAN technologies has undoubtedly been top of mind for CIOs and IT managers in recent years. SD-WAN enables high-level corporate objectives like lowering IT budgets while swiftly providing agile services. Although SD-WAN has been touted as the cost-efficient alternative to the MPLS-driven WAN, easing the administrative burden of managing the network and cloud migration is also driving this revolution.

Before jumping on the SD-WAN bandwagon, IT and business managers need to challenge themselves to define a compelling business use case, map cost to value, and identify success metrics along with ROI benefits over time.

Redesigning the WAN

The high costs associated with a traditional WAN network meshing branch offices and data centers stem from building and maintaining carrier-grade MPLS access infrastructure. Direct internet access (DIA), with its easy-to-deploy, ubiquitous and cost-efficient (in terms of bandwidth-to-cost ratio) characteristics, presents a more viable option to enterprises. From just an access perspective, using a dedicated Internet connection provided by an ISP can sometimes result in 20-30% in savings, according to this report.

This raises a fundamental question: If cost savings is the key business driver, should enterprises consider moving to a highly available internet-only architecture instead of an SD-WAN architecture with the flexibility to choose between MPLS and internet circuits? Like all things networking, the answer might not be simple. The overarching benefits of SD-WAN, which enables access choices including DIA, MPLS and LTE, go beyond infrastructure-related hard costs to soft benefits related to centralized management and operational agility. Irrespective of the reason, understanding the performance, reliability and security implications of DIA circuits is key to success.

Trusting the internet

Relying on the internet as transport for enterprise-grade traffic involves setting and managing the right expectations from the perspective of application performance. Take time in choosing an upstream ISP and optimizing BGP routing across multiple internet circuits. The perceived performance of your service not only depends on how the application is performing, but also on how the network is affecting the delivery of that application. Baselining performance before launching a service over DIA circuits or while accessing SaaS-based applications will allow you to assess faults and plan proactively.

Is the internet secure?

In traditional WAN networks, internet-bound traffic egresses the enterprise through upstream ISP connections from the data center. However with DIA, locally breaking out traffic from the branch office is becoming commonplace, conceptually creating a highly distributed “mini data center” model. This means extending the security measures in place from the data center all the way to the branch office. Firewall-based protection and intrusion-detection mechanisms should be implemented, even at branch offices.

Although more and more applications choose to fold security into the L7 stack rather than completely relying on the access infrastructure or the internet for security, security best practices should still be considered.

Controlling the modern WAN

For some enterprises, the migration to SD-WAN could be one-dimensional and purely dependent on cost optimization. But more often, as identified in the 2016 State of the WAN report, that's not the only driver. The ability to remotely control and manage the SD-WAN routers at the edge and create security policies and IPSec tunnels with a click of a button are equally attractive value propositions, especially for enterprises with a large number of branch offices considering a complete migration. Whether SD-WAN is a nice-to-have or a must-have depends on the number of new instances you need to manage and the geographical expanse and depth of the new architecture.

Moving to an internet-driven architecture and adopting SD-WAN technologies is a massive undertaking and even overwhelming at times. Systematically ease into the migration by incorporating small but incremental changes. Instead of doing a complete overhaul of the network, supplement your existing WAN with DIA circuits to familiarize yourself with the challenges and intricacies. Benefit from baselining not only performance, but also expectations. Transition slowly but efficiently to shift the equilibrium toward an internet-centric enterprise, and you’ll reap the benefits.

About the Author(s)

Young Xu

Analyst, ThousandEyes

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights